sparse-spring-91820
11/09/2021, 9:42 AMconst nginx = new k8s.helm.v3.Chart('nginx',
{
namespace,
chart: 'nginx-ingress',
version: '1.24.4',
fetchOpts: { repo: '<https://charts.helm.sh/stable/>' },
values: {
controller: {
annotations: {
'<http://service.beta.kubernetes.io/aws-load-balancer-ssl-cert|service.beta.kubernetes.io/aws-load-balancer-ssl-cert>': 'arn:aws:acm:us-east-1:XXXXXXXXXXXX:certificate/XXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
'<http://service.beta.kubernetes.io/aws-load-balancer-type|service.beta.kubernetes.io/aws-load-balancer-type>': 'alb',
'<http://service.beta.kubernetes.io/aws-load-balancer-backend-protocol|service.beta.kubernetes.io/aws-load-balancer-backend-protocol>': 'http',
'<http://service.beta.kubernetes.io/aws-load-balancer-ssl-ports|service.beta.kubernetes.io/aws-load-balancer-ssl-ports>': 'https'
},
publishService: { enabled: true }
}
}
},
{ providers: { kubernetes: options.provider } }
);
I tried a lot of variations but none of them worked for me. I end up getting error: 400 Bad Request "Play HTTP request was sent to HTTPS port"
or another case, I get auto-generated Kubernetes Ingress Controller Fake Certificate
which shows me Not secure
flag in the browser because that certificate is not signed by authority that browser trusts.
Has anyone else set nginx-ingress working with certificate generated by ACM?future-refrigerator-88869
11/09/2021, 11:00 AM{
"<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>": "alb",
"<http://alb.ingress.kubernetes.io/scheme|alb.ingress.kubernetes.io/scheme>": "internet-facing",
"<http://alb.ingress.kubernetes.io/target-type|alb.ingress.kubernetes.io/target-type>": "ip",
"<http://alb.ingress.kubernetes.io/certificate-arn|alb.ingress.kubernetes.io/certificate-arn>": "certificate arn",
"<http://service.beta.kubernetes.io/aws-load-balancer-ssl-cert|service.beta.kubernetes.io/aws-load-balancer-ssl-cert>": "certificate arn",
"<http://alb.ingress.kubernetes.io/listen-ports|alb.ingress.kubernetes.io/listen-ports>": '[{"HTTPS":443}]',
"<http://alb.ingress.kubernetes.io/actions.ssl-redirect|alb.ingress.kubernetes.io/actions.ssl-redirect>":
'{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}',
}
sparse-spring-91820
11/09/2021, 11:07 AMfuture-refrigerator-88869
11/09/2021, 11:18 AMsparse-spring-91820
11/09/2021, 11:21 AMfuture-refrigerator-88869
11/09/2021, 11:25 AM<http://service.beta.kubernetes.io/aws-load-balancer-backend-protocol|service.beta.kubernetes.io/aws-load-balancer-backend-protocol>: http
<http://service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout|service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout>: '60'
<http://service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled|service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled>: 'true'
<http://service.beta.kubernetes.io/aws-load-balancer-ssl-cert|service.beta.kubernetes.io/aws-load-balancer-ssl-cert>: arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX
<http://service.beta.kubernetes.io/aws-load-balancer-ssl-ports|service.beta.kubernetes.io/aws-load-balancer-ssl-ports>: https
<http://service.beta.kubernetes.io/aws-load-balancer-type|service.beta.kubernetes.io/aws-load-balancer-type>: elb
Taken from here: https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.0.4/deploy/static/provider/aws/deploy-tls-termination.yaml
https://kubernetes.github.io/ingress-nginx/deploy/#tls-termination-in-aws-load-balancer-nlbsparse-spring-91820
11/09/2021, 12:11 PMbillowy-army-68599
sparse-spring-91820
11/09/2021, 2:50 PMconst ingress = new k8s.networking.v1.Ingress('nginx-ingress-rule', {
metadata: {
namespace,
annotations: {
'<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>': "nginx"
}
},
spec: {
rules: [
{
host: '<http://ivo.example.com|ivo.example.com>',
http: {
paths: [
{
path: '/',
pathType: 'Prefix',
backend: {
service: {
name: service.metadata.name,
port: {
number: 3000
}
}
}
}
]
}
}
]
}
}, options);
billowy-army-68599
type=LoadBalancer
nginx-ingress
?sparse-spring-91820
11/09/2021, 2:54 PMconst nginx = new k8s.helm.v3.Chart('nginx',
{
namespace,
chart: 'nginx-ingress',
version: '1.24.4',
fetchOpts: { repo: '<https://charts.helm.sh/stable/>' },
values: {
controller: {
annotations: {
'<http://service.beta.kubernetes.io/aws-load-balancer-ssl-cert|service.beta.kubernetes.io/aws-load-balancer-ssl-cert>': 'arn:aws:acm:us-east-1:XXXXXXXXXXXX:certificate/XXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
'<http://service.beta.kubernetes.io/aws-load-balancer-type|service.beta.kubernetes.io/aws-load-balancer-type>': 'alb',
'<http://service.beta.kubernetes.io/aws-load-balancer-backend-protocol|service.beta.kubernetes.io/aws-load-balancer-backend-protocol>': 'http',
'<http://service.beta.kubernetes.io/aws-load-balancer-ssl-ports|service.beta.kubernetes.io/aws-load-balancer-ssl-ports>': 'https'
},
publishService: { enabled: true }
}
}
},
{ providers: { kubernetes: options.provider } }
);
billowy-army-68599
<https://kubernetes.github.io/ingress-nginx>
, see here for more details:
https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginxcontroller:
service:
targetPorts:
http: http
https: http
annotations:
<http://service.beta.kubernetes.io/aws-load-balancer-ssl-cert|service.beta.kubernetes.io/aws-load-balancer-ssl-cert>: arn:aws:acm:XX-XXXX-X:XXXXXXXXX:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX
<http://service.beta.kubernetes.io/aws-load-balancer-backend-protocol|service.beta.kubernetes.io/aws-load-balancer-backend-protocol>: "http"
<http://service.beta.kubernetes.io/aws-load-balancer-ssl-ports|service.beta.kubernetes.io/aws-load-balancer-ssl-ports>: "https"
<http://service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout|service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout>: '3600'
sparse-spring-91820
11/09/2021, 3:01 PM