负载均衡器的 AWS EKS 服务 EXTERNAL-IP 处于待处理状态
AWS EKS service EXTERNAL-IP of load balancer is Pending
我正在为我的应用程序开发一个暂存集群,它需要大约 12 个负载均衡器来定义我的服务。 12 个看起来都差不多:
apiVersion: v1
kind: Service
metadata:
labels:
app: my-app-api
name: my-app-api
namespace: default
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: <some aws cert name>
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
spec:
externalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: http
port: 80
protocol: TCP
targetPort: 5001
- name: https
port: 443
protocol: TCP
targetPort: 5001
selector:
app: my-app-api
sessionAffinity: None
type: LoadBalancer
之后,我继续使用相同的设置创建生产集群。创建它并部署 k8s 清单后:部署、服务,我无法使用 kubectl describe service 命令获取 LoadBalancer Ingress。我注意到下面的图片:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
<some-name> LoadBalancer <some_ip> ****.us-west-1.elb.amazonaws.com 80:30339/TCP,443:32754/TCP 1m
<some-name> LoadBalancer <some_ip> ****.us-west-1.elb.amazonaws.com 80:31538/TCP,443:32061/TCP 1m
<some-name> LoadBalancer <some_ip> ****.us-west-1.elb.amazonaws.com 80:30976/TCP,443:31323/TCP 1m
<some-name> LoadBalancer <some_ip> ****.us-west-1.elb.amazonaws.com 80:30288/TCP,443:32073/TCP 1m
<some-name> LoadBalancer <some_ip> ****.us-west-1.elb.amazonaws.com 80:32270/TCP,443:31159/TCP 1m
<some-name> LoadBalancer <some_ip> ****.us-west-1.elb.amazonaws.com 80:31966/TCP,443:30944/TCP 1m
kubernetes ClusterIP <some_ip> <none> 443/TCP 1m
<some-name> LoadBalancer <some_ip> PENDING 80:31901/TCP,443:30444/TCP 1m
<some-name> LoadBalancer <some_ip> PENDING 80:31510/TCP,443:30393/TCP 1m
<some-name> LoadBalancer <some_ip> PENDING 80:32613/TCP,443:32616/TCP 1m
<some-name> LoadBalancer <some_ip> PENDING 80:32069/TCP,443:30320/TCP 1m
<some-name> LoadBalancer <some_ip> PENDING 80:31667/TCP,443:32194/TCP 1m
<some-name> LoadBalancer <some_ip> PENDING 80:31943/TCP,443:32081/TCP 1m
在排除上述行为的原因后,我对 LoadBalancers(LB) 做出了以下结论:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert直接依赖AWS负载均衡器,如果证书没有在创建LB的region签名,LB不会加入k8s集群- 我的问题是因为 k8s 集群无法为新创建的服务自动配置 AWS LB,因为 AWS 账户中单个区域的默认 LB 限制 是 20
我向 AWS 请求增加配额 LB 限制,但由于花费了更多时间,我将我的生产集群移动到了不同的 AWS 区域。
之后 LB 按预期创建,我就可以进入了。
我正在为我的应用程序开发一个暂存集群,它需要大约 12 个负载均衡器来定义我的服务。 12 个看起来都差不多:
apiVersion: v1
kind: Service
metadata:
labels:
app: my-app-api
name: my-app-api
namespace: default
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: <some aws cert name>
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
spec:
externalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: http
port: 80
protocol: TCP
targetPort: 5001
- name: https
port: 443
protocol: TCP
targetPort: 5001
selector:
app: my-app-api
sessionAffinity: None
type: LoadBalancer
之后,我继续使用相同的设置创建生产集群。创建它并部署 k8s 清单后:部署、服务,我无法使用 kubectl describe service 命令获取 LoadBalancer Ingress。我注意到下面的图片:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
<some-name> LoadBalancer <some_ip> ****.us-west-1.elb.amazonaws.com 80:30339/TCP,443:32754/TCP 1m
<some-name> LoadBalancer <some_ip> ****.us-west-1.elb.amazonaws.com 80:31538/TCP,443:32061/TCP 1m
<some-name> LoadBalancer <some_ip> ****.us-west-1.elb.amazonaws.com 80:30976/TCP,443:31323/TCP 1m
<some-name> LoadBalancer <some_ip> ****.us-west-1.elb.amazonaws.com 80:30288/TCP,443:32073/TCP 1m
<some-name> LoadBalancer <some_ip> ****.us-west-1.elb.amazonaws.com 80:32270/TCP,443:31159/TCP 1m
<some-name> LoadBalancer <some_ip> ****.us-west-1.elb.amazonaws.com 80:31966/TCP,443:30944/TCP 1m
kubernetes ClusterIP <some_ip> <none> 443/TCP 1m
<some-name> LoadBalancer <some_ip> PENDING 80:31901/TCP,443:30444/TCP 1m
<some-name> LoadBalancer <some_ip> PENDING 80:31510/TCP,443:30393/TCP 1m
<some-name> LoadBalancer <some_ip> PENDING 80:32613/TCP,443:32616/TCP 1m
<some-name> LoadBalancer <some_ip> PENDING 80:32069/TCP,443:30320/TCP 1m
<some-name> LoadBalancer <some_ip> PENDING 80:31667/TCP,443:32194/TCP 1m
<some-name> LoadBalancer <some_ip> PENDING 80:31943/TCP,443:32081/TCP 1m
在排除上述行为的原因后,我对 LoadBalancers(LB) 做出了以下结论:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert直接依赖AWS负载均衡器,如果证书没有在创建LB的region签名,LB不会加入k8s集群- 我的问题是因为 k8s 集群无法为新创建的服务自动配置 AWS LB,因为 AWS 账户中单个区域的默认 LB 限制 是 20
我向 AWS 请求增加配额 LB 限制,但由于花费了更多时间,我将我的生产集群移动到了不同的 AWS 区域。 之后 LB 按预期创建,我就可以进入了。