/
CAPI Ingress and TLS

CAPI Ingress and TLS

Owned by david.fairbrother@stfc.ac.uk
Last updated: Dec 16, 2024 by Jacob Ward

Prior Knowledge

This document assumes existing knowledge of what ingress is, its purpose and why it’s used. In a nutshell, it allows multiple services to be assigned to a single floating IP, rather than a dedicated IP per service.

More information can be found at: https://devopscube.com/kubernetes-ingress-tutorial/

Nginx Ingress

The Kubernetes chart has the option for deploying a pre-configured Nginx ingress controller, which is controlled by the user-values.yaml file

Prerequisites

  • Experience deploying a Kubernetes cluster (see: Kubernetes)

  • An additional Floating IP Address for ingress

    • Note: This IP must be separate from the Floating IP you supplied in the user-values.yaml file for the apiServer Floating IP

  • (Optional) DNS record(s) pointing to the FIP for your service(s)

    • Alternatively, a local DNS record can be configured for testing instead as explain later

Enabling Ingress

  • In the OpenStack UI, allocate or note down the IP address for your ingress. This should be in the same project as your cluster.

  • Navigate to the directory with your cluster’s cloud CAPI values

  • Edit user-values.yaml enabling ingress and setting the floating IP, e.g. for the IP 130.1.2.3

addons: ingress: enabled: true nginx: release: values: controller: service: loadBalancerIP: "130.1.2.3"

  • Apply your changes, remembering to add your cluster name

helm upgrade CLUSTER_NAME capi/openstack-cluster --install -f values.yaml -f clouds.yaml -f user-values.yaml -f flavors.yaml -n clusters

 

(Optional) Ports 80 + 443 open for Let's Encrypt TLS certificates