-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Look up Certificate ARNs that match ingress' #600
Conversation
…ps-values Support KOPS values for private/public subnet tags
Add `elasticloadbalancing:DescribeSSLPolicies` to work with the `alb.ingress.kubernetes.io/ssl-policy` annotation
Add DescribeSSLPolicies to iam-policy.json
…epackaging with remaining work
…tting refreshing times for ~180 ALBs down 50% to around 3m40s
…ching errors in batched processes
…gress references a service that doesn't exist.
Refactor of securityGroup handling
Just saw this in the logs:
I should've read more of the code :) type CreateListenerInput struct {
_ struct{} `type:"structure"`
// [HTTPS listeners] The default SSL server certificate. You must provide exactly
// one default certificate. To create a certificate list, use AddListenerCertificates.
Certificates []*Certificate `type:"list"`
... Added a call to |
@bigkraig could you please explain why this PR was closed? |
@hatemosphere we rebased the master branch which closed all of the existing PRs, you can see the impact it had if you look at the commits in here now. The best way to get this one back in order is to cherry-pick the commits into a branch that has been created off of the new master. |
@cv looks like your PR here got closed accidentally after a rebase of Would you mind cherry-picking them into a new branch and creating a new PR? |
@khyew thanks for letting me know! I am no longer working on this, but will try to cherry-pick all the changes back in. Gimme a few minutes… |
@cv just the commits that were authored by you in that range, correct? |
@khyew yup! I'm pretty sure I was the only one to commit to the branch. |
How did you test your PR? Were you able to deploy your own branch of the controller to a cluster? I found this guide btw: https://kubernetes-sigs.github.io/aws-alb-ingress-controller/BUILDING/ |
Exactly, built a new Docker image, pushed it to ECR and ran it on my EKS cluster from there. |
Hi! 👋
I'm attempting a setup in which users of my k8s cluster get some subdomains to play with, like
<app>.<user>.dev.example.com
. I'd like to ensure all of their public-facing pods have an HTTP redirect to HTTPS, and that the certificate for their domain (say,*.cv.dev.example.com
) is stored and managed by ACM (which is done elsewhere, in a Terraform script).In order to minimize confusion, I'd like to use the smallest possible number of annotations, so that most apps will just work without a lot of yaml and helm template tweaking.
To do that, I'd like to have aws-alb-ingress-controller look that certificate up for me, so that I don't have to leak the abstraction by asking my users to know their certificate ARN. That way, if there is a certificate that matches a
spec.tls.hosts[]
entry, I don't need to add thecertificate-arn
annotation to the ingresses.In other words, if I have successfully issued a cert
arn:aws:acm:xxx:yyy:certificate/zzz
for the*.cv.dev.example.com
domain, the following ingress...should:
arn:aws:acm:xxx:yyy:certificate/zzz
certThe implementation thus far is quite naive and almost pseudo-code, but should serve as a starting point to gather more feedback.
WDYT?