vpc

Kubernetes outbound calls to an external endpoint with IP whitelisting

我怕爱的太早我们不能终老 提交于 2020-01-24 19:34:45
问题 We are using Kubernetes on google cloud's Google Kubernetes Engine. Our system dynamically generates instances based on request and these instances call an external web service. The external service generates images and the bandwidth usage per instance is not small. This external web service has an IP whitelisting configured. Is there any way that I can funnel all the requests going from the selected pods (they are grouped within a node pool) to the external service with a single IP? 回答1: The

思科752数据中心组网架构,以及ASA防火墙的透明配置案例

Deadly 提交于 2020-01-21 08:51:47
1、案例拓扑图如下 2、n7k的主要配置 2.1、N7K1的vpc配置 vpc domain 100 peer-switch role priority 1 peer-keepalive destination 1.1.1.2 source 1.1.1.1 peer-gateway interface port-channel100 vpc peer-link interface Ethernet1/1 switchport mode trunk channel-group 100 mode active interface Ethernet1/2 switchport mode trunk channel-group 100 mode active N7K2的vpc配置 vpc domain 100 role priority 100 peer-keepalive destination 1.1.1.1 source 1.1.1.2 peer-gateway interface port-channel100 vpc peer-link interface Ethernet1/1 switchport mode trunk channel-group 100 mode active interface Ethernet1/2 switchport mode trunk

AWS VPC Restrict outbound access to certain URL

▼魔方 西西 提交于 2020-01-15 14:12:47
问题 I am trying to restrict my outbound access for my VPC. I would like to restrict the outbound access to certain URL but the security group only let you set IPs and no URL. Is there any way to restrict outbound access by URL instead of IPs? 回答1: The firewall does not resolve URLs. That would require a higher order firewall that is aware of the HTTP protocol contents. More Info on the OSI Model: http://en.wikipedia.org/wiki/OSI_model The closest you will get with the network ACL's in VPC, is to

AWS VPC Restrict outbound access to certain URL

走远了吗. 提交于 2020-01-15 14:12:46
问题 I am trying to restrict my outbound access for my VPC. I would like to restrict the outbound access to certain URL but the security group only let you set IPs and no URL. Is there any way to restrict outbound access by URL instead of IPs? 回答1: The firewall does not resolve URLs. That would require a higher order firewall that is aware of the HTTP protocol contents. More Info on the OSI Model: http://en.wikipedia.org/wiki/OSI_model The closest you will get with the network ACL's in VPC, is to

Access Internet from AWS VPC instance without public IP address

妖精的绣舞 提交于 2020-01-13 03:22:48
问题 We're setting up an Amazon VPC in which we will provision (for now) a single EC2 instance and one RDS instance. This is to 'extend our data center', and should only be using private subnet(s). So actually, we have this setup, and it is working well (insert smiley face icon). For all intents and purposes, we're mirroring the VPC scenario 4 outlined by Amazon here: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario4.html tl;dr: A single VCP, with a VPN connecting to our

我们为什么会删除不了集群的 Namespace?

偶尔善良 提交于 2020-01-11 00:37:27
作者 | 声东 阿里云售后技术专家 导读 :阿里云售后技术团队的同学,每天都在处理各式各样千奇百怪的线上问题。常见的有网络连接失败、服务器宕机、性能不达标及请求响应慢等。但如果要评选的话,什么问题看起来微不足道事实上却让人绞尽脑汁,我相信肯定是“删不掉”的问题,比如文件删不掉、进程结束不掉、驱动卸载不了等。这样的问题就像冰山,隐藏在它们背后的复杂逻辑,往往超过我们的预想。 背景 今天我们讨论的这个问题,跟 K8s 集群的 Namespace 有关。Namespace 是 K8s 集群资源的“收纳”机制。我们可以把相关的资源“收纳”到同一个 Namespace 里,以避免不相关资源之间不必要的影响。 Namespace 本身也是一种资源。通过集群 API Server 入口,我们可以新建 Namespace,而对于不再使用的 Namespace,我们需要清理掉。Namespace 的 Controller 会通过 API Server,监视集群中 Namespace 的变化,然后根据变化来执行预先定义的动作。 有时候,我们会遇到下图中的问题,即 Namespace 的状态被标记成了 "Terminating",但却没有办法被完全删除。 从集群入口开始 因为删除操作是通过集群 API Server 来执行的,所以我们要分析 API Server 的行为。跟大多数集群组件类似,API

Unable to bind to 0.0.0.0 inside AWS VPC

泪湿孤枕 提交于 2020-01-06 01:22:30
问题 I am trying to set up a vanilla Jboss (Wildfly-8.0.0.Final) in EC2, although I believe any application would have this problem. On a vanilla ubuntu trusty VM in the default space, I unpack, and configureit to run on addr-any: 0.0.0.0. At runtime, this is successfully resolved to the instance's local IP: 15:26:43,167 INFO [org.hornetq.jms.server] (ServerService Thread Pool -- 59) HQ121005: Invalid "host" value "0.0.0.0" detected for "http-connector" connector. Switching to "ip-123-45-67-8.us

I can't delete my VPC

浪子不回头ぞ 提交于 2020-01-02 00:54:36
问题 I want to delete one of my VPC but when i was trying to delete, this error appeared. We could not delete the following VPC (vpc-8737bde2 (10.100.0.0/16) | Khoi-VPC) The vpc 'vpc-8737bde2' has dependencies and cannot be deleted. (Service: AmazonEC2; Status Code: 400; Error Code: DependencyViolation; Request ID: e115d5ca-dd34-4cbb-a439-541b0dc225da) OK, i checked the Security group and found one group with the description that has the name of my VPC so i thought that was the problem. But this

Why can't an AWS lambda function inside a public subnet in a VPC connect to the internet?

风格不统一 提交于 2019-12-30 04:17:26
问题 I've followed the tutorial here to create a VPC with public and private subnets. Then I set up an AWS lambda function inside the public subnet to test if it could connect to the outside internet. Here's my lambda function written in python3 import requests def lambda_handler(event, context): r = requests.get('http://www.google.com') print(r) The function above failed to fetch the content of http://www.google.com when I set it inside the public subnet in a VPC. Here's the error message:

AWS EC2 如何启用 IPv6

旧时模样 提交于 2019-12-27 17:49:39
【推荐】2019 Java 开发者跳槽指南.pdf(吐血整理) >>> 需要协同修改有四个地方,分别是 VPC 、Subnet、Security groups 和实例的网络设置,理论上只有第一个实例需要如此折腾,之后相同 VPC、Subnet 和 Security groups 的实例应当可以直接获取 IPv6 的地址 VPC 找到当前实例所属的 VPC 然后选择 Edit CIDRs: 然后点 Add IPv6 CIDR 就完事了: 新建的 VPC 直接选择 Amazon provided IPv6 CIDR block 就可以了: Subnet 同样的,找到当前实例所属的 Subnet 然后选择 Edit IPv6 CIDRs: 新建的 Subnet 直接输入想要的 IPv6 block 就可以了(一般从 00 开始,多个 Subnet 后续可以指定 01、02,诸如此类): Security groups 如果用户想要通过 IPv6 访问实例,还需要设置防火墙的相应规则,一般来说允许所有地址就是在 Inbound 的 Source 里设置 ::/0: 实例网络设置 进入当前实例的 Networking - Manage IP Addresses,然后选择 Assign new IP 即可: 最后在子网关联的路由表添加一条IPV6 至IGW的路由 测试 1
订阅 vpc