我尝试通过类型为LoadBalancer的kubernetes服务创建AWS ELB,但我无法弄清楚实现我需要的结果所需的注释组合。
这是我能得到的最接近的: AWS ELB generated when deploying the yaml below
使用此服务定义:
kind: Service
apiVersion: v1
metadata:
name: my_app
namespace: my_namespace
labels:
dns: route53
annotations:
domainName: my_app.my.domain.com
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:iam::accountId:server-certificate/CertificateName"
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
spec:
type: LoadBalancer
selector:
app: my_app
version: my_version
ports:
- protocol: TCP
port: 80
targetPort: non_secure_port_name
name: http
- protocol: TCP
port: 443
targetPort: secure_port_name
name: https
问题是我需要https端口的实例协议也是https,like this
通过手动编辑ELB,一切都像魅力一样,但我希望能够通过我的Kubernetes服务的.yaml配置在第二张图片中实现配置,因此我的服务不需要手动调整在部署时按预期工作。
有可能吗?我缺少什么注释或特定配置?
答案 0 :(得分:0)
以下是使用AWS证书终止ELB的TLS的咒语
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:foo
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
labels:
k8s-addon: ingress-nginx.addons.k8s.io
name: ingress-nginx
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: https
port: 443
protocol: TCP
targetPort: http
selector:
app: ingress-nginx
type: LoadBalancer
如果要强制使用SSL,可以使用ingress.kubernetes.io/ssl-redirect注释在入口资源定义中执行此操作