我在nodePort上公开的服务似乎不允许流量通过它。
那么,如何添加规则以允许CLI上的该端口范围的流量不在控制台上?
最佳答案
EC2安全组
屏幕上有一个security group。
查看有关安全组的更多信息:
CLI的AWS Security groups至于使用
CLI的AWS Security groups,请参见此文章:Creating, Configuring, and Deleting Security Groups for Amazon EC2 - AWS Command Line Interface$ aws ec2 create-security-group --group-name my-sg --description "My security group" --vpc-id vpc-1a2b3c4d
{
"GroupId": "sg-903004f8"
}
$ aws ec2 authorize-security-group-ingress --group-id sg-903004f8 --protocol tcp --port 3389 --cidr 203.0.113.0/24
The following command adds another rule to enable SSH to instances in the same security group.
$ aws ec2 authorize-security-group-ingress --group-id sg-903004f8 --protocol tcp --port 22 --cidr 203.0.113.0/24
To view the changes to the security group, run the describe-security-groups command.
$ aws ec2 describe-security-groups --group-ids `sg-903004f8`
O / P为:
{
"SecurityGroups": [
{
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"UserIdGroupPairs": []
}
],
"Description": "My security group"
"IpPermissions": [
{
"ToPort": 22,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "203.0.113.0/24"
}
]
"UserIdGroupPairs": [],
"FromPort": 22
}
],
"GroupName": "my-sg",
"OwnerId": "123456789012",
"GroupId": "sg-903004f8"
}
]
}
附言
awless.io-适用于AWS的强大CLI还有一些过时但仍很方便的
CLI工具:wallix/awless: A Mighty CLI for AWS
A Mighty CLI for AWS http://awless.io/
这是Medium post about it
关于amazon-web-services - 如何添加规则以允许AWS EKS上的nodePort在某些端口范围上的流量?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61383190/