Thanks for responding. I think what you are suggesting is what is documented in this Kong documentation (if I understand it correctly) –
My problem statement is a bit different, I do not want to expose port 80 on the NLB side. My TLS (cert) terminates on the AWS NLB. So basically my data flow is as shown below
Client browser (https) ==> NLB(p443, cert term here) ==> Kong proxy (port 8000 – clear text)
I believe this is what I have to do:
Make the Kong proxy Service be of type NodePort (and not LoadBalancer)
Create the NLB outside of the Kong helm chart and expose port 443 outwards (to the client) and assign ACM cert to it so the TLS terminates on NLB, On the back-end I then need to create a Target Group that routes TCP traffic to Kong “proxy” service Nodeport (say 32080, which maps to 8000), so the data flow is going to be as shown below
Client browser (https) ==> NLB(p443, cert term here) ==> Kong proxy nodeport (port 32080 – clear text) ==> Kong proxy container port 8000 (clear text)
Let me know your thoughts.
Also since I have your attention can you also comment on another topic for which I need inputs from the community –
Your response is much appreciated.