How can I deploy a .NET container with HTTPS (port 443) in AWS Kubernetes?

9/17/2020

I have tried google a lot and done many configuration but still don't work.

  • I have a Kubernetes cluster in Amazon EKS and try to deploy a .NET container which is a website, of course.
  • Create a classic load-balancer to expose it to the internet.

What I want is exposing both HTTP and HTTPS - 80, 443 to the internet

  • I see many tutorials to solve this by pointing both 80 and 443 to a single port 80 of the container
  • It means the container itself only runs on port 80 -> which I don't want

Base on my understanding, to expose and run the app in container with 443, I have to put a SSL certificate, then the pod that runs the container somehow need to trust the certificate automatically otherwise it cannot receive any requests come from the load balancer. Am I right?

apiVersion: apps/v1
kind: Deployment
metadata:
  name: dev-demo
spec:
  selector:
    matchLabels:
      app: dev-demo
      tier: backend
      track: stable
  replicas: 1
  template:
    metadata:
      labels:
        app: dev-demo
        tier: backend
        track: stable
    spec:
      containers:
      - name: dev-demo
        image: xxxxxxxxxxx
        ports:
        - containerPort: 80
        - containerPort: 443
        imagePullPolicy: Always
        resources:
          requests:
            cpu: 500m
            memory: 256Mi
          limits:
            cpu: 1000m
            memory: 512Mi
        env:
        - name: ASPNETCORE_URLS
          value: "https://*:443;http://*:80"
        - name: ASPNETCORE_HTTPS_PORT
          value: "443"
        - name: ASPNETCORE_Kestrel__Certificates__Default__Path
          value: "xxxxxx.pfx"
        - name: ASPNETCORE_Kestrel__Certificates__Default__Password
          value: "xxxxxx"

      nodeSelector:
        kubernetes.io/os: linux


apiVersion: v1
kind: Service
metadata:
  name: dev-demo
  labels:
    run: dev-demo
  annotations:
    # Note that the backend talks over HTTP.
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https
    # TODO: Fill in with the ARN of your certificate.
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: xxxxxxxxxx
    # Only run SSL on the port named "https" below.
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
spec:
  ports:
  - name: http
    port: 80
    targetPort: 80
  - name: https
    port: 443
    targetPort: 443
  selector:
    app: dev-demo
    tier: backend
    track: stable
  sessionAffinity: None
  type: LoadBalancer
-- Hieu Le
.net-core
amazon-eks
asp.net-core
kubernetes

0 Answers