You can route the traffic for the domain to pods of a service and add TLS termination on the AWS Load Balancer.
-
You have an access to the OpenShift CLI (
oc).
-
Install the Operator and create an instance of the
aws-load-balancer-controllerresource:apiVersion: networking.k8s.io/v1 kind: AWSLoadBalancerController group: networking.olm.openshift.io/v1alpha1 (1) metadata: name: cluster (2) spec: subnetTagging: auto ingressClass: tls-termination (3)
-
Defines the API group of the
aws-load-balancer-controllerresource. -
Defines the
aws-load-balancer-controllerinstance. -
Defines the name of an
ingressClassresource reconciled by the AWS Load Balancer Controller. ThisingressClassresource gets created if it is not present. You can add additionalingressClassvalues. The controller reconciles theingressClassvalues if thespec.controlleris set toingress.k8s.aws/alb.
-
-
Create an
Ingressresource:apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: <example> (1) annotations: alb.ingress.kubernetes.io/scheme: internet-facing (2) alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-2:xxxxx (3) spec: ingressClassName: tls-termination (4) rules: - host: <example.com> (5) http: paths: - path: / pathType: Exact backend: service: name: <example-service> (6) port: number: 80
-
Specifies the name of an ingress.
-
The controller provisions the load balancer for this
Ingressresource in a public subnet so that the load balancer is reachable over the internet. -
The Amazon Resource Name of the certificate that you attach to the load balancer.
-
Defines the ingress class name.
-
Defines the domain for traffic routing.
-
Defines the service for traffic routing.
-