Bitnami provides a nice Helm chart for EJBCA, a FOSS public key infrastructure certificate authority application with a REST API. However, the Service and Ingress setup doesn't work very well if you're deploying to Amazon EKS.

Our EKS clusters use the AWS Load Balancer Controller to automatically create ALBs from Kubernetes Ingresses which are properly annotated. This allows us to attach certificates stored in AWS Certificate Manager, set TLS policies, and establish health checks right in our manifests. Fantastic stuff.

While trying to get EJBCA to play nicely on one of the above-described clusters, I ended up needing to made the following changes to the values.yaml file I was using in order to get things running properly.

  type: NodePort
  # The default here is LoadBalancer, which won't work with our setup.

  enabled: true
  pathType: Prefix
  hostname: <YOUR_HOSTNAME_HERE>
  ingressClassName: "alb"
  annotations: alb internal ip HTTPS 200-399 /ejbca/doc  # Same as livenessProbe ELBSecurityPolicy-TLS13-1-2-2021-06 <YOUR_ACM_CERT_ARN_HERE>

Hopefully, you find this helpful if you're trying to put EJBCA on EKS.