无法通过服务发现连接两个 ECS 服务 [英] Cannot connect two ECS services via Service Discovery
问题描述
我是 AWS 的新手,我正在尝试将简单的应用程序部署到 AWS ECS.我有两个简单的 docker 容器,在 ECS Fargate 中运行:
I am new to AWS and I am trying to deploy simple app to AWS ECS. I have two simple docker containers, running in ECS Fargate:
- ‘Frontend’:Vue Js 应用,向后端发出单个请求;
- ‘Backend’:Django 应用,为请求提供服务;
这两项服务都在同一个集群中启动,在默认 VPC 和同一个公共子网中.对于后端",我配置了服务发现:命名空间 - 测试,服务发现名称 - 后端.安全组配置为允许所有流量.
Both services were launched within the same cluster, in default VPC and the same, single public subnet. For ‘Backend’ I configured Service Discovery: Namespace – test, Service Discovery Name – backend. Security group configured to allow All Traffic.
所以,问题是前端发出请求时:
So, the problem is when frontend makes request:
axios.get('http://backend.test:8000/api/get-test/')
我收到错误:无法加载资源:net::ERR_NAME_NOT_RESOLVED backend.test:8000/api/get-test/
但是,在 AWS Cloud9 命令中执行:dig +short backend.test 返回正确的后端容器私有 IP.
However, executing in AWS Cloud9 command: dig +short backend.test returns correct private IP of the backend container.
当我将请求更改为类似
When I change request to something like
axios.get('http://172.17.3.85:8000/api/get-test/')
其中 172.17.3.85 是后端容器的有效私有 IP,我收到以下错误:
where 172.17.3.85 is valid private IP of the backend container, I got following error:
GET http://172.17.3.85:8000/api/get-test/net::ERR_CONNECTION_TIMED_OUT
但是,如果我在同一个 VPC 和子网中分出 EC2 实例并通过 SSH 连接到它,我可以 ping 后端容器和请求 -
However, if I spin out EC2 instance in the same VPC and subnet and SSH to it, I can ping backend container, and requests -
curl -v http://172.17.3.85:8000/api/get-test/
以及
curl -v http://backend.test:8000/api/get-test/
返回所需的响应.
一切都按预期工作的唯一情况是请求类似于
The only case when everything is working as expected is when the request is like
axios.get('http://3.18.59.133:8000/api/get-test/'),
其中 3.18.59.133 是后端容器的有效公共 IP.
where 3.18.59.133 is valid Public IP of the backend container.
我将不胜感激任何关于进一步查看或如何通过服务发现连接两个容器的建议,因为我现在没有想法.
I would appreciate any suggestion where look further or how to connect two containers via service discovery as right now I am out of ideas.
推荐答案
根据评论和问题描述中的讨论,原因是Frontend': Vue Js app 在客户端执行,例如在浏览器中.
Based on the discussion in comments and description of the problem, the reason is that the Frontend’: Vue Js app executes on the client side, for example, in the browser.
这解释了所有描述和讨论的问题:
This explains all the issues described and discussed:
axios.get('http://backend.test:8000/api/get-test/')在客户端上不起作用您无法解析私有托管区域.
axios.get('http://backend.test:8000/api/get-test/')does not work as on the client side you can't resolve privte hosted zone.
axios.get('http://172.17.3.85:8000/api/get-test/') 不起作用,因为 172.17.3.85 仅在 VPC 中有效,在客户端网络中无效.
axios.get('http://172.17.3.85:8000/api/get-test/') does not work because the 172.17.3.85 is valid only in the VPC, not on the client's network.
在同一 VPC、子网和 SSH 中分出 EC2 实例 工作,因为私有托管区域可以在 VPC 内解析.
spin out EC2 instance in the same VPC and subnet and SSH works because private hosted zones can be resolved inside VPC.
axios.get('http://3.18.59.133:8000/api/get-test/') 有效 因为可以使用公共 IP在clinet方面,与私有IP不同.
axios.get('http://3.18.59.133:8000/api/get-test/') works because public IP can be used on the clinet side, unlike private IPs.
这篇关于无法通过服务发现连接两个 ECS 服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
