个人中心
gpt4 book ai didi

amazon-web-services - 如何添加规则以允许AWS EKS上的nodePort在某些端口范围上的流量?

转载 作者:行者123 更新时间:2023-12-02 11:55:33 24 4
gpt4 key购买 nike

我在nodePort上公开的服务似乎不允许流量通过它。

那么,如何添加规则以允许CLI上的该端口范围的流量不在控制台上?
enter image description here

最佳答案

EC2安全组

屏幕上有一个security group

查看有关安全组的更多信息:

  • EC2 Security Groups
  • Creating a Security Group
    • CLIAWS Security groups
    至于使用 CLIAWS Security groups,请参见此文章: Creating, Configuring, and Deleting Security Groups for Amazon EC2 - AWS Command Line Interface 
    $ aws ec2 create-security-group --group-name my-sg --description "My security group" --vpc-id vpc-1a2b3c4d
    {
        "GroupId": "sg-903004f8"
    }

    $ aws ec2 authorize-security-group-ingress --group-id sg-903004f8 --protocol tcp --port 3389 --cidr 203.0.113.0/24

    The following command adds another rule to enable SSH to instances in the same security group.


    $ aws ec2 authorize-security-group-ingress --group-id sg-903004f8 --protocol tcp --port 22 --cidr 203.0.113.0/24

    To view the changes to the security group, run the describe-security-groups command.


    $ aws ec2 describe-security-groups --group-ids `sg-903004f8`

    O / P为: 
    {
        "SecurityGroups": [
            {
                "IpPermissionsEgress": [
                    {
                        "IpProtocol": "-1",
                        "IpRanges": [
                            {
                                "CidrIp": "0.0.0.0/0"
                            }
                        ],
                        "UserIdGroupPairs": []
                    }
                ],
                "Description": "My security group"
                "IpPermissions": [
                    {
                        "ToPort": 22,
                        "IpProtocol": "tcp",
                        "IpRanges": [
                            {
                                "CidrIp": "203.0.113.0/24"
                            }
                        ]
                        "UserIdGroupPairs": [],
                        "FromPort": 22
                    }
                ],
                "GroupName": "my-sg",
                "OwnerId": "123456789012",
                "GroupId": "sg-903004f8"
            }
        ]
    }

    附言 awless.io-适用于AWS的强大CLI

    还有一些过时但仍很方便的 CLI工具:
    wallix/awless: A Mighty CLI for AWS

    A Mighty CLI for AWS http://awless.io/



    这是 Medium post about it

    关于amazon-web-services - 如何添加规则以允许AWS EKS上的nodePort在某些端口范围上的流量?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61383190/

    24 4 0
    文章推荐: kubernetes - 无法加入主节点 - 错误执行阶段预检 : couldn't validate the identity of the API Server
    文章推荐: arrays - 数据转换警告: A column-vector y was passed when a 1d array was expected
    文章推荐: sql-server - 创建 SQL Server View 时可以指定列类型吗?
    文章推荐: python - 如何使用 Kubernetes python 客户端库部署 Knative 服务
    行者123
    个人简介

    我是一名优秀的程序员,十分优秀!

    滴滴打车优惠券免费领取
    滴滴打车优惠券
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com