[英]aws adding the load balancer with same SSL certs
I have two components of the service (frontend and backend).我有两个服务组件(前端和后端)。 The service has some SSL certs and I am trying to use the same SSL certificates and uploading them to the aws using aws acm
.该服务有一些 SSL 证书,我正在尝试使用相同的 SSL 证书并使用aws acm
将它们上传到aws acm
。 When I am doing aws acm list-certificates --region us-west-2
, I am getting the list of two CertificateArn
with the same Domain name.当我执行aws acm list-certificates --region us-west-2
,我得到了两个具有相同域名的CertificateArn
的列表。
Expected: I want two load balancer, one for backend and one for frontend.预期:我想要两个负载均衡器,一个用于后端,一个用于前端。 How can I achieve this?我怎样才能做到这一点?
Service 1:服务一:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: "haproxy-ingress"
namespace: kube-system
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/subnets: subnet-0b52a56cbb1dd0673, subnet-0f610a337c06e665d
alb.ingress.kubernetes.io/certificate-arn: arn-value-1
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/success-codes: 200-399
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '300'
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- path: /*
backend:
serviceName: service-1
servicePort: 80
apiVersion: v1
kind: Service
metadata:
name: service-1
namespace: kube-system
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn-value-1
spec:
ports:
- name: https
protocol: TCP
port: 443
targetPort: 8080
- name: http
protocol: TCP
port: 80
targetPort: 8080
type: ClusterIP
selector:
app: service-1
Service 2:服务二:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: "haproxy-ingress"
namespace: kube-system
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/subnets: subnet-0b52a56cbb1dd0673, subnet-0f610a337c06e665d
alb.ingress.kubernetes.io/certificate-arn: arn-value-1
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/success-codes: 200-399
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '300'
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- path: /*
backend:
serviceName: service-2
servicePort: 80
apiVersion: v1
kind: Service
metadata:
name: service-2
namespace: kube-system
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn-value-1
spec:
ports:
- name: https
protocol: TCP
port: 443
targetPort: 8080
- name: http
protocol: TCP
port: 80
targetPort: 8080
type: ClusterIP
selector:
app: service-2
If you're trying to use the same SSL certificate you will only need to upload the certificate to ACM once.如果您尝试使用相同的 SSL 证书,则只需将该证书上传到 ACM 一次。 Both certificates will have the same domain name as this is the primary domain name included in the certificate, if you're looking to validate any secondary names these can be found by running the describe-certificate function and accessing the contents of the SubjectAlternativeNames
attribute.两个证书都将具有相同的域名,因为这是证书中包含的主域名,如果您要验证任何辅助名称,可以通过运行describe-certificate函数并访问SubjectAlternativeNames
属性的内容来找到这些辅助名称。
When you create the load balancers you would simply specify the same ACM Arn for the listeners in both load balancers.创建负载均衡器时,您只需为两个负载均衡器中的侦听器指定相同的 ACM Arn。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.