转载自https://kubernetes.github.io/ingress-nginx/deploy/#aws
In AWS we use a Network load balancer (NLB) to expose the NGINX Ingress controller behind a Service of Type=LoadBalancer.
NETWORK LOAD BALANCER (NLB)
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.43.0/deploy/static/provider/aws/deploy.yaml
TLS TERMINATION IN AWS LOAD BALANCER (ELB)¶
In some scenarios is required to terminate TLS in the Load Balancer and not in the ingress controller.
For this purpose we provide a template:
- Download deploy-tls-termination.yaml
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.43.0/deploy/static/provider/aws/deploy-tls-termination.yaml - Edit the file and change:
- VPC CIDR in use for the Kubernetes cluster:
proxy-real-ip-cidr: XXX.XXX.XXX/XX - AWS Certificate Manager (ACM) ID
arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX - Deploy the manifest:
kubectl apply -f deploy-tls-termination.yaml
NLB IDLE TIMEOUTS¶
Idle timeout value for TCP flows is 350 seconds and cannot be modified.
For this reason, you need to ensure the keepalive_timeout value is configured less than 350 seconds to work as expected.
By default NGINX keepalive_timeout is set to 75s.
More information with regards to timeouts can be found in the official AWS documentation