时间戳

首页 > 解决方案 > 将 AWS TLS 证书附加到 Kubernetes 负载均衡器

amazon-web-services - 将 AWS TLS 证书附加到 Kubernetes 负载均衡器

问题描述

我为我的域配置了 AWS ACM 证书。该应用程序在具有 Ingress Nginx 负载均衡器的 Kubernetes EKS 集群上运行

我已经完成的步骤

  1. 配置的证书
  2. 将其与域挂钩(路线 53)
  3. 使用证书 ARN 配置的 ingress-nginx 文件

问题

  1. 该网站仍然在http上运行,证书无效
  2. AWS 负载均衡器上的侦听器仍显示证书的N/A

在此处输入图像描述

入口 nginx 配置

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: ingress-service
  annotations:
    nginx.ingress.kubernetes.io/default-backend: ingress-nginx-controller
    ## tells ingress to check for regex in the config file
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      add_header Access-Control-Allow-Methods "POST, GET, OPTIONS";
      add_header Access-Control-Allow-Credentials true;
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
    nginx.ingress.kubernetes.io/from-to-www-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"

spec:
  # tls:
  # - hosts:
  #      - example.com
  #      - www.example.com
  ## our custom routing rules
  rules:
    - host: www.example.com
      http:
        paths:
          - path: /api/upload/?(.*)
            backend:
              serviceName: aws-srv
              servicePort: 3000

入口 nginx(服务)

--- 
apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:******ARN
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: (https|http|ssl|tcp)
    service.beta.kubernetes.io/do-loadbalancer-hostname: "workaround.example.com"
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443,8443"
  labels:
    helm.sh/chart: ingress-nginx-2.11.1
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 0.34.1
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: controller
  name: ingress-nginx-controller
  namespace: ingress-nginx
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: http
    - name: https
      port: 443
      protocol: TCP
      targetPort: https
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx

我需要将此应用程序投入生产,因此非常感谢您的帮助。提前致谢!

标签: amazon-web-servicesdockersslkubernetesnginx-ingress

解决方案

推荐阅读