[英]aws adding the load balancer with same SSL certs
我有兩個服務組件(前端和后端)。 該服務有一些 SSL 證書,我正在嘗試使用相同的 SSL 證書並使用aws acm
將它們上傳到aws acm
。 當我執行aws acm list-certificates --region us-west-2
,我得到了兩個具有相同域名的CertificateArn
的列表。
預期:我想要兩個負載均衡器,一個用於后端,一個用於前端。 我怎樣才能做到這一點?
服務一:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: "haproxy-ingress"
namespace: kube-system
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/subnets: subnet-0b52a56cbb1dd0673, subnet-0f610a337c06e665d
alb.ingress.kubernetes.io/certificate-arn: arn-value-1
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/success-codes: 200-399
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '300'
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- path: /*
backend:
serviceName: service-1
servicePort: 80
apiVersion: v1
kind: Service
metadata:
name: service-1
namespace: kube-system
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn-value-1
spec:
ports:
- name: https
protocol: TCP
port: 443
targetPort: 8080
- name: http
protocol: TCP
port: 80
targetPort: 8080
type: ClusterIP
selector:
app: service-1
服務二:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: "haproxy-ingress"
namespace: kube-system
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/subnets: subnet-0b52a56cbb1dd0673, subnet-0f610a337c06e665d
alb.ingress.kubernetes.io/certificate-arn: arn-value-1
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/success-codes: 200-399
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '300'
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- path: /*
backend:
serviceName: service-2
servicePort: 80
apiVersion: v1
kind: Service
metadata:
name: service-2
namespace: kube-system
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn-value-1
spec:
ports:
- name: https
protocol: TCP
port: 443
targetPort: 8080
- name: http
protocol: TCP
port: 80
targetPort: 8080
type: ClusterIP
selector:
app: service-2
如果您嘗試使用相同的 SSL 證書,則只需將該證書上傳到 ACM 一次。 兩個證書都將具有相同的域名,因為這是證書中包含的主域名,如果您要驗證任何輔助名稱,可以通過運行describe-certificate函數並訪問SubjectAlternativeNames
屬性的內容來找到這些輔助名稱。
創建負載均衡器時,您只需為兩個負載均衡器中的偵聽器指定相同的 ACM Arn。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.