docker导出日志到本地的方法是什么
575
2022-10-08
AWS EKS ALB Ingress 配置使用
AWS EKS ALB Ingress 配置使用
豆子最近开始看EKS的使用。EKS是AWS托管的k8s服务,使用起来和baremetal的k8s还是有些区别的。下面是一个简单的学习测试,看看如何在AWS上面使用他自己的ALB Ingress Controller。
在裸机的k8s上面,我们一般是通过Nginx Ingress Controller来进行第7层的负载均衡。 AWS上面我们当然也可以这么做,然后再通过一个第四层的 NLB service来访问 Nginx Ingress Controller这个pod。但是,AWS本身的ALB就是一个七层代理,因此我们可以直接通过ALB controller来进行配置。
基本的配置顺序如下
1.搭建一个EKS 集群
这一步有很多方式可以实现,比如通过管理界面,通过eksctl或者terraform code
2. IAM 添加 OpenIP provider
这一步的作用是把eks 集群的open connetion id添加到IAM里面,这样后面创建role的时候才可以添加信任对象
3. 配置AWS load balancer controller
这一步是最关键的,我们需要创建IAM policy,IAM role,service account和 ALB controller 的 部署。如果这一步出现了问题,那么后面创建Ingress的时候他没法自动创建ALB
创建好的效果
yuan@yuan-VirtualBox:~$ kubectl describe pod aws-load-balancer-controller-c66bd8cc5-24hlw -n kube-system
Name: aws-load-balancer-controller-c66bd8cc5-24hlw
Namespace: kube-system
Priority: 2000000000
Priority Class Name: system-cluster-critical
Node: ip-10-18-68-54.ap-southeast-2.compute.internal/10.18.68.54
Start Time: Sun, 23 Jan 2022 23:13:53 +1100
Labels: app.kubernetes.io/component=controller
app.kubernetes.io/name=aws-load-balancer-controller
pod-template-hash=c66bd8cc5
Annotations: kubernetes.io/psp: eks.privileged
Status: Running
IP: 10.18.68.26
IPs:
IP: 10.18.68.26
Controlled By: ReplicaSet/aws-load-balancer-controller-c66bd8cc5
Containers:
controller:
Container ID: docker://36d12f699ca8d4821764c8e45d6d3c3dbf59db88547a40a809ccecb4d2d5abe5
Image: amazon/aws-alb-ingress-controller:v2.3.1
Image ID: docker-pullable://amazon/aws-alb-ingress-controller@sha256:e725a110e69af26881836a179250cd7bb418e40ecfce910ac309bfc69c80f7a4
Port: 9443/TCP
Host Port: 0/TCP
Args:
--cluster-name=eks-staging
--ingress-class=alb
--aws-vpc-id=vpc-3efe1e5a
--aws-region=ap-southeast-2
State: Running
Started: Sun, 23 Jan 2022 23:14:05 +1100
Ready: True
Restart Count: 0
Limits:
cpu: 200m
memory: 500Mi
Requests:
cpu: 100m
memory: 200Mi
Liveness: delay=30s timeout=10s period=10s #success=1 #failure=2
Environment:
AWS_DEFAULT_REGION: ap-southeast-2
AWS_REGION: ap-southeast-2
AWS_ROLE_ARN: arn:aws:iam::065816533466:role/eksctl-eks-staging-addon-iamserviceaccount-k-Role1-YZY1DPHHQH28
AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token
Mounts:
/tmp/k8s-webhook-server/serving-certs from cert (ro)
/var/run/secrets/eks.amazonaws.com/serviceaccount from aws-iam-token (ro)
/var/run/secrets/kubernetes.io/serviceaccount from aws-load-balancer-controller-token-wwjn6 (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
aws-iam-token:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 86400
cert:
Type: Secret (a volume populated by a Secret)
SecretName: aws-load-balancer-webhook-tls
Optional: false
aws-load-balancer-controller-token-wwjn6:
Type: Secret (a volume populated by a Secret)
SecretName: aws-load-balancer-controller-token-wwjn6
Optional: false
QoS Class: Burstable
Node-Selectors:
4. 配置一个测试的sample app
apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: namespace: game-2048 name: ingress-2048 annotations: kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internal alb.ingress.kubernetes.io/target-type: ip spec:
如果配置成功 我们可以获得address的url,如果是空的话,那就需要看看日志是哪里出错了
yuan@yuan-VirtualBox:~$ kubectl get ingress -A
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
game-2048 ingress-2048
效果如下
5.排错
豆子在配置过程中,出现了一个问题,当我配置了ingress之后,ALB无法自动检测到eks所在的subnet。如果查看ingress controller pod 的日志,会发现下面的报错
{"level":"error","ts":1642939080.3030522,"logger":"controller-runtime.manager.controller.ingress","msg":"Reconciler error","name":"ingress-2048","namespace":"game-2048","error":"couldn't auto-discover subnets: unable to discover at least one subnet"} {"level":"error","ts":1642939091.1972742,"logger":"controller-runtime.manager.controller.ingress","msg":"Reconciler error","name":"ingress-2048","namespace":"game-2048","error":"couldn't auto-discover subnets: unable to discover at least one subnet"} {"level":"error","ts":1642939112.3932755,"logger":"controller-runtime.manager.controller.ingress","msg":"Reconciler error","name":"ingress-2048","namespace":"game-2048","error":"couldn't auto-discover subnets: unable to discover at least one subnet"}
解决方法是给subnet添加对应的标签ec2 describe-subnets --subnet-ids subnet-d711c48e --region ap-southeast-2 { "Subnets": [ { "AvailabilityZone": "ap-southeast-2c", "AvailabilityZoneId": "apse2-az2", "AvailableIpAddressCount": 228, "CidrBlock": "10.18.132.0/24", "DefaultForAz": false, "MapPublicIpOnLaunch": false, "MapCustomerOwnedIpOnLaunch": false, "State": "available", "SubnetId": "subnet-d711c48e", "VpcId": "vpc-3efe1e5a", "OwnerId": "065816533466", "AssignIpv6AddressOnCreation": false, "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "subnet-cidr-assoc-01c61166d19311fe1", "Ipv6CidrBlock": "2406:da1c:a6b:8a84::/64", "Ipv6CidrBlockState": { "State": "associated" } } ], "Tags": [ { "Key": "Tf", "Value": "1" }, { "Key": "Subnet_Class", "Value": "snet" }, { "Key": "Environment", "Value": "staging" }, { "Key": "Name", "Value": "staging-snet-ap-southeast-2c" }, { "Key": "kubernetes.io/cluster/eks-staging", "Value": "shared" }, { "Key": "kubernetes.io/role/internal-elb\t", "Value": "1" } ], "SubnetArn": "arn:aws:ec2:ap-southeast-2:065816533466:subnet/subnet-d711c48e" } ] }
版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。
相关文章
发表评论
暂时没有评论,来抢沙发吧~