Before you read this, the first thing you need is to setup AWS EKS cluster at your AWS account. If you want to deploy at your existing VPC, please follow this tutorial:setup aws eks with existing vpc
Recently, I have a problem when I need to setup HTTP to HTTPS at AWS EKS. All the tutorial to setup is not working as results.
After doing all the debug steps, I realized something. All the LB created from EKS, always have some type, all of them are classic. Even when you already add alb with this annotation.
kubernetes.io/ingress.class: alb
So after doing other research and having trials and errors, one thing you should do is setup an alb ingress controller before doing another thing. You just need to follow the 9 steps sequentially from this documentation. Straightforward.
alb ingress controller setup
After that, you can start deploying your first ALB with Kubernetes. Since it will create another AWS LB, you need to pay attention to your setup because your existing won't be applicable with SSL and need to have some adjustment.
In ALB ingress setup itself, you can choose to follow from one of this documentation.kubernetes aws docs or follow this aws docs, especially from step number 7. Or you can just use my config below:
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: your-ingress-name
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/certificate-arn: input-your-arn-from-youracm
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/group: your-target-group-name
alb.ingress.kubernetes.io/target-type: ip | instance choose one
labels:
app: your-app-name
spec:
rules:
- host: your-domain-service-name
http:
paths:
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- path: /*
backend:
serviceName: your-service-name
servicePort: 80
---
apiVersion: v1
kind: Service
metadata:
name: your-service-name
labels:
app: your-service-label
spec:
selector:
app: your-app-name
ports:
- name: http
port: 80
targetPort: http
- name: https
port: 443
targetPort: http
type: LoadBalancer | NodePort Choose one
One thing that you need to know when we want to create new ALB from EKS is that, service spec type can only support LoadBalancer and NodePort. It won't support ClusterIP.
If you follow my config, you need to do two things. First, you need to create an SSL at ACM first since you need to point the SSL and to the ingress. And second one you need to do is pointing our new ALB for AWS EKS to the domain name, If you don't do that, it won't work.
I think that's it for now for this article. Leave a comment below about your thoughts! Thanks.
NOTE: This article I use for DEMO at my AWS Online talk at here and the presentation can see here
Top comments (0)