[英]aws adding the load balancer with same SSL certs
我有两个服务组件(前端和后端)。 该服务有一些 SSL 证书,我正在尝试使用相同的 SSL 证书并使用aws acm
将它们上传到aws acm
。 当我执行aws acm list-certificates --region us-west-2
,我得到了两个具有相同域名的CertificateArn
的列表。
预期:我想要两个负载均衡器,一个用于后端,一个用于前端。 我怎样才能做到这一点?
服务一:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: "haproxy-ingress"
namespace: kube-system
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/subnets: subnet-0b52a56cbb1dd0673, subnet-0f610a337c06e665d
alb.ingress.kubernetes.io/certificate-arn: arn-value-1
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/success-codes: 200-399
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '300'
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- path: /*
backend:
serviceName: service-1
servicePort: 80
apiVersion: v1
kind: Service
metadata:
name: service-1
namespace: kube-system
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn-value-1
spec:
ports:
- name: https
protocol: TCP
port: 443
targetPort: 8080
- name: http
protocol: TCP
port: 80
targetPort: 8080
type: ClusterIP
selector:
app: service-1
服务二:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: "haproxy-ingress"
namespace: kube-system
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/subnets: subnet-0b52a56cbb1dd0673, subnet-0f610a337c06e665d
alb.ingress.kubernetes.io/certificate-arn: arn-value-1
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/success-codes: 200-399
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '300'
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- path: /*
backend:
serviceName: service-2
servicePort: 80
apiVersion: v1
kind: Service
metadata:
name: service-2
namespace: kube-system
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn-value-1
spec:
ports:
- name: https
protocol: TCP
port: 443
targetPort: 8080
- name: http
protocol: TCP
port: 80
targetPort: 8080
type: ClusterIP
selector:
app: service-2
如果您尝试使用相同的 SSL 证书,则只需将该证书上传到 ACM 一次。 两个证书都将具有相同的域名,因为这是证书中包含的主域名,如果您要验证任何辅助名称,可以通过运行describe-certificate函数并访问SubjectAlternativeNames
属性的内容来找到这些辅助名称。
创建负载均衡器时,您只需为两个负载均衡器中的侦听器指定相同的 ACM Arn。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.