aws cdk-如何防止它创建默认目标组?

50few1ms  于 2021-07-06  发布在  Java
关注(0)|答案(0)|浏览(322)

我们需要使用ec2创建一个ecs集群,并使用现有的应用程序负载均衡器。
经过多次尝试和错误,我设法使它工作,但它总是在端口80上创建一个额外的默认目标组。
这是我的代码(根据需要使用java):

cluster = Cluster.Builder.create(scope, "my-ecs-cluster")
                .vpc(awsNetwork.getVpc())
                .capacity(
                    AddCapacityOptions.builder()
                        .instanceType(new InstanceType("m5n.xlarge"))
                        .minCapacity(1)
                        .maxCapacity(1)
                        .desiredCapacity(1)
                        .associatePublicIpAddress(true)
                        .vpcSubnets(
                            SubnetSelection.builder()
                                .subnetType(SubnetType.PUBLIC)
                                .availabilityZones(Arrays.asList("us-west-2a", "us-west-2c"))
                                .build()
                        )
                    .build()
                ).build();

        taskDefinition = Ec2TaskDefinition.Builder.create(scope, "my-taskDefinition")
            .executionRole(Role.fromRoleArn(scope, "my-exec-role", "role-arn..."))
            .build();

        containerDef = ContainerDefinition.Builder.create(scope, "my-ecs-container")
                .essential(true)
                .memoryLimitMiB(2048)
                .memoryReservationMiB(2048)
                .image(ContainerImage.fromEcrRepository(
                    Repository.fromRepositoryName(scope,
                        "my-ecr",
                        "my-image"
                    ),
                    "latest")
                )
                .taskDefinition(taskDefinition)
                .build();

        containerDef.addPortMappings(PortMapping.builder()
            .hostPort(0)
            .containerPort(443)
            .protocol(Protocol.TCP)
            .build());

        taskDefinition.setDefaultContainer(containerDef);

        ApplicationLoadBalancerLookupOptions balancerLookupOptions = ApplicationLoadBalancerLookupOptions.builder()
            .loadBalancerArn("arn:aws:my-alb-arn")
            .build();

        loadBalancer = ApplicationLoadBalancer.fromLookup(scope, "my-alb", balancerLookupOptions);

        balancedEc2Service = ApplicationLoadBalancedEc2Service.Builder.create(scope, "my-ec2-service")
            .cluster(cluster)
            .desiredCount(1)
            .taskDefinition(taskDefinition)
            .loadBalancer(loadBalancer)
            .cpu(1)
            .memoryLimitMiB(2048)
            .build();

        balancedEc2Service.getService().addPlacementStrategies(PlacementStrategy.spreadAcross("attribute:ecs.availability-zone", "instanceId"));

        HealthCheck healthCheck = HealthCheck.builder()
            .path("/healthCheck")
            .protocol(software.amazon.awscdk.services.elasticloadbalancingv2.Protocol.HTTPS)
            .port("traffic-port")
            .unhealthyThresholdCount(2)
            .interval(Duration.seconds(30))
            .healthyThresholdCount(5)
            .timeout(Duration.seconds(5))
            .build();

        balancedEc2Service.getTargetGroup().setHealthCheck(healthCheck);

        ListenerCertificate listenerCertificate = ListenerCertificate.fromCertificateManager(Certificate.fromCertificateArn(scope, "dis-certificate-1", "arn:aws:acm:us-west-2:245459132561:certificate/d2962594-8a40-4f36-abd4-62a6d91d0250"));

        ApplicationTargetGroup targetGroup = ApplicationTargetGroup.Builder.create(scope, "dis-receiver-targetGroup")
            .protocol(ApplicationProtocol.HTTPS)
            .port(443)
            .healthCheck(healthCheck)
            .vpc(awsNetwork.getVpc())
            .build();

        ApplicationListener.Builder.create(scope, "dis-receiver-listener")
            .loadBalancer(loadBalancer)
            .defaultTargetGroups(Collections.singletonList(targetGroup))
            .protocol(ApplicationProtocol.HTTPS)
            .port(443)
            .certificates(Collections.singletonList(listenerCertificate))
            .build();

        balancedEc2Service.getService().attachToApplicationTargetGroup(targetGroup);


其中一个目标组是我在代码中创建的。
另一个是自动创建的,它指向端口80:

如果不使用 balancedEc2Service.getService().attachToApplicationTargetGroup(targetGroup); 我将其直接设置到服务中,例如:

balancedEc2Service = ApplicationLoadBalancedEc2Service.Builder.create(scope, "my-ec2-service")
            .cluster(cluster)
            .desiredCount(1)
            .taskDefinition(taskDefinition)
            .loadBalancer(loadBalancer)
            .cpu(1)
            .memoryLimitMiB(2048)
// New code
            .listenerPort(443)
            .protocol(ApplicationProtocol.HTTPS)
            .certificate(myCertificate)
            .domainName(myDomainName)
            .domainZone(myDomainZone)
//
            .build();

它只创建一个targetgroup,并链接到ecs上的端口443:

但是,目标组本身位于端口80上,因此应用程序超时:

如何使用https配置单个目标组?

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题