How Do I configure Okteto with AWS Certificate Manager?

Starting in Okteto 1.5.0, Okteto now fully supports using AWS Certificate Manager and an AWS Network Load Balancer (NLB)

  1. Create a certificate using AWS Certificate Manager using the domain *.example.com, replacing example.com with the subdomain you are using in your Helm configuration file.
  2. Restore the default certificate configuration by removing the section wildcardCertificate from your Okteto helm values file (in case you had this before)
  3. Configure the Okteto Nginx Controller to create a load balancer that uses your certificate. To do that, add the following configuration to your Okteto helm values file.
ingress-nginx:
  controller:
    service:
      annotations:
        service.beta.kubernetes.io/aws-load-balancer-type: nlb
        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: <<your-certificate-arn>>
        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
        service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing" 
        service.beta.kubernetes.io/aws-load-balancer-alpn-policy: HTTP2Preferred
  1. (Required if you are NOT using AWS load balancer controller) Setup ALPN policy to HTTP2Preferred in the AWS NLB TLS listener at port 443. Use the official AWS Docs for instructions on how to do this using the console or through the AWS CLI.
1 Like