We need a Kubernetes service that brings up an AWS Load Balancer that supports web-sockets, i.e. not the classic LB. Support for the AWS NLB is in Alpha state - but seems to work well.
The issue we have is with setting the Listener to be TLS and not TCP and attach the ACM SSL Certificate correctly - something that works well with the Classic LB
The annotations we have in the service.yml are:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: 'arn:aws:acm:{{ .Values.certificate.region }}:{{ .Values.certificate.aws_user_id }}:certificate/{{ .Values.certificate.id }}'
service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: "ELBSecurityPolicy-TLS-1-2-2017-01"
service.beta.kubernetes.io/aws-load-balancer-type: "nlbThe result is:
| Listener ID | Security Policy | SSL Certificate | Default Action |
| --- | --- | --- | --- |
| TCP: 443 | N/A | N/A | Forward to: k8s|Expected:
| Listener ID | Security Policy | SSL Certificate | Default Action |
| --- | --- | --- | --- |
| TLS: 443 | ELBSecurityPol..| f456ac87d0ed99..| Forward to: k8s|You can use ingress nginx controller on kubernetes and indirectly it is also make load balancer but handling certificate Renewal with Cert manager will be so easy
So ingress with Cert manager will be best idea for SSL and TLS certificate on kubernetes
https://kubernetes.io/docs/concepts/services-networking/ingress/
For More details of tutorial sharing this link check it out