堆栈内存溢出
  简体   繁体   English

Gcloud LoadBalancer:无需停机即可更改 Google 托管证书

[英]Gcloud LoadBalancer: change Google Managed certificate without downtime

 原文  2022-09-07 19:47:01       google-cloud-platform/ ssl-certificate/ google-cloud-networking/ google-cloud-load-balancer/ gcp-load-balancer

问题描述

I intend to use Gcloud managed certificate.我打算使用 Gcloud 托管证书。 The way it works is that I already have a custom certificate managed by Let's Encrypt, which is assigned to my LoadBalancer.它的工作方式是我已经有一个由 Let's Encrypt 管理的自定义证书,该证书分配给我的 LoadBalancer。 Now I want to swich to the Google Managed certificate.现在我想切换到 Google Managed 证书。 In order to achieve this I have to point the domains to the LoadBalncer's IP, then go to Load balancing components page, then I have to create the Google Managed certificate at the CERTIFICATES tab and, finally, edit the LoadBalancer to change its Frontend Configuration of HTTPS protocol and select the newly created certificate.为了实现这一点,我必须将域指向 LoadBalancer 的 IP,然后将 go 指向负载平衡组件页面,然后我必须在CERTIFICATES选项卡上创建 Google 托管证书,最后,编辑 LoadBalancer 以更改其前端配置HTTPS 协议和 select 新创建的证书。 Then, and only then, GCP will be allowed to provision the certificate.然后,只有这样,GCP 才能提供证书。 The problem is that it may take a few minutes (like 10 minutes) to the certificate to be provisioned.问题是可能需要几分钟(如 10 分钟)来配置证书。 During this time my application will eventually lose the certificate and the browser will block it.在此期间,我的应用程序最终将丢失证书,浏览器将阻止它。 This is not an acceptable scenario for us.这对我们来说是不可接受的情况。

So, in short, I need to replace the certificate of the LoadBalancer to another one not yet verifyed which will cause my application to be out for the time it takes to provision it.因此,简而言之,我需要将 LoadBalancer 的证书替换为另一个尚未验证的证书,这将导致我的应用程序在配置它所需的时间内无法使用。 The ideal scenario would be to provision the certificate first, then edit the LoadBalancer to bind it with the new certificate.理想的情况是先提供证书,然后编辑 LoadBalancer 以将其与新证书绑定。

Is there any way to achieve this?有什么办法可以做到这一点? Otherwise I will have to still issue my certificates with Let's Encrypt and manually replace it every time it's about to expire.否则,我仍然必须使用 Let's Encrypt 颁发我的证书,并在每次即将到期时手动替换它。

1 个解决方案

解决方案1
 2 已采纳  2022-09-07 23:02:03

A load balancer front end can have more than one certificate attached.负载均衡器前端可以附加多个证书。

Create a new managed certificate and attach it to the front end.创建一个新的托管证书并将其附加到前端。

Once you have more than one certificate attached, you can then remove the one you no longer want to use without downtime.一旦您附加了多个证书,您就可以在不停机的情况下删除您不再想使用的证书。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Google 管理的 SSL 证书卡在 FAILED_NOT_VISIBLE - Google Managed SSL Certificate Stuck on FAILED_NOT_VISIBLE 如何获得 Google 管理的证书(入口)? 我没有收到“ManagedCertificate”的匹配项 - How to get a Google managed certificate (ingress)? I received no matches for "ManagedCertificate" 如何在没有 gcloud 的情况下用 Java 为 Google AutoML Vision API 生成访问令牌? - How to generate access token in Java for Google AutoML Vision API without gcloud? 在 Google 云存储桶中使用 PIL 更改图像大小(从 GCloud 中的虚拟机) - Change image size with PIL in a Google Cloud Storage Bucket (from a VM in GCloud) 如何使用 gcloud 创建新的 VertexAI Workbench Managed Notebook - How to create a new VertexAI Workbench Managed Notebook using gcloud 安装 gcloud 时如何解决“CERTIFICATE_VERIFY_FAILED”错误? - How to solve `CERTIFICATE_VERIFY_FAILED` error when install gcloud? 在 KOPS 管理的集群中为 kubernetes 轮换证书 - Rotate certificate for kubernetes in a KOPS managed cluster 如何禁用谷歌管理的舞会? - How to disable google managed prom? 谷歌云 SDK:gcloud auth login 给我一个错误 - Google Cloud SDK: gcloud auth login gives me an error 为什么 gcloud app deploy 将 0 个文件上传到谷歌云存储? - Why is gcloud app deploy uploading 0 files to google cloud storage?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM