You can configure the nginx ingress controller in various ways. To use the Openstack load balancer Octavia with ssl offloading you will need to configure the ingress controller with the proxy protocol. The alternative would be to use the Openstack service barbican to store your ssl certificate. Which is currently not directly supported by Kubernetes.
rbac:
create: true
controller:
publishService:
enabled: true
replicaCount: 3
minAvailable: 1
autoscaling:
enabled: true
minReplicas: 3
maxReplicas: 6
targetCPUUtilizationPercentage: 50
targetMemoryUtilizationPercentage: 50
# Octavia config
config:
use-forwarded-headers: "true"
compute-full-forwarded-for: "true"
use-proxy-protocol: "true"
service:
annotations:
loadbalancer.openstack.org/proxy-protocol: "true"
This will deploy three replicas of the nginx ingress controller with autoscaling enabled. You will recieve an external IP address via the openstack load balancer Octavia. This uses the service type load balancer in Kubernetes. The service will include additional annotations for the proxy protocol. Which will ensure that the original client IP address is inserted into the HTTP header. So that the backend service is able to get the real source IP of the request. Please check the version of the nginx ingress contoller that you are deploying. The version in this example maybe outdated.
# Create a namespace to deploy the nginx ingress controller into
kubectl create namespace ingress-nginx
# Add the ingress contrller helm repository if it is not added.
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
# Deploy the nginx ingress controller
helm upgrade --install -f values.yaml --namespace ingress-nginx ingress-nginx ingress-nginx/ingress-nginx
The example below configures the nginx ingress controller after the first update for example. You will need to add the external IP address you recieved after the installation to the service. You will also need to add an additional annotation to the service to keep the external IP address (floating IP).
service:
enabled: true
loadBalancerIP: "198.51.100.10"
annotations:
loadbalancer.openstack.org/keep-floatingip: true
type: LoadBalancer
The openstack external cloud provider has a list of all supported service annotations you may use. You can find the documentation here:
Exposing applications using services of LoadBalancer type
For more information about how to configure a loadbalancer service you can read this tutorial: