我正在尝试将 HAProxy 入口控制器与 Let's Encrypt 一起用于 GKE 上的 SSL。但我认为 HAProxy 不支持 Let's Encrypt。这些是我做的步骤。1. 创建 HAProxy Ingress Controller 2. 创建 Cert Manager 和 Cluster Issuer 3. 创建 Ingress Resource
通常,Ingress 资源会创建 L7 HTTP(S) 负载均衡器。但是当我要求 Ingress 资源使用 Let's Encrypt 获取 SSL 证书时,它无法在负载均衡器上安装证书,因为尚未创建 LB。
我可以理解 NGINX Ingress Controller 是另一种选择。但是 NGINX,它创建了 L4 负载均衡器。
HAProxy Ingress Controller 有什么出路吗?或者我应该转移到由 HAProxy 支持的 Voyager Ingress Controller 吗?
入口资源
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: fanout-ingress-haproxy
namespace: xyz-product
labels: # Labels that will be applied to this resource
app: prod-user-reg-app
annotations:
kubernetes.io/ingress.global-static-ip-name: prod-reg-static-ip #Defined in GCP platform. A Static IP needs to be created in the GCP.
# ingress.kubernetes.io/force-ssl-redirect: "true"
haproxy.org/ingress.class: "haproxy"
haproxy.org/load-balance: "leastconn" #roundrobin
haproxy.org/forwarded-for: "enabled"
# haproxy.org/ssl-certificate: "xyz-product/prod-tls-secret"
# haproxy.org/ssl-redirect: "ON"
# haproxy.org/ssl-redirect-code: "303"
cert-manager.io/cluster-issuer: letsencrypt-staging
spec:
tls:
- hosts:
- apps.mydomain.co.uk
secretName: staging-issuer-account-key
rules:
- host: apps.mydomain.co.uk
http:
paths:
- path: /user-reg/create/*
backend:
serviceName: prod-user-reg-create-app
servicePort: 8081
