How Do I configure Okteto with AWS Certificate Manager?

How do I configure the Okteto wildcard certificate with AWS Certificate Manager?

Okteto requires your wildcard certificate to be available in the cluster for internal https communication. This is not possible with AWS Certificate Manager.

What we recommend is to configure the Okteto Nginx Controller with a Service of type ClusterIP and create your own service redirecting to the Okteto Nginx controller with the right AWS annotations.

To do that, add the following configuration to your Okteto helm values file:

ingress-nginx:
  controller:
    config:
      use-forwarded-headers: "true"
    service:
      type: ClusterIP
      externalTrafficPolicy: ""

If you are in Kubernetes < 1.24, specify the cluster runtime like this:

wildcardCertificate:
  runtime: docker

and create the additional Service based on the following YAML:

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: << CERTIFICATE_ARN >>
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '60'
    service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
    service.beta.kubernetes.io/aws-load-balancer-type: elb
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/name: ingress-nginx
  name: okteto-ext
  namespace: okteto
spec:
  allocateLoadBalancerNodePorts: true
  externalTrafficPolicy: Local
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: http
  - name: https
    port: 443
    protocol: TCP
    targetPort: http
  selector:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: okteto
    app.kubernetes.io/name: ingress-nginx
  sessionAffinity: None
  type: LoadBalancer