Currently there is no off-the-shelf way to terminate a K8S SSL connection using an ELB (though there are rumors this will be added in Kubernetes 1.2). When a service has type: LoadBalancer, the generated ELB will only use standard TCP connection.

The way to terminate SSL connections using an ELB is to change the type to NodePort. A NodePort service exposes the same port on every host that routes to that service. This by itself doesn't do much, but if we manually generate our own ELB afterwards (and give it the proper security group) we can setup that ELB to do SSL termination ourselves. Then pass along the connection to the exposed port.

Note: Make sure you add your new ELB's security group to the list of security groups that are allowed to talk with your EC2 worker nodes.

Eric Koslow, cofounder of Lattice, has been writing a series of blog posts (check them out!) on setting up Kubernetes on AWS. At Lattice, Eric creates software to help companies set and manage their goals. -Mackenzie