CAPI Ingress and TLS

Prior Knowledge

This document assumes existing knowledge of what ingress is, its purpose and why it’s used. In a nutshell, it allows multiple services to be assigned to a single floating IP, rather than a dedicated IP per service.

More information can be found at: https://devopscube.com/kubernetes-ingress-tutorial/

Nginx Ingress

The Kubernetes chart has the option for deploying a pre-configured Nginx ingress controller, which is controlled by the user-values.yaml file

Prerequisites

Enabling Ingress

  • In the OpenStack UI, allocate or note down the IP address for your ingress. This should be in the same project as your cluster.

  • Navigate to the directory with your cluster’s cloud CAPI values

  • Edit user-values.yaml enabling ingress and setting the floating IP, e.g. for the IP 130.1.2.3

addons: ingress: enabled: true nginx: release: values: controller: service: loadBalancerIP: "130.1.2.3"
  • Apply your changes, remembering to add your cluster name

helm upgrade CLUSTER_NAME capi/openstack-cluster --install -f values.yaml -f clouds.yaml -f user-values.yaml -f flavors.yaml -n clusters

 

(Optional) Ports 80 + 443 open for Let's Encrypt TLS certificates