问题描述
正如标题所述,我正在寻找一种方法来强制LoadBalancer服务在AWS中使用预定义的安全组.我不想手动编辑Kubernetes为ELB创建的安全组的入站/出站规则.我无法在文档中找到任何内容,也找不到在网上其他地方可以使用的任何内容.这是我当前的模板:
As the title says, I am looking for a way to force a LoadBalancer service to use a predefined security group in AWS. I do not want to have to manually edit the inbound/outbound rules of the security group that is created for the ELB by Kubernetes. I have not been able to find anything within the documentation, nor have I located anything that works elsewhere online. Here is my current template:
apiVersion: v1
kind: Service
metadata:
name: ds-proxy
spec:
type: LoadBalancer
ports:
- port: 8761 # the port that this service should serve on
targetPort: 8761
protocol: TCP
selector:
app: discovery-service
推荐答案
您不能阻止Kubernetes创建新的安全组.但是自从提交Andonaeus的答案以来,已添加了一项新功能,该功能允许您通过服务的配置文件显式定义入站权限.
You cannot prevent Kubernetes from creating a new security group. But since Andonaeus' answer was submitted a new feature has been added which allows for explicitly defining inbound permissions via your service's configuration file.
请参见具体的用户指南详细信息.此处提供的示例表明,使用spec.loadBalancerSourceRanges
可以提供允许入站IP:
See the user guide details for the specifics. The example provided there shows that by using spec.loadBalancerSourceRanges
you can provide allow inbound IPs:
apiVersion: v1
kind: Service
metadata:
name: myapp
spec:
ports:
- port: 8765
targetPort: 9376
selector:
app: example
type: LoadBalancer
loadBalancerSourceRanges:
- 130.211.204.1/32
- 130.211.204.2/32
这篇关于Kubernetes和AWS:将LoadBalancer设置为使用预定义的安全组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!