How to set up kubernetes NGINX ingress in AWS and SSL termination

5
votes

I set up a kubernetes cluster in AWS using KOPS; now I want to set up an NGINX ingress controller and terminate TLS with AWS managed certificate. The topology in my understanding is AWS ELB is facing the internet and terminates TLS, forwards unencrypted to ingress service which then does dispatches.

I've deployed ingress controller from https://github.com/kubernetes/ingress/tree/master/examples/aws/nginx

Except I used annotations as described on top of https://github.com/kubernetes/ingress/issues/71 to add the certificate.

I add the route to Route53 and open my browser to https address and get a 400 response from NGINX with message "The plain HTTP request was sent to HTTPS port"

What am I doing wrong?

This is my ingress resource:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
  name: dispatcher
  namespace: test
spec:
  rules:
  - host: REDACTED
    http:
      paths:
      - backend:
          serviceName: REDACTED
          servicePort: 80
        path: /api/v0
2
amazon-web-servicessslnginxkuberneteselastic-load-balancer

2 Answers

3
votes

I managed to get this done largely using the ingress here: https://github.com/kubernetes/kops/tree/master/addons/ingress-nginx except for the ingress service I added service.beta.kubernetes.io/aws-load-balancer-ssl-cert annotation pointing to my certificate ARN and set targetPort of both the ports to 80

1
votes

https://github.com/kubernetes/ingress/tree/master/controllers/nginx#https

TL;DR

1) create a secret with your ssl public/private in your namespace

2) add the tls block to your ingress (referencing the secret)