如何使 EC2 上的应用程序访问 ECS Fargate 上的 Redis?
我在 AWS 上有一个软件基础设施,其中应用程序的一部分在 EC2 实例上运行,另一部分在 ECS Fargate 集群上运行。
我无法让在 EC2 实例上运行的应用程序访问在 ECS 上运行的特定容器。更明确地说,我需要使 EC2 上的应用程序访问 ECS 上的 Redis。可以进行这种集成吗?
应用程序的两个部分都位于同一 VPC 中,并且具有授权相互访问的安全组。
更多上下文:
每次在 ECS Fargate 中配置任务定义时,我的集群服务上的公共/专用网络 IP 都会发生变化。为了能够访问这些服务,Amazon 提供了服务发现配置,只要 ECS 网络发生变化,该配置就会更新 DNS 托管区域。
我的问题是在我的 EC2 实例中使用此托管区域。我可以直接通过IP访问ECS容器,但这不是理想的场景。每当提供服务时,IP 地址都会不断变化。另一方面,在我的 EC2 实例上,Route 53 名称服务器始终显示为未知。
我的云配置如下:
任务定义
{
"family": "******",
"requiresCompatibilities": ["FARGATE"],
"executionRoleArn": "arn:aws:iam::******",
"networkMode": "awsvpc",
"runtimePlatform": {
"operatingSystemFamily": "LINUX"
},
"cpu": "2048",
"memory": "4096",
"containerDefinitions": [
{
"name": "redis",
"image": "redis:alpine",
"portMappings": [
{
"containerPort": 6379,
"hostPort": 6379
}
]
}
]
}
ECS 服务配置
ECS服务网络设置:
Route 53
ECS 中的服务启用容器自动发现:
每当开通 ECS 服务时,A 记录 IP 都会更新。
我的 EC2 实例的 ECS 安全组入站规则:
我的 ECS 容器已开放,可供来自我的 EC2 实例的连接。通过 ECS 服务 IP 连接到 Redis 成功,但通过生成的名称服务器连接失败。
I have a software infra on AWS where part of the app runs on an EC2 instance and another part on ECS Fargate cluster.
I'm having trouble getting my application, which runs on the EC2 instance, to access a specific container that runs on ECS. More clearly, I need to make my application on EC2 access Redis on ECS. Is possible to do this kind of integration?
Both parts of the application are in the same VPC and have Security Groups that authorize access to each other.
More context:
Every time the Task Definition is provisioned in ECS Fargate, my public/private network IP changes on cluster service. To be able to access the services, Amazon provides the Service Discovery configuration, which updates a DNS hosted zone whenever there is a change in the ECS network.
My problem is using this hosted zone within my EC2 instances. I can access ECS containers directly via IP, but this is not the ideal scenario. The IP address constantly changes whenever the service is provisioned. On the other hand, on my EC2 instances, the Route 53 nameserver always appears as unknown.
My cloud is configured as follows:
Task Definition
{
"family": "******",
"requiresCompatibilities": ["FARGATE"],
"executionRoleArn": "arn:aws:iam::******",
"networkMode": "awsvpc",
"runtimePlatform": {
"operatingSystemFamily": "LINUX"
},
"cpu": "2048",
"memory": "4096",
"containerDefinitions": [
{
"name": "redis",
"image": "redis:alpine",
"portMappings": [
{
"containerPort": 6379,
"hostPort": 6379
}
]
}
]
}
ECS Service config
ECS service network settings:
Route 53
Container auto discovery is enabled for the service in ECS:
The A record IP is updated whenever the ECS service is provisioned.
ECS Security Group Inbound Rules for my EC2 instance:
My ECS container is open for connections from my EC2 instance. Connections to Redis via ECS service IP are successful, but connections via generated nameserver aren't.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
首先,我想知道为什么您要在 ECS Fargate 中运行 Redis,而不是使用 Amazon Elasticache Redis https:// aws.amazon.com/elasticache
但是,如果您确实想这样做,您至少应该具有以下配置:
将所有服务放入同一个安全组中,或者使用相应的安全组添加入站/出站。不要忘记添加端口 6379 入站/出站规则。
直接指向容器并不是一个好的做法,因为容器的重新启动/缩放会更改 IP 地址。
如果您比较 ALB 或 NLB 的成本(这样做,我更喜欢在端口 6379 上具有侦听器的 ALB)和 Fargate 的成本,您将能够使用 Elasticache Redis 的中型 t3/t4g 实例。
我对“自托管”或“托管服务”进行了很多比较,如果有来自 AWS 的替代托管服务,那么没有太多理由自行运行服务。
First of all, I wonder, why you would run redis in ECS Fargate instead of using the Amazon Elasticache Redis https://aws.amazon.com/elasticache
But, if you really want to do this, you should have at least the following configuration:
Place all of your services eigther into the same security group or add inbound/outbound with the corresponding security group. Do not forget the add the port 6379 fir inbound/outbound rule.
Pointing directly to the container is no good practice because restarting/scaling of the container will change the ip address.
If you compare the costs of ALB or NLB (doing so, I would prefer ALB with a listener on Port 6379) and the costs for Fargate, you will be able to use a medium sized t3/t4g instance of Elasticache Redis.
I did a lot of comparisons of "self hosted" or "managed service" and there are not much reasons, to run services by your own, if there is an alternative managed service from AWS.