Aws-cdk: ECS needs AppMesh proxy configuration support
:question: How do I configure AppMesh Proxy Configuration using Python CDK for ECS
The Question
Referencing this issue:
https://github.com/aws/aws-cdk/issues/2297 ((AppMesh): Create L2 Construct for AWS AppMesh)
I can see it uses a property override to configure the envoy proxy
I cannot see how I can leverage this technique using the Python CDK which appears not to support the same type of override, and I cannot find Python documentation on this matter.
I have tried the add_override method of CfnCustomResource, but this does not appear to be the same thing.
So, pending an expansion of the CDK to allow L1 access to the Proxy settings in a task definition, is it possible to achieve the above workaround in the Python CDK please? If so, how might this be done?
Environment
- CDK CLI Version: 1.8.0 (build 5244f97)
- Module Version: 1.8.0
- OS: debian 10
- Language: Python
Other information
gary-cowell
All 6 comments
@gary-cowell afaik in CDK 1.8.0 (Python) AppMesh is not fully integrated.
In fact I have the same issue. I created the AppMesh, Virtual services, Virtual nodes, Virtual Routers and routes. I've the envoy side car container running, but without the proxy configuration it is not possible to pass traffic to it.
L2 constructs or options to enable proxy functionality is missing.
Only way that I'm aware of is to create own L2 construct but I haven't tried it yet.
tsykora-verimatrix
on 19 Sep 2019
You're right, this requires more feature support on ECS' end. Tagging in @pkandasamy91.
In the mean time, I'm not sure what you mean by "I cannot see how I can leverage this technique using the Python CDK which appears not to support the same type of override".
The TypeScript code you linked should translate over to Python according to the language translation rules.
Something like the following should work:
cfn_def = task_definition.node.find_child('Resource')
cfn_def.add_property_override('ProxyConfiguration', {
'Type': 'APPMESH',
'ContainerName': 'envoy',
'ProxyConfigurationProperties': [
{
'Name': 'IgnoredUID',
'Value': '1337',
},
{
'Name': 'ProxyIngressPort',
'Value': '15000',
},
{
'Name': 'ProxyEgressPort',
'Value': '15001',
},
{
'Name': 'AppPorts',
'Value': [YOUR-APP-PORTS],
},
{
'Name': 'EgressIgnoredIPs',
'Value': '169.254.170.2,169.254.169.254',
},
],
});
Does it not? And if it doesn't, can you please be more specific about the errors or behavior you're seeing?
rix0rrr
on 20 Sep 2019
Yes sorry , I was [and still am a bit] getting bogged down in the typescript->Python language translation and missed how to leverage the add_property_override. This did in fact solve my problem in the short term of being able to enable ProxyConfiguration on my task definitions, pending a cleaner way.
Thank you.
gary-cowell
on 20 Sep 2019
@rix0rrr (and @gary-cowell fyi) the override above will accept just a single app port.
tsykora-verimatrix
on 21 Sep 2019
@gary-cowell proxyConfiguration support should now be available in the CDK: https://github.com/aws/aws-cdk/pull/4007/files. Please let us know if this does not solve your issue.
piradeepk
on 4 Oct 2019
Closing this issue. Please reopen if PR: https://github.com/aws/aws-cdk/pull/4007 does not solve your issue.
piradeepk
on 7 Oct 2019
Related issues
nzspambot
路
3Comments
artyom-melnikov
路
3Comments
peterdeme
路
3Comments
kawamoto
路
3Comments
EduardTheThird
路
3Comments
Most helpful comment
You're right, this requires more feature support on ECS' end. Tagging in @pkandasamy91.
In the mean time, I'm not sure what you mean by "I cannot see how I can leverage this technique using the Python CDK which appears not to support the same type of override".
The TypeScript code you linked should translate over to Python according to the language translation rules.
Something like the following should work:
Does it not? And if it doesn't, can you please be more specific about the errors or behavior you're seeing?