AWS ECS Fargate容器健康检查命令
我正在尝试设置aws ecs fargate部署配置。我能够在没有容器健康检查的情况下运行容器。但是,我也想运行容器健康检查。我尝试了所有可能的场景来实现这一点。但是,没有运气。
我尝试使用下面的aws recommeded命令从列出的URL验证容器健康检查。
https://docs.aws.amazon.com/amazonecs/latest/developerguide/task_definition_parameters.html#container_definition_healthcheck
-
null
FROM centos:latest
RUN yum update -y
RUN yum install httpd httpd-tools curl -y
EXPOSE 80
CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]
HEALTHCHECK CMD curl --fail http://localhost:80/ || exit 1
FROM microsoft/dotnet:2.1-aspnetcore-runtime AS base
WORKDIR /app
EXPOSE 80
FROM microsoft/dotnet:2.1-sdk AS build
WORKDIR /DockerDemoApi
COPY ./DockerDemoApi.csproj DockerDemoApi/
RUN dotnet restore DockerDemoApi/DockerDemoApi.csproj
COPY . .
WORKDIR /DockerDemoApi
RUN dotnet build DockerDemoApi.csproj -c Release -o /app
FROM build AS publish
RUN dotnet publish DockerDemoApi.csproj -c Release -o /app
FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "DockerDemoApi.dll"]
我已经添加了curl命令在我的容器和它的工作。但是,如果我在AWS Healthcheck任务中保留相同的命令,它将失败。
任务定义JSON:
{
"ipcMode": null,
"executionRoleArn": "arn:aws:iam::xxxx:role/ecsTaskExecutionRole",
"containerDefinitions": [{
"dnsSearchDomains": null,
"logConfiguration": {
"logDriver": "awslogs",
"secretOptions": null,
"options": {
"awslogs-group": "/ecs/mall-health-check-task",
"awslogs-region": "ap-south-1",
"awslogs-stream-prefix": "ecs"
}
},
"entryPoint": [],
"portMappings": [
{
"hostPort": 80,
"protocol": "tcp",
"containerPort": 80
}
],
"command": [],
"linuxParameters": null,
"cpu": 256,
"environment": [],
"resourceRequirements": null,
"ulimits": null,
"dnsServers": null,
"mountPoints": [],
"workingDirectory": null,
"secrets": null,
"dockerSecurityOptions": null,
"memory": null,
"memoryReservation": 512,
"volumesFrom": [],
"stopTimeout": null,
"image": "xxxx.dkr.ecr.ap-south-
1.amazonaws.com/autoaml/api/dev/alpine:latest",
"startTimeout": null,
"dependsOn": null,
"disableNetworking": null,
"interactive": null,
"healthCheck": null,
"essential": true,
"links": [],
"hostname": null,
"extraHosts": null,
"pseudoTerminal": null,
"user": null,
"readonlyRootFilesystem": null,
"dockerLabels": null,
"systemControls": null,
"privileged": null,
"name": "sample-app"
}
],
"placementConstraints": [],
"memory": "512",
"taskRoleArn": "arn:aws:iam::xxxx:role/ecsTaskExecutionRole",
"compatibilities": [
"EC2",
"FARGATE"
],
"taskDefinitionArn": "arn:aws:ecs:ap-south-1:xxx:task-definition/mall-
health-check-task:9",
"family": "mall-health-check-task",
"requiresAttributes": [{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.execution-role-ecr-pull"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.task-eni"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.ecr-auth"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.task-iam-role"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.execution-role-awslogs"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.21"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
}
],
"pidMode": null,
"requiresCompatibilities": [
"FARGATE"
],
"networkMode": "awsvpc",
"cpu": "256",
"revision": 9,
"status": "ACTIVE",
"proxyConfiguration": null,
"volumes": []
}
共有1个答案
文件中提到了以下内容:
在AWS管理控制台中注册任务定义时,使用逗号分隔的命令列表,该列表将在创建任务定义后自动转换为字符串。健康检查的输入示例可以是:
cmd-shell,curl-f http://localhost/exit 1
[“cmd-shell”,“curl-f http://localhost/exit 1”]
是否验证了健康检查命令?我的意思是,http://127.0.0.0是有效的,对吧?当您点击http://127.0.0.0(没有端口)时,检查您的容器返回成功响应。
下面是示例任务定义。这是在容器中启动tomcat服务器并检查运行状况(localhost:8080)
-
null
{
"ipcMode": null,
"executionRoleArn": "arn:aws:iam::accountid:role/taskExecutionRole",
"containerDefinitions": [
{
"dnsSearchDomains": null,
"logConfiguration": {
"logDriver": "awslogs",
"secretOptions": null,
"options": {
"awslogs-group": "/test/test-task",
"awslogs-region": "us-east-2",
"awslogs-stream-prefix": "test"
}
},
"entryPoint": null,
"portMappings": [
{
"hostPort": 8080,
"protocol": "tcp",
"containerPort": 8080
}
],
"command": null,
"linuxParameters": null,
"cpu": 0,
"environment": [],
"resourceRequirements": null,
"ulimits": null,
"dnsServers": null,
"mountPoints": [],
"workingDirectory": null,
"secrets": null,
"dockerSecurityOptions": null,
"memory": null,
"memoryReservation": null,
"volumesFrom": [],
"stopTimeout": null,
"image": "tomcat",
"startTimeout": null,
"dependsOn": null,
"disableNetworking": false,
"interactive": null,
"healthCheck": {
"retries": 3,
"command": [
"CMD-SHELL",
"curl -f http://localhost:8080/ || exit 1"
],
"timeout": 5,
"interval": 30,
"startPeriod": null
},
"essential": true,
"links": null,
"hostname": null,
"extraHosts": null,
"pseudoTerminal": null,
"user": null,
"readonlyRootFilesystem": null,
"dockerLabels": null,
"systemControls": null,
"privileged": null,
"name": "tomcat"
}
],
"memory": "1024",
"taskRoleArn": "arn:aws:iam::accountid:role/taskExecutionRole",
"family": "test-task",
"pidMode": null,
"requiresCompatibilities": [
"FARGATE"
],
"networkMode": "awsvpc",
"cpu": "512",
"proxyConfiguration": null,
"volumes": []
}
-
Amazon ECS支持两种不同类型的健康检查: 目标组健康检查发出可配置的网络请求 容器健康检查在docker容器中运行,可以配置为运行容器支持的任何shell命令 如果两个健康检查都配置了,那么哪一个会赢?如果其中一个失败,服务是否标记为不健康?或者两者都有?我可以将一个配置为覆盖另一个吗? 我非常希望目标组的健康状态不会导致ECS不断跳出服务,我希望可以使用容器健康检查来覆盖它。
-
我有一个ECS集群,它有多个节点(任务定义),由应用程序负载平衡器前置。在负载平衡器和容器级别(在任务定义内)配置健康检查有意义吗? 负载平衡器对每个注册的目标运行配置的健康检查,以便注销故障节点。在容器级别设置健康检查可以完成相同的事情:ECS将注销任何未通过健康检查的容器(根据您的配置)。ECS将始终实例化更多任务定义实例,以满足您所需的计数。 对我来说,如果任务定义只有一个容器,那么只在负载
-
SOFABoot 为 Spring Boot 的健康检查能力增加了 Readiness Check 的能力。如果你需要使用 SOFA 中间件,那么建议使用 SOFABoot 的健康检查能力的扩展,来更优雅的上线应用实例 引入健康检查扩展 要引入 SOFABoot 的健康检查能力的扩展,只需要引入以下的 Starter 即可: <dependency> <groupId>com.alipay
-
健康检查配置概述。 filter.http.HealthCheck filter.http.HealthCheck proto { "pass_through_mode": "{...}", "endpoint": "...", "cache_time": "{...}" } pass_through_mode (BoolValue, REQUIRED) 指定过滤器是否在传递模式下运
-
健康检查架构概述。如果为集群配置了健康检查,则会发出相应的统计信息。详见请参考统计相关文档。 HealthCheck HealthCheck.Payload HealthCheck.HttpHealthCheck HealthCheck.TcpHealthCheck HealthCheck.RedisHealthCheck HealthCheck HealthCheck proto { "ti
-
健康检查架构概述。 如果为集群配置了健康检查,则会发出相应的统计信息。并且记录在这里。 { "type": "...", "timeout_ms": "...", "interval_ms": "...", "unhealthy_threshold": "...", "healthy_threshold": "...", "path": "...", "send": [