github.com/codefresh-io/kcfi@v0.0.0-20230301195427-c1578715cc46/docs/tls/tls-termination-on-aws.md

github.com/codefresh-io/kcfi@v0.0.0-20230301195427-c1578715cc46/docs/tls/tls-termination-on-aws.md (about)

     1  # TLS termination on AWS
     2  
     3  To use either a certificate from a third party issuer that was uploaded to IAM or a certificate [requested](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html) within AWS Certificate Manager:
     4  - copy a certificate ARN;
     5  - set the `tls.selfSigned: true` in the Codefresh's init config - __config.yaml__;
     6  - deploy a new installation;
     7  - update ingress service
     8  
     9  ```sh
    10  kubectl edit service cf-ingress-controller
    11  ```
    12  
    13  and add the following annotations:
    14  
    15  ```yaml
    16  metadata:
    17    annotations:
    18      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
    19      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: < CERTIFICATE ARN >
    20      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
    21  spec:
    22    ports:
    23    - name: http
    24      nodePort: 30908
    25      port: 80
    26      protocol: TCP
    27      targetPort: 80
    28    - name: https
    29      nodePort: 31088
    30      port: 443
    31      protocol: TCP
    32      targetPort: 80
    33  ```
    34  
    35  Both HTTP and HTTPS target port should be set to **80**.
    36  
    37  > ToDo
    38  Add automation for this to be able to point a certificate ARN in init config.