我正在尝试为 grpc 设置一个 Fargate 服务,这需要我使用 NLB,但是,我无法弄清楚如何/如何设置 healthcheck 值以启用我的测试服务。
我目前在 ecs 服务上打开了 2 个端口,9000 具有有效的健康端点 /v1/health,50051 是没有健康端点的 grpc 服务。
我想知道如何配置运行状况以命中 9000 端口 + 路径,或者我还能做些什么作为替代方案?
我已经附上了我正在使用的 cloudformation 脚本,任何帮助都将不胜感激,目标组是主要的混淆点。
AWSTemplateFormatVersion: 2010-09-09
Description: Cloudformation stack for the new GRPC endpoints within existing vpc/subnets and using fargate
Parameters:
stackName:
Type: String
Default: cf-myapp-ci-grpc
Description: The name of the parent Fargate networking stack that you created. Necessary
env:
Type: String
Default: ci
Description: The name of the parent Fargate networking stack that you created. Necessary
vpcId:
Type: String
Default: vpc-asdfadfdfa
Description: The name of the parent Fargate networking stack that you created. Necessary
vpcSubnets:
Type: CommaDelimitedList
Default: "subnet-dddd,subnet-dddd,subnet-dddd"
containerImage:
Type: String
Default: container-path-url/myapp/api:custom-grcp_af4cb84
# Default: nginx:latest
Description: Container image
containerPort:
Type: Number
Default: 50051
# 50051
Description: Internal container port mapping
hostPort:
Type: String
Default: 50051
# 50051
Description: External container port mapping
Resources:
# ------------------------------------------
# secutiry >>
InstanceSecurityGroupGrpcSg:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupName: {"Fn::Sub": "sgg-group-${env}-myapp-grpc"}
GroupDescription: Allow http to client host
VpcId: {"Ref": vpcId}
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: {"Ref": hostPort}
ToPort: {"Ref": hostPort}
CidrIp: 1.1.1.1/0
SecurityGroupEgress:
- IpProtocol: '-1'
FromPort: '0'
ToPort: '65535'
CidrIp: 0.0.0.0/0
Tags:
- Key: "Name"
Value: {"Fn::Sub": "sgg-myapp-${env}-grpc"}
EcsTaskRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service:
- ecs-tasks.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
Policies:
- PolicyName: iam-policy-ecs-task-myapp-ci-grpc
PolicyDocument:
Statement:
- Effect: Allow
Action:
- 'ecr:**'
- 'kms:Decrypt'
- 'secretsmanager:GetSecretValue'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
Resource: '/some/stuff/*'
# ------------------------------------------
# networking >>
LoadBalancer:
Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer'
DependsOn:
- InstanceSecurityGroupGrpcSg
Properties:
Name: {"Fn::Sub": "lb-myapp-${env}-internal-grpc"}
Scheme: internal
Type: network
Subnets: {"Ref": vpcSubnets}
# LoadBalancerAttributes:
# - Key: idle_timeout.timeout_seconds
# Value: '50'
# SecurityGroups:
# - {"Ref": InstanceSecurityGroupGrpcSg}
LoadBalancerListener:
Type: 'AWS::ElasticLoadBalancingV2::Listener'
DependsOn:
- TargetGroup
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: {"Ref": TargetGroup}
LoadBalancerArn: {"Ref": LoadBalancer}
Port: {"Ref": hostPort}
Protocol: TCP
TargetGroup:
Type: 'AWS::ElasticLoadBalancingV2::TargetGroup'
DependsOn:
- LoadBalancer
Properties:
Name: {"Fn::Sub": "tg-myapp-${env}-grpc-ping-6"}
Port: {"Ref": hostPort}
TargetType: ip
Protocol: TCP
# HealthCheckPath: "/"
HealthCheckProtocol: TCP
HealthCheckPort: 9000
# # HealthCheckIntervalSeconds: 5
# # HealthCheckTimeoutSeconds: 3
# # Matcher:
# # HttpCode: '200'
# HealthyThresholdCount: 2
# UnhealthyThresholdCount: 2
TargetGroupAttributes:
- Key: deregistration_delay.timeout_seconds
Value: '10'
VpcId: {"Ref": vpcId}
# ------------------------------------------
# logging >>
CloudwatchLogGroup:
Type: 'AWS::Logs::LogGroup'
Properties:
LogGroupName: {"Fn::Sub": "/${env}/myapp/grpc"}
RetentionInDays: 3
# ------------------------------------------
# cluster >>
EcsCluster:
Type: 'AWS::ECS::Cluster'
DependsOn:
- LoadBalancerListener
Properties:
ClusterName: {"Fn::Sub": "ecs-myapp-${env}-grpc"}
EcsService:
Type: 'AWS::ECS::Service'
DependsOn:
- TaskDefinition
Properties:
Cluster: {"Ref": EcsCluster}
LaunchType: FARGATE
DesiredCount: '1'
DeploymentConfiguration:
MaximumPercent: 150
MinimumHealthyPercent: 0
LoadBalancers:
- ContainerName: {"Fn::Sub": "fg-myapp-${env}-grpc"}
ContainerPort: {"Ref": containerPort}
TargetGroupArn: {"Ref": TargetGroup}
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: DISABLED
SecurityGroups:
- {"Ref": InstanceSecurityGroupGrpcSg}
Subnets: {"Ref": vpcSubnets}
TaskDefinition: {"Ref": TaskDefinition}
# ------------------------------------------
# grcp task definition >>
TaskDefinition:
Type: 'AWS::ECS::TaskDefinition'
DependsOn:
- EcsCluster
- EcsTaskRole
Properties:
NetworkMode: awsvpc
Family: {"Fn::Sub": "td-myapp-${env}-grpc"}
RequiresCompatibilities:
- FARGATE
ExecutionRoleArn: {"Ref": EcsTaskRole}
Cpu: '1024'
Memory: '2048'
ContainerDefinitions:
- Name: {"Fn::Sub": "fg-myapp-${env}-grpc"}
Image: {"Ref": containerImage}
Environment:
- Name: BUILD_TAG
Value: 'release_tr-grpc_aab823a'
PortMappings:
- ContainerPort: {"Ref": containerPort}
HostPort: {"Ref": hostPort}
- ContainerPort: 9000
HostPort: 9000
Essential: 'true'
EntryPoint:
- "node"
- "/usr/app/app.js"
- "--server"
- "--rpc"
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: {"Ref": CloudwatchLogGroup}
awslogs-region: {"Ref": "AWS::Region"}
awslogs-stream-prefix: ci-grpc