I've got an EKS cluster up and running with ingress resources using the NGINX ingress controller. My NLB, provisioned by NGINX, is private and I'm using a private Route 53 zone. I'm trying to figure out how to configure HTTPS for my endpoints with the NGINX controller. I attempted to use Let's Encrypt certs with cert-manager, but it hasn't been working due to my private Route 53 zone. Currently, I can't use the ALB controller with the AWS cert manager, so I'm looking for a solution that works with the NGINX controller specifically.
1 Answer
To get a publicly trusted certificate, you need some visibility in public DNS. Consider creating and configuring a public hosted zone for your domain, which Let's Encrypt can leverage to complete its challenges. This is important especially if your NLB is involved in HTTPS termination.
But remember, I'm only using this for internal endpoints and don't want any public exposure.