i在我的EKS群集中部署了一个内部nginx-ingress-controller,并在专用网络上部署了节点。
controller:
ingressClassByName: true
ingressClassResource:
name: nginx-ingress-controller
enabled: true
default: false
controllerValue: "k8s.io/ingress-nginx-internal"
kind: DaemonSet
service:
type: LoadBalancer
external:
enabled: false
externalTrafficPolicy: Local
internal:
enabled: true
annotations:
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
service.beta.kubernetes.io/aws-load-balancer-target-type: "ip"
service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
service.beta.kubernetes.io/aws-load-balancer-name: "k8s-nlb"
service.beta.kubernetes.io/aws-load-balancer-scheme: "internal"
service.beta.kubernetes.io/aws-load-balancer-subnets: "subnet-123, subnet-456"
我也可以看到负载量
➜ ~ kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-private-controller-admission ClusterIP 172.20.213.239 <none> 443/TCP 10m
ingress-nginx-private-controller-internal LoadBalancer 172.20.21.126 ad6cf7cdec1a148dfa354e73edba86c8-d17c74cfbc4dbba0.elb.eu-central-1.amazonaws.com 80:30516/TCP,443:31361/TCP 10m
I在默认名称空间中创建了一个示例POD,当我对内部loadBalancer进行卷曲时,我可以看到DNS分辨率到private-IP,但是连接连接到80端口时的连接时间是按时的。
curl -iv ad6cf7cdec1a148dfa354e73edba86c8-d17c74cfbc4dbba0.elb.eu-central-1.amazonaws.com
* Host ad6cf7cdec1a148dfa354e73edba86c8-d17c74cfbc4dbba0.elb.eu-central-1.amazonaws.com:80 was resolved.
* IPv6: (none)
* IPv4: 10.12.4.100, 10.12.5.26, 10.12.6.75
* Trying 10.12.4.100:80...
* connect to 10.12.4.100 port 80 from 10.12.5.175 port 33858 failed: Operation timed out
* Trying 10.12.5.26:80...
* ipv4 connect timeout after 85044ms, move on!
* Trying 10.12.6.75:80...
* Connection timed out after 300006 milliseconds
* closing connection #0
curl: (28) Connection timed out after 300006 milliseconds
当我像this this this this this this thise时,可以访问80
➜ ~ sudo kubectl port-forward svc/ingress-nginx-private-controller-internal -n ingress-nginx 80:80
Password:
Forwarding from 127.0.0.1:80 -> 80
Forwarding from [::1]:80 -> 80
Handling connection for 80
➜ ~ curl -iv localhost
* Host localhost:80 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
* Trying [::1]:80...
* Connected to localhost (::1) port 80
> GET / HTTP/1.1
> Host: localhost
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 404 Not Found
HTTP/1.1 404 Not Found
< Date: Wed, 19 Mar 2025 04:43:40 GMT
Date: Wed, 19 Mar 2025 04:43:40 GMT
< Content-Type: text/html
Content-Type: text/html
< Content-Length: 146
Content-Length: 146
< Connection: keep-alive
Connection: keep-alive
<
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Connection #0 to host localhost left intact
有人可以告诉我我如何想念什么?以及如何从VPC中的任何IP访问内部载荷器?
可能是由多件事引起的,但是由于您面临超时错误,因此可以从检查以下配置开始。
verify在负载平衡器上附加的安全组
确保它具有入站规则,可从VPC CIDR(IPv4 | IPv6)范围内的端口80和443上的流量
aws ec2 describe-subnets --subnet-ids subnet-123 subnet-456
mappubliciponLaunch的look:false和私密的nameoptions确认这些子网是真正的私有。 3。检查Kubernetes网络政策 如果您启用了网络电池,它们可能会阻止负载平衡器和Ingress Controller Pods之间的流量。列出您的网络政策:
kubectl get networkpolicies -A