How to setup an external kubernetes service in AWS using https

Question

I would like to setup a public kubernetes service in AWS that listens on https.

I know that kubernetes services currently only support TCP and UDP, but is there a way to make this work with the current version of kubernetes and AWS ELBs?

I found this. http://blog.kubernetes.io/2015/07/strong-simple-ssl-for-kubernetes.html

Is that the best way at the moment?

Answer 1

Since 1.3, you can use annotations along with a type=LoadBalancer service:

https://github.com/kubernetes/kubernetes/issues/24978

service.beta.kubernetes.io/aws-load-balancer-ssl-cert=arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012
service.beta.kubernetes.io/aws-load-balancer-ssl-ports=* (or e.g. https)

The first annotation is the only one you need if all you want is to support HTTPS, on any number of ports. If you also want to support HTTP on one or more additional ports, you need to use the second annotation to specify explicitly which ports will use encryption (the others will use plain HTTP).

Answer 2

In my case I setup an elb in aws and setup the ssl cert on that, choosing https and http for the connection types in the elb and that worked great. I setup the elb wroth kubectl expose.

Answer 3

Https usually runs over TCP, so you can simply run your service with Type=Nodeport/LoadBalancer and manage the certs in the service. This example might help [1], nginx is listening on :443 through a NodePort for ingress traffic. See [2] for a better explanation of the example.

[1] https://github.com/kubernetes/kubernetes/blob/release-1.0/examples/https-nginx/nginx-app.yaml#L8

[2] http://kubernetes.io/v1.0/docs/user-guide/connecting-applications.html