By using AWS re:Post, you agree to the Terms of Use

EKS NLB target groups protocol change to https

0

Hi, how to change the target groups protocol to https? The listener is TLS with cert binding is working however the backend forward to the pod is not working, I unable to find the annotation to change the protocol from tcp (current) to https, can you share the correct annotations.

annotations: service.beta.kubernetes.io/aws-load-balancer-internal: "true" service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip" service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "https" service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold: "2" service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold: "2" service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:xxxxxxxxxxxx

1 Answer
0
Accepted Answer

Hello,

The NLB Listeners support the following protocols: TCP, TLS, UDP, TCP_UDP.

The annotation service.beta.kubernetes.io/aws-load-balancer-backend-protocol specifies whether to use TLS for the backend traffic between the load balancer and the kubernetes pods.

If you specify ssl as the backend protocol, NLB uses TLS connections for the traffic to your kubernetes pods in case of TLS listeners

You can specify ssl or tcp (default). HTTPS is not supported. If you want to configure HTTPS listener, you will need to implement Kubernetes ingress to create ALB instead of NLB and Kubernetes Service.

Refer to doc to know more.

answered a month ago
  • The ALB is working in this case for HTTPS traffic; thanks for the response

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions