Starting in Okteto 1.5.0, Okteto now fully supports using AWS Certificate Manager and an AWS Network Load Balancer (NLB)
- Create a certificate using AWS Certificate Manager using the domain
*.example.com
, replacingexample.com
with thesubdomain
you are using in your Helm configuration file. - Restore the default certificate configuration by removing the section
wildcardCertificate
from your Okteto helm values file (in case you had this before) - Configure the Okteto Nginx Controller to create a load balancer that uses your certificate. To do that, add the following configuration to your Okteto helm values file.
ingress-nginx:
controller:
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: <<your-certificate-arn>>
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
service.beta.kubernetes.io/aws-load-balancer-alpn-policy: HTTP2Preferred
- (Required if you are NOT using AWS load balancer controller) Setup ALPN policy to
HTTP2Preferred
in the AWS NLB TLS listener at port 443. Use the official AWS Docs for instructions on how to do this using the console or through the AWS CLI.