How Do I configure Okteto with AWS Certificate Manager?

How do I configure the Okteto wildcard certificate with AWS Certificate Manager?

Starting in Okteto 1.5.0, Okteto now fully supports using AWS Certificate Manager and an AWS Network Load Balancer (NLB)

  1. Create a certificate using AWS Certificate Manager using the domain *, replacing with the subdomain you are using in your Helm configuration file.
  2. Restore the default certificate configuration by removing the section wildcardCertificate from your Okteto helm values file (in case you had this before)
  3. Configure the Okteto Nginx Controller to create a load balancer that uses your certificate. To do that, add the following configuration to your Okteto helm values file.
      annotations: nlb ssl <<your-certificate-arn>> "https" "internet-facing" HTTP2Preferred
  1. (Required if you are NOT using AWS load balancer controller) Setup ALPN policy to HTTP2Preferred in the AWS NLB TLS listener at port 443. Use the official AWS Docs for instructions on how to do this using the console or through the AWS CLI.
1 Like

If this doesn’t appear to work, how would I troubleshoot it?

Hi @fsargent !

Could you try to run curl https://domainOfNLB -v first?

If you get something like:

HTTP/1.1 502 Bad Gateway

Try to do this steps in AWS:

  • Go to EC2
  • Go to Load Balancers
  • find the same that you get from kubectl get svc -n okteto | grep ingress-nginx | awk '{print $4}'
  • Listener TLS
  • Edit Listener
  • ALPN Policy → HTTP2 Preferred

This will take a few minutes to be ready, once you run the curl command again and you see GET HTTP 2

Let me know if that was your case, if not we can continue troubleshooting!