5.2.1 Prerequisites for Installing OAA, OARM, and OUA using Ingress
If using your own Ingress controller, you must install it before installing OAA, OARM, and OUA. Perform the following steps to install NGINX ingress controller on one of the nodes in the cluster.
- Generate SSL Certificate
- Generate a private key (
tls.key
) and certificate signing request (CSR) using a tool of your choice. Send the CSR to your certificate authority (CA) to generate the certificate (tls.crt
). Instructions on how to do this can be found under Using a third party CA for generating certificates in Generating Server Certificates and Trusted Certificates.Alternatively, to use a certificate for testing purposes you can generate a self-signed certificate using openssl:mkdir /OAA/ingress_ssl
cd /OAA/ingress_ssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=node.example.com"
Note:
If you created your own CA in Generating Server Certificates and Trusted Certificates, you can also generate a certificate using that CA.Note:
The CN must match the host.domain of the kubernetes node you are installing on to prevent hostname problems during certificate verification. - Create a secret for SSL by running the following command:
kubectl create secret tls oaa-tls-cert --key /OAA/ingress_ssl/tls.key --cert /OAA/ingress_ssl/tls.crt
- Generate a private key (
- Install NGINX ingress
- Add the helm chart repository for NGINX using the following
command
helm repo add stable https://kubernetes.github.io/ingress-nginx
- Update the repository using the following
command
helm repo update
- Create a namespace, for example
nginxssl
:kubectl create namespace nginxssl
- Install NGINX using the
helm install nginx-ingress
command. For example:helm install nginx-ingress -n nginxssl --set controller.extraArgs.default-ssl-certificate=oaa-tls-cert --set controller.service.type=NodePort --set controller.admissionWebhooks.enabled=false stable/ingress-nginx
- Get the nodeport port number. For example:
kubectl get services -n nginxssl -o jsonpath="{.spec.ports[1].nodePort}" nginx-ingress-ingress-nginx-controller
The command will return the port number, for example
31281
. Therefore, the URL for the ingress controller ishttp://node.example.com:31281
The hostname and port returned is used for the
install.global.serviceurl
parameter in theinstallOAA.properties
in Updating the Install Properties File for Installing OAA/OARM/OUA Using Ingress
- Add the helm chart repository for NGINX using the following
command