EKS外部未返回响应的EKS服务
EKS外部未返回响应的EKS服务
提问于 2020-10-05 11:17:05
我有一个带有VPC的EKS集群,它包含一对豆荚和服务,一个吊舱连接到一个用LoadBalancer类型定义的服务。负载平衡器是内部的(在PVC上运行)。
在部署吊舱和服务之后,我遇到了一些奇怪的问题:
在部署完成后,我运行了"kubectl get svc“并复制了外部IP,ip看起来如下所示:
internal-XXXXXXXXXXXXXXXXXXXXX.<region>.elb.amazonaws.com我从我的笔记本电脑(连接到VPC)上测试连接,并运行以下命令
telnet internal-XXXXXXXXXXXXXXXXXXXXX.<region>.elb.amazonaws.com 8081得到了如下的回应
Trying 10.0.0.1 (some internal IP)...
Connected to internal-XXXXXXXXXXXXXXXXXXXXX.<region>.elb.amazonaws.com因此,结果基本上是说我可以访问服务背后的吊舱,但是当我运行WGET命令时,我得到了以下结果
--2020-10-05 13:55:14-- http://internal-XXXXXXXXXXXXXXXXXXXXX.<region>.elb.amazonaws.com:8081/
Resolving internal-XXXXXXXXXXXXXXXXXXXXX.<region>.elb.amazonaws.com (internal-XXXXXXXXXXXXXXXXXXXXX.<region>.elb.amazonaws.com)... 10.0.0.1, 10.0.0.2
Connecting to internal-XXXXXXXXXXXXXXXXXXXXX.<region>.elb.amazonaws.com (internal-XXXXXXXXXXXXXXXXXXXXX.<region>.elb.amazonaws.com)|10.0.0.1|:8081... connected.
HTTP request sent, awaiting response... Read error (Operation timed out) in headers.
Retrying.但是当我在其他pod上运行相同的WGET命令时,我得到了一个有效的响应(下载了index.html文件)。
因此,吊舱似乎只能从EKS中的其他吊舱,而不是从EKS外部(尽管与服务有连接)才能通过服务访问。
谁也经历过同样的问题,并能提供帮助吗?下面是我的吊舱和服务描述输出:
服务:
Name: service
Namespace: default
Labels: app.kubernetes.io/managed-by=Helm
Annotations: meta.helm.sh/release-name: help_repo
meta.helm.sh/release-namespace: default
service.beta.kubernetes.io/aws-load-balancer-internal: true
Selector: app=test-app
Type: LoadBalancer
IP: 172.X.X.X
LoadBalancer Ingress: internal-XXXXXXXXXXXXXXXXXXXXX.<region>.elb.amazonaws.com
Port: rpc 6123/TCP
TargetPort: 6123/TCP
NodePort: rpc 32648/TCP
Endpoints: **<same-pod-ip>**:6123
Port: blob 6124/TCP
TargetPort: 6124/TCP
NodePort: blob 31041/TCP
Endpoints: **<same-pod-ip>**:6124
Port: ui 8081/TCP
TargetPort: 8081/TCP
NodePort: ui 30608/TCP
Endpoints: **<same-pod-ip>**:8081
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>豆荚:
Name: test-app-ff8c566c7-rfkrh
Namespace: default
Priority: 0
Node: <node ip>
Start Time: Mon, 05 Oct 2020 13:42:19 +0300
Labels: app=test-app
pod-template-hash=ff8c566c7
Annotations: kubernetes.io/psp: eks.privileged
Status: Running
IP: **<same-pod ip>**
IPs:
IP: **<same-pod ip>**
Controlled By: ReplicaSet/test-app-ff8c566c7
Containers:
test-app:
Container ID: docker://XXXXXXXXX
Image: ECR_URL
Ports: 6123/TCP, 6124/TCP, 8081/TCP
Host Ports: 0/TCP, 0/TCP, 0/TCP
Args: <run app command>
State: Running
Started: Mon, 05 Oct 2020 13:42:33 +0300
Ready: True
Restart Count: 0
Liveness: tcp-socket :6123 delay=30s timeout=1s period=60s #success=1 #failure=3
Environment: <none>谢谢!
回答 1
Stack Overflow用户
发布于 2021-03-05 13:57:03
您可以使用入口,根据定义,这是您的集群的入口。在EKS中,您应该使用名为"alb“的侵入控制器,意思是”应用程序负载均衡器“。你可以用的入口看起来像:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: <your-ingress-name>
annotations:
kubernetes.io/ingress.class: alb
# required to use ClusterIP
alb.ingress.kubernetes.io/target-type: ip
# required to place on public-subnet
alb.ingress.kubernetes.io/scheme: internet-facing
# use TLS registered to our domain, ALB will terminate the certificate
alb.ingress.kubernetes.io/certificate-arn: <acm-certificate-arn>
# respond to both ports
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
# redirect to port 80 to port 443
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
spec:
rules:
- host: <your.host.com>
http:
paths:
- backend:
serviceName: <your-service-name> # this should be a ClusterIp service
servicePort: <yout-service-port>
path: /重要:这将在您的aws帐户中提供一个应用程序负载均衡器
之后,您可以将主机名流量重定向到应用程序负载均衡器。如果您正在使用Route53,则可以跟踪本教程。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/64207564
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号