You can enable private network access in the TKE console. If resources still cannot be accessed, check the following based on your cluster type:
Check whether the security group of the node in the cluster correctly opens the port range of 30000–32768 as instructed in "Viewing node security group configurations".
You can enable public network access in the TKE console. If resources still cannot be accessed, check the following based on your cluster type:
Check whether the source CIDR block of the security group is configured correctly. You can also set the source 0.0.0.0/0
to be fully open to the public network, and test the Internet access again.
When public network access is enabled for the self-deployed cluster, the default/kubelb-internet
Service object will be automatically created in the cluster. This Service will be automatically bound to a public network CLB instance. By default, this CLB instance will not be bound to a security group (that is, fully open to the internet), and the EXTERNAL-IP
field shows the VIP of the CLB instance.
$ kubectl get service kubelb-internet
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubelb-internet LoadBalancer 172.16.252.94 152.136.8.98 443:32750/TCP 3m4s
default/kubelb-internet
Service object has a security group configured correctly.
Was this page helpful?