- Save the yaml below as
eks-lb-0-deployment.yaml. - Use kubectl to create the deployment:
kubectl create -f eks-lb-0-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx
name: nginx
spec:
selector:
matchLabels:
app: nginx
replicas: 1
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: nginx
imagePullPolicy: Always
name: nginx
ports:
- containerPort: 80
protocol: TCP
# We can generate a self signed cert if we don't have one already
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
# Convert key to pem (aws ingestable) format
openssl rsa -in key.pem -text > priv-key.pem
# Upload cert and key
aws iam upload-server-certificate --server-certificate-name examplecert --certificate-body file://</path/to/cert> --private-key file://</path/to/key/in/pem/format.pem>
Make note of the arn value in the json output to use in the next step.
- Save the yaml below as
eks-lb-1-service.yaml. - Use kubectl to create the deployment:
kubectl create -f eks-lb-1-service.yaml - Be sure to edit the metadata/annotations/service.beta.kubernetes.io/aws-load-balancer-ssl-cert value!
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx
name: nginx
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "<copy arn value here>"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
spec:
ports:
- name: https
port: 443
targetPort: 80
protocol: TCP
selector:
app: nginx
type: LoadBalancer
- Grab the EXTERNAL-IP from:
kubectl get service nginxand test it out. - Be sure to add
https://. - It could take a few minutes for the ELB to preform a few health checks and validate the service is up.
You can delete everything you just did by running:
kubectl delete -f eks-lb-1-service.yaml
aws iam delete-server-certificate --server-certificate-name examplecert
kubectl delete -f eks-lb-0-deployment.yaml