2 Answers
- Newest
- Most votes
- Most comments
0
To run the application or setup SSL and TLS on kubernetes best practices suggest to use cert-manager & ingress.
Ingress works as the gateway and expose the service to the outside world and manage the connection.
While cert-manager use for manage the SSL certificates for domains. you can follow this guide to setup ingress and cert-manager:
answered 5 years ago
0
Here's one way to do it:
- Install AWS Load Balancer Controller
- Create an K8s ingress to create an application load balancer (ALB) or a K8s service to create a network load balancer (NLB)
- Create certificate using AWS Certificate Manager
Examples
This ingress creates an ALB with port 443 (HTTPS)
The certificate is added via annotation alb.ingress.kubernetes.io/certificate-arn
At a very high level, traffic flow would be:
(client) -> HTTPS/443 -> (ALB) -> traffic decrypted by ALB & forwarded to service -> (POD)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app-ingress
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/subnets: subnet-x, subnet-x
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:REGION:x:certificate/xxx
spec:
ingressClassName: alb
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: service-name-here
port:
number: 80
answered 9 months ago
Relevant content
- asked a month ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago