我尝试创建一个具有多个入站规则的AWS安全组,通常我们需要在sg中多个入口来实现多个入站规则。我没有单独创建多个入口规则,而是尝试创建一个入口列表,以便我可以轻松地为不同的应用程序重用该模块。
全氟FB,
模块/sg/sg.tf >>
resource "aws_security_group" "ec2_security_groups" {
name = var.name_security_groups
vpc_id = var.vpc_id
}
模块/sg/rules.tf >>
resource "aws_security_group_rule" "ingress_rules" {
count = lenght(var.ingress_rules)
type = "ingress"
from_port = var.ingress_rules[count.index][0]
to_port = var.ingress_rules[count.index][1]
protocol = var.ingress_rules[count.index][2]
cidr_blocks = var.ingress_rules[count.index][3]
description = var.ingress_rules[count.index][4]
security_group_id = aws_security_group.ec2_security_groups.id
}
模块/sg/variable.tf >>
variable "vpc_id" {
}
variable "name_security_groups" {
}
variable "ingress_rules" {
type = list(string)
}
在应用程序文件夹中,
应用程序/dev/sg.tf >>
module "sg_test" {
source = "../modules/sg"
vpc_id = "vpc-xxxxxxxxx"
name_security_groups = "sg_test"
ingress_rules = …我已按照以下 AWS 文档创建了 ALB 入口控制器;
https://aws.amazon.com/premiumsupport/knowledge-center/eks-alb-ingress-controller-setup/
EKS:版本:1.19
所有服务均已成功创建,没有错误。
但不幸的是,这些节点没有注册到 ALB 的目标组中。
我还尝试了不同版本的 alb 入口控制器,但发现了同样的问题。
使用示例应用程序;
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.1.3/docs/examples/2048/2048_full.yaml
输出如下;
入口 -->
[centos@ip-10-1-68-249 alb-controller]$ kubectl get ing -n game-2048 -o wide
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-2048 <none> * k8s-game2048-ingress2-253e697ad8-1355143956.us-east-1.elb.amazonaws.com 80 81s
目标组绑定 -->
[centos@ip-10-1-68-249 alb-controller]$ kubectl get TargetGroupBinding -n game-2048 -o wide
NAME SERVICE-NAME SERVICE-PORT TARGET-TYPE ARN AGE
k8s-game2048-service2-3c0ccb9f36 service-2048 80 ip arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxx:targetgroup/k8s-game2048-service2-3c0ccb9f36/faa10866343a792f 3m30s
但该实例未附加到目标组; …
amazon-web-services kubernetes-ingress amazon-eks aws-application-load-balancer