- 최신
- 최다 투표
- 가장 많은 댓글
To enable HTTPS on the ALB, you need to create an SSL/TLS certificate and associate it with the ALB listener. You can create an SSL/TLS certificate using Amazon Certificate Manager (ACM). https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html
You can create the certificate using Terraform with aws_acm_certificate resource and associate it with the ALB listener using aws_lb_listener_certificate. Reference links with example below. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener_certificate
With the certificate in place, your ALB ingress controller can route HTTPS traffic to your EKS/Fargate pods. Note that you will need to configure your pods to listen on the appropriate port and respond to HTTPS requests.
관련 콘텐츠
AWS 공식업데이트됨 일 년 전
I have also done the same setup where I am using one certificate from ACM and adding all the necessary annotations in ingress and service for our deployment. Here are the snippets, ingress: annotations = { "alb.ingress.kubernetes.io/certificate-arn" = "arn:aws:acm:us-east-1:036937938941:certificate/499b9cca-8c07-4a73-9ee9-e5263d3ec7ec" # TODO: Fill in the listening ports. # Set HTTP to HTTPS redirects. Every HTTP listener configured will be redirected to below mentioned port over HTTPS. "alb.ingress.kubernetes.io/listen-ports" = "[{"HTTPS":443}]" "alb.ingress.kubernetes.io/actions.ssl-redirect" = "{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}" "alb.ingress.kubernetes.io/ssl-policy" = "ELBSecurityPolicy-TLS-1-2-Ext-2018-06" "alb.ingress.kubernetes.io/group.name" = local.name "alb.ingress.kubernetes.io/group.priority" = "99" "alb.ingress.kubernetes.io/scheme" = "internal" "alb.ingress.kubernetes.io/target-type" = "ip" "alb.ingress.kubernetes.io/healthcheck-port" = "3000" "alb.ingress.kubernetes.io/healthcheck-path" = "/api/health" "alb.ingress.kubernetes.io/subnets" = data.aws_ssm_parameter.subnet_compute_ids.value }
I don't have listener for http but still requests are showing as "not secure". Hope we can spend some time to resolve this part.