我正在尝试在AWS EKS中部署应用程序。我已经按照the official Calico documentation创建了一个带有Calico CNI的EKS集群。我还按照here文档安装了AWS负载平衡器控制器。
下面是我的集群、部署和入口配置文件。cluster.yaml
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: clustername
region: us-east-2
nodeGroups:
- name: ng1
instanceType: t3.medium
desiredCapacity: 1
volumeSize: 30
maxPodsPerNode: 250
ami: auto
ssh:
publicKeyName: keynamedeployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: my_namspace
name: deployment-2048
spec:
selector:
matchLabels:
app.kubernetes.io/name: app-2048
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: app-2048
spec:
containers:
- image: alexwhen/docker-2048
imagePullPolicy: Always
name: app-2048
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
namespace: my_namspace
name: service-2048
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
type: NodePort
selector:
app.kubernetes.io/name: app-2048ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my_namspace-ingress
namespace: my_namspace
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
spec:
rules:
- host: domain.io
http:
paths:
- path: /*
pathType: ImplementationSpecific
backend:
service:
name: service-2048
port:
number: 80kubectl get pods --namespace kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
aws-load-balancer-controller-568d85bd58-6jpk5 1/1 Running 0 74m 172.16.22.4 ip-192-168-32-46.us-east-2.compute.internal <none> <none>
aws-load-balancer-controller-568d85bd58-ph44m 1/1 Running 0 74m 172.16.22.5 ip-192-168-32-46.us-east-2.compute.internal <none> <none>
calico-kube-controllers-6fd7b9848d-8lw4t 1/1 Running 0 91m 172.16.22.3 ip-192-168-32-46.us-east-2.compute.internal <none> <none>
calico-node-xdw2h 1/1 Running 0 87m 192.168.32.46 ip-192-168-32-46.us-east-2.compute.internal <none> <none>
coredns-f47955f89-5qwh4 1/1 Running 0 110m 172.16.22.2 ip-192-168-32-46.us-east-2.compute.internal <none> <none>
coredns-f47955f89-qfpbl 1/1 Running 0 111m 172.16.22.1 ip-192-168-32-46.us-east-2.compute.internal <none> <none>
kube-proxy-bnw6v 1/1 Running 0 87m 192.168.32.46 ip-192-168-32-46.us-east-2.compute.internal <none> <none>正如您所看到的,一切都运行得很顺利。问题是,当我尝试使用kubectl apply -f ingress.yaml应用我的入口时Error from server (InternalError): error when creating "ingress-alb.yaml": Internal error occurred: failed calling webhook "vingress.elbv2.k8s.aws": Post "https://aws-load-balancer-webhook-service.kube-system.svc:443/validate-networking-v1-ingress?timeout=10s": Address is not allowed
我了解到from here是EKS上Calico的一个常见问题,并尝试按照提供的解决方案在部署文件和负载平衡器控制器中使用hostNetwork: true。
helm upgrade aws-load-balancer-controller eks/aws-load-balancer-controller \
-n kube-system \
--set clusterName=clustername \
--set serviceAccount.create=false \
--set serviceAccount.name=aws-load-balancer-controller \
--set hostNetwork=true但回应是一样的。不知何故,对别人有效的解决方案对我不起作用。也许我错过了什么,我真的很想找出答案。
1条答案
按热度按时间carvr3hs1#
我建议您不要将Calico CNI方法与Amazon EKS服务沿着使用。
去年,我花了时间寻找这个解决方案,并联系了AWSMaven团队,用这个方法解决了一个用例。过了一段时间,Calico官方网站上有一个很大的注意如下。我相信EKS控制平面(以及GKE控制平面),都不能验证你的pod的NAT IP地址。两个云供应商管理的控制平面的IP范围都在VPC内。
参考:https://projectcalico.docs.tigera.io/getting-started/kubernetes/managed-public-cloud/eks