【发布时间】:2021-07-21 21:21:21
【问题描述】:
我有一个带有 ALB 入口控制器 V2.0.0 和 Kubeflow 1.0 和 kfctl 1.0 的 EKS 集群 Kubernetes 1.17。 能够使该工作和 ALB 将被启动。
我使用 ALB 入口控制器 V2.1.3 和 Kubeflow 1.2 和 kfctl 1.2 升级到 EKS 集群 Kubernetes 1.18 ALB 入口适用于 hello world 应用程序或 2048 示例应用程序,我可以看到一个新的 ALB。 但是当我执行 kfctl apply -f kfctl-aws-cognito.yml 时,它会抛出一个错误,提示无法在用户池中找到用户池客户端。但应用客户端存在。
oupARN"},"targetType":"instance","serviceRef":{"name":"istio-ingressgateway","port":80},"networking":{"ingress":[{"from ":[{"securityGroup":{"groupID":{"$ref":"#/resources/AWS::EC2::SecurityGroup/ManagedLBSecurityGroup/status/groupID"}}}],"ports":[{"协议":"TCP"}]}]}}}}}}}}"} {"level":"info","ts":1619614892.9054444,"logger":"controllers.ingress","msg":"创建监听规则","stackID":"test-apps","resourceID":" 443:1"} {"level":"error","ts":1619614893.0066664,"logger":"controller","msg":"Reconciler error","controller":"ingress","name":"test-apps", "namespace":"","error":"未能创建侦听器规则: InvalidLoadBalancerAction: 提供的用户池中不存在用户池客户端 '35bad0v2ctvu9do5rktvfjud8g'\n\tstatus code: 400, request id: 3536aee0-27e4- 4262-8b1e-0fefe77c7db6"}
完整的 ALB 入口控制器日志
{"level":"info","ts":1619612888.4898257,"logger":"controllers.ingress","msg":"创建监听规则","stackID":"test-apps","resourceID ":"443:1"} {"level":"error","ts":1619612888.5878866,"logger":"controller","msg":"Reconciler error","controller":"ingress","name":"test-apps", "namespace":"","error":"未能创建侦听器规则:InvalidLoadBalancerAction: 提供的用户池中不存在用户池客户端 '35bad0v2ctvu9do5rktvfjud8g'\n\tstatus code: 400, request id: 29cbd1c1-a255- 4886-9904-bf5b9d5d1558"} {"level":"info","ts":1619613888.849858,"logger":"controllers.ingress","msg":"成功构建模型","model":"{"id":"test-apps" ,"resources":{"AWS::EC2::SecurityGroup":{"ManagedLBSecurityGroup":{"spec":{"groupName":"k8s-testapps-00e85f9aab","description":"[k8s] 托管安全组LoadBalancer","ingress":[{"ipProtocol":"tcp","fromPort":443,"toPort":443,"ipRanges":[{"cidrIP":"0.0.0.0/0"}]}] }}},"AWS::ElasticLoadBalancingV2::Listener":{"443":{"spec":{"loadBalancerARN":{"$ref":"#/resources/AWS::ElasticLoadBalancingV2::LoadBalancer/LoadBalancer/ status/loadBalancerARN"},"port":443,"protocol":"HTTPS","defaultActions":[{"type":"fixed-response","fixedResponseConfig":{"contentType":"text/plain" ,"statusCode":"404"}}],"certificates":[{"certificateARN":"arn:aws:acm:us-east-1:Accountnum:certificate/b3a7856e-fbc8-44a5-a01e-a7a25dd273fd"} ],"sslPolicy":"ELBSecurityPolicy-2016-08"}}},"AWS::ElasticLoadBalancingV2::ListenerRule":{"443:1":{"spec":{"listenerARN":{"$ref": "#/resources/AWS::ElasticLoadB alancingV2::Listener/443/status/listenerARN"},"priority":1,"actions":[{"type":"authenticate-cognito","authenticateCognitoConfig":{"onUnauthenticatedRequest":"authenticate","scope ":"openid","sessionCookieName":"AWSELBAuthSessionCookie","sessionTimeout":604800,"userPoolARN":"arn:aws:cognito-idp:us-east-1:Accountnum:userpool/us-east-1_UHDE4Hvi", "userPoolClientID":"35bad0v2ctvu9do5rktvfjud8g","userPoolDomain":"verisk-vdas-kf.auth.us-east-1.amazoncognito.com"}},{"type":"forward","forwardConfig":{"targetGroups ":[{"targetGroupARN":{"$ref":"#/resources/AWS::ElasticLoadBalancingV2::TargetGroup/istio-system/istio-ingress-istio-ingressgateway:80/status/targetGroupARN"}}]}} ],"conditions":[{"field":"path-pattern","pathPatternConfig":{"values":["/"]}}]}}},"AWS::ElasticLoadBalancingV2::LoadBalancer ":{"LoadBalancer":{"spec":{"name":"k8s-testapps-65ef24686e","type":"application","scheme":"internal","ipAddressType":"ipv4","子网映射":[{"subnetID":"subnet-088b51fcbedda663a"},{"subnetID":"subnet-0 bae2da7f02a573d2"}],"securityGroups":[{"$ref":"#/resources/AWS::EC2::SecurityGroup/ManagedLBSecurityGroup/status/groupID"}]}}},"AWS::ElasticLoadBalancingV2::TargetGroup" :{"istio-system/istio-ingress-istio-ingressgateway:80":{"spec":{"name":"k8s-istiosys-istioing-20863fac8a","targetType":"instance","port": 31380,"protocol":"HTTP","protocolVersion":"HTTP1","healthCheckConfig":{"port":"traffic-port","protocol":"HTTP","path":"/"," matcher":{"httpCode":"200"},"intervalSeconds":15,"timeoutSeconds":5,"healthyThresholdCount":2,"unhealthyThresholdCount":2}}}},"K8S::ElasticLoadBalancingV2::TargetGroupBinding" :{"istio-system/istio-ingress-istio-ingressgateway:80":{"spec":{"template":{"metadata":{"name":"k8s-istiosys-istioing-20863fac8a","命名空间":"istio-system","creationTimestamp":null},"spec":{"targetGroupARN":{"$ref":"#/resources/AWS::ElasticLoadBalancingV2::TargetGroup/istio-system/istio-ingress -istio-ingressgateway:80/status/targetGroupARN"},"targetType":"instance","serviceRef":{"name":"istio -ingressgateway","port":80},"networking":{"ingress":[{"from":[{"securityGroup":{"groupID":{"$ref":"#/resources/AWS: :EC2::SecurityGroup/ManagedLBSecurityGroup/status/groupID"}}}],"ports":[{"protocol":"TCP"}]}]}}}}}}}}"} {"level":"info","ts":1619613890.8417456,"logger":"controllers.ingress","msg":"创建监听规则","stackID":"test-apps","resourceID":" 443:1"} {"level":"error","ts":1619613890.934571,"logger":"controller","msg":"Reconciler error","controller":"ingress","name":"test-apps", "namespace":"","error":"创建监听规则失败: InvalidLoadBalancerAction: 提供的用户池中不存在用户池客户端'35bad0v2ctvu9do5rktvfjud8g'\n\tstatus code: 400, request id: 0f1286ac-90f3- 41fa-9099-244301eaa0d2"} {"level":"info","ts":1619614891.2960463,"logger":"controllers.ingress","msg":"成功构建模型","model":"{"id":"test-apps" ,"resources":{"AWS::EC2::SecurityGroup":{"ManagedLBSecurityGroup":{"spec":{"groupName":"k8s-testapps-00e85f9aab","description":"[k8s] 托管安全组LoadBalancer","ingress":[{"ipProtocol":"tcp","fromPort":443,"toPort":443,"ipRanges":[{"cidrIP":"0.0.0.0/0"}]}] }}},"AWS::ElasticLoadBalancingV2::Listener":{"443":{"spec":{"loadBalancerARN":{"$ref":"#/resources/AWS::ElasticLoadBalancingV2::LoadBalancer/LoadBalancer/ status/loadBalancerARN"},"port":443,"protocol":"HTTPS","defaultActions":[{"type":"fixed-response","fixedResponseConfig":{"contentType":"text/plain" ,"statusCode":"404"}}],"certificates":[{"certificateARN":"arn:aws:acm:us-east-1:AccountNum:certificate/b3a7856e-fbc8-44a5-a01e-a7a25dd273fd"} ],"sslPolicy":"ELBSecurityPolicy-2016-08"}}},"AWS::ElasticLoadBalancingV2::ListenerRule":{"443:1":{"spec":{"listenerARN":{"$ref": "#/resources/AWS::ElasticLoad BalancingV2::Listener/443/status/listenerARN"},"priority":1,"actions":[{"type":"authenticate-cognito","authenticateCognitoConfig":{"onUnauthenticatedRequest":"authenticate","scope ":"openid","sessionCookieName":"AWSELBAuthSessionCookie","sessionTimeout":604800,"userPoolARN":"arn:aws:cognito-idp:us-east-1:184842432656:userpool/us-east-1_UHDE4Hvi", "userPoolClientID":"35bad0v2ctvu9do5rktvfjud8g","userPoolDomain":"verisk-vdas-kf.auth.us-east-1.amazoncognito.com"}},{"type":"forward","forwardConfig":{"targetGroups ":[{"targetGroupARN":{"$ref":"#/resources/AWS::ElasticLoadBalancingV2::TargetGroup/istio-system/istio-ingress-istio-ingressgateway:80/status/targetGroupARN"}}]}} ],"conditions":[{"field":"path-pattern","pathPatternConfig":{"values":["/"]}}]}}},"AWS::ElasticLoadBalancingV2:: LoadBalancer":{"LoadBalancer":{"spec":{"name":"k8s-testapps-65ef24686e","type":"application","scheme":"internal","ipAddressType":"ipv4", "subnetMapping":[{"subnetID":"subnet-088b51fcbedda663a"},{"subnetID":"subn et-0bae2da7f02a573d2"}],"securityGroups":[{"$ref":"#/resources/AWS::EC2::SecurityGroup/ManagedLBSecurityGroup/status/groupID"}]}}},"AWS::ElasticLoadBalancingV2:: TargetGroup":{"istio-system/istio-ingress-istio-ingressgateway:80":{"spec":{"name":"k8s-istiosys-istioing-20863fac8a","targetType":"instance","port ":31380,"protocol":"HTTP","protocolVersion":"HTTP1","healthCheckConfig":{"port":"traffic-port","protocol":"HTTP","path":"/" ,"matcher":{"httpCode":"200"},"intervalSeconds":15,"timeoutSeconds":5,"healthyThresholdCount":2,"unhealthyThresholdCount":2}}}},"K8S::ElasticLoadBalancingV2:: TargetGroupBinding":{"istio-system/istio-ingress-istio-ingressgateway:80":{"spec":{"template":{"metadata":{"name":"k8s-istiosys-istioing-20863fac8a", "namespace":"istio-system","creationTimestamp":null},"spec":{"targetGroupARN":{"$ref":"#/resources/AWS::ElasticLoadBalancingV2::TargetGroup/istio-system/istio -ingress-istio-ingressgateway:80/status/targetGroupARN"},"targetType":"instance","serviceRef":{"name":"i stio-ingressgateway","port":80},"networking":{"ingress":[{"from":[{"securityGroup":{"groupID":{"$ref":"#/resources/AWS ::EC2::SecurityGroup/ManagedLBSecurityGroup/status/groupID"}}}],"ports":[{"protocol":"TCP"}]}]}}}}}}}}"} {"level":"info","ts":1619614892.9054444,"logger":"controllers.ingress","msg":"创建监听规则","stackID":"test-apps","resourceID":" 443:1"} {"level":"error","ts":1619614893.0066664,"logger":"controller","msg":"Reconciler error","controller":"ingress","name":"test-apps", "namespace":"","error":"未能创建侦听器规则: InvalidLoadBalancerAction: 提供的用户池中不存在用户池客户端 '35bad0v2ctvu9do5rktvfjud8g'\n\tstatus code: 400, request id: 3536aee0-27e4- 4262-8b1e-0fefe77c7db6"}
【问题讨论】:
标签: kubernetes amazon-cognito kubernetes-ingress kubeflow