如何添加规则以允许 aws EKS 上 nodePort 的某些端口范围内的流量?
How to add rules to allow traffic on some port range for nodePort on aws EKS?
我在 nodePort 上公开的服务似乎不允许流量通过。
那么如何添加规则以允许 CLI 而非控制台上该端口范围的流量?
EC2 安全组
你的屏幕上有一个security group。
查看有关安全组的更多信息:
CLI 对于 AWS Security groups
至于 CLI 与 AWS Security groups 一起工作,请参阅这篇文章:Creating, Configuring, and Deleting Security Groups for Amazon EC2 - AWS Command Line Interface
$ aws ec2 create-security-group --group-name my-sg --description "My security group" --vpc-id vpc-1a2b3c4d
{
"GroupId": "sg-903004f8"
}
$ aws ec2 authorize-security-group-ingress --group-id sg-903004f8 --protocol tcp --port 3389 --cidr 203.0.113.0/24
The following command adds another rule to enable SSH to instances in the same security group.
$ aws ec2 authorize-security-group-ingress --group-id sg-903004f8 --protocol tcp --port 22 --cidr 203.0.113.0/24
To view the changes to the security group, run the describe-security-groups command.
$ aws ec2 describe-security-groups --group-ids `sg-903004f8`
O/P 是:
{
"SecurityGroups": [
{
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"UserIdGroupPairs": []
}
],
"Description": "My security group"
"IpPermissions": [
{
"ToPort": 22,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "203.0.113.0/24"
}
]
"UserIdGroupPairs": [],
"FromPort": 22
}
],
"GroupName": "my-sg",
"OwnerId": "123456789012",
"GroupId": "sg-903004f8"
}
]
}
P.S。 awless.io - 适用于 AWS 的强大 CLI
还有一个有点过时但仍然方便的CLI工具:
wallix/awless: A Mighty CLI for AWS
A Mighty CLI for AWS http://awless.io/
我在 nodePort 上公开的服务似乎不允许流量通过。
那么如何添加规则以允许 CLI 而非控制台上该端口范围的流量?
EC2 安全组
你的屏幕上有一个security group。
查看有关安全组的更多信息:
CLI 对于 AWS Security groups
至于 CLI 与 AWS Security groups 一起工作,请参阅这篇文章:Creating, Configuring, and Deleting Security Groups for Amazon EC2 - AWS Command Line Interface
$ aws ec2 create-security-group --group-name my-sg --description "My security group" --vpc-id vpc-1a2b3c4d
{
"GroupId": "sg-903004f8"
}
$ aws ec2 authorize-security-group-ingress --group-id sg-903004f8 --protocol tcp --port 3389 --cidr 203.0.113.0/24
The following command adds another rule to enable SSH to instances in the same security group.
$ aws ec2 authorize-security-group-ingress --group-id sg-903004f8 --protocol tcp --port 22 --cidr 203.0.113.0/24
To view the changes to the security group, run the describe-security-groups command.
$ aws ec2 describe-security-groups --group-ids `sg-903004f8`
O/P 是:
{
"SecurityGroups": [
{
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"UserIdGroupPairs": []
}
],
"Description": "My security group"
"IpPermissions": [
{
"ToPort": 22,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "203.0.113.0/24"
}
]
"UserIdGroupPairs": [],
"FromPort": 22
}
],
"GroupName": "my-sg",
"OwnerId": "123456789012",
"GroupId": "sg-903004f8"
}
]
}
P.S。 awless.io - 适用于 AWS 的强大 CLI
还有一个有点过时但仍然方便的CLI工具:
wallix/awless: A Mighty CLI for AWS
A Mighty CLI for AWS http://awless.io/