Amazon EKS绑定alb 使用aws-load-balancer-controller(Ingress Controller)对外提供服务

news2025/7/11 9:34:15

1、创建AWS Load Balancer Controller 的 IAM 策略
亚马逊相关文档

下载地址
打开 策略 点击 创建策略 打开 IAM_Policy.json 复制内容粘贴到 json
在这里插入图片描述
点击下一步:标签
然后一直下一步 在下图中名称填写 AWSLoadBalancerControllerIAMPolicy 你也可以自定义名称。然后创建策略。
在这里插入图片描述
至此,策略创建成功
在这里插入图片描述
json文本内容如下

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "iam:CreateServiceLinkedRole",
                "ec2:DescribeAccountAttributes",
                "ec2:DescribeAddresses",
                "ec2:DescribeAvailabilityZones",
                "ec2:DescribeInternetGateways",
                "ec2:DescribeVpcs",
                "ec2:DescribeSubnets",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeInstances",
                "ec2:DescribeNetworkInterfaces",
                "ec2:DescribeTags",
                "ec2:GetCoipPoolUsage",
                "ec2:DescribeCoipPools",
                "elasticloadbalancing:DescribeLoadBalancers",
                "elasticloadbalancing:DescribeLoadBalancerAttributes",
                "elasticloadbalancing:DescribeListeners",
                "elasticloadbalancing:DescribeListenerCertificates",
                "elasticloadbalancing:DescribeSSLPolicies",
                "elasticloadbalancing:DescribeRules",
                "elasticloadbalancing:DescribeTargetGroups",
                "elasticloadbalancing:DescribeTargetGroupAttributes",
                "elasticloadbalancing:DescribeTargetHealth",
                "elasticloadbalancing:DescribeTags"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "cognito-idp:DescribeUserPoolClient",
                "acm:ListCertificates",
                "acm:DescribeCertificate",
                "iam:ListServerCertificates",
                "iam:GetServerCertificate",
                "waf-regional:GetWebACL",
                "waf-regional:GetWebACLForResource",
                "waf-regional:AssociateWebACL",
                "waf-regional:DisassociateWebACL",
                "wafv2:GetWebACL",
                "wafv2:GetWebACLForResource",
                "wafv2:AssociateWebACL",
                "wafv2:DisassociateWebACL",
                "shield:GetSubscriptionState",
                "shield:DescribeProtection",
                "shield:CreateProtection",
                "shield:DeleteProtection"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:AuthorizeSecurityGroupIngress",
                "ec2:RevokeSecurityGroupIngress"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:CreateSecurityGroup"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:CreateTags"
            ],
            "Resource": "arn:aws-cn:ec2:*:*:security-group/*",
            "Condition": {
                "StringEquals": {
                    "ec2:CreateAction": "CreateSecurityGroup"
                },
                "Null": {
                    "aws:RequestTag/elbv2.k8s.aws/cluster": "false"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:CreateTags",
                "ec2:DeleteTags"
            ],
            "Resource": "arn:aws-cn:ec2:*:*:security-group/*",
            "Condition": {
                "Null": {
                    "aws:RequestTag/elbv2.k8s.aws/cluster": "true",
                    "aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:AuthorizeSecurityGroupIngress",
                "ec2:RevokeSecurityGroupIngress",
                "ec2:DeleteSecurityGroup"
            ],
            "Resource": "*",
            "Condition": {
                "Null": {
                    "aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "elasticloadbalancing:CreateLoadBalancer",
                "elasticloadbalancing:CreateTargetGroup"
            ],
            "Resource": "*",
            "Condition": {
                "Null": {
                    "aws:RequestTag/elbv2.k8s.aws/cluster": "false"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "elasticloadbalancing:CreateListener",
                "elasticloadbalancing:DeleteListener",
                "elasticloadbalancing:CreateRule",
                "elasticloadbalancing:DeleteRule"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "elasticloadbalancing:AddTags",
                "elasticloadbalancing:RemoveTags"
            ],
            "Resource": [
                "arn:aws-cn:elasticloadbalancing:*:*:targetgroup/*/*",
                "arn:aws-cn:elasticloadbalancing:*:*:loadbalancer/net/*/*",
                "arn:aws-cn:elasticloadbalancing:*:*:loadbalancer/app/*/*"
            ],
            "Condition": {
                "Null": {
                    "aws:RequestTag/elbv2.k8s.aws/cluster": "true",
                    "aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "elasticloadbalancing:AddTags",
                "elasticloadbalancing:RemoveTags"
            ],
            "Resource": [
                "arn:aws-cn:elasticloadbalancing:*:*:listener/net/*/*/*",
                "arn:aws-cn:elasticloadbalancing:*:*:listener/app/*/*/*",
                "arn:aws-cn:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
                "arn:aws-cn:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "elasticloadbalancing:ModifyLoadBalancerAttributes",
                "elasticloadbalancing:SetIpAddressType",
                "elasticloadbalancing:SetSecurityGroups",
                "elasticloadbalancing:SetSubnets",
                "elasticloadbalancing:DeleteLoadBalancer",
                "elasticloadbalancing:ModifyTargetGroup",
                "elasticloadbalancing:ModifyTargetGroupAttributes",
                "elasticloadbalancing:DeleteTargetGroup"
            ],
            "Resource": "*",
            "Condition": {
                "Null": {
                    "aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "elasticloadbalancing:RegisterTargets",
                "elasticloadbalancing:DeregisterTargets"
            ],
            "Resource": "arn:aws-cn:elasticloadbalancing:*:*:targetgroup/*/*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "elasticloadbalancing:SetWebAcl",
                "elasticloadbalancing:ModifyListener",
                "elasticloadbalancing:AddListenerCertificates",
                "elasticloadbalancing:RemoveListenerCertificates",
                "elasticloadbalancing:ModifyRule"
            ],
            "Resource": "*"
        }
    ]
}

2、赋予 EKS node 权限
在 角色 中搜索 AmazonEKSNodeRole 找到你对应的 EKS 集群 如下图
在这里插入图片描述
然后点击该角色-- 点击附加策略
在这里插入图片描述
在搜索框内 输入刚才创建的策略名称 然后选中,点击最下边的附加策略。

我的策略名称为:AWSLoadBalancerControllerIAMPolicy
在这里插入图片描述
3、在 EKS 中安装 AWS Load Balancer Controller
安装证书管理器

[root@ip-172-93-6-200 ~]# kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.yaml
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created
namespace/cert-manager created
serviceaccount/cert-manager-cainjector created
serviceaccount/cert-manager created
serviceaccount/cert-manager-webhook created
clusterrole.rbac.authorization.k8s.io/cert-manager-cainjector created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-issuers created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-certificates created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-orders created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-challenges created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim created
clusterrole.rbac.authorization.k8s.io/cert-manager-view created
clusterrole.rbac.authorization.k8s.io/cert-manager-edit created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-approve:cert-manager-io created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-certificatesigningrequests created
clusterrole.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-cainjector created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-issuers created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-certificates created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-orders created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-challenges created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-approve:cert-manager-io created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-certificatesigningrequests created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews created
role.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection created
role.rbac.authorization.k8s.io/cert-manager:leaderelection created
role.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving created
rolebinding.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection created
rolebinding.rbac.authorization.k8s.io/cert-manager:leaderelection created
rolebinding.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving created
service/cert-manager created
service/cert-manager-webhook created
deployment.apps/cert-manager-cainjector created
deployment.apps/cert-manager created
deployment.apps/cert-manager-webhook created
mutatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook created
validatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook created

4、部署 YAML
下载负载平衡器控制器的规范。

[root@ip-172-93-6-200 ~]# cd /etc/gamefi/
[root@ip-172-93-6-200 gamefi]# ls
business-client.yaml  system.yaml
[root@ip-172-93-6-200 gamefi]# wget https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases/download/v2.3.1/v2_3_1_full.yaml
--2022-11-14 10:24:00--  https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases/download/v2.3.1/v2_3_1_full.yaml
Resolving github.com (github.com)... 20.205.243.166
Connecting to github.com (github.com)|20.205.243.166|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/84610043/e1412997-05df-48e5-83e4-4a0e9edcc0c7?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20221114%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221114T022400Z&X-Amz-Expires=300&X-Amz-Signature=ba9ac04cf9cc0aba453ddf304598535308986187c8cf05b0a153462545efa857&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=84610043&response-content-disposition=attachment%3B%20filename%3Dv2_3_1_full.yaml&response-content-type=application%2Foctet-stream [following]
--2022-11-14 10:24:00--  https://objects.githubusercontent.com/github-production-release-asset-2e65be/84610043/e1412997-05df-48e5-83e4-4a0e9edcc0c7?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20221114%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221114T022400Z&X-Amz-Expires=300&X-Amz-Signature=ba9ac04cf9cc0aba453ddf304598535308986187c8cf05b0a153462545efa857&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=84610043&response-content-disposition=attachment%3B%20filename%3Dv2_3_1_full.yaml&response-content-type=application%2Foctet-stream
Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.109.133, 185.199.110.133, 185.199.111.133, ...
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.109.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 31767 (31K) [application/octet-stream]
Saving to: ‘v2_3_1_full.yaml’

100%[==============================================================================================================================================================================================================>] 31,767      --.-K/s   in 0s      

2022-11-14 10:24:01 (97.5 MB/s) - ‘v2_3_1_full.yaml’ saved [31767/31767]

5、编辑保存的 yaml 文件,转到部署规范,并将控制器 --cluster-name arg 值设置为您的 EKS 集群名称
在这里插入图片描述
如果您为服务账户使用 IAM 角色,我们建议您从 yaml 规范中删除 ServiceAccount。如果您从 yaml 规范中删除安装部分,这将保留 eksctl 创建的 iamserviceaccount。
在这里插入图片描述

[root@ip-172-93-6-200 gamefi]# vim v2_3_1_full.yaml 
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/name: aws-load-balancer-controller
  name: aws-load-balancer-controller
  namespace: kube-system

应用 yaml 文件

[root@ip-172-93-6-200 gamefi]# kubectl apply -f v2_3_1_full.yaml
customresourcedefinition.apiextensions.k8s.io/ingressclassparams.elbv2.k8s.aws created
customresourcedefinition.apiextensions.k8s.io/targetgroupbindings.elbv2.k8s.aws created
role.rbac.authorization.k8s.io/aws-load-balancer-controller-leader-election-role created
clusterrole.rbac.authorization.k8s.io/aws-load-balancer-controller-role created
rolebinding.rbac.authorization.k8s.io/aws-load-balancer-controller-leader-election-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/aws-load-balancer-controller-rolebinding created
service/aws-load-balancer-webhook-service created
deployment.apps/aws-load-balancer-controller created
certificate.cert-manager.io/aws-load-balancer-serving-cert created
issuer.cert-manager.io/aws-load-balancer-selfsigned-issuer created
mutatingwebhookconfiguration.admissionregistration.k8s.io/aws-load-balancer-webhook created
validatingwebhookconfiguration.admissionregistration.k8s.io/aws-load-balancer-webhook created

6、部署示例应用程序
将游戏 2048 部署为示例应用程序,以确认作为入口对象的结果,Amazon负载均衡器控制器是否会创建 Amazon ALB。
出现报错
错误一:

[root@ip-172-93-6-200 gamefi]# kubectl logs --tail 100 aws-load-balancer-controller-957d4466-kj26d -n kube-system 
{"level":"info","ts":1668394482.8632996,"msg":"version","GitVersion":"v2.3.1","GitCommit":"1d492cb8648b2053086761140d9db9236f867237","BuildDate":"2021-12-08T18:13:11+0000"}
{"level":"info","ts":1668394482.9612875,"logger":"controller-runtime.metrics","msg":"metrics server is starting to listen","addr":":8080"}
{"level":"error","ts":1668394482.964263,"logger":"setup","msg":"unable to create controller","controller":"Ingress","error":"the server could not find the requested resource"}

解决办法
换成更高的版本2.4.5

[root@ip-172-93-6-200 gamefi]# kubectl replace --force -f v2_4_5_full.yaml 
customresourcedefinition.apiextensions.k8s.io "ingressclassparams.elbv2.k8s.aws" deleted
customresourcedefinition.apiextensions.k8s.io "targetgroupbindings.elbv2.k8s.aws" deleted
serviceaccount "aws-load-balancer-controller" deleted
role.rbac.authorization.k8s.io "aws-load-balancer-controller-leader-election-role" deleted
clusterrole.rbac.authorization.k8s.io "aws-load-balancer-controller-role" deleted
rolebinding.rbac.authorization.k8s.io "aws-load-balancer-controller-leader-election-rolebinding" deleted
clusterrolebinding.rbac.authorization.k8s.io "aws-load-balancer-controller-rolebinding" deleted
service "aws-load-balancer-webhook-service" deleted
deployment.apps "aws-load-balancer-controller" deleted
certificate.cert-manager.io "aws-load-balancer-serving-cert" deleted
issuer.cert-manager.io "aws-load-balancer-selfsigned-issuer" deleted
mutatingwebhookconfiguration.admissionregistration.k8s.io "aws-load-balancer-webhook" deleted
validatingwebhookconfiguration.admissionregistration.k8s.io "aws-load-balancer-webhook" deleted
ingressclass.networking.k8s.io "alb" deleted
customresourcedefinition.apiextensions.k8s.io/ingressclassparams.elbv2.k8s.aws replaced
customresourcedefinition.apiextensions.k8s.io/targetgroupbindings.elbv2.k8s.aws replaced
serviceaccount/aws-load-balancer-controller replaced
role.rbac.authorization.k8s.io/aws-load-balancer-controller-leader-election-role replaced
clusterrole.rbac.authorization.k8s.io/aws-load-balancer-controller-role replaced
rolebinding.rbac.authorization.k8s.io/aws-load-balancer-controller-leader-election-rolebinding replaced
clusterrolebinding.rbac.authorization.k8s.io/aws-load-balancer-controller-rolebinding replaced
service/aws-load-balancer-webhook-service replaced
deployment.apps/aws-load-balancer-controller replaced
certificate.cert-manager.io/aws-load-balancer-serving-cert replaced
issuer.cert-manager.io/aws-load-balancer-selfsigned-issuer replaced
mutatingwebhookconfiguration.admissionregistration.k8s.io/aws-load-balancer-webhook replaced
validatingwebhookconfiguration.admissionregistration.k8s.io/aws-load-balancer-webhook replaced
ingressclass.networking.k8s.io/alb replaced

错误二:

{"level":"info","ts":1668397162.7676105,"logger":"controller.service","msg":"Starting workers","worker count":3}
{"level":"info","ts":1668397162.7676473,"logger":"controller.targetGroupBinding","msg":"Starting workers","reconciler group":"elbv2.k8s.aws","reconciler kind":"TargetGroupBinding","worker count":3}
{"level":"info","ts":1668397162.7689776,"logger":"controller.ingress","msg":"Starting workers","worker count":3}
{"level":"error","ts":1668397163.0093007,"logger":"controller.ingress","msg":"Reconciler error","name":"ingress-2048","namespace":"default","error":"couldn't auto-discover subnets: unable to discover at least one subnet"}
{"level":"error","ts":1668397163.0816932,"logger":"controller.ingress","msg":"Reconciler error","name":"ingress-2048","namespace":"default","error":"couldn't auto-discover subnets: unable to discover at least one subnet"}
{"level":"error","ts":1668397163.1536942,"logger":"controller.ingress","msg":"Reconciler error","name":"ingress-2048","namespace":"default","error":"couldn't auto-discover subnets: unable to discover at least one subnet"}
{"level":"error","ts":1668397163.239786,"logger":"controller.ingress","msg":"Reconciler error","name":"ingress-2048","namespace":"default","error":"couldn't auto-discover subnets: unable to discover at least one subnet"}
{"level":"error","ts":1668397163.3413012,"logger":"controller.ingress","msg":"Reconciler error","name":"ingress-2048","namespace":"default","error":"couldn't auto-discover subnets: unable to discover at least one subnet"}
{"level":"error","ts":1668397163.4856465,"logger":"controller.ingress","msg":"Reconciler error","name":"ingress-2048","namespace":"default","error":"couldn't auto-discover subnets: unable to discover at least one subnet"}
{"level":"error","ts":1668397163.7127712,"logger":"controller.ingress","msg":"Reconciler error","name":"ingress-2048","namespace":"default","error":"couldn't auto-discover subnets: unable to discover at least one subnet"}
{"level":"error","ts":1668397164.094966,"logger":"controller.ingress","msg":"Reconciler error","name":"ingress-2048","namespace":"default","error":"couldn't auto-discover subnets: unable to discover at least one subnet"}
{"level":"error","ts":1668397164.8004348,"logger":"controller.ingress","msg":"Reconciler error","name":"ingress-2048","namespace":"default","error":"couldn't auto-discover subnets: unable to discover at least one subnet"}

解决办法:
原因:
如果是通过eksctl创建的subnet,那么自动已经打好标签了,我是因为使用现有的subnet,所以这些标签没有加上,需要手动添加。打标签的时候,如果是直接从网页复制粘贴,可能无意会粘贴上换行符,导致失败
解决相关文档
官网文档有解析
在这里插入图片描述
添加标签,我这边有两个子网,都是这样添加
在这里插入图片描述
重启pod

[root@ip-172-93-6-200 gamefi]# kubectl replace --force -f v2_4_5_full.yaml 
customresourcedefinition.apiextensions.k8s.io "ingressclassparams.elbv2.k8s.aws" deleted
customresourcedefinition.apiextensions.k8s.io "targetgroupbindings.elbv2.k8s.aws" deleted
serviceaccount "aws-load-balancer-controller" deleted
role.rbac.authorization.k8s.io "aws-load-balancer-controller-leader-election-role" deleted
clusterrole.rbac.authorization.k8s.io "aws-load-balancer-controller-role" deleted
rolebinding.rbac.authorization.k8s.io "aws-load-balancer-controller-leader-election-rolebinding" deleted
clusterrolebinding.rbac.authorization.k8s.io "aws-load-balancer-controller-rolebinding" deleted
service "aws-load-balancer-webhook-service" deleted
deployment.apps "aws-load-balancer-controller" deleted
certificate.cert-manager.io "aws-load-balancer-serving-cert" deleted
issuer.cert-manager.io "aws-load-balancer-selfsigned-issuer" deleted
mutatingwebhookconfiguration.admissionregistration.k8s.io "aws-load-balancer-webhook" deleted
validatingwebhookconfiguration.admissionregistration.k8s.io "aws-load-balancer-webhook" deleted
ingressclass.networking.k8s.io "alb" deleted
customresourcedefinition.apiextensions.k8s.io/ingressclassparams.elbv2.k8s.aws replaced
customresourcedefinition.apiextensions.k8s.io/targetgroupbindings.elbv2.k8s.aws replaced
serviceaccount/aws-load-balancer-controller replaced
role.rbac.authorization.k8s.io/aws-load-balancer-controller-leader-election-role replaced
clusterrole.rbac.authorization.k8s.io/aws-load-balancer-controller-role replaced
rolebinding.rbac.authorization.k8s.io/aws-load-balancer-controller-leader-election-rolebinding replaced
clusterrolebinding.rbac.authorization.k8s.io/aws-load-balancer-controller-rolebinding replaced
service/aws-load-balancer-webhook-service replaced
deployment.apps/aws-load-balancer-controller replaced
certificate.cert-manager.io/aws-load-balancer-serving-cert replaced
issuer.cert-manager.io/aws-load-balancer-selfsigned-issuer replaced
mutatingwebhookconfiguration.admissionregistration.k8s.io/aws-load-balancer-webhook replaced
validatingwebhookconfiguration.admissionregistration.k8s.io/aws-load-balancer-webhook replaced
ingressclass.networking.k8s.io/alb replaced

查询日志如下
在这里插入图片描述

[root@ip-172-93-6-200 gamefi]# aws ec2 describe-subnets --subnet-ids subnet-0670a45dccf9fad59 --region ap-east-1
{
    "Subnets": [
        {
            "MapPublicIpOnLaunch": true, 
            "AvailabilityZoneId": "ape1-az2", 
            "Tags": [
                {
                    "Value": "1", 
                    "Key": "kubernetes.io/role/elb"
                }, 
                {
                    "Value": "pre-gamefi-public", 
                    "Key": "Name"
                }
            ], 
            "AvailableIpAddressCount": 231, 
            "DefaultForAz": false, 
            "SubnetArn": "arn:aws:ec2:ap-east-1:759261269341:subnet/subnet-0670a45dccf9fad59", 
            "Ipv6CidrBlockAssociationSet": [], 
            "VpcId": "vpc-09197fd1833f76a27", 
            "MapCustomerOwnedIpOnLaunch": false, 
            "AvailabilityZone": "ap-east-1b", 
            "SubnetId": "subnet-0670a45dccf9fad59", 
            "OwnerId": "759261269341", 
            "CidrBlock": "172.93.6.0/24", 
            "State": "available", 
            "AssignIpv6AddressOnCreation": false
        }
    ]
}

启动2048游戏时报错
错误三:

[root@ip-172-93-6-200 gamefi]# kubectl replace --force -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.2.0/docs/examples/2048/2048_full.yaml
unable to recognize "https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.2.0/docs/examples/2048/2048_full.yaml": no matches for kind "Ingress" in version "networking.k8s.io/v1beta1"

查询负载均衡对应的pod

[root@ip-172-93-6-200 gamefi]# kubectl get pods --all-namespaces -o wide |grep aws-load-balancer-controller-5d589484dc-442cc
kube-system    aws-load-balancer-controller-5d589484dc-442cc   1/1     Running            0                 3m35s   172.93.5.236   ip-172-93-5-25.ap-east-1.compute.internal    <none>           <none>

原因:
在部署Ingress-nginx过程中(我使用的是1.23版本的k8s),遇到问题 “no matches for kind “Ingress” in version “networking.k8s.io/v1beta1””,查阅资料确定是因为k8s版本过新且已不支持对应的api,所有需要对其进行更改。
资料1
资料2
解决办法:
将最后ingess部分如下

#---
#apiVersion: networking.k8s.io/v1beta1
#kind: Ingress
#metadata:
#  namespace: game-2048
#  name: ingress-2048
#  annotations:
#    kubernetes.io/ingress.class: alb
#    alb.ingress.kubernetes.io/scheme: internet-facing
#    alb.ingress.kubernetes.io/target-type: ip
#spec:
#  rules:
#    - http:
#        paths:
#          - path: /*
#            backend:
#              serviceName: service-2048
#              servicePort: 80

更改成下面的

[root@ip-172-93-6-200 gamefi]# https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.2.0/docs/examples/2048/2048_full.yaml
[root@ip-172-93-6-200 gamefi]# vim 2048_full.yaml
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: game-2048
  name: ingress-2048
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
spec:
  rules:
  - host: "foo.bar.com"
    http:
      paths:
      - pathType: Prefix
        path: "/*"
        backend:
          service:
            name: service-2048
            port:
              number: 80
#  - host: "*.foo.com"
#    http:
#      paths:
#      - pathType: Prefix
#        path: "/foo"
#        backend:
#          service:
#            name: service2
#            port:
#              number: 80

最后重新启动pod 2048

[root@ip-172-93-6-200 gamefi]# kubectl replace --force -f 2048_full.yaml 
namespace "game-2048" deleted
deployment.apps "deployment-2048" deleted
service "service-2048" deleted
ingress.networking.k8s.io "ingress-2048" deleted
namespace/game-2048 replaced
deployment.apps/deployment-2048 replaced
service/service-2048 replaced
ingress.networking.k8s.io/ingress-2048 replaced

还是没有解决问题,最后通过下载2.4.5版本的2048
2048-2.4.5版本
文本内容如下

---
apiVersion: v1
kind: Namespace
metadata:
  name: game-2048
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: game-2048
  name: deployment-2048
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: app-2048
  replicas: 5
  template:
    metadata:
      labels:
        app.kubernetes.io/name: app-2048
    spec:
      containers:
      - image: public.ecr.aws/l6m2t8p7/docker-2048:latest
        imagePullPolicy: Always
        name: app-2048
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  namespace: game-2048
  name: service-2048
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  type: NodePort
  selector:
    app.kubernetes.io/name: app-2048
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: game-2048
  name: ingress-2048
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
spec:
  ingressClassName: alb
  rules:
    - http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: service-2048
              port:
                number: 80
[root@ip-172-93-6-200 gamefi]# kubectl apply -f 2048_full.yaml
namespace/game-2048 created
deployment.apps/deployment-2048 created
service/service-2048 created
ingress.networking.k8s.io/ingress-2048 created

几分钟后,验证是否已使用以下命令创建入口资源。

[root@ip-172-93-6-200 gamefi]# kubectl get ingress/ingress-2048 -n game-2048
NAME           CLASS   HOSTS   ADDRESS                                                                  PORTS   AGE
ingress-2048   alb     *       k8s-game2048-ingress2-ASAAAAAAAAAAAAAAA.ap-east-1.elb.amazonaws.com   80      3m6s

查询现有的ALB
在这里插入图片描述
默认监听80端口
在这里插入图片描述
在这里插入图片描述
最后目标群组指向我们的5个pod
在这里插入图片描述
验证,输入上文中查询到的地址就可以访问了
在这里插入图片描述

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/5706.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

尚医通_第11章_医院排班管理和搭建用户系统环境

尚医通_第11章_医院排班管理和搭建用户系统环境 文章目录尚医通_第11章_医院排班管理和搭建用户系统环境第一节、-医院排班管理需求分析一、医院排班管理需求1、页面效果2、接口分析第二节、医院排班管理-科室列表一、科室列表&#xff08;接口&#xff09;1、添加service接口和…

李峋同款爱心代码

李峋爱心代码背景代码运行pycharm打包成exe程序背景 最近大火的电视剧《点燃我温暖你》出现&#xff0c;令我的家庭地位进一步下降&#xff0c;因为男主“李峋”已经变成了她的大老公&#xff0c;而我就被打入冷宫. 为了满足她的“攀比心”&#xff0c;我连夜给她实现了粉红色爱…

第十节:多态【java】

目录 &#x1f340;1.多态 &#x1f4d6;1.1 多态的概念 &#x1f4d2;1.2 多态实现条件 &#x1f446;1.2.1向上转型 &#x1f4af;1.2.2重写 &#x1f531;1.2.3动态绑定和静态绑定 &#x1f308;1.2.4多态的应用 &#x1f447;1.2.5向下转型 &#x1f4d5;1.3多态的…

Java岗面试核心NIO有关知识总结

这篇文章主要是阅读了一些关于NIO的文章&#xff0c;对一些重要的部分进行了摘取总结。BIO、NIO、AIO的不同 BIO&#xff1a;同步阻塞IO模式&#xff0c;线程发起IO请求后&#xff0c;一直阻塞IO&#xff0c;直到缓冲区数据就绪后&#xff0c;再进行下一步操作。NIO&#xff1a…

SpringCloud基础知识【Hystrix熔断器】

SpringCloud基础知识【Hystrix熔断器】1. Hystrix概述2. Hystix-隔离2.1 线程池隔离2.2 信号量隔离2.3 Hystix隔离小结3. Hystix-降级3.1 服务提供方降级3.2 消费方降级3.3 Hystix降级小结4. Hystix-熔断4.1 代码演示4.1 熔断监控5. Hystix-限流1. Hystrix概述 Hystix&#xf…

基于概率距离削减法、蒙特卡洛削减法的风光场景不确定性削减(Matlab代码实现)

&#x1f4a5;&#x1f4a5;&#x1f49e;&#x1f49e;欢迎来到本博客❤️❤️&#x1f4a5;&#x1f4a5; &#x1f3c6;博主优势&#xff1a;&#x1f31e;&#x1f31e;&#x1f31e;博客内容尽量做到思维缜密&#xff0c;逻辑清晰&#xff0c;为了方便读者。 ⛳️座右铭&a…

一文带你吃透数据库的约束,不做CRUD程序员

在SQL标准中&#xff0c;一共规定了6种不同的约束&#xff0c;包括非空约束&#xff0c;唯一约束和检查约束等&#xff0c;而在MySQL中是不支持检查约束的&#xff0c;所以这篇文章先对其余5种约束做一个详解和练习。 文章目录1. 约束的概念2. 约束的分类3. 非空约束4. 唯一约束…

.net 大型物流综合管理网络平台源码【免费分享】

淘源码&#xff1a;国内专业的免费源码下载平台 源码分享&#xff0c;需要源码学习可私信我&#xff01; 一、源码描述 这是一款大型的物流综合管理网络平台源码&#xff0c;十分完整实用&#xff0c;便于调试&#xff0c;涵盖了物流综合管理的全面内容&#xff0c;该源码运行比…

单商户商城系统功能拆解30—营销中心—积分签到

单商户商城系统&#xff0c;也称为B2C自营电商模式单店商城系统。可以快速帮助个人、机构和企业搭建自己的私域交易线上商城。 单商户商城系统完美契合私域流量变现闭环交易使用。通常拥有丰富的营销玩法&#xff0c;例如拼团&#xff0c;秒杀&#xff0c;砍价&#xff0c;包邮…

【负荷预测】基于改进灰狼算法(IGWO)优化的LSSVM进行负荷预测(Matlab代码实现)

&#x1f4dd;个人主页&#xff1a;研学社的博客 &#x1f4a5;&#x1f4a5;&#x1f49e;&#x1f49e;欢迎来到本博客❤️❤️&#x1f4a5;&#x1f4a5; &#x1f3c6;博主优势&#xff1a;&#x1f31e;&#x1f31e;&#x1f31e;博客内容尽量做到思维缜密&#xff0c;…

IDEA 中Git 多次 Commit 合并为一次提交

一、背景 由于个人习惯的原因&#xff0c;喜欢一个功能分多次提交&#xff0c;导致很多提交比较零碎。 有时候经常需要将零碎的提交合并成一次&#xff0c;该怎么办&#xff1f; 可以使用 IDEA 自带的 Git 插件 将多次 Commit 合并成一次。 二、问题描述 如希望将第二次到第…

新品上市 | “电子表格软件”轻装上阵,企业报表用户的新选择

2022年11月14日&#xff0c;恰逢思迈特软件11周年的生日&#xff0c;我们更新了电子表格软件&#xff08;Smartbi Spreadsheet&#xff09;&#xff0c;希望在一站式BI产品之外&#xff0c;更多的企业用户可以通过成熟、可控、小巧、灵活的报表工具&#xff0c;提升数据化管理的…

分击合进,锦江之星酒店与白玉兰酒店再领投资热潮

2022年11月11日&#xff0c;「山水画中游&#xff0c;暇享好时光」品牌品鉴会在广西桂林隆重召开。锦江酒店&#xff08;中国区&#xff09;旗下两大酒店品牌锦江之星酒店和白玉兰酒店携手亮相本次活动。 &#xff08;品牌矩阵品鉴会活动现场&#xff09; 后疫情时代&#xff…

JDBC编程的基本流程

文章目录1、创建数据源2、让代码和数据源建立连接3、操作数据库3.1 插入操作3.2 删除操作3.3 修改操作3.4 查找操作1、创建数据源 创建DataSource对象&#xff0c;这个对象描述了数据库服务器在哪&#xff0c;需要导入包javax.sql.DataSource DataSource databases new Mysq…

【第006篇】通过impdp命令导入dmp文件到Oracle11g数据库中

准备&#xff1a;按照dmp文件的账号密码&#xff0c;如 gwpc/gwpc 创建好表空间、用户等信息。 1、执行以下命令获取DATA_PUMP_DIR的值。 select * from dba_directories;2、将上图圈主的那个路径复制出来备用&#xff1a;/opt/oracle/app/admin/orcl/dpdump/ 3、将dmp文件放…

3.35 OrCAD中怎么产生Cadence Allegro的第一方网表?OrCAD软件输出Cadence Allegro第一方网表报错时应该怎么处理?

笔者电子信息专业硕士毕业&#xff0c;获得过多次电子设计大赛、大学生智能车、数学建模国奖&#xff0c;现就职于南京某半导体芯片公司&#xff0c;从事硬件研发&#xff0c;电路设计研究。对于学电子的小伙伴&#xff0c;深知入门的不易&#xff0c;特开次博客交流分享经验&a…

从0开始搭建ELK日志收集系统

Elasticsearch elasticsearch是一个高度可扩展全文搜索和分析引擎&#xff0c;基于Apache Lucene 构建&#xff0c;能对大容量的数据进行接近实时的存储、搜索和分析操作&#xff0c;可以处理大规模日志数据&#xff0c;比如Nginx、Tomcat、系统日志等功能。 Logstash 数据收…

一周侃 | 周末随笔

前言 明天又是周一了&#xff0c;感慨时间过得真快&#xff0c;2022年只差一个月就要过去了。大家年初定的目标实现了吗【狗头】 作为一个技术类博主&#xff0c;我平常除了看专业书籍和论文之外&#xff0c;很喜欢看一些闲书&#xff0c;比如时政类、经济类、历史人文类、科…

linux 进程通信 C程序案例

linux 进程通信 C程序案例 编写C程序完成&#xff1a;父进程创建两个子进程&#xff0c;每个进程都在屏幕上显示自己的进程ID号&#xff0c;并在第1个子进程中加载执行一条外部命令。 #include <stdio.h> #include <unistd.h> #include <sys/types.h> #inc…

看5G时代,“一键喊话”的大喇叭如何奏响基层治理最强音

“喂喂&#xff0c;各位居民朋友快下楼做核酸啦……” 通过广播传递最新政策、应急预警、疫情防控等信息&#xff0c;利用智能信息播报系统&#xff0c;打通基层宣讲“最后一公里”&#xff0c;已成为全国多地的常见景象。“多亏了它&#xff0c;需要紧急通知的时候&#xff0c…