I have two components of the service (frontend and backend). The service has some SSL certs and I am trying to use the same SSL certificates and uploading them to the aws using aws acm
. When I am doing aws acm list-certificates --region us-west-2
, I am getting the list of two CertificateArn
with the same Domain name.
Expected: I want two load balancer, one for backend and one for frontend. How can I achieve this?
Service 1:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: "haproxy-ingress"
namespace: kube-system
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/subnets: subnet-0b52a56cbb1dd0673, subnet-0f610a337c06e665d
alb.ingress.kubernetes.io/certificate-arn: arn-value-1
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/success-codes: 200-399
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '300'
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- path: /*
backend:
serviceName: service-1
servicePort: 80
apiVersion: v1
kind: Service
metadata:
name: service-1
namespace: kube-system
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn-value-1
spec:
ports:
- name: https
protocol: TCP
port: 443
targetPort: 8080
- name: http
protocol: TCP
port: 80
targetPort: 8080
type: ClusterIP
selector:
app: service-1
Service 2:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: "haproxy-ingress"
namespace: kube-system
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/subnets: subnet-0b52a56cbb1dd0673, subnet-0f610a337c06e665d
alb.ingress.kubernetes.io/certificate-arn: arn-value-1
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/success-codes: 200-399
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '300'
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- path: /*
backend:
serviceName: service-2
servicePort: 80
apiVersion: v1
kind: Service
metadata:
name: service-2
namespace: kube-system
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn-value-1
spec:
ports:
- name: https
protocol: TCP
port: 443
targetPort: 8080
- name: http
protocol: TCP
port: 80
targetPort: 8080
type: ClusterIP
selector:
app: service-2
If you're trying to use the same SSL certificate you will only need to upload the certificate to ACM once. Both certificates will have the same domain name as this is the primary domain name included in the certificate, if you're looking to validate any secondary names these can be found by running the describe-certificate function and accessing the contents of the SubjectAlternativeNames
attribute.
When you create the load balancers you would simply specify the same ACM Arn for the listeners in both load balancers.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.