Adding TLS termination

You can add TLS termination on the AWS Load Balancer.

Adding TLS termination on the AWS Load Balancer

You can route the traffic for the domain to pods of a service and add TLS termination on the AWS Load Balancer.

Prerequisites

• You have an access to the OpenShift CLI (oc).

Procedure

1. Install the Operator and create an instance of the aws-load-balancer-controller resource:

   apiVersion: networking.olm.openshift.io/v1
   kind: AWSLoadBalancerController
   metadata:
     name: cluster (1)
   spec:
     subnetTagging: auto
     ingressClass: tls-termination (2)

   1	Defines the aws-load-balancer-controller instance.
   2	Defines the name of an ingressClass resource reconciled by the AWS Load Balancer Controller. This ingressClass resource gets created if it is not present. You can add additional ingressClass values. The controller reconciles the ingressClass values if the spec.controller is set to ingress.k8s.aws/alb.

2. Create an Ingress resource:

   apiVersion: networking.k8s.io/v1
   kind: Ingress
   metadata:
     name: <example> (1)
     annotations:
       alb.ingress.kubernetes.io/scheme: internet-facing (2)
       alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-2:xxxxx (3)
   spec:
     ingressClassName: tls-termination (4)
     rules:
     - host: <example.com> (5)
       http:
           paths:
             - path: /
               pathType: Exact
               backend:
                 service:
                   name: <example-service> (6)
                   port:
                     number: 80

   1	Specifies the name of an ingress.
   2	The controller provisions the load balancer for this Ingress resource in a public subnet so that the load balancer is reachable over the internet.
   3	The Amazon Resource Name of the certificate that you attach to the load balancer.
   4	Defines the ingress class name.
   5	Defines the domain for traffic routing.
   6	Defines the service for traffic routing.