AWS Ingress-nginx 负载均衡器:目标不在启用的可用区域内

tag-icon tag-icon amazon-web-services nginx-ingress eks
AWS Ingress-nginx 负载均衡器:目标不在启用的可用区域内

我有一个 EKS 集群,其设置如下

2 VPCS 1 产品,1 阶段

每个 vpc 有 3 个子网,1 个公共子网和 2 个私有子网

每个 vpc 有 1 个 internet 网关和 1 个 nat 网关

私有子网通过路由表关联连接到natgateway。

我有一个 eks 集群和一个 aws 托管节点组

节点组映射到私有子网。

我安装了一个创建网络负载均衡器的 ingress-nginx 控制器。

该网络负载均衡器在阶段运行完美,但在生产中却无法运行。

两个 vpc 的网络负载均衡器均在 eu-north-1a 区域中创建

暂存负载均衡器的目标实例在 eu-north-1a 区域创建,而生产负载均衡器的目标实例在 eu-north-1b 区域创建,并返回以下错误:

Targets are not within enabled Availability Zones

Some targets are not receiving traffic because they are in Zones that are not enabled for your load balancer.

Unused target zones

eu-north-1b

To resolve

There are two options:

Enable these Zones on the load balancer by visiting the load balancer detail page and adding subnets in these Zones. View load balancer 

Or, deregister targets that are in these Zones. View targets in unused Zones
``` 

So the staging and prod clusters are identical. The subnets and ingress-nginx configs are identical, everything is identical. But I can't seem to figure out why prod is failing, and staging is not. What could I be missing?

The values file for the ingress:



ingress-nginx:
  controller:
    replicaCount: 2
    resources:
      limits:
        memory: 300Mi
      requests:
        memory: 256Mi
    service:
      annotations:
        service.beta.kubernetes.io/aws-load-balancer-type: nlb
      externalTrafficPolicy: Local
      healthCheckNodePort: 30254
    stats:
      enabled: true
    config:
      client-max-body-size: "25m"
      http-redirect-code: "301"
      proxy-buffer-size: 128k
      proxy-buffers: 4 256k
      proxy-connect-timeout: "600"
      proxy-read-timeout: "600"
      ssl-ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
      ssl-protocols: "TLSv1.2 TLSv1.3"
      # use-forwarded-headers: "true"
      # use-proxy-protocol: "true"
      # compute-full-forwarded-for: "true"
      # enable-real-ip: "true"
      # forwarded-for-header: X-Forwarded-For
      log-format-upstream: '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for" $upstream_http_resonseHeaderName $ssl_protocol $ssl_cipher'

  rbac:
    create: true

  serviceAccount:
    create: true

相关内容