堆栈内存溢出
  简体   繁体   English

aws private eks,如何向公众公开服务

[英]aws private eks, how to expose service to public

 原文  2021-12-30 03:37:12       amazon-web-services/ amazon-eks

问题描述

I created an private eks cluster by terraform, and I followed the guide at this page: https://tf-eks-workshop.workshop.aws/500_eks-terraform-workshop.html , and network architecture is below: I created an private eks cluster by terraform, and I followed the guide at this page: https://tf-eks-workshop.workshop.aws/500_eks-terraform-workshop.html , and network architecture is below:文本

then I deployed my web application in the eks cluster, and the application only access aws resource, so it works as expected, but the problem is the eks is in private vpc, and internet alb can't attached to it, so I'm not able to access my application from public web browser, is there any idea to impliment it?然后我在 eks 集群中部署了我的 web 应用程序,并且该应用程序只访问 aws 资源,所以它按预期工作,但问题是 eks 在私有 vpc 中,并且 Internet alb 无法附加到它,所以我无法从公共 web 浏览器访问我的应用程序,有什么想法可以暗示吗?

I've setup the vpc peerring between eks vpc and cicd vpc.我已经在 eks vpc 和 cicd vpc 之间设置了 vpc 对等互连。 For the application deploymetn part, I create a service, which type is NodePort对于应用程序 deploymetn 部分,我创建了一个服务,它的类型是 NodePort

1 个解决方案

解决方案1
 0  2021-12-30 08:47:37

Unfortunately the guide link here doesn't open for me, it seems from the VPC Diagram that you have a private subnet within your VPC for EKS, you can do the following -不幸的是,这里的指南链接没有为我打开,从 VPC 图表看来,您的 VPC 中有一个用于 EKS 的私有子网,您可以执行以下操作 -

  1. Create a Private Ingress resource Using ALB Ingress (For Routing traffic based on hostname within the services within the cluster) - https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html使用 ALB 入口创建私有入口资源(用于基于集群内服务内的主机名路由流量) - https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html

  2. And then route traffic from Route53 to Internal LB, if its not reachable still, attach a LB in the default VPC and pass it on to the Internal Ingress Controller.然后将流量从 Route53 路由到内部 LB,如果仍然无法访问,则在默认 VPC 中附加一个 LB,并将其传递给内部入口 Controller。 Logically that should work.从逻辑上讲,这应该有效。

  3. EC2s in the same VPC can talk to each other if SGs are open, so by that logic forwarding traffic from Public Subnet to Private shouldn't be an issue.如果 SG 处于打开状态,同一 VPC 中的 EC2 可以相互通信,因此按照这种逻辑,将流量从公共子网转发到私有应该不成问题。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 EKS中如何将nginx ingress暴露给公众url - How to expose nginx ingress to the public url in EKS AWS EKS 集群 - 需要使用私有子网和公有子网创建它 - AWS EKS cluster - need to create it with both private and public subnets 使用 KONG INGRESS 的具有 FARGATE 配置文件的 AWS EKS- 无法将端口 80 公开给公共 - AWS EKS WITH FARGATE PROFILE USING KONG INGRESS- Unable to expose port 80 to public 使用 Terraform 通过 aws_eks_cluster 创建 EKS 集群后如何公开 kubeconfig 文件? - How to expose kubeconfig file after create an EKS cluster by aws_eks_cluster with Terraform? 如何在 AWS 上使用 PCA 将 TLS 设置为 EKS 中的服务? - How to set TLS to a service in EKS with PCA on AWS? 如何使用 terraform 创建具有公共和私有 su.net 的 EKS 集群? - How to create an EKS cluster with public and private subnets using terraform? 使用负载均衡器在 AWS EKS 上公开 Hazelcast 集群 - Expose a Hazelcast cluster on AWS EKS with a load balancer 如何在私有 su.net 中为 AWS Eks 服务创建 API 网关? - How to create an API Gateway for AWS Eks services in private subnets? EKS群集-API端点访问-公共/私有 - EKS cluster - api endpoint access - public/private 如何使用 AWS EKS 中的 static DNS 向我的 vpc 中的所有用户公开 kubernetes 仪表板? - How to expose kubernetes dashboard to all users within my vpc using a static DNS in AWS EKS?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM