-
Annotations - AWS Load Balancer Controller
2025年9月6日 GMT+2 上午9:38:13 * - permalink -Condensed annotations doc
# INGRESS GROUP alb.ingress.kubernetes.io/group.name: my-group # [-1000,1000] default 0, not sure who has priority: bigger or smaller? alb.ingress.kubernetes.io/group.order: # TRAFFIC LISTENING alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]' #Once defined on a single Ingress, it impacts every Ingress within IngressGroup. alb.ingress.kubernetes.io/ssl-redirect: '443' # TAFFIC ROUTING alb.ingress.kubernetes.io/load-balancer-name: custom-name alb.ingress.kubernetes.io/target-type: ip # protocol to reach backend HTTP, HTTPS alb.ingress.kubernetes.io/backend-protocol: HTTP # protocol version to reach backend : HTTP1 (default) or GRPC or HTTP2 alb.ingress.kubernetes.io/backend-protocol-version: HTTP1 # can use subnetName tag! alb.ingress.kubernetes.io/subnets: subnet-name-a, subnet-name-b, subnet-name-c # ACCESS CONTROL # internal or internet-facing alb.ingress.kubernetes.io/scheme: internal # When this annotation is not present, the controller will automatically create one security group # we can use sg name! alb.ingress.kubernetes.io/security-groups: nameOfSg1, nameOfSg2 # AUTHENTICATION (oidc) alb.ingress.kubernetes.io/auth-type: oidc alb.ingress.kubernetes.io/auth-idp-oidc: '{"issuer":"https://example.com","authorizationEndpoint":"https://authorization.example.com","tokenEndpoint":"https://token.example.com","userInfoEndpoint":"https://userinfo.example.com","secretName":"my-k8s-secret"}' alb.ingress.kubernetes.io/auth-on-unauthenticated-request: authenticate alb.ingress.kubernetes.io/auth-session-timeout: '86400' alb.ingress.kubernetes.io/auth-session-cookie: auth-service-a # HEALTH CHECK alb.ingress.kubernetes.io/healthcheck-protocol: HTTP alb.ingress.kubernetes.io/healthcheck-path: /ping # The range is 5-300. Default to 30 alb.ingress.kubernetes.io/healthcheck-interval-seconds: 5 # The range is 2–120 seconds, default to 6 alb.ingress.kubernetes.io/healthcheck-timeout-seconds: 2 # The range is 2-10. Defaults to 3. alb.ingress.kubernetes.io/healthy-threshold-count: 2 # The range is 2-10. Defaults to 3. alb.ingress.kubernetes.io/unhealthy-threshold-count: 2 # TLS # can be discovered automatically see https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.13/guide/ingress/cert_discovery/ alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-2:xxxxx:certificate/xxxxxxx # CUSTOM # enable access log to s3 alb.ingress.kubernetes.io/load-balancer-attributes: access_logs.s3.enabled=true,access_logs.s3.bucket=my-access-log-bucket,access_logs.s3.prefix=my-app # enable http2 support alb.ingress.kubernetes.io/load-balancer-attributes: routing.http2.enabled=trueMain Ingress example
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: shared-ingress-a namespace: default annotations: # Ingress group alb.ingress.kubernetes.io/group.name: shared-ingress-a # Traffic Listening alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]' alb.ingress.kubernetes.io/ssl-redirect: '443' # Traffic routing alb.ingress.kubernetes.io/load-balancer-name: shared-ingress-a alb.ingress.kubernetes.io/target-type: ip alb.ingress.kubernetes.io/subnets: subnet-name-a, subnet-name-b, subnet-name-c # Access control alb.ingress.kubernetes.io/scheme: internal alb.ingress.kubernetes.io/security-groups: nameOfSg1, nameOfSg2 # Health check alb.ingress.kubernetes.io/healthcheck-protocol: HTTP alb.ingress.kubernetes.io/healthcheck-path: /ping alb.ingress.kubernetes.io/healthcheck-interval-seconds: 5 alb.ingress.kubernetes.io/healthcheck-timeout-seconds: 2 alb.ingress.kubernetes.io/healthy-threshold-count: 2 alb.ingress.kubernetes.io/unhealthy-threshold-count: 2 # TLS => should be autodiscovered alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-2:xxxxx:certificate/xxxxxxx spec: ingressClassName: albChild Ingress example
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: my-service-a namespace: my-service-a annotations: alb.ingress.kubernetes.io/group.name: shared-ingress-a alb.ingress.kubernetes.io/group.order: spec: ingressClassName: alb rules: - host: my-service-a.example.com http: paths: - path: /* pathType: ImplementationSpecific backend: service: name: "my-service-a" port: number: 80
-
https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.13/guide/ingress/annotations/#health-check
-
![thumbnail]()
-
![thumbnail]()
-
![thumbnail]()
-
![thumbnail]()
-
![thumbnail]()
-
Pushover: Pricing
2024年2月12日 GMT+1 下午6:33:47 - permalink -To replace pushbullet on iphone
-
https://pushover.net/pricing
-
![thumbnail]()
-
![thumbnail]()
-
![thumbnail]()
-
Working with presigned URLs - Amazon Simple Storage Service
2023年8月12日 GMT+2 上午10:53:10 - permalink -If you created a presigned URL by using a temporary token, then the URL expires when the token expires, even if you created the URL with a later expiration time. For more information about how the credentials you use affect the expiration time, see Who can create a presigned URL.
So you have to use regular IAM user instead of IAM role for service generating presigned urls..? :-/
-
https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-presigned-url.html#who-presigned-url
-
![thumbnail]()
-
![thumbnail]()
-
![thumbnail]()
