openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
930290daee8e172fc48fd998feb92a57afa3c0fc
openshift-docs/modules/adding-tls-termination.adoc
Servesha Dudhgaonkar 7e07aa1544 CFE-371: Docs work for ALB Operator
2022-06-23 12:26:29 +00:00

65 lines
2.1 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * networking/aws_load_balancer_operator/add-tls-termination.adoc
:_content-type: PROCEDURE
[id="nw-adding-tls-termination_{context}"]
= Adding TLS termination on the AWS Load Balancer
You can route the traffic for the domain to pods of a service and add TLS termination on the AWS Load Balancer.
.Prerequisites
* You have an access to the OpenShift CLI (`oc`).
.Procedure
. Install the Operator and create an instance of the `aws-load-balancer-controller` resource:
+
[source,yaml]
----
apiVersion: networking.k8s.io/v1
kind: AWSLoadBalancerController
group: networking.olm.openshift.io/v1alpha1 <1>
metadata:
name: cluster <2>
spec:
subnetTagging: auto
ingressClass: tls-termination <3>
----
<1> Defines the API group of the `aws-load-balancer-controller` resource.
<2> Defines the `aws-load-balancer-controller` instance.
<3> Defines the name of an `ingressClass` resource reconciled by the AWS Load Balancer Controller. This `ingressClass` resource gets created if it is not present. You can add additional `ingressClass` values. The controller reconciles the `ingressClass` values if the `spec.controller` is set to `ingress.k8s.aws/alb`.
. Create an `Ingress` resource:
+
[source,yaml]
----
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: <example> <1>
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing <2>
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-2:xxxxx <3>
spec:
ingressClassName: tls-termination <4>
rules:
- host: <example.com> <5>
http:
paths:
- path: /
pathType: Exact
backend:
service:
name: <example-service> <6>
port:
number: 80
----
<1> Specifies the name of an ingress.
<2> The controller provisions the load balancer for this `Ingress` resource in a public subnet so that the load balancer is reachable over the internet.
<3> The Amazon Resource Name of the certificate that you attach to the load balancer.
<4> Defines the ingress class name.
<5> Defines the domain for traffic routing.
<6> Defines the service for traffic routing.
View Git Blame Copy Permalink