Thank you for this documentation, it has been really helpful
Two questions:
On the section:
Expose your Kubernetes service using the ingress object
Is the annotation for tls-redirect
the correct one or was it meant to be ssl-redirect
?, see:
metadata: name: "web-nginx-ingress" annotations: ... # Set HTTP to HTTPS redirects. Every HTTP listener configured will be redirected to below mentioned port over HTTPS. alb.ingress.kubernetes.io/tls-redirect: '443'
I was digging to learn more about it, and I don't seem to find more about tls-redirect
annotation anywhere, not even in the AWS ALB repo, only the ssl-redirect
annotation appears:
- kubernetes-sigs/aws-load-balancer-controller - documentation for ingress annotations
- kubernetes-sigs/aws-load-balancer-controller - annotation constants
I've been looking into this since I'm trying to fix an issue with "Can't verify CSRF token authenticity."
on my setup after enabling TLS termination for my back-end through exposing it with an ingress object.
If those are not the proper repos, or if you know how to solve the "Can't verify CSRF token authenticity."
issue, any pointers will be highly appreciated.
Regards
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Suggest to update the annotations with latest lb controller v2.6 https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.6/ sample annotations like:
service.beta.kubernetes.io/aws-load-balancer-type: external
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:{region}:{user id}:certificate/{id}"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Please update as the information on this page is out of date. Or at least attach relevant documentations where people can find the latest information
apiVersion: v1
kind: Service
metadata:
name: lb-service
annotations:
# Note that the backend talks over HTTP.
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
# TODO: Fill in with the ARN of your certificate.
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-1:905418170587:certificate/547f2290-974e-4c65-8859-4a5ef638ad80
# Only run TLS on the port named "https" below.
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
# By default In-tree controller will create a Classic LoadBalancer if you require a NLB uncomment below annotation.
# service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
spec:
selector:
app: web
ports:
- name: http
port: 80
targetPort: 80
- name: https
port: 443
targetPort: 80
type: LoadBalancer
~
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Relevant content
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 years ago