Pivotal Cloud Foundry® (PCF) Amazon Web Services Only
The purpose of this KB is to set up an Application Load Balancer (ALB) in order to access Diego Cells via WebSocket on port
443 (wss://) or
80 (ws://). Using an ALB eliminates the need to expose port
4443 external to your PCF installation.
NOTE: Currently ALBs are not managed by Ops Manager and are outside the control of PCF; therefore setting up and maintaining the ALB, including updating the Diego cell targets when necessary (such as after an upgrade), is the customer's responsibility.
Follow these steps to resolve this issue:
- Switched Loggregator Port to 443 from 4443 in ERT Networking tab
- Removed ELB's from ERT Resource page - the load balancer names are in the column labeled "Load Balancers" on the right.
- Apply Changes. Instances now removed from the Load Balancer.
- In AWS EC2 Dashboard, Load Balancers, click Create Load Balancer.
- Select load balancer type, click Create under Application Load Balancer.
- Configure ALB
Do not use your ERT subnets as below. You'll get a warning and nothing will work correctly.
Networks were added based on my existing HTTP ELB.
Re-use existing SSL cert.
- Configure security settings
Re-use existing security group from ELB.
- Configure security groups
- Configure routing
Target instances (routers)
- For target group, select your Diego cells.
Update DNS - replace sk-v19-Pcf-Http-Elb-1233709967.us-west-2.elb.amazonaws.com with sk-alb- cutover-test-1773759508.us-west-2.elb.amazonaws.com
Targets are healthy.