Amazon web services 使用AWS ELB为带有自定义ACM证书的HTTPS流量配置Istio入口
我已在EKS群集上部署了,但希望使用自定义ACM证书配置HTTPS侦听。Kubeflow利用Istio的入口网关来接收外部流量,默认情况下仅为HTTP流量配置 当我检查创建ingress对象的Amazon web services 使用AWS ELB为带有自定义ACM证书的HTTPS流量配置Istio入口,amazon-web-services,ssl,https,kubernetes,istio,Amazon Web Services,Ssl,Https,Kubernetes,Istio,我已在EKS群集上部署了,但希望使用自定义ACM证书配置HTTPS侦听。Kubeflow利用Istio的入口网关来接收外部流量,默认情况下仅为HTTP流量配置 当我检查创建ingress对象的ingress.yaml文件时,我看到它仅配置为HTTP: apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: kubernetes.io/ingress.class: alb alb.ingress.k
ingress.yaml
文件时,我看到它仅配置为HTTP:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]'
name: istio-ingress
spec:
rules:
- http:
paths:
- backend:
serviceName: istio-ingressgateway
servicePort: 80
path: /*
Istio网关也存在同样的问题:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: kubeflow-gateway
namespace: kubeflow
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- '*'
port:
name: http
number: 80
protocol: HTTP
我能找到的关于接受TLS通信的唯一一篇文章来自,但它的配置似乎是使用一个证书,该证书直接装入文件系统/etc/istio/ingresgateway bookinfo certs/TLS.crt
:
$ kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: bookinfo-gateway
spec:
selector:
istio: ingressgateway # use istio default ingress gateway
servers:
- port:
number: 443
name: https-bookinfo
protocol: HTTPS
tls:
mode: SIMPLE
serverCertificate: /etc/istio/ingressgateway-bookinfo-certs/tls.crt
privateKey: /etc/istio/ingressgateway-bookinfo-certs/tls.key
hosts:
- "bookinfo.com"
EOF
$kubectl apply-f-我认为您只需要添加注释。
您可以像这样指定负载平衡器使用哪个证书
alb.ingress.kubernetes.io/certificate-arn:arn:aws:acm:eu-central-1:1231234564:certificate/4564abc12-d3c2-4455-8c39-45354cddaf03
(替换为您从ACM获得的ARN)
我相信你可能需要收听端口443
关于可用注释的文档可在哦,哇,真的那么简单吗?你能给我指一下ALB注释的文档吗?文档->