amazon-web-services - ECS任务不断抛出错误 "DockerClientConfigError: unable to get BridgeIP for task in bridge mode"

Question

ECS Console Error 我正在使用 AWS ECS 部署两项服务。第一个服务是我的前端服务(副本)，第二个服务是 Fluentbit 日志驱动程序(DAEMON)。前端服务从来没有出现过问题，并且像它应该的那样出现，通过了所有运行状况检查等。但是，当我在同一服务中部署另一个任务定义，或者部署一个单独的服务及其自己的任务定义时，我得到错误“状态原因 DockerClientConfigError:无法在桥接模式下获取任务的 BridgeIP”

这里不存在 NAT 网关不存在或任何其他问题的问题。我可以登录到 EC2 主机并进行更新、提取包等。这是我的 cloudformation 模板的片段，它显示了我如何正在设置服务。

service:
    Type: AWS::ECS::Service
    DependsOn: 
      - ALBListener
      - ECSAutoScalingGroup
    Properties:
      Cluster: !Ref 'ECSCluster'
      LaunchType: EC2
      ServiceName: vrs-client-test-service
      DeploymentController: 
        Type: ECS
      DesiredCount: 4
      PlacementStrategies:
        - Field: instanceId
          Type: spread
      LoadBalancers:
      - ContainerName: vrs-client-test
        ContainerPort: 443
        TargetGroupArn: arn:aws:elasticloadbalancing:us-east-1:<acctnumber>:targetgroup/vrs-client-test-container/e0fee39950d680ec
      TaskDefinition: !Ref 'taskdefinition'
      ServiceRegistries:
        - RegistryArn: !GetAtt DiscoveryService.Arn
          ContainerName: vrs-client-test
          ContainerPort: 443
taskdefinition:
    Type: AWS::ECS::TaskDefinition
    Properties:
      Family: !Join ['', [!Ref 'AWS::StackName', -vrs-client-test]]
      ContainerDefinitions:
      - Name: vrs-client-test
        Essential: true
        Image: <acctid>.dkr.ecr.us-east-1.amazonaws.com/vrs-client:sha.df4f418f
        Cpu: 256
        Memory: 512
        PortMappings:
          - ContainerPort: 443
            HostPort: 0
fluentservice:
    Type: AWS::ECS::Service
    Properties:
      Cluster: !Ref 'ECSCluster'
      LaunchType: EC2
      ServiceName: vrs-client-fluentbit
      DeploymentController:
        Type: ECS
      SchedulingStrategy: DAEMON
      TaskDefinition: !Ref 'taskdefinitionfluent'
taskdefinitionfluent:
    Type: AWS::ECS::TaskDefinition
    Properties:
      Family: !Join ['', [!Ref 'AWS::StackName', -vrs-client-test-fluent]]
      ContainerDefinitions:
      - Name: log_router
        FirelensConfiguration:
            Type: fluentbit
            Options:
              enable-ecs-log-metadata: true
        Essential: true
        Image: 906394416424.dkr.ecr.us-east-1.amazonaws.com/aws-for-fluent-bit:latest
        Memory: 100
        LogConfiguration:
          LogDriver: awsfirelens
          Options:
           Port: "443"
            tls: 'on'
            tls.verify: 'off'
            Format: "json_lines"

Answer 1

我在任务定义中看到了同样的错误。它有我的应用程序容器和一个 Fluent-bit 容器。 Fluent-bit 容器被配置为从应用程序容器安装卷。因此 ECS 尝试首先启动应用程序容器。

有人向我指出了这个 AWS 文档:https://docs.aws.amazon.com/AmazonECS/latest/userguide/using_firelens.html

For tasks that use the bridge network mode, the container with the FireLens configuration must start before any application containers that rely on it start. To control the start order of your containers, use dependency conditions in your task definition. For more information, see Container dependency.

Note: If you use dependency condition parameters in container definitions with a FireLens configuration, ensure that each container has a START or HEALTHY condition requirement.

所以要实现这个，

1. 我通过让应用容器从 Fluent-bit 容器挂载卷来反转依赖关系。
2. 此外，我还使用依赖项配置来强制 Fluent-bit 容器在 App 容器之前启动。

现在任务定义正在完美运行!

此外，我之前的设置(使用 Fluent-bit 容器，具体取决于应用程序容器)在网络模式 = awsvpc 下运行良好

当我将网络模式切换为桥接时，我开始收到无法获取 BridgeIP 错误。