amazon-ecs

问题 We use a Docker registry inside our AWS VPC that is not accessible externally. We want to be able to launch tasks in ECS from this registry, however we see that the service is only ever at a PENDING state because the Docker daemon isn't able to access the registry. I have found a sort of workaround by changing the launch configuration's user data but it doesn't feel like I'm doing this the best way: #!/bin/bash echo ECS_CLUSTER=MY_CLUSTER_NAME >> /etc/ecs/ecs.config echo OPTIONS=--insecure

问题 I know that GKE is driven by kubernetes underneath. But I don't seem to still get is that what part is taken care by GKE and what by k8s in the layering? The main purpose of both, as it appears to me is to manage containers in a cluster. Basically, I am looking for a simpler explanation with an example. 回答1: in short GKE is a managed/hosted Kubernetes (i.e. it is managed for you so you can concentrate on running your pods/containers applications) Kubernetes does handle: running pods,

问题 We want to create ScheduledTasks in AWS ECS via CloudFormation. Is there a programmatic way to create via boto or cloudformation? 回答1: In order to define a scheduled ECS task in CloudFormation, you need to define a "AWS::Events::Rule" resource with an ECS task as a target. "TaskSchedule": { "Type": "AWS::Events::Rule", "Properties": { "Description": "dump data every workday at 10", "Name": "dump-data", "ScheduleExpression": "cron(0 10 ? * MON-FRI *)", "State": "ENABLED", "Targets": [ { "Id":

问题 We are using Eureka with AWS ECS service that can scale docker containers. In ECS if you leave out the host port, or specify it as being '0', in your task definition, then the port will be chosen automatically and reported back to the service. After the task is running, describing it should show what port(s) it bound to. How does Eureka can resolve what port to use if we have several EC2 instance. For example Service A from EC2-A try to call Service B from EC2-B. So Eureka can resolve

问题 I have several services running in docker containers on Amazon ECS and am assigning percentages of the total system memory for each service. In my ansible/roles/ecs_cluster_init/defaults/main.yaml file I have the following entries: docker_memory_limit_service1: 17 docker_memory_limit_service2: 12 docker_memory_limit_service3: 16 docker_memory_limit_service4: 10 docker_memory_limit_service5: 16 docker_memory_limit_service6: 10 total_system_memory : 2048 Service1 should get 17% of the total

问题 I went through the firstRun steps here (AWS login required). I have uploaded a docker image to the ECR and the cluster launches successfully, all steps succeed ( ECS status - 4 of 4 complete and EC2 instance status - 14 of 14 complete ). There is no instance attached to the cluster although it is running (see screenshots). What am I doing wrong? 回答1: The permissions were missing, or in other words, EMR_EC2_DefaultRule wasn't a AmazonEC2ContainerServiceforEC2Role . It's explained here. Would

问题 I have nginx container in AWS that does reverse proxy for my website e.g. https://example.com. I have backend services that automatically register in local DNS - aws.local (this is done by AWS ECS Auto-Discovery). The problem I have is that nginx is only resolving name to IP during start, so when service container is rebooted and gets new IP, nginx still tries old IP and I have "502 Bad Gateway" error. Here is a code that I am running: worker_processes 1; events { worker_connections 1024; }

问题 I have hosted our applications on ECS Cluster (EC2 Mode) in a private subnet. I am facing problem with inter-service communication. I have set task networking mode as bridge. Depending on Route53 private hosted zone for service discovery. The services are getting registered under Route53 with SRV record type. Using . for pointing to our hosted service. For example, I have hosted redis container with namespace "local" and service name as "redisdb" then referring that service in application as

问题 Below authentication can be implemented using certificates(client & server), for any human user using docker client that talks to docker daemon: But, jenkins pipeline also run docker commands to talk to docker daemon. How to authenticate jenkins pipeline to run specific docker commands? where this pipeline is launched as jenkins slave container in AWS EC2 on every new commit in Git..... Does ECS cluster approach in launching pipeline task help in authentication? 回答1: You can run docker login

问题 Amazon ECS Service Discovery makes it possible for an ECS service to automatically register itself with a predictable and friendly DNS name in Amazon Route 53, for example backend.corp However, assuming the use case of a web based app, host is not enough to communicate with service - also port number is required, especially when using dynamic port allocation on host(fixed container port is mapped to random host port) How to manage dynamic port allocation with ECS Service Discovery? Sure, it