amazon-web-services - 在 terraform 中配置内部网络负载均衡器
问题描述
我有一个外部网络负载均衡器(监听端口 80),它将流量转发到 ServiceA 实例(端口 9000)。我想配置一个内部网络负载均衡器,它将从 ServiceA 实例获取请求并将它们转发到 ServiceB 实例。但是,我在 terrafrom 中配置内部 NLB 时遇到问题。这是我目前所拥有的:
resource "aws_security_group" "allow-all-traffic-for-internal-nlb" {
name = "int-nlb"
description = "Allow inbound and outbound traffic for internal NLB"
vpc_id = "${aws_vpc.default.id}"
ingress {
from_port = 81
protocol = "tcp"
to_port = 81
cidr_blocks = ["10.61.110.0/24"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_lb" "serviceB_lb" {
name = "serviceB-internal-lb"
internal = true
load_balancer_type = "network"
subnets = ["${aws_subnet.sub.id}"]
}
resource "aws_lb_listener" "serviceB-internal-lb-listener" {
load_balancer_arn = "${aws_lb.serviceB_lb.arn}"
port = 81
protocol = "TCP"
default_action {
target_group_arn = "${aws_lb_target_group.serviceB-internal-lb-tg.arn}"
type = "forward"
}
}
#create a target group for the load balancer and set up a health check
resource "aws_lb_target_group" "serviceB-internal-lb-tg" {
name = "serviceB-int-lb-tg"
port = 81
protocol = "TCP"
vpc_id = "${aws_vpc.default.id}"
target_type = "instance"
health_check {
protocol = "HTTP"
port = "8181"
path = "/"
}
}
#attach a load balancer to the target group
resource "aws_lb_target_group_attachment" "attach-serviceB-tg-to-internal-nlb" {
target_group_arn = "${aws_lb_target_group.serviceB-internal-lb-tg.arn}"
port = 8181
target_id = "${aws_instance.serviceB-1a.id}"
}
# Create Security Groups
resource "aws_security_group_rule" "serviceB_from_serviceB-lb" {
type = "ingress"
from_port = 81
to_port = 81
protocol = "tcp"
source_security_group_id = "${aws_security_group.allow-all-traffic-for-internal-nlb.id}"
security_group_id = "${aws_security_group.serviceB-sg.id}"
}
resource "aws_security_group_rule" "serviceB_nlb_to_serviceB" {
type = "egress"
from_port = 81
to_port = 81
protocol = "tcp"
source_security_group_id = "${aws_security_group.serviceB-sg.id}"
security_group_id = "${aws_security_group.allow-all-traffic-for-internal-nlb.id}"
}
####
resource "aws_security_group" "serviceB-sg" {
name = "${var.environment}-serviceB-sg"
description = "${var.environment} serviceB security group"
vpc_id = "${aws_vpc.default.id}"
ingress {
from_port = 8181
to_port = 8181
protocol = "tcp"
cidr_blocks = ["10.61.110.0/24"]
}
}
内部负载均衡器在端口 81 上侦听,ServiceB 实例在端口 8181 上运行。外部和内部 NLB 以及两个服务位于一个子网中。当我检查内部负载均衡器目标组的健康状态时,我得到一个健康检查失败。什么会导致这种情况发生?
解决方案
推荐阅读
- python - 尝试对.append 使用多个参数,无论如何如何?
- python-3.x - Python-pydub:导出从 numpy 数组创建的 AudioSegment 时出现错误的样本宽度错误
- gitlab - 如何锁定回购协议,以便我成为下一个合并的对象?
- ios - 我是否坚持解决许多 ThreadSafeReferences 以将 Realm 与网络请求等异步任务一起使用?
- javascript - 如何隐藏 html 输入列表中的某些字符?
- sql - 如何获取子记录或父记录 SQL
- java - 当服务器发送 FIN 数据包时,Socket.getInputStream.read(...) 在 Android 上抛出 SocketException
- reactjs - 为什么 createRef() 返回 current: null?
- javascript - 尝试使用高阶函数和回调访问 HTML 计算器
- python-3.x - 使用 selenium 抓取博彩网站的网页。不完整的事件列表