C.2.1 Installing the Ingress Controller

You must install the ingress controller to use SSL and your own certificates, before installing OAA, OARM, and OUA. Perform the following steps to install NGINX ingress controller on one of the nodes in the cluster.

  1. Generate SSL Certificate
    1. Generate a private key (tls.key) and certificate signing request (CSR) using a tool of your choice. Send the CSR to your certificate authority (CA) to generate the certificate (tls.crt). Instructions on how to do this can be found under Using a third party CA for generating certificates in Generating Server Certificates and Trusted Certificates.
      Alternatively, to use a certificate for testing purposes you can generate a self-signed certificate using openssl:
      mkdir /OAA/ingress_ssl
      cd /OAA/ingress_ssl
      openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=node.example.com"

      Note:

      If you created your own CA in Generating Server Certificates and Trusted Certificates, you can also generate a certificate using that CA.

      Note:

      The CN must match the host.domain of the kubernetes node you are installing on to prevent hostname problems during certificate verification.
    2. Create a secret for SSL by running the following command:
      kubectl create secret tls oaa-tls-cert --key /OAA/ingress_ssl/tls.key --cert /OAA/ingress_ssl/tls.crt
  2. Install NGINX ingress
    1. Add the helm chart repository for NGINX using the following command
      helm repo add stable https://kubernetes.github.io/ingress-nginx
    2. Update the repository using the following command
      helm repo update
    3. Create a namespace, for example nginxssl:
      kubectl create namespace nginxssl
    4. Install NGINX using the helm install nginx-ingress command. For example:
      helm install nginx-ingress -n nginxssl --set controller.extraArgs.default-ssl-certificate=oaa-tls-cert  --set
      controller.service.nodePorts.http=30777 --set controller.service.nodePorts.https=30443 --set
      controller.config.use-forwarded-headers=true --set
      controller.config.enable-underscores-in-headers=true --set
      controller.admissionWebhooks.enabled=false stable/ingress-nginx

      Note:

      This will install the controller on https port 30443