AWS ECS Fargate, redirect traffic to sidecar proxy like envoy

I have a use case that I need to redirect incoming traffic and outgoing traffic to and from Fargate Task thru a sidecar proxy, to do so I need to manipulate ip table rules in the host level my questions : 1- is there any why to manipulate fargate host potable 2- is there any alternative solution to achieve the same use case (I not that ECS service connect dose the same thing, but since it doesn't support TLS, so I need to inject my own custom envoy proxy)

thank in advance for your feedback yes

トピック

サーバーレスコンテナ

タグ

AWS Fargate

言語

English

Youez

質問済み 10ヶ月前1297ビュー

1回答

新しい順
投票が多い順
コメントが多い順

これらの回答は役に立ちましたか？コミュニティがあなたの知識を活用できるように、正解に賛成票を投じてください。

Hi,

Using an Envoy sidecar with ECS / Fargate has been possible for a long time: see this very detailled blog post about such a setup https://aws.amazon.com/blogs/compute/setting-up-an-envoy-front-proxy-on-amazon-ecs/

But, AWS recently proposed new options to achieve same goal with Amazon ECS Service Connect enabling easy Communication between microservices. That it what you probably should analyze first: https://aws.amazon.com/blogs/aws/new-amazon-ecs-service-connect-enabling-easy-communication-between-microservices/

Hope it helps!

DIdier

エキスパート

Didier_Durand

回答済み 10ヶ月前

Youez
10ヶ月前
Thanks for you answer, I have read this article, my question is how to capture traffic and redirect it to upstream, let's say that I have a container that expose endpoint on port 8080, I want to inject sidecar that listen to port 15020, and route all traffic coming to the task including 8080 to localhost:15020, by doing so I force all coming traffic to go thru envoy proxy. same thing for outgoing traffic, force all traffic out of container, let's say to googole.com to got through envoy proxy. As I said AWS service connect do pretty the some thing, but it has some limitation like TLS support and static service discovery

AWS ECS Fargate, redirect traffic to sidecar proxy like envoy

関連するコンテンツ