diff --git a/examples/tls-termination/elb-nginx/README.md b/examples/tls-termination/elb-nginx/README.md new file mode 100644 index 000000000..9fc110b19 --- /dev/null +++ b/examples/tls-termination/elb-nginx/README.md @@ -0,0 +1,15 @@ + +### Elastic Load Balancer for TLS termination + +This example shows the required steps to use classic Elastic Load Balancer for TLS termination. + +Change line of the file `elb-tls-nginx-ingress-controller.yaml` replacing the dummy id with a valid one `"arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX"` + +Then execute: +``` +$ kubectl create -f elb-tls-nginx-ingress-controller.yaml +``` + +This example creates an ELB with just two listeners, one in port 80 and another in port 443 + +![Listeners](images/listener.png) diff --git a/examples/tls-termination/elb-nginx/images/listener.png b/examples/tls-termination/elb-nginx/images/listener.png new file mode 100644 index 000000000..006c69871 Binary files /dev/null and b/examples/tls-termination/elb-nginx/images/listener.png differ diff --git a/examples/tls-termination/elb-nginx/nginx-ingress-controller.yaml b/examples/tls-termination/elb-nginx/nginx-ingress-controller.yaml new file mode 100644 index 000000000..ea9e08edf --- /dev/null +++ b/examples/tls-termination/elb-nginx/nginx-ingress-controller.yaml @@ -0,0 +1,135 @@ +kind: Service +apiVersion: v1 +metadata: + name: nginx-default-backend + labels: + k8s-addon: ingress-nginx.addons.k8s.io +spec: + ports: + - port: 80 + targetPort: http + selector: + app: nginx-default-backend + +--- + +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: nginx-default-backend + labels: + k8s-addon: ingress-nginx.addons.k8s.io +spec: + replicas: 1 + template: + metadata: + labels: + k8s-addon: ingress-nginx.addons.k8s.io + app: nginx-default-backend + spec: + terminationGracePeriodSeconds: 60 + containers: + - name: default-http-backend + image: gcr.io/google_containers/defaultbackend:1.0 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 5 + resources: + limits: + cpu: 10m + memory: 20Mi + requests: + cpu: 10m + memory: 20Mi + ports: + - name: http + containerPort: 8080 + protocol: TCP + +--- + +kind: ConfigMap +apiVersion: v1 +metadata: + name: ingress-nginx + labels: + k8s-addon: ingress-nginx.addons.k8s.io + +--- + +kind: Service +apiVersion: v1 +metadata: + name: ingress-nginx + labels: + k8s-addon: ingress-nginx.addons.k8s.io + annotations: + # replace with the correct value of the generated certifcate in the AWS console + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX" + # the backend instances are HTTP + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http" + # Map port 443 + service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" + +spec: + type: LoadBalancer + selector: + app: ingress-nginx + ports: + - name: http + port: 80 + targetPort: http + - name: https + port: 443 + targetPort: http + +--- + +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: ingress-nginx + labels: + k8s-addon: ingress-nginx.addons.k8s.io +spec: + replicas: 1 + template: + metadata: + labels: + app: ingress-nginx + k8s-addon: ingress-nginx.addons.k8s.io + spec: + terminationGracePeriodSeconds: 60 + containers: + - image: quay.io/aledbf/nginx-ingress-controller:0.154 + name: ingress-nginx + imagePullPolicy: Always + ports: + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 5 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + args: + - /nginx-ingress-controller + - --default-backend-service=$(POD_NAMESPACE)/nginx-default-backend + - --configmap=$(POD_NAMESPACE)/ingress-nginx + - --publish-service=$(POD_NAMESPACE)/ingress-nginx