AWS Ingress-nginx 負載平衡器:目標不在啟用的可用區內

tag-icon tag-icon amazon-web-services nginx-ingress eks
AWS Ingress-nginx 負載平衡器:目標不在啟用的可用區內

我有一個 EKS 集群,設定如下

2 個 VPCS 1 個產品,1 個階段

每個 vpc 有 3 個子網,1 個公用子網和 2 個私有子網

每個vpc有1個internet網關和1個nat網關

私有子網路透過路由表關聯連接到 natgateway。

我有一個 eks 叢集和一個 aws 託管節點群組

節點群組映射到私有子網路。

我安裝了一個 ingress-nginx 控制器來建立網路負載平衡器。

此網路負載平衡器在階段中運作良好,但在生產中運作不佳。

兩個 vpc 的網路負載平衡器均在 eu-north-1a 區域中創建

staging 負載平衡器的目標執行個體是在 eu-north-1a 區域中建立的,而 prod 負載平衡器的目標執行個體是在 eu-north-1b 區域中建立的,並傳回下列錯誤:

Targets are not within enabled Availability Zones

Some targets are not receiving traffic because they are in Zones that are not enabled for your load balancer.

Unused target zones

eu-north-1b

To resolve

There are two options:

Enable these Zones on the load balancer by visiting the load balancer detail page and adding subnets in these Zones. View load balancer 

Or, deregister targets that are in these Zones. View targets in unused Zones
``` 

So the staging and prod clusters are identical. The subnets and ingress-nginx configs are identical, everything is identical. But I can't seem to figure out why prod is failing, and staging is not. What could I be missing?

The values file for the ingress:



ingress-nginx:
  controller:
    replicaCount: 2
    resources:
      limits:
        memory: 300Mi
      requests:
        memory: 256Mi
    service:
      annotations:
        service.beta.kubernetes.io/aws-load-balancer-type: nlb
      externalTrafficPolicy: Local
      healthCheckNodePort: 30254
    stats:
      enabled: true
    config:
      client-max-body-size: "25m"
      http-redirect-code: "301"
      proxy-buffer-size: 128k
      proxy-buffers: 4 256k
      proxy-connect-timeout: "600"
      proxy-read-timeout: "600"
      ssl-ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
      ssl-protocols: "TLSv1.2 TLSv1.3"
      # use-forwarded-headers: "true"
      # use-proxy-protocol: "true"
      # compute-full-forwarded-for: "true"
      # enable-real-ip: "true"
      # forwarded-for-header: X-Forwarded-For
      log-format-upstream: '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for" $upstream_http_resonseHeaderName $ssl_protocol $ssl_cipher'

  rbac:
    create: true

  serviceAccount:
    create: true

相關內容