You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem?
Currently, aws-load-balancer-controller expects the issued Certificate to be present in ACM for any of the SSL/TLS features to work. This is a problem when the kubernetes cluster is using a different certificate manager such as cert-manager.
Describe the solution you'd like
I've read that aws-load-balancer-controller attempts to auto-detect the certificate in ACM based on the hostname provided in the tls spec on Ingress/ALB resource. For Service/NLB resource, you have to provide the Certificate ARN as an annotation. This problem could be solved by importing the certificate into ACM when it is issued/updated/deleted by listening for events on the linked Certificate resource within the cluster. ACM offers ImportCertificate API call to import a certificate and the only requirement it presents are,
the issued certificate.
the issued certificate private key
I think cert-manager stores the issued certificate and the the certificate's private key as Secret within the cluster. It should be possible to upload/update the certificate after it is issued/updated/deleted by the controller. This way SSL/TLS annotations on Service/Ingress resources would work with both ALB & NLB load balancers.
Describe alternatives you've considered
This is the only solution I can think of for now! : )
Extra
This issue contains the problem in more detail! #3708 (comment)
The text was updated successfully, but these errors were encountered:
is-it-ayush
changed the title
Upload certificate to ACM if certificate controller is not ACM since controller expects ACM
Upload certificate to ACM if certificate manager is not ACM since controller expects ACM
May 23, 2024
Is your feature request related to a problem?
Currently,
aws-load-balancer-controller
expects the issuedCertificate
to be present in ACM for any of theSSL/TLS
features to work. This is a problem when the kubernetes cluster is using a different certificate manager such as cert-manager.Describe the solution you'd like
I've read that
aws-load-balancer-controller
attempts to auto-detect the certificate in ACM based on thehostname
provided in thetls
spec onIngress/ALB
resource. ForService/NLB
resource, you have to provide theCertificate ARN
as an annotation. This problem could be solved by importing the certificate into ACM when it is issued/updated/deleted by listening for events on the linkedCertificate
resource within the cluster. ACM offers ImportCertificate API call to import a certificate and the only requirement it presents are,I think
cert-manager
stores the issued certificate and the the certificate's private key asSecret
within the cluster. It should be possible to upload/update the certificate after it is issued/updated/deleted by the controller. This way SSL/TLS annotations onService/Ingress
resources would work with both ALB & NLB load balancers.Describe alternatives you've considered
This is the only solution I can think of for now! : )
Extra
This issue contains the problem in more detail! #3708 (comment)
The text was updated successfully, but these errors were encountered: