如何使AWS ECS自动将我的容器的端口映射到主机(EC2) [英] How to have AWS ECS automatically map ports of my container to the host machine(EC2)
问题描述
我正在使用Circle CI的 aws-ecs/deploy-service-update orb通过在AWS ECR中提取最新映像并将其部署在具有AWS EC2实例的AWS ECS中来部署我的docker容器.这个容器是一个机器学习模型,它在TCP端口3000上接受API请求(我正在为此使用 fastAPI )并返回预测.部署之后,我无法将请求发送到在端口3000上部署容器的任务的容器实例的公共IP(此IP不是我的EC2实例的公共IP;它只有私有IP,并且已禁用公共IP)
I am using Circle CI's aws-ecs/deploy-service-update orb to deploy my docker container by pulling the latest image in AWS ECR and deploy it in AWS ECS with AWS EC2 instance. This container is a Machine Learning model that accepts API requests at TCP port 3000(I am using fastAPI for this) and returns the predictions. After I deployed it I couldn't send requests to the public IP of the container instance of the task that deploys the container at port 3000 (This IP is not my EC2 instance's public IP; it only has private IP and public IP is disable).
- 我检查了我的安全组,并确保将端口3000打开以接收来自所有IP(0.0.0.0)的请求,这是入站规则的一部分.
- 我停止了任务(这会自动停止在EC2实例中运行的容器),并认为Circle CI可能出了点问题.然后,根据服务配置(1个所需任务)和AWS ECS的任务定义,新任务已自动启动(因此为容器).但是,我也无法发送请求.
- 我通过SSH进入我的EC2实例,以了解端口3000是否打开.这是什么时候我才知道端口根本没有映射:
如您所见,该容器的PORTS列为空,并且该容器必须接受命令在端口3000处发出的请求.
这是EC2实例的开放端口:如您所见,端口3000未在此处列出.
And here are the open ports of the EC2 instance: As you can see, port 3000 is not listed here.
以下是带有端口映射的任务,该任务已将容器部署到(向AWS ECS部署)您在上面的 docker ps 屏幕截图中看到了:
在任务定义中,您可以看到我为容器定义的端口映射.
Here is the task with port mappings which deployed the container (to AWS ECS) that you see docker ps screenshot above:
In the task definition, you can see the port mappings I have defined for the container.
这是在EC2实例上运行的任务,上面显示了任务定义,并且我正在使用的网络模式是"awsvpc":
Here is the task running on my EC2 instance with the task-definition shown above and the network mode I am using is 'awsvpc':
这是网络"与任务关联的ENI标签,以及与任务在其中运行的EC2实例关联的安全组的入站规则,该规则从所有IP接受端口3000上的请求.
Here's the "Networking" tab of ENI associated with the task, and also the inbound rule of the security group associated with the EC2 instance that the task is running inside, which accepts requests on port 3000 from all IPs.
我做完之后
docker run -p 3000:3000 <my-image:my-tag>
在EC2机器内部(通过我的笔记本电脑通过SSH进行连接),我可以发送API请求并收到对容器的正确响应,以对其AWS ECS集群的公用IP进行响应.这意味着仅当我手动运行容器时,端口才被映射.
inside the EC2 machine(by SSHing from my laptop), I could send API requests and receive proper response to the container to it's public IP, of the cluster of AWS ECS. This means that ports are being mapped only when I run the container manually.
使用FARGATE,从Circle CI更新服务甚至手动启动任务时,端口都没有问题.
I had no problems with ports when I used FARGATE, when I updated the service from Circle CI or even when I manually started tasks.
那么,当从AWS ECS服务仪表板或Circle CI运行任务时,如何自动映射端口?如果手动运行docker容器,将无法从AWS Cloudwatch自动获取日志,也无法从AWS ECS仪表板停止日志.AWS的另一个在EC2实例中运行的容器将负责处理这些事情.它将日志发送到Cloudwatch并接受停止现有日志并启动命令以使用存储在AWS ECR中的新映像启动新容器,而无需每次我想查看日志或启动/停止容器时都使用SSH.
So, how to automatically map ports when a task is run from AWS ECS service dashboard or from Circle CI? If I run docker container manually, I will not be able to get logs automatically from AWS Cloudwatch and will not be able to stop it from AWS ECS dashboard. Another container by AWS that is running in EC2 instance will take care of those things. It will route the logs to Cloudwatch and accepts stop the existing one and start commands to start a new container with new image stored in AWS ECR, without having to SSH everytime I would want to look at logs or start/stop containers.
这里出了什么问题,导致未映射端口以及如何修复它和正确映射端口,因此我将能够向我的容器发送API请求.
What has gone wrong here, which led to ports not being mapped and How do I fix it and map ports properly, so i will be able to send API requests to my container.
推荐答案
我犯的错误是使用FARGATE优化集群和其中的EC2实例.这大概导致我的应用程序无法使用任何网络模式(默认,网桥,主机,awsvpc和无).因此,当我重做与上次相同的所有内容时,但是使用EC2优化的群集类型, bridge 网络模式按预期工作.
The mistake I had done was to use FARGATE optimised cluster and an EC2 instance inside it; which presumably had led to no network mode(default, bridge, host, awsvpc and none) work for my application. So, when I redid everything same as last time, but with EC2 optimised cluster type, bridge network mode worked just as expected.
这篇关于如何使AWS ECS自动将我的容器的端口映射到主机(EC2)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
