Need to create AWS load balancer with SSL(443) and TCP(80) but creates SSL(443) and SSL(80)
A clear and concise description of what the bug is.
YAML file used to reproduce
apiVersion: v1
kind: Service
metadata:
labels:
service: ambassador
name: ambassador
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:ap-southeast-1:123123123:certificate/443abcde-cfgh-klmn-6789-b9876ab01c67"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "*"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
getambassador.io/config: |
---
apiVersion: ambassador/v0
kind: Module
name: tls
config:
server:
enabled: True
redirect_cleartext_from: 80
---
apiVersion: ambassador/v0
kind: Mapping
name: frontend-web_mapping
prefix: /
service: frontend-web:3000
spec:
type: LoadBalancer
ports:
- name: ambassador-http
port: 80
targetPort: 80
- name: ambassador-https
port: 443
targetPort: 443
selector:
service: ambassador
Expected behavior
Need to either have a way to specify protocols for AWS Load Balancer listeners protocols or should specify protocols correctly
How do I make sure that the global redirection works from 80 to 443 and also listeners are created on load balancers with correct protocols and ports?
@krish512 Did you try service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"?
My guess is if you try the above, it will work for you.
Haven't seen it, an explanation of all the annotations are listed here.
@dpankros I can confirm that service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443" solves the problem exposed by @krish512
Thanks!
Thanks this worked, but how do I create an AWS Application load balancer with this which supports HTTP2 rather than just a Classic load balancer supporting HTTP and HTTPS
@krish512 To my knowledge, you can only create ELBs (classic) or NLBs through kubernetes annotations. Specifically, the value of service.beta.kubernetes.io/aws-load-balancer-type controls the type of load balancer.
1) If you don't specify a value, an ELB (classic LB) is created.
2) If you specify a value of nlb an NLB is created.
3) any other value will not be accepted.
Thus, for now, albs are not supported. Maybe sometime in the future.
Of course, you could create one manually, but if ports or hosts ever change, you'd be left to manually update them which, IMHO, is just asking for trouble.
Using the same issue for a more queries on similar lines,
I was able to create HTTP and HTTPS listeners, now I need a third listener which is TCP on port 3306 for Database. How do I achieve this?
Did you try adding another port to your service? I believe the ELB listeners get generated from that. If you need it to be an ssl/tls listener ssl, you'll also need to add that to the annotation (e.g. "443,3306").
This isn't really an Ambassador question, however. I recommend you consult the Kuberenetes Documenation on this topic for more information.
Well, that's when I'm creating a different load balancer, I want to use existing ambassador load balancer for this
Closing this issue