Question

我正在尝试为我的AWS EKS集群的AWS Load Balancer配置SSL。负载平衡器将代理到群集上运行的实例。通过HTTP可以正常工作。

然后我在证书管理器中创建了我的AWS证书，复制了ARN并遵循了文档的这一部分：Traefik

但是证书未链接到AWS Load Balancer中的侦听器。我在网上找不到更多文档或有效示例。有人可以指出我一个人吗？

LoadBalancer配置如下：

apiVersion: v1
kind: Service
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"traefik-ingress-service","namespace":"kube-system"},"spec":{"ports":[{"name":"web","port":80,"targetPort":80},{"name":"admin","port":8080,"targetPort":8080},{"name":"secure","port":443,"targetPort":443}],"selector":{"k8s-app":"traefik-ingress-lb"},"type":"LoadBalancer"}}
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:eu-north-1:000000000:certificate/e386a77d-26d9-4608-826b-b2b3a5d1ec47
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
  creationTimestamp: 2019-01-14T14:33:17Z
  name: traefik-ingress-service
  namespace: kube-system
  resourceVersion: "10172130"
  selfLink: /api/v1/namespaces/kube-system/services/traefik-ingress-service
  uid: e386a77d-26d9-4608-826b-b2b3a5d1ec47
spec:
  clusterIP: 10.100.115.166
  externalTrafficPolicy: Cluster
  ports:
  - name: web
    port: 80
    protocol: TCP
    targetPort: 80
  - name: admin
    port: 8080
    protocol: TCP
    targetPort: 8080
  - name: secure
    port: 443
    protocol: TCP
    targetPort: 80
  selector:
    k8s-app: traefik-ingress-lb
  sessionAffinity: None
  type: LoadBalancer
status:
  loadBalancer:
    ingress:
    - hostname: e386a77d-26d9-4608-826b-b2b3a5d1ec47.eu-north-1.elb.amazonaws.com

致谢，期待您的回答。

Answer 1

由于我使用的是EKS v1.14（和nginx-ingress-controller）和一个网络负载平衡器，因此我遇到了类似的问题。根据Kubernetes的说法，自Kubernetes v1.15-GitHub Issue起，这是可能的。从2020年3月10日开始-Amazon EKS now supports Kubernetes version 1.15

因此，如果仍然有用，请在这里详细了解-How do I terminate HTTPS traffic on Amazon EKS workloads with ACM?。

AWS Kubernetes：在AWS Load Balancer上选择SSL证书

1 个答案: