I'm trying to set up my EKS cluster in AWS with Nginx ingress controller.
Nginx ingress controller creates a service of type LoadBalancer which in turn creates a ELB instance that's mapped to the node ports of the service.
I'd like to have the SSL certificate managed by AWS, not the kubernetes cluster, so I imported it into the AWS Certificate Manager and added an annotation to the nginx service:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: <certificate_arn>
So far it's standard stuff. The load balancer is now doing the SSL termination and the subsequent communication between it and the cluster is unencrypted, which is what I wanted. The only problem is that instead of this:
[Client] -> HTTPS (443) -> [ELB (SSL termination)] -> HTTP (80) -> [Service]
I get this
[Client] -> HTTPS (443) -> [ELB (SSL termination)] -> HTTP (443) -> [Service]
As you can see, the ELB doesn't change the port from 443 to 80 and the communication gets rejected by the Nginx pod because it receives unencrypted traffic on port 443.
I tried a similar thing with SSL/TCP ELB but the same problem occurs.
I searched but couldn't find any way, how to tell the ELB to send the unecrypted traffic to port 80. ANy ideas?
Thanks!