amazon-web-services - AWS EKS Fargate Ingress 没有地址

Question

已更新

所以，我按照AWS docs关于如何使用 Fargate 设置 EKS 集群 eksctl工具。一切都很顺利，但是当我到达部署实际应用程序的部分时，我没有得到任何端点，并且入口 Controller 没有与之关联的地址。正如这里所见:

NAME                     HOSTS   ADDRESS   PORTS   AGE
testapp-ingress           *                 80      129m

所以，我无法从外部击中它。但测试应用程序(2048 游戏)有一个来自与入口关联的 elb 的地址。我认为这可能是建议的子网标签 here而且我的子网没有以正确的方式标记，因此我按照该文章中建议的方式标记它们。还是没有运气。

这是我进行设置时遵循的第一篇文章。我已经执行了所有步骤，但只用白度碰壁:https://docs.aws.amazon.com/eks/latest/userguide/fargate-getting-started.html#fargate-gs-next-steps

这是我关注的alb文章:https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html

我按照步骤部署了示例应用程序 2048，效果很好。我的配置非常相似并且应该可以工作。我已遵循所有步骤。这是我的旧配置，下面是新配置:

deployment yaml>>>
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: "testapp-deployment"
  namespace: "testapp-qa"
spec:
  selector:
    matchLabels:
      app: "testapp"
  replicas: 5
  template:
    metadata:
      labels:
        app: "testapp"
    spec:
      containers:
      - image: xxxxxxxxxxxxxxxxxxxxxxxxtestapp:latest
        imagePullPolicy: Always
        name: "testapp"
        ports:
        - containerPort: 80
---
service yaml>>>
apiVersion: v1
kind: Service
metadata:
  name: "testapp-service"
  namespace: "testapp-qa"
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
      name: http
  type: NodePort
  selector:
    app: "testapp"
---
ingress yaml >>>
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: "testapp-ingress"
  namespace: "testapp-qa"
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
  labels:
    app: testapp-ingress
spec:
  rules:
    - http:
        paths:
          - path: /*
            backend:
              serviceName: "testapp-service"
              servicePort: 80
---
namespace yaml>>>
apiVersion: v1
kind: Namespace
metadata:
  name: "testapp-qa"

以下是来自入口 Controller 的一些日志>>

E0316 22:32:39.776535       1 controller.go:217] kubebuilder/controller "msg"="Reconciler error" "error"="failed to reconcile targetGroups due to failed to reconcile targetGroup targets due to Unable to DescribeInstanceStatus on fargate-ip-xxxxxxxxxxxx.ec2.internal: InvalidInstanceID.Malformed: Invalid id: \"fargate-ip-xxxxxxxxxxxx.ec2.internal\"\n\tstatus code: 400, request id: xxxxxxxxxxxx"  "controller"="alb-ingress-controller" "request"={"Namespace":"testapp-qa","Name":"testapp-ingress"}
E0316 22:36:28.222391       1 controller.go:217] kubebuilder/controller "msg"="Reconciler error" "error"="failed to reconcile targetGroups due to failed to reconcile targetGroup targets due to Unable to DescribeInstanceStatus on fargate-ip-xxxxxxxxxxxx.ec2.internal: InvalidInstanceID.Malformed: Invalid id: \"fargate-ip-xxxxxxxxxxxx.ec2.internal\"\n\tstatus code: 400, request id: xxxxxxxxxxxx"  "controller"="alb-ingress-controller" "request"={"Namespace":"testapp-qa","Name":"testapp-ingress"}

---

根据 @Michael Hausenblas 评论中的建议，我已为 alb 入口的服务添加了注释。

现在我的入口 Controller 正在使用正确的 ELB，我检查了日志，因为我仍然无法访问应用程序的 /healthcheck。日志:

E0317 16:00:45.643937       1 controller.go:217] kubebuilder/controller "msg"="Reconciler error" "error"="failed to reconcile targetGroups due to failed to reconcile targetGroup targets due to Unable to DescribeInstanceStatus on fargate-ip-xxxxxxxxxxx.ec2.internal: InvalidInstanceID.Malformed: Invalid id: \"fargate-ip-xxxxxxxxxxx.ec2.internal\"\n\tstatus code: 400, request id: xxxxxxxxxxx-3a7d-4794-95fb-a18835abe0d3"  "controller"="alb-ingress-controller" "request"={"Namespace":"testapp-qa","Name":"testapp"}
I0317 16:00:47.868939       1 rules.go:82] testapp-qa/testapp-ingress: modifying rule 1 on arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxx:listener/app/xxxxxxxxxxx-testappqa-testappin-b879/xxxxxxxxxxx/6b41c0d3ce97ae6b
I0317 16:00:47.890674       1 rules.go:98] testapp-qa/testapp-ingress: rule 1 modified with conditions [{    Field: "path-pattern",    Values: ["/*"]  }]

---

更新

我已经更新了我的配置。我没有更多错误，但仍然无法访问我的端点来测试我的应用程序是否正在接受流量。它可能与 Fargate 或我没有看到的 AWS 方面有关。这是我更新的配置:

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: "testapp"
  namespace: "testapp-qa"
spec:
  selector:
    matchLabels:
      app: "testapp"
  replicas: 5
  template:
    metadata:
      labels:
        app: "testapp"
    spec:
      containers:
      - image: 673312057223.dkr.ecr.us-east-1.amazonaws.com/wood-testapp:latest
        imagePullPolicy: Always
        name: "testapp"
        ports:
        - containerPort: 9898
---
apiVersion: v1
kind: Service
metadata:
  name: "testapp"
  namespace: "testapp-qa"
  annotations: 
    alb.ingress.kubernetes.io/target-type: ip
spec:
  ports:
    - port: 80
      targetPort: 9898
      protocol: TCP
      name: http
  type: NodePort
  selector:
    app: "testapp"
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: "testapp-ingress"
  namespace: "testapp-qa"
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/healthcheck-path: /healthcheck
  labels:
    app: testapp
spec:
  rules:
    - http:
        paths:
          - path: /*
            backend:
              serviceName: "testapp"
              servicePort: 80
---
apiVersion: v1
kind: Namespace
metadata:
  name: "testapp-qa"

Answer 1

在您的服务中，尝试添加以下注释:

  annotations:
    alb.ingress.kubernetes.io/target-type: ip

此外，您还需要通过 alb.ingress.kubernetes.io/healthcheck-path 注释明确告知 Ingress 资源在何处/如何对目标组执行运行状况检查。请参阅 ALB 入口 Controller docs用于注释语义。