如何通过使用 CloudFormation 在不同 Fargate 任务中运行的 Consul 服务器将 Consul 代理加入 Consul 集群? [英] How can I join a Consul agent to a Consul cluster via a Consul server running in a different Fargate task with CloudFormation?

问题描述

我目前是一名实习生，必须托管一个微服务应用程序.我选择将 AWS ECS 与 Fargate 任务结合使用来托管 Consul Connect Service Mesh，为应用程序提供服务发现、意图、Mtls 等.我的设置如下:

I'm currently working as an intern and have to host a microservice application. I chose to use AWS ECS in combination with Fargate tasks to host a Consul Connect Service Mesh that provides service discovery, intentions, Mtls and so on for the application. My set-up is as follows:

• 1 个 Fargate 任务(在一个服务中)和一个 Consul 服务器容器.
• x Fargate 任务(在一个服务中)，带有一个 Consul 代理、Consul Connect sidecar 和一个微服务容器.

我正在使用 CloudFormation 自动部署该基础架构.

I am using CloudFormation to deploy that infrastructure automatically.

问题:

我需要使用 CloudFormation 将在一个 Fargate 任务中运行的 Consul 代理加入到在另一个 Fargate 任务(服务器的任务)中启动的 Consul 集群.我这样做的问题是我没有找到任何方法来获取 IP 地址以将代理加入集群.

I need to join the Consul agent running in one Fargate-task to the Consul cluster started in another Fargate task (task of the server) using CloudFormation. The problem I have with doing that is that I did not find any way to get the IP address to join the agent to the cluster.

有谁知道我如何在 CloudFormation 中获取 Fargate 任务的 IP 地址或执行此操作的最佳实践方法?

Does anyone know how I can get the IP address of a Fargate task in CloudFormation or the best practice way of doing this?

如果我没记错的话，您只能使用 IP、DNS 名称或云元数据将 Consul 代理加入 Consul 集群.我无法使用 CloudFormation 检索第一个和第二个，而对于第三个，我发现这可能是不可能的(我可能错了，但这是我目前阅读的内容).

If I am not mistaken you can only join a Consul agent to a Consul cluster using IP, DNS name or Cloud metadata. The first and second one I could not retrieve using CloudFormation and for the third one I found that it might not be possible (I could be wrong, but thats what I read so far).

我也尝试了 Consul 代理 -ui [...] -join 和 -retry-join 标志，但都没有奏效.我还尝试使用 Consul 服务器为任务创建一个内部负载均衡器，我从中使用 DNS 名称尝试加入集群，但这也不起作用(我还没有在 AWS 上正确设置负载均衡器，所以我可能做错了).我尝试使用负载均衡器将流量转发到端口 8500(我认为这是错误的端口)，然后使用端口 8301(我认为这是正确的端口).但我不断收到消息，该地址上没有 Consul Cluster.

Also I tried both the Consul agent -ui [...] -join and -retry-join flag, but neither one worked. I also tried creating an internal loadbalancer for the task with the Consul server from which I used the DNS name to try to join the Cluster, but that did not work either (I have never set-up a loadbalancer properly on AWS yet so I might have done that wrong). I tried that with the loadbalancer forwarding traffic to port 8500 (which was the wrong port I think) and afterwards with port 8301 (which I think was the right port). But I kept getting the message that there was no Consul Cluster on that address.

谁能告诉我如何继续?

先谢谢你！

推荐答案

感谢我的一个非常聪明的同事，我发现在 ECS 服务前放置一个负载均衡器(我之前设置错误)与 Consul服务器 Fargate 任务解决了我的问题.负载平衡器侦听器应侦听 SERF 端口 8301 tcp_udp 并将流量转发到具有该协议和端口的服务.

Thanks to a very smart colleague of mine, I found that putting a load balancer (which I set up wrong earlier) in front of the ECS service with the Consul Server Fargate task solved my problem. The load balancer listener should listen on the SERF port 8301 tcp_udp and forward traffic to the service with that protocol and port.

  ConsulServerTargetGroup8301:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
      HealthCheckEnabled: true
      HealthCheckIntervalSeconds: 30
      UnhealthyThresholdCount: 3
      HealthyThresholdCount: 3
      Name: ConsulServerTargetGroup8301
      Port: 8301
      Protocol: TCP_UDP
      TargetGroupAttributes:
        - Key: deregistration_delay.timeout_seconds
          Value: 60 # default is 300
      TargetType: ip
      VpcId: !Ref VPC

  ConsulServerTargetGroupListener8301:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      DefaultActions:
        - TargetGroupArn: !Ref ConsulServerTargetGroup8301
          Type: forward
      Port: 8301
      Protocol: TCP_UDP
      LoadBalancerArn: !Ref ConsulServerLoadbalancer
  
  ConsulServerLoadbalancer:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties:
      Name: ConsulServerLoadbalancer
      IpAddressType: ipv4
      Type: network
      Scheme: internal
      SubnetMappings:
        - SubnetId: !Ref PrivateSubnet1a
        - SubnetId: !Ref PrivateSubnet1b 

然后您可以使用负载均衡器的 DNS 名称将 Consul 代理加入 consul 集群:

You can then use the DNS name of the load balancer to join a Consul agent to the consul cluster using:

        Command:
        - !Sub >-
            consul agent 
            -ui 
            -data-dir consul/data 
            -advertise '{{ GetPrivateInterfaces | include "network" "${pVPCIpRange}" | attr "address" }}'
            -client 0.0.0.0
            -retry-join ${ConsulServerLoadbalancer.DNSName}

这篇关于如何通过使用 CloudFormation 在不同 Fargate 任务中运行的 Consul 服务器将 Consul 代理加入 Consul 集群?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！