Proxy pods NLB allow annotation ssl-cert #39936
-
|
Hey, while deploying teleport using NLB I'm wondering why we can´t leverage the fact that we can use the annotation service.beta.kubernetes.io/aws-load-balancer-ssl-cert ? in oder to being able to deploy multiple replicas of proxy pods instead of forcing it to define a cert-manager issuer or use TLS secrets ? is not in some way the same as using an ALB with alb.ingress.kubernetes.io/certificate-arn annotation ? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
You can certainly add that annotation to your own proxy pods if you want. The guides in the docs are just designed to be simple and work for 95% of use cases. If you don't enable ingress and then add those annotations under This method is also described in the older Teleport v12 docs: https://github.com/gravitational/teleport/blob/branch/v12/docs/pages/deploy-a-cluster/helm-deployments/aws.mdx proxy:
annotations:
service:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-1:1234567890:certificate/12345678-43c7-4dd1-a2f6-c495b91ebece"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl |
Beta Was this translation helpful? Give feedback.
You can certainly add that annotation to your own proxy pods if you want. The guides in the docs are just designed to be simple and work for 95% of use cases.
If you don't enable ingress and then add those annotations under
proxy.annotations.serviceit should work.This method is also described in the older Teleport v12 docs: https://github.com/gravitational/teleport/blob/branch/v12/docs/pages/deploy-a-cluster/helm-deployments/aws.mdx