configure SSL in cluster of kubernetes

0

i have kubernetes cluster running on aws EKS.

But problem is that I need to run app through HTTPS(ssl) protocol

we have docker image in aws ECR.we also have certificate key file and chain file for ssl.how do we configure it with kubernetes? so container will run in https

right now it's running like http://www.abc.com .It's should be like https://www.abc.com

  1. push code in github (Done)

  2. create docker image (Done)

  3. push docker image to aws ECR (Done)

  4. pull image from aws ecr and run with kubernetes cluster (Done)

  5. work on http protocol on 80 port (done) http://www.abc.com

  6. bind domain to cluster end point(done)

  7. configure SSL (Not done) https://www.abc.com

Anybody have suggestions?

asked 5 years ago923 views
2 Answers
0
Accepted Answer

To run the application or setup SSL and TLS on kubernetes best practices suggest to use cert-manager & ingress.

Ingress works as the gateway and expose the service to the outside world and manage the connection.

While cert-manager use for manage the SSL certificates for domains. you can follow this guide to setup ingress and cert-manager:

https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-with-cert-manager-on-digitalocean-kubernetes

answered 5 years ago
0

Here's one way to do it:

Examples

This ingress creates an ALB with port 443 (HTTPS)
The certificate is added via annotation alb.ingress.kubernetes.io/certificate-arn

At a very high level, traffic flow would be:
(client) -> HTTPS/443 -> (ALB) -> traffic decrypted by ALB & forwarded to service -> (POD)

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: app-ingress
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/subnets: subnet-x, subnet-x
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:REGION:x:certificate/xxx
spec:
  ingressClassName: alb
  rules:
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: service-name-here
                port:
                  number: 80
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions