我有一个 Fargate 容器,其访问点配置为使用 AWS 的 EFS。该卷似乎已正确安装,但写入其中的数据不会保留。
6.00 KiBposixUser因此,容器可以读取和挂载文件系统,但是写入挂载的卷不会影响 EFS 卷。
我尝试过切换加密、修改用户、更改任务和执行角色,并且我拥有端口 2049 和 22 的权限。我还花了最后 5 天时间阅读我的容器日志并一遍又一遍地重新部署。我现在完全没有希望,任何帮助将不胜感激🐸❤️
代码片段:https://gist.github.com/zvictor/eedb2b5ca6756cd05e5def9081a4442e🚀
import * as cdk from 'aws-cdk-lib'
import * as ec2 from 'aws-cdk-lib/aws-ec2'
import * as ecs from 'aws-cdk-lib/aws-ecs'
import * as efs from 'aws-cdk-lib/aws-efs'
import * as logs from 'aws-cdk-lib/aws-logs'
export class BaseStack extends cdk.Stack {
constructor(scope: cdk.App, id: string, environment: Record<string, string>, props?: cdk.StackProps) {
super(scope, id, props)
const vpc = new ec2.Vpc(this, `${id}-Vpc`, {
natGateways: 0,
maxAzs: 2,
enableDnsHostnames: true,
enableDnsSupport: true,
})
const securityGroup = new ec2.SecurityGroup(this, `${id}-security-group`, {
vpc,
allowAllOutbound: true,
})
const cluster = new ecs.Cluster(this, `${id}-Cluster`, {
vpc,
})
const fileSystem = new efs.FileSystem(this, `${id}-FileSystem`, {
vpc,
encrypted: true,
performanceMode: efs.PerformanceMode.MAX_IO,
lifecyclePolicy: efs.LifecyclePolicy.AFTER_7_DAYS,
removalPolicy: cdk.RemovalPolicy.RETAIN,
})
fileSystem.connections.addSecurityGroup(securityGroup)
fileSystem.connections.allowInternally(ec2.Port.tcp(22))
fileSystem.connections.allowInternally(ec2.Port.tcp(2049))
const accessPoint = new efs.AccessPoint(this, `${id}-AccessPoint`, {
fileSystem,
path: '/data',
createAcl: {
ownerGid: '999', // user created in Dockerfile
ownerUid: '999', // user created in Dockerfile
permissions: '777',
},
posixUser: {
uid: '999', // user created in Dockerfile
gid: '999', // user created in Dockerfile
},
})
const volumeName = 'efs-data'
const image = ecs.ContainerImage.fromAsset('../services/whatsapp-listener', {
file: './deployment/Dockerfile',
})
const taskDefinition = new ecs.TaskDefinition(this, `${id}-TaskDefinition`, {
family: `${id}-TaskDefinition`,
memoryMiB: `512`,
cpu: `256`,
compatibility: ecs.Compatibility.EC2_AND_FARGATE,
networkMode: ecs.NetworkMode.AWS_VPC,
})
taskDefinition.addVolume({
name: volumeName,
efsVolumeConfiguration: {
fileSystemId: fileSystem.fileSystemId,
transitEncryption: 'ENABLED',
authorizationConfig: {
accessPointId: accessPoint.accessPointId,
},
},
})
const logGroup = new logs.LogGroup(this, `${id}-ContainerLogGroup`, {
logGroupName: `${id}-LogGroup`,
removalPolicy: cdk.RemovalPolicy.DESTROY,
retention: logs.RetentionDays.ONE_WEEK,
})
const logging = new ecs.AwsLogDriver({
logGroup,
streamPrefix: id,
mode: ecs.AwsLogDriverMode.NON_BLOCKING,
})
const container = taskDefinition.addContainer(`${id}-Container`, {
image,
memoryLimitMiB: 512,
cpu: 256,
logging,
environment,
})
container.addMountPoints({
containerPath: '/data',
sourceVolume: volumeName,
readOnly: false,
})
const service = new ecs.FargateService(this, `${id}-Service`, {
enableExecuteCommand: true,
taskDefinition,
desiredCount: 1,
cluster,
vpcSubnets: { subnets: vpc.publicSubnets },
securityGroups: [securityGroup],
capacityProviderStrategies: [
{
capacityProvider: 'FARGATE_SPOT',
weight: 100,
base: 1,
},
{
capacityProvider: 'FARGATE',
weight: 1,
},
],
assignPublicIp: true,
})
}
}