Pointing domain to Amazon ALB - Kubernetes

2/25/2020

I have a cluster created using eksctl and also valid certificates created under ACM, I have used DNS method to verify the domain ownership and its succesfully completed.

below are the details i see when executing kubectl get ing

NAME                   HOSTS                 ADDRESS                                                                 PORTS   AGE
eks-learning-ingress   my-host.com   b29c58-production-91306872.us-east-1.elb.amazonaws.com   80      18h

when i access the application using https://b29c58-production-91306872.us-east-1.elb.amazonaws.com, i see it load the application with a security warning because that not the domain name with which the certifcates are created. When i try to execute https://my-host.com i am getting a timeout.

I have 2 questions

1) I am using CNAMES to point my domain to AWS ELB, the values i added for CNAME are name: my-host.com, points to: b29c58-production-91306872.us-east-1.elb.amazonaws.com. Is this correct?

2) below is my ingress resource defination, may be i am missing something as requests are not coming in to the application

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: eks-learning-ingress
  namespace: production
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/certificate-arn: arn:dseast-1:255982529496:sda7-a148-2d878ef678df
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}, {"HTTP": 8080}, {"HTTPS": 8443}]'
  labels:
    app: eks-learning-ingress
spec:
  rules:
  - host: my-host.com
    http:
      paths:
        - path: /*
          backend:
            serviceName: eks-learning-service
            servicePort: 80

Any help would be really great. Thanks.

-- opensource-developer
amazon-web-services
kubernetes
kubernetes-ingress

2 Answers

2/25/2020

I think you have a port mismatch. https:// will use port 443, not port 80, but your ingress appears to be accepting requests on port 80 rather than 443.

If 443 was configured I'd expect to see it listed under ports as 80, 443

Can you verify with telnet or nc or curl -vvvv that your ingress is actually accepting requests on port 443? If it is, check the response body reported by curl - it should give you some indication as to why the request is not propagating downwards to your service.

We use nginx-ingress so unfortunately I can't look at local ingress config and compare it to yours.

-- mcfinnigan
Source: StackOverflow

2/25/2020

My go-to solution is using an A-record in Route 53. Instead of adding an IP, you select the "alias" option and select your load balancer. Amazon will handle the rest.

-- Exelian
Source: StackOverflow