Category: load balancer

Kubernetes service type loadbalancer with AWS

Kubernetes service type loadbalancer with AWS

When you deploy a service using Kubernetes, as type LoadBalancer, it automatically creates a load balancer for you in AWS.

However by default it enables load balancer with tcp ports only

But if you want to use ssl with your application, you need https instead.

To enable that, you need to make sure that the annotation ‘service.beta.kubernetes.io/aws-load-balancer-ssl-ports'┬áhas comma separated list of port # (spec.ports[index].port) or port name (spec.ports[].name) that you want to serve on https. So your spec file will look something like below:


---
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: k8s-awesome-service
  name: k8s-awesome-service
  namespace: default
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https
    service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:iam::USER_ID:server-certificate/CERTIFICATE_NAME"
spec:
  ports:
  - port: 443
    targetPort: 4000
    name: https
  selector:
    k8s-app: k8s-awesome-service
  type: LoadBalancer
    

Observe how the ‘name’ of the port is mentioned as value of annotation┬áservice.beta.kubernetes.io/aws-load-balancer-ssl-ports