mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
73 lines
2.4 KiB
Plaintext
73 lines
2.4 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * networking/networking_operators/aws_load_balancer_operator/configuring-aws-load-balancer-operator.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="nw-adding-tls-termination_{context}"]
|
|
= Adding TLS termination on the AWS Load Balancer
|
|
|
|
[role="_abstract"]
|
|
To secure traffic for your domain, configure TLS termination on the AWS Load Balancer. This setup routes traffic to the pods of a service while ensuring that encrypted connections are decrypted at the load balancer level.
|
|
|
|
.Prerequisites
|
|
|
|
* You have access to the {oc-first}.
|
|
|
|
.Procedure
|
|
|
|
. Create a YAML file that defines the `AWSLoadBalancerController` resource:
|
|
+
|
|
.Example `add-tls-termination-albc.yaml` file
|
|
[source,yaml]
|
|
----
|
|
apiVersion: networking.olm.openshift.io/v1
|
|
kind: AWSLoadBalancerController
|
|
metadata:
|
|
name: cluster
|
|
spec:
|
|
subnetTagging: Auto
|
|
ingressClass: tls-termination
|
|
# ...
|
|
----
|
|
+
|
|
where:
|
|
+
|
|
`spec.ingressClass`:: Specifies the ingress class name. If the ingress class is not present in your cluster the AWS Load Balancer Controller creates one. The AWS Load Balancer Controller reconciles the additional ingress class values if `spec.controller` is set to `ingress.k8s.aws/alb`.
|
|
|
|
. Create a YAML file that defines the `Ingress` resource:
|
|
+
|
|
.Example `add-tls-termination-ingress.yaml` file
|
|
[source,yaml]
|
|
----
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: <example>
|
|
annotations:
|
|
alb.ingress.kubernetes.io/scheme: internet-facing
|
|
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-2:xxxxx
|
|
spec:
|
|
ingressClassName: tls-termination
|
|
rules:
|
|
- host: example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Exact
|
|
backend:
|
|
service:
|
|
name: <example_service>
|
|
port:
|
|
number: 80
|
|
# ...
|
|
----
|
|
+
|
|
where:
|
|
+
|
|
`metadata.name`:: Specifies the ingress name.
|
|
`annotations.alb.ingress.kubernetes.io/scheme`:: Specifies the controller that provisions the load balancer for ingress. The provisioning happens in a public subnet to access the load balancer over the internet.
|
|
`annotations.alb.ingress.kubernetes.io/certificate-arn`:: Specifies the Amazon Resource Name (ARN) of the certificate that you attach to the load balancer.
|
|
`spec.ingressClassName`:: Specifies the ingress class name.
|
|
`rules.host`:: Specifies the domain for traffic routing.
|
|
`backend.service`:: Specifies the service for traffic routing.
|