You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/08/18 13:30:37 UTC
[GitHub] [apisix-ingress-controller] ochuko3d opened a new issue, #1252: request help: Configure AWS Certifcate on APISIX Ingress
ochuko3d opened a new issue, #1252:
URL: https://github.com/apache/apisix-ingress-controller/issues/1252
### Issue description
Hi,
I want to use AWS loadbalancer to terminate SSL connections to my cluster, i have gotten a certificate and deployed the ingress controller, which has the certificate listening on port 443.
Below is my config
gateway:
```
type: LoadBalancer
# If you want to keep the client source IP, you can set this to Local.
# ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
externalTrafficPolicy: Cluster
#type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-ssl-cert-ports: https
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:eu-west-1:127867112076:certificate/25044570-f0a1-4220-ba3c-c88f79731137"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: ELBSecurityPolicy-TLS-1-1-2017-01
externalIPs: []
http:
enabled: true
servicePort: 80
containerPort: 9080
tls:
enabled: true
servicePort: 443
containerPort: 9443
existingCASecret: ""
certCAFilename: ""
http2:
enabled: true
stream: # L4 proxy (TCP/UDP)
enabled: false
only: false
tcp: []
udp: []
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: apisix.local
paths: []
tls: []
# - secretName: apisix-tls
# hosts:
# - chart-example.local
```
but it still ends up failing
### Environment
- your apisix-ingress-controller version (output of apisix-ingress-controller version --long): I am not certain, but i got it from the helm chart last night o i guess its the current one
- your Kubernetes cluster version (output of kubectl version): 1.22 - EKS
- if you run apisix-ingress-controller in Bare-metal environment, also show your OS version (uname -a): EKS
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] github-actions[bot] commented on issue #1252: request help: Configure AWS Certifcate on APISIX Ingress
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on issue #1252:
URL: https://github.com/apache/apisix-ingress-controller/issues/1252#issuecomment-1326934591
This issue has been marked as stale due to 90 days of inactivity. It will be closed in 30 days if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the dev@apisix.apache.org list. Thank you for your contributions.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] tao12345666333 commented on issue #1252: request help: Configure AWS Certifcate on APISIX Ingress
Posted by GitBox <gi...@apache.org>.
tao12345666333 commented on issue #1252:
URL: https://github.com/apache/apisix-ingress-controller/issues/1252#issuecomment-1220390929
Can you post your APISIX installation steps?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] github-actions[bot] commented on issue #1252: request help: Configure AWS Certifcate on APISIX Ingress
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on issue #1252:
URL: https://github.com/apache/apisix-ingress-controller/issues/1252#issuecomment-1445540333
This issue has been marked as stale due to 90 days of inactivity. It will be closed in 30 days if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the dev@apisix.apache.org list. Thank you for your contributions.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] github-actions[bot] closed issue #1252: request help: Configure AWS Certifcate on APISIX Ingress
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] closed issue #1252: request help: Configure AWS Certifcate on APISIX Ingress
URL: https://github.com/apache/apisix-ingress-controller/issues/1252
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] ochuko3d commented on issue #1252: request help: Configure AWS Certifcate on APISIX Ingress
Posted by GitBox <gi...@apache.org>.
ochuko3d commented on issue #1252:
URL: https://github.com/apache/apisix-ingress-controller/issues/1252#issuecomment-1220428903
no i cannot, thats from the pod
![image](https://user-images.githubusercontent.com/28976224/185583556-bb8d16a6-b9f7-4243-8d39-b00b1d73beee.png)
This is from the service
![image](https://user-images.githubusercontent.com/28976224/185583746-cd1e9130-1111-42d9-addb-3b626d76aeb1.png)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] github-actions[bot] commented on issue #1252: request help: Configure AWS Certifcate on APISIX Ingress
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on issue #1252:
URL: https://github.com/apache/apisix-ingress-controller/issues/1252#issuecomment-1489555145
This issue has been closed due to lack of activity. If you think that is incorrect, or the issue requires additional review, you can revive the issue at any time.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] tao12345666333 commented on issue #1252: request help: Configure AWS Certifcate on APISIX Ingress
Posted by GitBox <gi...@apache.org>.
tao12345666333 commented on issue #1252:
URL: https://github.com/apache/apisix-ingress-controller/issues/1252#issuecomment-1327207895
@AlinsRan PTAL
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] AlinsRan commented on issue #1252: request help: Configure AWS Certifcate on APISIX Ingress
Posted by GitBox <gi...@apache.org>.
AlinsRan commented on issue #1252:
URL: https://github.com/apache/apisix-ingress-controller/issues/1252#issuecomment-1328716546
Hi @ochuko3d !
I tried terminating ssl in ELB and it seems to be working fine.
I think you should configure LB forwarding to the tls port, I think you can change it to the http port.
Please refer to it:
https://aws.amazon.com/premiumsupport/knowledge-center/associate-acm-certificate-alb-nlb/?nc1=h_ls
Here is my config:
```yaml
apiVersion: v1
kind: Service
metadata:
annotations:
meta.helm.sh/release-name: apisix
meta.helm.sh/release-namespace: apisix
creationTimestamp: "2022-11-28T07:07:59Z"
finalizers:
- service.kubernetes.io/load-balancer-cleanup
labels:
app.kubernetes.io/instance: apisix
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: apisix
app.kubernetes.io/service: apisix-gateway
app.kubernetes.io/version: 2.15.1
helm.sh/chart: apisix-0.11.3
name: apisix-gateway
namespace: apisix
resourceVersion: "16654"
uid: 21cee675-006a-4234-b76d-cc0ae7987d4a
spec:
allocateLoadBalancerNodePorts: true
clusterIP: 10.100.231.173
clusterIPs:
- 10.100.231.173
externalTrafficPolicy: Cluster
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: apisix-gateway
nodePort: 31180
port: 80
protocol: TCP
targetPort: 9080
- name: apisix-gateway-tls
nodePort: 31065
port: 443
protocol: TCP
targetPort: 9443
selector:
app.kubernetes.io/instance: apisix
app.kubernetes.io/name: apisix
sessionAffinity: None
type: LoadBalancer
```
![image](https://user-images.githubusercontent.com/79972061/204230434-bc979e78-20c1-4a88-aea3-ed39d5cd1393.png)
![image](https://user-images.githubusercontent.com/79972061/204229380-741d2967-3d3e-46ab-b21e-d25c2480d2fb.png)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org