如何解决将 AWS TLS 证书附加到 Kubernetes 负载均衡器
我已为我的域配置了 AWS ACM 证书。该应用程序在带有 Ingress Nginx 负载均衡器的 Kubernetes EKS 集群上运行
我做过的步骤
- 配置的证书
- 将其与域连接起来(路由 53)
- 使用证书 ARN 配置 ingress-nginx 文件
问题
- 该网站仍以无效证书 在http上运行
- AWS 负载均衡器上的监听器仍然显示证书N/A
Ingress nginx 配置
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-service
annotations:
nginx.ingress.kubernetes.io/default-backend: ingress-nginx-controller
## tells ingress to check for regex in the config file
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
add_header Access-Control-Allow-Methods "POST,GET,OPTIONS";
add_header Access-Control-Allow-Credentials true;
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-methods: "PUT,POST,OPTIONS"
nginx.ingress.kubernetes.io/from-to-www-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
# tls:
# - hosts:
# - example.com
# - www.example.com
## our custom routing rules
rules:
- host: www.example.com
http:
paths:
- path: /api/upload/?(.*)
backend:
serviceName: aws-srv
servicePort: 3000
Ingress nginx(服务)
---
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:******ARN
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: (https|http|ssl|tcp)
service.beta.kubernetes.io/do-loadbalancer-hostname: "workaround.example.com"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443,8443"
labels:
helm.sh/chart: ingress-nginx-2.11.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.34.1
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
我需要将此应用程序投入生产,因此非常感谢您的帮助。提前致谢!
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。