Search code examples
amazon-web-serviceshttpsyamlamazon-eksamazon-elb

AWS EKS configure HTTPS listener

I want to secure my web service running on Kubernetes (EKS). It is running on port 80 .I want to run this on port 443.

When I apply the YAML file (for service and ingress), on AWS console I still have it listening on port 80 (and not on 443): enter image description here

This is my YAML file: How can I let it works? Thanks for you time!

   #SERVICE LOGGER
   apiVersion: v1
   kind: Service
   metadata:
     name: load-balancer-api-logger
     namespace: servicename-core-ns
     annotations:
       service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:eu-central-1:786543355018:certificate/acdff29d4-7a32-42f1-8f11-1d4f495a5c77
       service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
       service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
       service.beta.kubernetes.io/force-ssl-redirect: "true"
   spec:
     selector:
       app: api-logger
     type: NodePort
     ports:
     - protocol: TCP
       port: 443
       targetPort: 5000
     selector:
       app.kubernetes.io/name: api-logger
   ---
   
   apiVersion: networking.k8s.io/v1
   kind: Ingress
   metadata:
     name: ingress-articor
     namespace: servicename-core-ns
     annotations:
       kubernetes.io/ingress.class: alb
       alb.ingress.kubernetes.io/scheme: internet-facing
       alb.ingress.kubernetes.io/target-type: instance
       alb.ingress.kubernetes.io/healthcheck-path: "/healthcheckep"
       alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
       alb.ingress.kubernetes.io/ssl-redirect: '443'
   spec:
     rules:
       - host: logger.domainname.com
         http:
           paths:
             - path: "/"
               pathType: Prefix
               backend:
                 service:
                   name: load-balancer-api-logger
                   port: 
                     number: 80

Please consider that if I try to manually set the ALB to work with HTTPS it works fine. What I'm trying to achive here is to configure it via YAML file.

Solution

  • You should configure all settings in Ingress object. The following spec also don't repeat the default value set by the controller:

    apiVersion: v1
kind: Service
metadata:
 name: load-balancer-api-logger
 namespace: servicename-core-ns
spec:
 selector:
   app: api-logger
 type: NodePort
 ports:
 - protocol: TCP
   port: 443
   targetPort: 5000
 selector:
   app.kubernetes.io/name: api-logger
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
 name: ingress-articor
 namespace: servicename-core-ns
 annotations:
   kubernetes.io/ingress.class: alb
   alb.ingress.kubernetes.io/scheme: internet-facing
   alb.ingress.kubernetes.io/healthcheck-path: "/healthcheckep"
   alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:eu-central-1:786543355018:certificate/acdff29d4-7a32-42f1-8f11-1d4f495a5c77
spec:
 rules:
 - host: logger.domainname.com
   http:
     paths:
     - path: "/"
       pathType: Prefix
       backend:
         service:
           name: load-balancer-api-logger
           port: 
             number: 443