From f2bb1157108848d95626cd01d9a8c232c0e3184f Mon Sep 17 00:00:00 2001 From: Carsten Schafer Date: Fri, 10 Nov 2023 10:28:01 -0500 Subject: [PATCH] Fix cert ARNs, add external OWLS config Signed-off-by: Carsten Schafer --- chart/environment-values/values.aws.yaml | 6 +- .../values.openwifi-qa.owls-enabled.yaml | 146 +++++++++++++++++- .../values.openwifi-qa.owls-external.yaml | 36 +++++ .../values.openwifi-qa.separate-lbs.yaml | 12 +- .../values.openwifi-qa.yaml | 10 +- 5 files changed, 192 insertions(+), 18 deletions(-) create mode 100644 chart/environment-values/values.openwifi-qa.owls-external.yaml diff --git a/chart/environment-values/values.aws.yaml b/chart/environment-values/values.aws.yaml index 6e08d88..98d2709 100644 --- a/chart/environment-values/values.aws.yaml +++ b/chart/environment-values/values.aws.yaml @@ -19,7 +19,7 @@ owgwui: kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/group.name: wlan-cicd - alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 # TODO change certificate + alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]' alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}' external-dns.alpha.kubernetes.io/hostname: webui.cicd.lab.wlan.tip.build # TODO change FQDN @@ -69,7 +69,7 @@ owprovui: kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/group.name: wlan-cicd - alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 # TODO change certificate + alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]' alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}' external-dns.alpha.kubernetes.io/hostname: provui.cicd.lab.wlan.tip.build # TODO change FQDN @@ -99,7 +99,7 @@ haproxy: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080" service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 # TODO change certificate + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913,16009,16007" service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip external-dns.alpha.kubernetes.io/hostname: "gw.cicd.lab.wlan.tip.build,sec.cicd.lab.wlan.tip.build,fms.cicd.lab.wlan.tip.build,prov.cicd.lab.wlan.tip.build,rtty.cicd.lab.wlan.tip.build,sub.cicd.lab.wlan.tip.build,analytics.cicd.lab.wlan.tip.build,rrm.cicd.lab.wlan.tip.build" # TODO change FQDNs diff --git a/chart/environment-values/values.openwifi-qa.owls-enabled.yaml b/chart/environment-values/values.openwifi-qa.owls-enabled.yaml index 76c0941..5561fa2 100644 --- a/chart/environment-values/values.openwifi-qa.owls-enabled.yaml +++ b/chart/environment-values/values.openwifi-qa.owls-enabled.yaml @@ -1,3 +1,4 @@ +# This helm values file is to be used when OWLS is run in the same namespace. owgw: services: owgw: @@ -7,7 +8,7 @@ owgw: service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102" service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285" + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002" configProperties: @@ -30,7 +31,6 @@ owgw: postgresql: enabled: true fullnameOverride: owgw-pgsql - postgresqlDatabase: owgw postgresqlUsername: owgw postgresqlPassword: owgw @@ -46,7 +46,145 @@ owls: service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16107" service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285" + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c + service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16007,17007" + external-dns.alpha.kubernetes.io/ttl: "60" + + podAnnotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + + resources: + requests: + cpu: 6000m + memory: 8000Mi + limits: + cpu: 6000m + memory: 8000Mi + + checks: + owls: + liveness: + httpGet: + path: / + port: 16107 + failureThreshold: 900 + readiness: + httpGet: + path: / + port: 16107 + failureThreshold: 900 + + certs: + restapi-ca.pem: | + -----BEGIN CERTIFICATE----- + MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL + BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj + dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy + b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx + CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu + Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0 + IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u + AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm + KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO + aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO + t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6 + Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX + 720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG + lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF + AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM + dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF + PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj + 19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG + L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA + 5IOM7ItsRmen6u3qu+JXros54e4juQ== + -----END CERTIFICATE----- + + public_env_variables: + SELFSIGNED_CERTS: "true" + + configProperties: + openwifi.internal.restapi.host.0.rootca: $OWLS_ROOT/certs/restapi-certs/ca.crt + openwifi.internal.restapi.host.0.cert: $OWLS_ROOT/certs/restapi-certs/tls.crt + openwifi.internal.restapi.host.0.key: $OWLS_ROOT/certs/restapi-certs/tls.key + openwifi.restapi.host.0.rootca: $OWLS_ROOT/certs/restapi-certs/ca.crt + openwifi.restapi.host.0.cert: $OWLS_ROOT/certs/restapi-certs/tls.crt + openwifi.restapi.host.0.key: $OWLS_ROOT/certs/restapi-certs/tls.key + + volumes: + owls: + - name: config + mountPath: /owls-data/owls.properties + subPath: owls.properties + # Template below will be rendered in template + volumeDefinition: | + secret: + secretName: {{ include "owls.fullname" . }}-config + - name: certs + mountPath: /owls-data/certs + volumeDefinition: | + secret: + secretName: {{ include "owls.fullname" . }}-certs + - name: certs-cas + mountPath: /owls-data/certs/cas + volumeDefinition: | + secret: + secretName: {{ include "owls.fullname" . }}-certs-cas + # Change this if you want to use another volume type + - name: persist + mountPath: /owls-data/persist + volumeDefinition: | + persistentVolumeClaim: + claimName: {{ template "owls.fullname" . }}-pvc + + - name: restapi-certs + mountPath: /owls-data/certs/restapi-certs + volumeDefinition: | + secret: + secretName: {{ include "owls.fullname" . }}-owls-restapi-tls + - name: restapi-ca + mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt + subPath: ca.crt + volumeDefinition: | + secret: + secretName: {{ include "owls.fullname" . }}-owls-restapi-tls + +owlsui: + enabled: true + + services: + owlsui: + type: NodePort + + ingresses: + default: + enabled: true + annotations: + kubernetes.io/ingress.class: alb + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/group.name: wlan-cicd + alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]' + alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}' + external-dns.alpha.kubernetes.io/ttl: "60" + paths: + - path: /* + serviceName: owlsui + servicePort: http + + podAnnotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" +owls: + enabled: true + + services: + owls: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip" + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16107" + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16007,17007" external-dns.alpha.kubernetes.io/ttl: "60" @@ -162,7 +300,7 @@ owlsui: kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/group.name: wlan-cicd - alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 + alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]' alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}' external-dns.alpha.kubernetes.io/ttl: "60" diff --git a/chart/environment-values/values.openwifi-qa.owls-external.yaml b/chart/environment-values/values.openwifi-qa.owls-external.yaml new file mode 100644 index 0000000..aa61f16 --- /dev/null +++ b/chart/environment-values/values.openwifi-qa.owls-external.yaml @@ -0,0 +1,36 @@ +# This helm values file is to be used when OWLS is run externally. +owgw: + services: + owgw: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip" + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102" + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c + service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002" + + configProperties: + simulatorid: 53494D020202 + storage.type: postgresql + storage.type.postgresql.host: owgw-pgsql + storage.type.postgresql.database: owgw + storage.type.postgresql.username: owgw + storage.type.postgresql.password: owgw + openwifi.certificates.allowmismatch: "true" + + resources: + requests: + cpu: 2000m + memory: 3000Mi + limits: + cpu: 2000m + memory: 3000Mi + + postgresql: + enabled: true + fullnameOverride: owgw-pgsql + postgresqlDatabase: owgw + postgresqlUsername: owgw + postgresqlPassword: owgw diff --git a/chart/environment-values/values.openwifi-qa.separate-lbs.yaml b/chart/environment-values/values.openwifi-qa.separate-lbs.yaml index bb0133f..944aa0a 100644 --- a/chart/environment-values/values.openwifi-qa.separate-lbs.yaml +++ b/chart/environment-values/values.openwifi-qa.separate-lbs.yaml @@ -7,7 +7,7 @@ owgw: service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102" service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285" + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002,5912,5913" owsec: @@ -19,7 +19,7 @@ owsec: service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16101" service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285" + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16001,17001" owfms: @@ -31,7 +31,7 @@ owfms: service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16104" service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285" + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004" owprov: @@ -43,7 +43,7 @@ owprov: service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16105" service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285" + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16005,17005" owanalytics: @@ -55,7 +55,7 @@ owanalytics: service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16109" service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285" + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16009,17009" owsub: @@ -67,7 +67,7 @@ owsub: service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16106" service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285" + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16006,17006" haproxy: diff --git a/chart/environment-values/values.openwifi-qa.yaml b/chart/environment-values/values.openwifi-qa.yaml index 4dc3381..74dea52 100644 --- a/chart/environment-values/values.openwifi-qa.yaml +++ b/chart/environment-values/values.openwifi-qa.yaml @@ -360,7 +360,7 @@ owgwui: kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/group.name: wlan-cicd - alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/65314dcd-6f1c-4bde-a04a-dca7f24e3328 + alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]' alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}' paths: @@ -425,7 +425,7 @@ owfms: public_env_variables: SELFSIGNED_CERTS: "true" - # This has no effec as template based config is not enabledt (see configProperties) + # This has no effect as template based config is not enabled (see configProperties) FIRMWAREDB_MAXAGE: "360" configProperties: @@ -568,7 +568,7 @@ owprovui: kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/group.name: wlan-cicd - alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/65314dcd-6f1c-4bde-a04a-dca7f24e3328 + alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]' alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}' paths: @@ -756,7 +756,7 @@ owrrm: service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16789" service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:ap-south-1:289708231103:certificate/65314dcd-6f1c-4bde-a04a-dca7f24e3328" + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c" service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16789,16790" resources: @@ -856,7 +856,7 @@ haproxy: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080" service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/65314dcd-6f1c-4bde-a04a-dca7f24e3328 + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,5913,16001,17001,16009,16006,17006" service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip