CAPI Ingress and TLS
- david.fairbrother@stfc.ac.uk
- Jacob Ward
Prior Knowledge
This document assumes existing knowledge of what ingress is, its purpose and why it’s used. In a nutshell, it allows multiple services to be assigned to a single floating IP, rather than a dedicated IP per service.
More information can be found at: https://devopscube.com/kubernetes-ingress-tutorial/
Nginx Ingress
The Kubernetes chart has the option for deploying a pre-configured Nginx ingress controller, which is controlled by the user-values.yaml file
Prerequisites
Experience deploying a Kubernetes cluster (see: Kubernetes)
An additional Floating IP Address for ingress
Note: This IP must be separate from the Floating IP you supplied in the user-values.yaml file for the apiServer Floating IP
(Optional) DNS record(s) pointing to the FIP for your service(s)
Alternatively, a local DNS record can be configured for testing instead as explain later
Enabling Ingress
In the OpenStack UI, allocate or note down the IP address for your ingress. This should be in the same project as your cluster.
Navigate to the directory with your cluster’s cloud CAPI values
Edit user-values.yaml enabling ingress and setting the floating IP, e.g. for the IP 130.1.2.3
addons:
ingress:
enabled: true
nginx:
release:
values:
controller:
service:
loadBalancerIP: "130.1.2.3"Apply your changes, remembering to add your cluster name
helm upgrade CLUSTER_NAME capi/openstack-cluster --install -f values.yaml -f clouds.yaml -f user-values.yaml -f flavors.yaml -n clusters
(Optional) Ports 80 + 443 open for Let's Encrypt TLS certificates