https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# kubernetes
s
This message was deleted.
1
f
here's the config that i used for the ALB using aws load balancer controller. it might help you
Copy code
{
        "<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>": "alb",
        "<http://alb.ingress.kubernetes.io/scheme|alb.ingress.kubernetes.io/scheme>": "internet-facing",
        "<http://alb.ingress.kubernetes.io/target-type|alb.ingress.kubernetes.io/target-type>": "ip",
        "<http://alb.ingress.kubernetes.io/certificate-arn|alb.ingress.kubernetes.io/certificate-arn>": "certificate arn",
        "<http://service.beta.kubernetes.io/aws-load-balancer-ssl-cert|service.beta.kubernetes.io/aws-load-balancer-ssl-cert>": "certificate arn",
        "<http://alb.ingress.kubernetes.io/listen-ports|alb.ingress.kubernetes.io/listen-ports>": '[{"HTTPS":443}]',
        "<http://alb.ingress.kubernetes.io/actions.ssl-redirect|alb.ingress.kubernetes.io/actions.ssl-redirect>":
        '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}',
}
s
f
Yes. But be aware that there's ingress await issues using that controller (for now at least)
s
Thanks 🙌! I will try to stick with nginx-ingress and see if anyone has solution 🤞
f
I can see nginx in their example use this:
Copy code
<http://service.beta.kubernetes.io/aws-load-balancer-backend-protocol|service.beta.kubernetes.io/aws-load-balancer-backend-protocol>: http
    <http://service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout|service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout>: '60'
    <http://service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled|service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled>: 'true'
    <http://service.beta.kubernetes.io/aws-load-balancer-ssl-cert|service.beta.kubernetes.io/aws-load-balancer-ssl-cert>: arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX
    <http://service.beta.kubernetes.io/aws-load-balancer-ssl-ports|service.beta.kubernetes.io/aws-load-balancer-ssl-ports>: https
    <http://service.beta.kubernetes.io/aws-load-balancer-type|service.beta.kubernetes.io/aws-load-balancer-type>: elb
Taken from here: https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.0.4/deploy/static/provider/aws/deploy-tls-termination.yaml https://kubernetes.github.io/ingress-nginx/deploy/#tls-termination-in-aws-load-balancer-nlb
s
Yeah, tried all that but without success 😕
b
@sparse-spring-91820 can you show me your spec for the ingress service?
s
Copy code
const ingress = new k8s.networking.v1.Ingress('nginx-ingress-rule', {
    metadata: {
        namespace,
        annotations: {
          '<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>': "nginx"
        }
    },
    spec: {
        rules: [
            {
                host: '<http://ivo.example.com|ivo.example.com>',
                http: {
                    paths: [
                        {
                            path: '/',
                            pathType: 'Prefix',
                            backend: {
                              service: {
                                name: service.metadata.name,
                                port: {
                                  number: 3000
                                }
                              }
                            }
                        }
                    ]
                }
            }
        ]
    }
}, options);
b
not the ingress, when you deployed your loadbalancer, the ingress controller gets a service 
type=LoadBalancer
how did you deploy 
nginx-ingress
?
s
Using helm chart, code:
Copy code
const nginx = new k8s.helm.v3.Chart('nginx',
    {
        namespace,
        chart: 'nginx-ingress',
        version: '1.24.4',
        fetchOpts: { repo: '<https://charts.helm.sh/stable/>' },
        values: {
          controller: {
            annotations: {
              '<http://service.beta.kubernetes.io/aws-load-balancer-ssl-cert|service.beta.kubernetes.io/aws-load-balancer-ssl-cert>': 'arn:aws:acm:us-east-1:XXXXXXXXXXXX:certificate/XXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
              '<http://service.beta.kubernetes.io/aws-load-balancer-type|service.beta.kubernetes.io/aws-load-balancer-type>': 'alb',
              '<http://service.beta.kubernetes.io/aws-load-balancer-backend-protocol|service.beta.kubernetes.io/aws-load-balancer-backend-protocol>': 'http',
              '<http://service.beta.kubernetes.io/aws-load-balancer-ssl-ports|service.beta.kubernetes.io/aws-load-balancer-ssl-ports>': 'https'
            },
            publishService: { enabled: true }
          }
        }
    },
    { providers: { kubernetes: options.provider } }
);
b
you're using a really really old version of the chart, from the deprecated repo. I think that's from before a lot of the defaults had been figured out your repo needs to be: 
<https://kubernetes.github.io/ingress-nginx>
, see here for more details: https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx
and then set the values like so:
Copy code
controller:
  service:
    targetPorts:
      http: http
      https: http
    annotations:
      <http://service.beta.kubernetes.io/aws-load-balancer-ssl-cert|service.beta.kubernetes.io/aws-load-balancer-ssl-cert>: arn:aws:acm:XX-XXXX-X:XXXXXXXXX:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX
      <http://service.beta.kubernetes.io/aws-load-balancer-backend-protocol|service.beta.kubernetes.io/aws-load-balancer-backend-protocol>: "http"
      <http://service.beta.kubernetes.io/aws-load-balancer-ssl-ports|service.beta.kubernetes.io/aws-load-balancer-ssl-ports>: "https"
      <http://service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout|service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout>: '3600'
s
Woow, didn't know that. Thank you a lot! 🙌 I will try as soon as possible and give a feedback
IT WORKS 🎉 Thanks a lot once more!!
❤️ 1
7 Views
Open in Slack
PreviousNext
Powered by