configure SSL in cluster of kubernetes

Question

i have kubernetes cluster running on aws EKS.  
  
But problem is that I need to run app through HTTPS(ssl) protocol  
  
we have docker image in aws ECR.we also have certificate key file and chain file for ssl.how do we configure it with kubernetes? so container will run in https  
  
right now it's running like http://www.abc.com .It's should be like https://www.abc.com  
  
1) push code in github (Done)  
  
2) create docker image (Done)  
  
3) push docker image to aws ECR (Done)  
  
4) pull image from aws ecr and run with kubernetes cluster (Done)  
  
6) work on http protocol on 80 port (done) http://www.abc.com  
  
7) bind domain to cluster end point(done)  
  
8) configure SSL (Not done) https://www.abc.com  
  
Anybody have suggestions?

Accepted Answer

To run the application or setup SSL and TLS on kubernetes best practices suggest to use cert-manager & ingress.  
  
Ingress works as the gateway and expose the service to the outside world and manage the connection.  
  
While cert-manager use for manage the SSL certificates for domains. you can follow this guide to setup ingress and cert-manager:  
  
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-with-cert-manager-on-digitalocean-kubernetes

Answer

# Here's one way to do it:

- Install [AWS Load Balancer Controller](https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html)
- Create an K8s ingress to create an [application load balancer (ALB) ](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html) or a K8s service to create a [network load balancer (NLB) ](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html)
- Create certificate using [AWS Certificate Manager](https://aws.amazon.com/certificate-manager/)

# Examples

This ingress creates an ALB with port 443 (HTTPS)  
The certificate is added via [annotation](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.5/guide/ingress/annotations/#annotations) `alb.ingress.kubernetes.io/certificate-arn`

At a very high level, traffic flow would be:  
`(client) -> HTTPS/443 -> (ALB) -> traffic decrypted by ALB & forwarded to service -> (POD)`

```
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: app-ingress
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/subnets: subnet-x, subnet-x
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:REGION:x:certificate/xxx
spec:
  ingressClassName: alb
  rules:
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: service-name-here
                port:
                  number: 80
```

configure SSL in cluster of kubernetes

Here's one way to do it:

Examples

관련 콘텐츠