1. Answers
  2. Enabling SSL/TLS termination on AWS Load Balancers for Pods

How do I enable SSL/TLS termination on AWS Load Balancers for Pods?

In this guide, we will walk through the steps to enable SSL/TLS termination on AWS Load Balancers for Kubernetes Pods using Pulumi. This setup ensures secure HTTPS traffic for applications running on Kubernetes.

Steps:

  1. Create an AWS Elastic Load Balancer (ELB): We will define an ELB with necessary listeners to handle HTTPS traffic.
  2. Attach the SSL/TLS Certificate: We will attach an SSL/TLS certificate to the ELB for HTTPS termination.
  3. Deploy a Kubernetes Pod: We will deploy a Kubernetes Pod that will be behind the ELB.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as k8s from "@pulumi/kubernetes";

// Create an SSL certificate using AWS Certificate Manager (ACM)
const sslCertificate = new aws.acm.Certificate("sslCertificate", {
    domainName: "example.com",
    validationMethod: "DNS",
});

// Create an AWS Elastic Load Balancer (ELB)
const elb = new aws.elb.LoadBalancer("my-elb", {
    listeners: [
        {
            lbPort: 443,
            lbProtocol: "HTTPS",
            instancePort: 80,
            instanceProtocol: "HTTP",
            sslCertificateId: sslCertificate.arn,
        },
    ],
    subnets: ["subnet-12345678", "subnet-87654321"],
    securityGroups: ["sg-12345678"],
    healthCheck: {
        target: "HTTP:80/",
        interval: 30,
        timeout: 5,
        healthyThreshold: 2,
        unhealthyThreshold: 2,
    },
    tags: {
        Name: "my-elb",
    },
});

// Create a Kubernetes Pod
const pod = new k8s.core.v1.Pod("my-pod", {
    metadata: {
        name: "my-pod",
        labels: { app: "my-app" },
    },
    spec: {
        containers: [
            {
                name: "nginx",
                image: "nginx",
                ports: [{ containerPort: 80 }],
            },
        ],
    },
});

// Export the DNS name of the ELB
export const elbDnsName = elb.dnsName;

Key Points:

  • SSL/TLS Certificate: We use AWS Certificate Manager (ACM) to create an SSL certificate.
  • Elastic Load Balancer (ELB): An ELB is created with a listener configured for HTTPS traffic, using the SSL certificate.
  • Kubernetes Pod: A simple Nginx Pod is deployed behind the ELB to handle HTTP traffic.

Summary:

We have successfully set up SSL/TLS termination on an AWS Load Balancer for a Kubernetes Pod. The ELB listens for HTTPS traffic, terminates the SSL/TLS connection, and forwards the traffic to the Kubernetes Pod over HTTP. This setup ensures secure communication for your applications running on Kubernetes.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up