堆栈内存溢出
  简体   繁体   English

如何通过在 CloudFormation 的不同 Fargate 任务中运行的 Consul 服务器将 Consul 代理加入 Consul 集群?

[英]How can I join a Consul agent to a Consul cluster via a Consul server running in a different Fargate task with CloudFormation?

 原文  2021-04-30 09:42:05       amazon-web-services/ amazon-cloudformation/ amazon-ecs/ consul/ aws-fargate

问题描述

I'm currently working as an intern and have to host a microservice application.我目前是实习生,必须托管一个微服务应用程序。 I chose to use AWS ECS in combination with Fargate tasks to host a Consul Connect Service Mesh that provides service discovery, intentions, Mtls and so on for the application.我选择结合使用 AWS ECS 和 Fargate 任务来托管 Consul Connect 服务网格,为应用程序提供服务发现、意图、Mtls 等。 My set-up is as follows:我的设置如下:

  • 1 Fargate task (in a service) with a Consul server container. 1 个带有 Consul 服务器容器的 Fargate 任务(在服务中)。
  • x Fargate tasks (in a service) with a Consul agent, Consul Connect sidecar and a microservice container.带有 Consul 代理、Consul Connect 边车和微服务容器的 Fargate 任务(在服务中)。

I am using CloudFormation to deploy that infrastructure automatically.我正在使用 CloudFormation 自动部署该基础架构。

The problem:问题:

I need to join the Consul agent running in one Fargate-task to the Consul cluster started in another Fargate task (task of the server) using CloudFormation.我需要使用 CloudFormation 将在一个 Fargate 任务中运行的 Consul 代理加入到在另一个 Fargate 任务(服务器任务)中启动的 Consul 集群中。 The problem I have with doing that is that I did not find any way to get the IP address to join the agent to the cluster.我这样做的问题是我没有找到任何方法来获取 IP 地址以将代理加入集群。

Does anyone know how I can get the IP address of a Fargate task in CloudFormation or the best practice way of doing this?有谁知道我如何获得 CloudFormation 中 Fargate 任务的 IP 地址或执行此操作的最佳实践方式?

If I am not mistaken you can only join a Consul agent to a Consul cluster using IP, DNS name or Cloud metadata.如果我没记错的话,您只能使用 IP、DNS 名称或云元数据将 Consul 代理加入 Consul 集群。 The first and second one I could not retrieve using CloudFormation and for the third one I found that it might not be possible (I could be wrong, but thats what I read so far).第一个和第二个我无法使用 CloudFormation 检索,而第三个我发现它可能是不可能的(我可能是错的,但这就是我到目前为止所读到的)。

Also I tried both the Consul agent -ui [...] -join and -retry-join flag, but neither one worked.我也尝试了 Consul agent -ui [...] -join 和 -retry-join 标志,但都没有工作。 I also tried creating an internal loadbalancer for the task with the Consul server from which I used the DNS name to try to join the Cluster, but that did not work either (I have never set-up a loadbalancer properly on AWS yet so I might have done that wrong).我还尝试使用 Consul 服务器为任务创建内部负载均衡器,我使用 DNS 名称尝试加入集群,但这也不起作用(我还没有在 AWS 上正确设置负载均衡器,所以我可能做错了)。 I tried that with the loadbalancer forwarding traffic to port 8500 (which was the wrong port I think) and afterwards with port 8301 (which I think was the right port).我尝试使用负载均衡器将流量转发到端口 8500(我认为这是错误的端口),然后使用端口 8301(我认为是正确的端口)。 But I kept getting the message that there was no Consul Cluster on that address.但我不断收到消息说那个地址上没有 Consul Cluster。

Can anyone tell me how I can proceed?谁能告诉我如何进行?

Thank you in advance!先感谢您!

1 个解决方案

解决方案1
 0 已采纳  2021-06-04 22:08:58

Thanks to a very smart colleague of mine, I found that putting a load balancer (which I set up wrong earlier) in front of the ECS service with the Consul Server Fargate task solved my problem.感谢我的一位非常聪明的同事,我发现通过 Consul Server Fargate 任务在 ECS 服务前面放置一个负载均衡器(我之前设置错误)解决了我的问题。 The load balancer listener should listen on the SERF port 8301 tcp_udp and forward traffic to the service with that protocol and port.负载均衡器侦听器应侦听 SERF 端口 8301 tcp_udp 并将流量转发到具有该协议和端口的服务。

  ConsulServerTargetGroup8301:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
      HealthCheckEnabled: true
      HealthCheckIntervalSeconds: 30
      UnhealthyThresholdCount: 3
      HealthyThresholdCount: 3
      Name: ConsulServerTargetGroup8301
      Port: 8301
      Protocol: TCP_UDP
      TargetGroupAttributes:
        - Key: deregistration_delay.timeout_seconds
          Value: 60 # default is 300
      TargetType: ip
      VpcId: !Ref VPC

  ConsulServerTargetGroupListener8301:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      DefaultActions:
        - TargetGroupArn: !Ref ConsulServerTargetGroup8301
          Type: forward
      Port: 8301
      Protocol: TCP_UDP
      LoadBalancerArn: !Ref ConsulServerLoadbalancer
  
  ConsulServerLoadbalancer:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties:
      Name: ConsulServerLoadbalancer
      IpAddressType: ipv4
      Type: network
      Scheme: internal
      SubnetMappings:
        - SubnetId: !Ref PrivateSubnet1a
        - SubnetId: !Ref PrivateSubnet1b

You can then use the DNS name of the load balancer to join a Consul agent to the consul cluster using:然后,您可以使用负载均衡器的 DNS 名称将 Consul 代理加入到 consul 集群,方法是:

        Command:
        - !Sub >-
            consul agent 
            -ui 
            -data-dir consul/data 
            -advertise '{{ GetPrivateInterfaces | include "network" "${pVPCIpRange}" | attr "address" }}'
            -client 0.0.0.0
            -retry-join ${ConsulServerLoadbalancer.DNSName}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 领事代理加入-I / O超时 - consul agent join - i/o timeout 在 ECS Fargate 上运行 consul-master 服务器 - Running consul-master servers on ECS Fargate 带有 consul-agent 和代理的 ECS fargate 作为 sidecar 容器 - ECS fargate with consul-agent and proxy as sidecar container 如何在扩展ECS实例时自动运行consul代理和registrator容器 - How to automatically run consul agent and registrator container on scaling ECS instance 引导上的Consul acl_agent_token设置 - Consul acl_agent_token setup on bootstrap 领事与领事平衡交通跨区域 - consul balance the traffic cross regions with consul 在领事中未启用ACL - ACL not getting enabled in consul 领事和EC2实例 - Consul and EC2 instance 使用progrium / docker-consul的I / O超时错误 - i/o timeout error using progrium/docker-consul AWS Fargate 集群 - 在容器内运行的 java 进程可以消耗多少任务 memory? - AWS Fargate Cluster - How much task memory can be consumed by java process running inside the container?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM