我有一个带有VPC的EKS集群,其中包含几个pod和服务一个pod连接到使用LoadBalancer类型定义的服务。负载平衡器是内部的(在PVC上运行(
我在部署吊舱和服务后遇到了一个奇怪的问题:
在部署完成后;kubectl获取svc";并复制了外部IP,IP看起来像这样:
internal-XXXXXXXXXXXXXXXXXXXXX.<region>.elb.amazonaws.com
我测试了我的笔记本电脑(连接到VPC的(的连接,并运行以下
telnet internal-XXXXXXXXXXXXXXXXXXXXX.<region>.elb.amazonaws.com 8081
并得到以下响应
Trying 10.0.0.1 (some internal IP)...
Connected to internal-XXXXXXXXXXXXXXXXXXXXX.<region>.elb.amazonaws.com
所以结果基本上说我可以访问服务后面的pod,但当我运行WGET命令时,我得到了以下结果
--2020-10-05 13:55:14-- http://internal-XXXXXXXXXXXXXXXXXXXXX.<region>.elb.amazonaws.com:8081/
Resolving internal-XXXXXXXXXXXXXXXXXXXXX.<region>.elb.amazonaws.com (internal-XXXXXXXXXXXXXXXXXXXXX.<region>.elb.amazonaws.com)... 10.0.0.1, 10.0.0.2
Connecting to internal-XXXXXXXXXXXXXXXXXXXXX.<region>.elb.amazonaws.com (internal-XXXXXXXXXXXXXXXXXXXXX.<region>.elb.amazonaws.com)|10.0.0.1|:8081... connected.
HTTP request sent, awaiting response... Read error (Operation timed out) in headers.
Retrying.
但是,当我在EKS上运行的其他pod中运行相同的WGET命令时,我得到了有效的响应(下载了index.html文件(
因此,该pod似乎只能从EKS中的其他pod访问,而不能从EKS外部访问(尽管有到服务的连接(
有人也遇到同样的问题,可以提供帮助吗?以下是我的吊舱和服务描述输出:
服务:
Name: service
Namespace: default
Labels: app.kubernetes.io/managed-by=Helm
Annotations: meta.helm.sh/release-name: help_repo
meta.helm.sh/release-namespace: default
service.beta.kubernetes.io/aws-load-balancer-internal: true
Selector: app=test-app
Type: LoadBalancer
IP: 172.X.X.X
LoadBalancer Ingress: internal-XXXXXXXXXXXXXXXXXXXXX.<region>.elb.amazonaws.com
Port: rpc 6123/TCP
TargetPort: 6123/TCP
NodePort: rpc 32648/TCP
Endpoints: **<same-pod-ip>**:6123
Port: blob 6124/TCP
TargetPort: 6124/TCP
NodePort: blob 31041/TCP
Endpoints: **<same-pod-ip>**:6124
Port: ui 8081/TCP
TargetPort: 8081/TCP
NodePort: ui 30608/TCP
Endpoints: **<same-pod-ip>**:8081
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
吊舱:
Name: test-app-ff8c566c7-rfkrh
Namespace: default
Priority: 0
Node: <node ip>
Start Time: Mon, 05 Oct 2020 13:42:19 +0300
Labels: app=test-app
pod-template-hash=ff8c566c7
Annotations: kubernetes.io/psp: eks.privileged
Status: Running
IP: **<same-pod ip>**
IPs:
IP: **<same-pod ip>**
Controlled By: ReplicaSet/test-app-ff8c566c7
Containers:
test-app:
Container ID: docker://XXXXXXXXX
Image: ECR_URL
Ports: 6123/TCP, 6124/TCP, 8081/TCP
Host Ports: 0/TCP, 0/TCP, 0/TCP
Args: <run app command>
State: Running
Started: Mon, 05 Oct 2020 13:42:33 +0300
Ready: True
Restart Count: 0
Liveness: tcp-socket :6123 delay=30s timeout=1s period=60s #success=1 #failure=3
Environment: <none>
谢谢!
您可以使用Ingress,根据定义,这是集群的入口。在EKS中,您应该使用名为"的入口控制器;alb";,意思是";应用程序负载均衡器";。你可以使用的入口看起来像:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: <your-ingress-name>
annotations:
kubernetes.io/ingress.class: alb
# required to use ClusterIP
alb.ingress.kubernetes.io/target-type: ip
# required to place on public-subnet
alb.ingress.kubernetes.io/scheme: internet-facing
# use TLS registered to our domain, ALB will terminate the certificate
alb.ingress.kubernetes.io/certificate-arn: <acm-certificate-arn>
# respond to both ports
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
# redirect to port 80 to port 443
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
spec:
rules:
- host: <your.host.com>
http:
paths:
- backend:
serviceName: <your-service-name> # this should be a ClusterIp service
servicePort: <yout-service-port>
path: /
重要:这将在您的aws帐户中提供应用程序负载均衡器
之后,您可以将主机名流量重定向到应用程序负载均衡器。如果您正在使用Route53,您可以按照本教程进行操作。