amazon web services - Attach AWS TLS certificate to Kubernetes Load Balancer

Question

I have configured an AWS ACM Certificate for my domain. The application is running on Kubernetes EKS cluster with Ingress Nginx Load balancer

Steps that I have done

1. Configured Certificate
2. Hooked it up with the domain (route 53)
3. Configured ingress-nginx file with the certificate ARN

Issues

1. The website still runs on http with invalid certificate
2. The Listeners on the AWS Load Balancer still shows N/A for the certificate

---

Ingress nginx config

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: ingress-service
  annotations:
    nginx.ingress.kubernetes.io/default-backend: ingress-nginx-controller
    ## tells ingress to check for regex in the config file
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      add_header Access-Control-Allow-Methods "POST, GET, OPTIONS";
      add_header Access-Control-Allow-Credentials true;
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
    nginx.ingress.kubernetes.io/from-to-www-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"

spec:
  # tls:
  # - hosts:
  #      - example.com
  #      - www.example.com
  ## our custom routing rules
  rules:
    - host: www.example.com
      http:
        paths:
          - path: /api/upload/?(.*)
            backend:
              serviceName: aws-srv
              servicePort: 3000

Ingress nginx (Service)

--- 
apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:******ARN
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: (https|http|ssl|tcp)
    service.beta.kubernetes.io/do-loadbalancer-hostname: "workaround.example.com"
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443,8443"
  labels:
    helm.sh/chart: ingress-nginx-2.11.1
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 0.34.1
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: controller
  name: ingress-nginx-controller
  namespace: ingress-nginx
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: http
    - name: https
      port: 443
      protocol: TCP
      targetPort: https
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx

I need to take this application to production, so I would really appreciate the help. Thanks in advance!

question from:https://stackoverflow.com/questions/65892063/attach-aws-tls-certificate-to-kubernetes-load-balancer

Answer 1

Waitting for answers