我正在尝试创建 EKS Fargate 集群并使用 1 个端点部署示例 Spring Boot 应用程序,我使用以下 CloudFormation 脚本成功创建了堆栈:
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'AWS CloudFormation template for EKS Fargate managed Kubernetes cluster with exposed endpoints'
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
InternetGateway:
Type: AWS::EC2::InternetGateway
VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
PublicSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.2.0/24
MapPublicIpOnLaunch: true
AvailabilityZone: !Select [ 0, !GetAZs '' ]
PrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.0.0/24
AvailabilityZone: !Select [ 0, !GetAZs '' ]
PrivateSubnetB:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.1.0/24
AvailabilityZone: !Select [ 1, !GetAZs '' ]
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
PublicRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
SubnetRouteTableAssociationA:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet
RouteTableId: !Ref PublicRouteTable
EIP:
Type: AWS::EC2::EIP
NatGateway:
Type: AWS::EC2::NatGateway
Properties:
SubnetId: !Ref PublicSubnet
AllocationId: !GetAtt EIP.AllocationId
PrivateRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
PrivateRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NatGateway
PrivateSubnetRouteTableAssociationA:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnetA
RouteTableId: !Ref PrivateRouteTable
PrivateSubnetRouteTableAssociationB:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnetB
RouteTableId: !Ref PrivateRouteTable
EKSCluster:
Type: AWS::EKS::Cluster
Properties:
Name: EKSFargateCluster
Version: '1.26'
ResourcesVpcConfig:
SubnetIds:
- !Ref PrivateSubnetA
- !Ref PrivateSubnetB
RoleArn: !GetAtt EKSClusterRole.Arn
FargateProfile:
Type: AWS::EKS::FargateProfile
Properties:
ClusterName: !Ref EKSCluster
FargateProfileName: FargateProfile
PodExecutionRoleArn: !GetAtt FargatePodExecutionRole.Arn
Selectors:
- Namespace: default
Subnets:
- !Ref PrivateSubnetA
- !Ref PrivateSubnetB
FargateProfileCoredns:
Type: AWS::EKS::FargateProfile
Properties:
ClusterName: !Ref EKSCluster
FargateProfileName: CorednsProfile
PodExecutionRoleArn: !GetAtt FargatePodExecutionRole.Arn
Selectors:
- Namespace: kube-system
Labels:
- Key: k8s-app
Value: kube-dns
Subnets:
- !Ref PrivateSubnetA
- !Ref PrivateSubnetB
FargatePodExecutionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- eks-fargate-pods.amazonaws.com
Action:
- sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy
EKSClusterRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- eks.amazonaws.com
Action:
- sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
- arn:aws:iam::aws:policy/AmazonEKSVPCResourceController
我运行以下命令来为 Fargate 指定 CoreDNS 路径:
kubectl patch deployment coredns \
-n kube-system \
--type json \
-p='[{"op": "remove", "path": "/spec/template/metadata/annotations/eks.amazonaws.com~1compute-type"}]'
然后,我使用以下 kubernetes list 从公共(public) ECR 部署示例应用程序镜像:
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: example-app
spec:
replicas: 2
selector:
matchLabels:
app: example-app
template:
metadata:
labels:
app: example-app
spec:
containers:
- name: ventu
image: public.ecr.aws/not_real_url/public_ecr_name:latest
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: example-service
spec:
type: LoadBalancer
selector:
app: example-app
ports:
- protocol: TCP
port: 80
targetPort: 8080
然后当我运行时:
kubectl get svc
我看到结果:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
example-service LoadBalancer 172.20.228.77 aa0116829ac2647a7bf39a97bffb0183-1208408433.eu-central-1.elb.amazonaws.com 80:31915/TCP 16m
kubernetes ClusterIP 172.20.0.1 <none> 443/TCP 29m
但是,当我尝试访问 LoadBalancer 示例服务上的 EXTERNAL-IP 时,我得到空响应,我无法仅在 Spring Boot 应用程序中定义的路径上访问我的应用程序:/api/v1/info
server.port=8080
server.servlet.context-path=/api/v1
我错过了什么?
一些信息:
- 我的 pod 成功启动,当我运行 kubectl logs pod-name 时,我可以看到 Spring Boot 日志记录
- 我的 coredns pod 也能正常旋转
- 我使用 busybox 来测试集群的 dns,一切似乎都正常
最佳答案
我按照此 guide 解决了我的问题
然后,我将生成的堆栈导出到我的 CloudFormation 脚本中。
然后为了部署我的应用程序,我将我的 kubernetes list 更新为:
---
apiVersion: v1
kind: Namespace
metadata:
name: example
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: example
name: deployment-example-be-app
spec:
selector:
matchLabels:
app.kubernetes.io/name: example-be-app
replicas: 2
template:
metadata:
labels:
app.kubernetes.io/name: example-be-app
spec:
containers:
- name: example-be-app
image: public.ecr.aws/fake_url/example:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
namespace: example
name: service-example-be-app
annotations:
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
service.beta.kubernetes.io/aws-load-balancer-type: external
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 8080
protocol: TCP
selector:
app.kubernetes.io/name: example-be-app
现在我访问我的示例申请表浏览器。
关于amazon-web-services - 无法从互联网访问 EKS Fargate Pod,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/76188366/