要终止Amazon Elastic Kubernetes Service上的HTTPS流量并将其传递到后端，请执行以下操作：

1. [Request a public ACM certificate](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html)  for your custom domain.

2. Identify the ARN of the certificate that you want to use with the load balancer's HTTPS listener.
3. 然后，编辑注解以提供步骤2中的ACM ARN。 Then, edit the annotations to provide the ACM ARN from step 2.

apiVersion: v1
kind: Service
metadata:
  name: echo-service
  annotations:
    # Note that the backend talks over HTTP.
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
    # TODO: Fill in with the ARN of your certificate.
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:{region}:{user id}:certificate/{id}
    # Only run SSL on the port named "https" below.
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"

spec:
  type: LoadBalancer
  selector:
    app: echo-pod
  ports:
  - name: http
    port: 80
    targetPort: 8080
  - name: https
    port: 443
    targetPort: 8080

字符串
4. To create aServiceobject, run the following command:

$ kubectl create -f service.yaml

型
5. To return the DNS URL of the service of typeLoadBalancer, run the following command:

$ kubectl get service

型

注意：如果集群中有很多活动服务运行，请确保从命令输出中获取正确类型为LoadBalancer的服务的URL。

6. Open the Amazon EC2 console , and then chooseLoad Balancers.
7. Select your load balancer, and then chooseListeners.
8. ForListener ID, confirm that your load balancer port is set to443.
9. ForSSL Certificate, confirm that the SSL certificate that you defined in the YAML file is attached to your load balancer.
10. Associate your custom domain name with your load balancer name.
11. Finally, In a web browser, test your custom domain with the following HTTPS protocol:

https://yourdomain.com

型

您应该使用入口（而不是服务）在集群外部公开http/s。我建议使用ALB Ingress Controller
有完整的演练here
你可以在这里看到如何设置TLS/SSL

虽然它是http，但默认情况下它不是安全的吗？因为它是在您自己的私有网络和私有安全子网中保护的。