我们需要使用ec2创建一个ecs集群,并使用现有的应用程序负载均衡器。
经过多次尝试和错误,我设法使它工作,但它总是在端口80上创建一个额外的默认目标组。
这是我的代码(根据需要使用java):
cluster = Cluster.Builder.create(scope, "my-ecs-cluster")
.vpc(awsNetwork.getVpc())
.capacity(
AddCapacityOptions.builder()
.instanceType(new InstanceType("m5n.xlarge"))
.minCapacity(1)
.maxCapacity(1)
.desiredCapacity(1)
.associatePublicIpAddress(true)
.vpcSubnets(
SubnetSelection.builder()
.subnetType(SubnetType.PUBLIC)
.availabilityZones(Arrays.asList("us-west-2a", "us-west-2c"))
.build()
)
.build()
).build();
taskDefinition = Ec2TaskDefinition.Builder.create(scope, "my-taskDefinition")
.executionRole(Role.fromRoleArn(scope, "my-exec-role", "role-arn..."))
.build();
containerDef = ContainerDefinition.Builder.create(scope, "my-ecs-container")
.essential(true)
.memoryLimitMiB(2048)
.memoryReservationMiB(2048)
.image(ContainerImage.fromEcrRepository(
Repository.fromRepositoryName(scope,
"my-ecr",
"my-image"
),
"latest")
)
.taskDefinition(taskDefinition)
.build();
containerDef.addPortMappings(PortMapping.builder()
.hostPort(0)
.containerPort(443)
.protocol(Protocol.TCP)
.build());
taskDefinition.setDefaultContainer(containerDef);
ApplicationLoadBalancerLookupOptions balancerLookupOptions = ApplicationLoadBalancerLookupOptions.builder()
.loadBalancerArn("arn:aws:my-alb-arn")
.build();
loadBalancer = ApplicationLoadBalancer.fromLookup(scope, "my-alb", balancerLookupOptions);
balancedEc2Service = ApplicationLoadBalancedEc2Service.Builder.create(scope, "my-ec2-service")
.cluster(cluster)
.desiredCount(1)
.taskDefinition(taskDefinition)
.loadBalancer(loadBalancer)
.cpu(1)
.memoryLimitMiB(2048)
.build();
balancedEc2Service.getService().addPlacementStrategies(PlacementStrategy.spreadAcross("attribute:ecs.availability-zone", "instanceId"));
HealthCheck healthCheck = HealthCheck.builder()
.path("/healthCheck")
.protocol(software.amazon.awscdk.services.elasticloadbalancingv2.Protocol.HTTPS)
.port("traffic-port")
.unhealthyThresholdCount(2)
.interval(Duration.seconds(30))
.healthyThresholdCount(5)
.timeout(Duration.seconds(5))
.build();
balancedEc2Service.getTargetGroup().setHealthCheck(healthCheck);
ListenerCertificate listenerCertificate = ListenerCertificate.fromCertificateManager(Certificate.fromCertificateArn(scope, "dis-certificate-1", "arn:aws:acm:us-west-2:245459132561:certificate/d2962594-8a40-4f36-abd4-62a6d91d0250"));
ApplicationTargetGroup targetGroup = ApplicationTargetGroup.Builder.create(scope, "dis-receiver-targetGroup")
.protocol(ApplicationProtocol.HTTPS)
.port(443)
.healthCheck(healthCheck)
.vpc(awsNetwork.getVpc())
.build();
ApplicationListener.Builder.create(scope, "dis-receiver-listener")
.loadBalancer(loadBalancer)
.defaultTargetGroups(Collections.singletonList(targetGroup))
.protocol(ApplicationProtocol.HTTPS)
.port(443)
.certificates(Collections.singletonList(listenerCertificate))
.build();
balancedEc2Service.getService().attachToApplicationTargetGroup(targetGroup);
其中一个目标组是我在代码中创建的。
另一个是自动创建的,它指向端口80:
如果不使用 balancedEc2Service.getService().attachToApplicationTargetGroup(targetGroup); 我将其直接设置到服务中,例如:
balancedEc2Service = ApplicationLoadBalancedEc2Service.Builder.create(scope, "my-ec2-service")
.cluster(cluster)
.desiredCount(1)
.taskDefinition(taskDefinition)
.loadBalancer(loadBalancer)
.cpu(1)
.memoryLimitMiB(2048)
// New code
.listenerPort(443)
.protocol(ApplicationProtocol.HTTPS)
.certificate(myCertificate)
.domainName(myDomainName)
.domainZone(myDomainZone)
//
.build();它只创建一个targetgroup,并链接到ecs上的端口443:
但是,目标组本身位于端口80上,因此应用程序超时:
如何使用https配置单个目标组?
暂无答案!
目前还没有任何答案,快来回答吧!