Open is-it-ayush opened 4 months ago
Thank you for your feature request! We will be discussing this with our security team to see if it can be supported.
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
Is your feature request related to a problem? Currently,
aws-load-balancer-controller
expects the issuedCertificate
to be present in ACM for any of theSSL/TLS
features to work. This is a problem when the kubernetes cluster is using a different certificate manager such as cert-manager.Describe the solution you'd like I've read that
aws-load-balancer-controller
attempts to auto-detect the certificate in ACM based on thehostname
provided in thetls
spec onIngress/ALB
resource. ForService/NLB
resource, you have to provide theCertificate ARN
as an annotation. This problem could be solved by importing the certificate into ACM when it is issued/updated/deleted by listening for events on the linkedCertificate
resource within the cluster. ACM offers ImportCertificate API call to import a certificate and the only requirement it presents are,I think
cert-manager
stores the issued certificate and the the certificate's private key asSecret
within the cluster. It should be possible to upload/update the certificate after it is issued/updated/deleted by the controller. This way SSL/TLS annotations onService/Ingress
resources would work with both ALB & NLB load balancers.Describe alternatives you've considered This is the only solution I can think of for now! : )
Extra This issue contains the problem in more detail! https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/3708#issuecomment-2125559446