我在AWS EKS中运行了以下集群:
Kubernetes Version: 1.22
AWS load balancer controller version: v2.4.1
Node type: Managed Node我在阅读一篇文章,我们可以通过使用NGINX负载均衡器控制器来使用Ingress控制器(内部)来顶部NLB。Link
我想使用AWS负载平衡器控制器实现相同的功能,因为我必须将AWS WAF与Ingress控制器附带的应用程序负载平衡器集成,现在只使用Ingress控制器和NodePort服务,导致间歇性连接问题,我可以看到这是一个已知的Link
但我只想使用AWS负载均衡控制器
我已经实现了服务,它部署了一个面向互联网的网络负载平衡器,它似乎工作得很好。
service.yaml(网络负载均衡器)
apiVersion: v1
kind: Service
metadata:
name: my-app-svc
namespace: test
annotations:
# Note that the backend talks over HTTP.
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: <Certificate ARN>
# Only run SSL on the port named "https" below.
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300"
service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: "ELBSecurityPolicy-TLS-1-2-2017-01"
#Network Load Balancer Annotations
service.beta.kubernetes.io/aws-load-balancer-type: external
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
spec:
selector:
run: my-app-backend-deployment
ports:
- name: https
protocol: TCP
port: 443
targetPort: 7000
- name: http
protocol: TCP
port: 80
targetPort: 7000
type: LoadBalancer现在,Ingress控制器所需的配置是什么,它将在内部工作,而不会引起任何间歇性连接问题?
当前配置(使用NodePort作为后端服务,Ingress使用Application Load Balancer面向互联网):
---
apiVersion: v1
kind: Service
metadata:
namespace: dev
name: my-backend-svc
spec:
ports:
- name: http
port: 80
targetPort: 80
type: NodePort
selector:
run: my-app-backend-deployment
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: dev
name: my-ingress
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/certificate-arn: <My Certificate IAM ARN>
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-2-Ext-2018-06
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/connection-idle-timeout: "300"
spec:
ingressClassName: alb
rules:
- host: my.web.host.fqdn
http:
paths:
- backend:
service:
name: ssl-redirect
port:
name: use-annotation
path: /*
pathType: ImplementationSpecific
- backend:
service:
name: my-backend-svc
port:
number: 80
path: /*
pathType: ImplementationSpecific
1条答案
按热度按时间umuewwlo1#
在我这边有一个关于应用程序负载平衡器的配置的错误,子网的标记有些错误,对于我的情况,我使用了下面的注解。
链接
另外,我还使用了“NodePort”作为服务。
入口.yaml
我请求所有人都能提出任何发现或意见