Use any third party ingress with the Kubernetes Cloud Provider for VMware Cloud Director in order to create an L7 Ingress, and NSX Advanced Load Balancer acts as the L4 LoadBalancer.
In order to create a HTTPS Ingress using the NSX Advanced Load Balancer, it is necessary to use a certificate. The following steps present an overview of this process:
- As a user with Organization Administrator role, upload a certificate in Certificates library of the organization using the VMware Cloud Director user interface, and title the certificate. For example, my-service-cert.
- Add the following annotations to the ingress loadbalancer service.
Note: Depending on the installation method used, the location of the addition of these annotations can be different. The annotation mentions the comma-separated list of ports that need SSL and the (single) certificate to be used for it.
annotations: service.beta.kubernetes.io/vcloud-avi-ssl-ports: "443" service.beta.kubernetes.io/vcloud-avi-ssl-cert-alias: "my-service-cert"
- Install the service.
- Certificates can have user-defined names. Each service can use its own certificate, and there does not need to be one common certificate used across services.
- The appProtocol field is used to determine if a service is a HTTP/HTTPS/TCP service, and a cert is expected for an HTTPS service. If this behavior is not necessary, overrides are to be specified as required by the service installation method.