5 min • read

Amazon Elastic Kubernetes Service HTTP/3 configuration

This guide shows how to setup HTTP/3 support for Amazon Elastic Kubernetes Service (EKS) The instructions provided in this page are a continuation of the HTTP/3 in Emissary-ingress documentation.

Create a network load balancer (NLB)

The virtual private cloud (VPC) for your load balancer needs one public subnet in each availability zone where you have targets.

Create a NodePort service

Now create a NodePort service for Emissary-ingress installation with two entries. Use port: 443 to include support for both TCP and UDP traffic.

Create target groups

Run the following command with the variables for your VPC ID and cluster name:

Register your instances

Next, register your cluster's instance with the the instance IDs and Amazon Resource Names (ARN).

To get your cluster's instance IDs, enter the following command:

To get your ARNs, enter the following command:

Register the instances with the target groups and load balancer using the instance IDs and ARNs you retrieved.

Create listeners in AWS.

Register your cluster's instance with the instance IDs and ARNs.

To get the load balancer's ARN, enter the following command:

Create a TCP listener on port 80 that that forwards to the TargetGroup {TCP_TG_ARN}.

Create a TCP_UDP listener on port 443 that forwards to the TargetGroup {TCP_UDP_TG_ARN}.

Update the security groups

Now you need to update your security groups to receive traffic. This security group covers all node groups attached to the EKS cluster:

Now authorize the cluster security group to allow internet traffic:

Get the DNS name for the load balancers

Enter the following command to get the DNS name for your load balancers and create a CNAME record at your domain provider:

Create Listener resources

Now you need to create the Listener resources for Emissary-ingress. The first Listener in the example below handles traffic for HTTP/1.1 and HTTP/2, while the second Listener handles all HTTP/3 traffic.

Create a Host resource

Create a Host resource for your domain name.

Apply the quote service and a Mapping to test the HTTP/3 configuration.

Finally, apply the quote service to a Emissary-ingress Mapping.

Now verify the connection:

Your domain now shows that it is being served with HTTP/3.