AWS EC2 实例未加入 ECS 集群
Posted
技术标签:
【中文标题】AWS EC2 实例未加入 ECS 集群【英文标题】:AWS EC2 instance not joining ECS cluster 【发布时间】:2021-12-02 06:26:45 【问题描述】:我对一个与此线程中描述的问题非常相似的问题感到非常绝望。
https://github.com/OpenDroneMap/opendronemap-ecs/issues/14#issuecomment-432004023
当我将网络接口附加到我的 EC2 实例以使用我的自定义 VPC 而不是默认 VPC 时,EC2 实例不再加入 ECS 集群。
这是我的 terraform 定义。
provider "aws"
resource "aws_vpc" "main"
cidr_block = "10.0.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
assign_generated_ipv6_cidr_block = true
resource "aws_internet_gateway" "main"
vpc_id = aws_vpc.main.id
resource "aws_subnet" "main"
vpc_id = aws_vpc.main.id
cidr_block = "10.0.0.0/16"
availability_zone = "us-west-2a"
map_public_ip_on_launch = true
resource "aws_route_table" "main"
vpc_id = aws_vpc.main.id
resource "aws_route_table_association" "rta1"
subnet_id = aws_subnet.main.id
route_table_id = aws_route_table.main.id
resource "aws_route_table_association" "rta2"
gateway_id = aws_internet_gateway.main.id
route_table_id = aws_route_table.main.id
resource "aws_security_group" "sg-jenkins"
name = "sg_jenkins"
description = "Allow inbound traffic for Jenkins instance"
vpc_id = aws_vpc.main.id
ingress = [
description = "inbound all"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
self = null
prefix_list_ids = null
security_groups = null
]
egress = [
description = "outbound all"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
self = null
prefix_list_ids = null
security_groups = null
]
resource "aws_network_interface" "main"
subnet_id = aws_subnet.main.id
security_groups = [aws_security_group.sg-jenkins.id]
resource "aws_instance" "ec2_instance"
ami = "ami-07764a7d8502d36a2"
instance_type = "t2.micro"
iam_instance_profile = "ecsInstanceRole"
key_name = "fran"
network_interface
device_index = 0
network_interface_id = aws_network_interface.main.id
user_data = <<EOF
#!/bin/bash
echo ECS_CLUSTER=cluster >> /etc/ecs/ecs.config
EOF
depends_on = [aws_internet_gateway.main]
### Task definition
resource "aws_ecs_task_definition" "jenkins-task"
family = "namespace"
container_definitions = jsonencode([
name = "jenkins"
image = "cnservices/jenkins-master"
cpu = 10
memory = 512
essential = true
portMappings = [
containerPort = 8080
hostPort = 8080
]
])
# network_mode = "awsvpc"
volume
name = "service-storage"
host_path = "/ecs/service-storage"
placement_constraints
type = "memberOf"
expression = "attribute:ecs.availability-zone in [us-west-2a]"
### Cluster
resource "aws_ecs_cluster" "cluster"
name = "cluster"
setting
name = "containerInsights"
value = "enabled"
### Service
resource "aws_ecs_service" "jenkins-service"
name = "jenkins-service"
cluster = aws_ecs_cluster.cluster.id
task_definition = aws_ecs_task_definition.jenkins-task.arn
desired_count = 1
# iam_role = aws_iam_role.foo.arn
# depends_on = [aws_iam_role_policy.foo]
# network_configuration
# security_groups = [aws_security_group.sg-jenkins.id]
# subnets = [aws_subnet.main.id]
#
ordered_placement_strategy
type = "binpack"
field = "cpu"
placement_constraints
type = "memberOf"
expression = "attribute:ecs.availability-zone in [us-west-2a]"
【问题讨论】:
【参考方案1】:您尚未创建到您的 IGW 的路由。因此,您的实例无法连接到 ECS 服务以向您的集群注册。所以删除rta2并添加一个路由:
# not needed. to be removed.
# resource "aws_route_table_association" "rta2"
# gateway_id = aws_internet_gateway.main.id
# route_table_id = aws_route_table.main.id
#
# add a missing route to the IGW
resource "aws_route" "r"
route_table_id = aws_route_table.main.id
gateway_id = aws_internet_gateway.main.id
destination_cidr_block = "0.0.0.0/0"
【讨论】:
感谢 Marcin 的帮助。我还会询问有关如何解决此类问题的一般建议,因为这些问题没有向用户提供明确的反馈?我刚开始学习 AWS,而且我经常被我的测试卡住,浪费了很多时间。再次感谢。 @frank86ba 没问题。只需转到 AWS 控制台,然后开始查看您的子网、路由表、vpc 等。显然,需要一些关于 VPC 工作原理的知识才能找到问题。以上是关于AWS EC2 实例未加入 ECS 集群的主要内容,如果未能解决你的问题,请参考以下文章
AWS ECS 开发工具包。使用开发工具包为 ECS 集群注册新容器实例 (EC2)
AWS IAM 策略拒绝对自动扩展组或 ECS 集群内的任何 EC2 实例的权限