Introduction#
Github this note shows how to deploy a service (flask app) with https load balancer
- Account A: request an ACM certificate
- Account A: create flask-app.yaml
- Account B: create a route53 cname record
Flask App#
Let create an flask-app.yaml to deploy the web app
apiVersion: v1kind: Servicemetadata:name: book-app-serviceannotations:service.beta.kubernetes.io/aws-load-balancer-backend-protocol: httpservice.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:$REGION:$ACCOUNT_ID:certificate/abcservice.beta.kubernetes.io/aws-load-balancer-ssl-ports: httpsspec:ports:- port: 80targetPort: 8080name: http- port: 443targetPort: 8080name: httpsselector:app: book-apptype: LoadBalancer---apiVersion: apps/v1kind: Deploymentmetadata:name: book-app-deploymentspec:replicas: 2selector:matchLabels:app: book-apptemplate:metadata:labels:app: book-appspec:containers:- image: $ACCOUNT_ID.dkr.ecr.ap-southeast-1.amazonaws.com/book-app:latestname: book-appports:- containerPort: 8080resources:limits:cpu: 100mrequests:cpu: 100m---apiVersion: autoscaling/v2beta2kind: HorizontalPodAutoscalermetadata:name: book-app-hpaspec:maxReplicas: 1000metrics:- resource:name: cputarget:averageUtilization: 5type: Utilizationtype: ResourceminReplicas: 2scaleTargetRef:apiVersion: apps/v1kind: Deploymentname: book-app-deployment
HTTPS#
To support https load balancer we need to
- Account A: request an ACM certificate and confirm by email (admin of the registered domain)
- Account B: create a route53 cname record
TODO: image here