search

kubernetes-sigs / aws-load-balancer-controller

A Kubernetes controller for Elastic Load Balancers
https://kubernetes-sigs.github.io/aws-load-balancer-controller/
Apache License 2.0
3.94k stars 1.46k forks source link

ECDSA certificates are not found by auto-discovery #2671

Closed tavlima closed 2 years ago

tavlima commented 2 years ago

Describe the bug

ECDSA certificates are not found by auto-discovery

Steps to reproduce

  1. import a ECDSA certificate into ACM, with a matching CN/SAN
  2. create an ALB ingress object, with the same domain used by the certificate in (1).
  3. watch errors like "none cert found for: " in the AWS LBC pod logs

Expected outcome The controller should be able to locate/discovery ECDSA certificates. Ideally, it should discovery any kind of certificate supported by ALBs.

Environment

Additional Context:

Just adding a RSA-2048 signed certificate to ACM, with the same domains, was enough to make the controller find the certificate.

kishorj commented 2 years ago

@tavlima, this is a known issue, the ACM ListCertificates API doesn't return ECDSA or RSA-4096 certificates unless explicitly specified. Issue #2719 provides more details. We will either make the key type configurable, or explicitly include the key types in the ACM queries.

Since we will use issue #2719 to track the effort, I will close this one as a duplicate.