Installing and configuring the NGINX Ingress Controller
Before deploying BMC Helix Service Management, you need to install and configure an NGINX Ingress Controller. This component manages external access to services running in your Kubernetes cluster.
You can install NGINX Open Source Ingress Controller or F5 NGINX Plus Ingress Controller.
The certified versions of NGINX Ingress Controller and F5 NGINX Plus Ingress Controller with the Kubernetes and OpenShift orchestration platform are as follows:
Kubernetes | Ingress | NGINX Plus | Helm |
|---|---|---|---|
| 1.34 | 1.13.x and 1.14.0 | R35 | 3.19 |
| 1.33 | 1.12.4 | R34 | 3.18 |
1.32 | 1.12.1 | R34 | 3.17 |
1.31 | 1.11.5 | R30 | 3.16 |
1.30 | 1.11.5 | R30 | 3.15 |
The supported Ingress and Helm versions with the OpenShift orchestration platforms are as follows:
Openshift | Ingress | NGINX Plus | Helm |
|---|---|---|---|
| 4.19 | 1.12.4, 1.13.x, and 1.14.0 | R35 | 3.19 |
| 4.18 | 1.12.1 | R34 | 3.18 |
4.17 | 1.11.5 | R34 | 3.17 |
4.16 | 1.11.5 | R30 | 3.15 |
Before you begin
To install F5 NGINX Plus Ingress Controller, make sure you have obtained the required licenses to install the F5 NGINX Plus Ingress Controller.
To deploy the NGINX Ingress Controller for OpenShift as a Daemonset
Run the following command and verify if the ingress-nginx namespace is present:
kubectl get nsIf you have the ingress-nginx namespace, delete it by running the following commands:
kubectl delete ds -n ingress-nginx ingress-nginx-controller
kubectl -n ingress-nginx delete svc ingress-nginx-controller-admission
kubectl delete clusterrole ingress-nginx
kubectl delete ClusterRoleBinding ingress-nginx
kubectl delete IngressClass nginx
kubectl delete ValidatingWebhookConfiguration ingress-nginx-admission
kubectl delete ns ingress-nginxBased on the version of your Kubernetes, run one of the following commands to get the deploy.yaml file for the NGINX Ingress Controller:
To get deploy.yaml file for Nginx Ingress Controller:
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-<version>/deploy/static/provider/cloud/deploy.yaml
Where, version is the Nginx Ingress Controller. Example:
To get deploy.yaml file for Nginx Ingress Controller version 1.14.0wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.14.0/deploy/static/provider/cloud/deploy.yamlTo get deploy.yaml file for Nginx Ingress Controller version 1.13.x
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.13.x/deploy/static/provider/cloud/deploy.yaml- Make the following changes in the deploy.yaml file:
Change the kind field of the ingress-nginx-controller from Deployment to DaemonSet.
Daemonset ensures that the controller machine runs on every worker node.
The namespace for the NGINX Ingress Controller is ingress-nginx.apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: <version of the deploy.yaml>
name: ingress-nginx-controller
namespace: ingress-nginxUnder kind: Daemonset, change the spec.strategy field to spec.updateStrategy
spec:
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate(If deploying NGINX Ingress Controller 1.9.5 or later) Under kind: Daemonset, locate securityContext, and then set the value of the flag allowPrivilegeEscalation as true.
securityContext:
allowPrivilegeEscalation: true
To create a namespace (ingress-nginx), run the following command:
oc create ns ingress-nginx
Apply the Security Context Constraints (SCC) to service accounts by running the following commands:
oc adm policy add-scc-to-user ingress-scc -z default -n ingress-nginx
oc adm policy add-scc-to-user ingress-scc -z ingress-nginx-admission -n ingress-nginx
oc adm policy add-scc-to-user ingress-scc -z ingress-nginx -n ingress-nginx
Apply the deploy.yaml file by using the following command:
kubectl apply -f deploy.yaml
To verify that the pods are running on all worker nodes, run the following command:
kubectl get ds -n ingress-nginxSample output:
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
ingress-nginx-controller 11 11 11 11 11 kubernetes.io/os=linux 15dThe values of the columns Desired, Current, Ready, Up-to-date, and Available should be equal to the number of worker nodes.
(Skip this step if you have attached an SSL certificate at the load balancer and are sending HTTP or HTTPS traffic to ingress.)
Create a secret with the certificate and key to be mounted on the Ingress Controller pods by using the following command:kubectl create secret tls my-tls-secret --cert=/path/to/cert.pem --key=/path/to/privkey.pem -n ingress-nginx- (Skip this step if you have attached an SSL certificate at the load balancer and are sending HTTP or HTTPs traffic to ingress.)
Edit the daemonset as described:Set the parameter --default-ssl-certificate with values as <namespace>/<secret name> in the args section.
For example:
--default-ssl-certificate=ingress-nginx/my-tls-certificateRun the following command:
kubectl edit daemonset ingress-nginx-controller -n ingress-nginxIn the output, set the ingress-class parameter according to your requirement:
...
spec:
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
- --election-id=ingress-controller-leader
- --controller-class=k8s.io/ingress-nginx
- --ingress-class=nginx
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
- --default-ssl-certificate=ingress-nginx/my-tls-secret
...
- To configure the NGINX Ingress Controller, perform the following steps:
Identify the configmap name by running the following command:
kubectl get cm -n <ingress_nginx_namespace>Change the configmap name to use the configmap in your environment by running the following command:
kubectl edit cm <ingress_nginx_configmap> -n <ingress_nginx_namespace>
data:
enable-underscores-in-headers: "true"
annotations-risk-level: "Critical" (only applicable for Ingress version 1.12.x and above)
proxy-body-size: 250m
server-name-hash-bucket-size: "1024"
ssl-redirect: "false"
use-forwarded-headers: "true"
worker-processes: "40"
allow-snippet-annotations: "true"
large-client-header-buffers: "4 64k"
To apply the changes made to the daemonset, restart it:
kubectl -n ingress-nginx rollout restart ds ingress-nginx-controllerTo verify the version of the Ingress Controller, run the following command:
kubectl -n ingress-nginx describe <pod name> | grep -i imageExample:
kubectl -n ingress-nginx describe pod ingress-nginx-controller-cb44m | grep -i imageSample output:

In the example, the version of the Ingress Controller installed is 1.9.6.(Skip this step if you have attached an SSL certificate at the Load Balancer) Update the service ingress-nginx-controller and add load balancer IP as an external IP by using the following command:
kubectl patch service/ingress-nginx-controller -n ingress-nginx -p '{"spec":{"externalIPs":["xxx.xxx.xxx.xxx"]}}'Here, xxx.xxx.xxx.xxx is the IP that the LB_HOST value resolves to.
To get the ingress-nginx-controller service port details, run the following command:
kubectl -n ingress-nginx get svcExample output:
For example, you will see output like below:
$ kubectl -n ingress-nginx get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.43.43.12 XXX.XXX.XXX.XXX 80:31764/TCP,443:31864/TCP 24h
ingress-nginx-controller-admission ClusterIP 10.43.46.181 <none> 443/TCP 24hNote the port details from the command output. For example:
- Node port 31764 maps to port 80 and must be used for HTTP connection.
- Node port 31864 maps to port 443 and must be used for HTTPS connection.
- Based on the output of the previous command (step 12), configure the load balancer to send HTTP or HTTPS traffic to the correct ports.
)))
To deploy the NGINX Ingress Controller for OpenShift as a Deployment
- Download the attached file.
- Apply the ingress-scc.yaml file by using the following command:
oc apply -f ingress-scc_<version>.yaml
For example, oc apply -f ingress-scc_24.2.yaml - Based on your OpenShift version, run one of the following commands to get the deploy.yaml file for the NGINX Ingress Controller:
To get deploy.yaml file for Nginx Ingress Controller:
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-<version>/deploy/static/provider/cloud/deploy.yaml
- Make the following changes in the deploy.yaml file:
- Under kind: Deployment, locate securityContext, and then set the value of the flag allowPrivilegeEscalation as true. securityContext:
allowPrivilegeEscalation: true
- Under kind: Deployment, locate securityContext, and then set the value of the flag allowPrivilegeEscalation as true. securityContext:
To create a namespace (ingress-nginx), run the following command:
oc create ns ingress-nginx
Apply the Security Context Constraints (SCC) to service accounts by running the following commands:
oc adm policy add-scc-to-user ingress-scc -z default -n ingress-nginx
oc adm policy add-scc-to-user ingress-scc -z ingress-nginx-admission -n ingress-nginx
oc adm policy add-scc-to-user ingress-scc -z ingress-nginx -n ingress-nginx- Apply the deploy.yaml file by using the following command:
kubectl apply -f deploy.yaml - To verify that the pods are running on all worker nodes, run the following command:
kubectl get deploy -n ingress-nginxSample output:
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
ingress-nginx-controller 1 1 1 1 1 kubernetes.io/os=linux 15d- Run the following to edit the deployment:
kubectl edit deploy ingress-nginx-controller -n ingress-nginx
- Change the replicas from 1 to 3.
Sample:spec:
replicas: 3 - Run the following command to display the deployment details:
kubectl get deploy -n ingress-nginx
- Sample output:
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
ingress-nginx-controller 3 3 3 3 3 kubernetes.io/os=linux 1d
(Skip this step if you have attached an SSL certificate at the load balancer and are sending HTTP or HTTPS traffic to ingress.)
Create a secret with the certificate and key to be mounted on the Ingress Controller pods by using the following command:kubectl create secret tls my-tls-secret --cert=/path/to/cert.pem --key=/path/to/privkey.pem -n ingress-nginx- (Skip this step if you have attached an SSL certificate at the load balancer and are sending HTTP or HTTPs traffic to ingress.)
Edit the deployment as described:- Set the parameter --default-ssl-certificate with values as <namespace>/<secret name> in the args section.
For example:
--default-ssl-certificate=ingress-nginx/my-tls-certificate
Run the following command:
kubectl edit deployment ingress-nginx-controller -n ingress-nginxIn the output, set the ingress-class parameter according to your requirement:
...
spec:
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
- --election-id=ingress-controller-leader
- --controller-class=k8s.io/ingress-nginx
- --ingress-class=nginx
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
- --default-ssl-certificate=ingress-nginx/my-tls-secret
...
- Set the parameter --default-ssl-certificate with values as <namespace>/<secret name> in the args section.
- To configure the NGINX Ingress Controller, perform the following steps:
Identify the configmap name by running the following command:
kubectl get cm -n <ingress_nginx_namespace>Change the configmap name to use the configmap in your environment by running the following command:
kubectl edit cm <ingress_nginx_configmap> -n <ingress_nginx_namespace>
data:
enable-underscores-in-headers: "true"
annotations-risk-level: "Critical" (only applicable for Ingress version 1.12.x and above)
proxy-body-size: 250m
server-name-hash-bucket-size: "1024"
ssl-redirect: "false"
use-forwarded-headers: "true"
worker-processes: "40"
allow-snippet-annotations: "true"
large-client-header-buffers: "4 64k"
To apply the changes made to the deployment, restart it:
kubectl -n ingress-nginx rollout restart ds ingress-nginx-controllerTo verify the version of the Ingress Controller, run the following command:
kubectl -n ingress-nginx describe <pod name> | grep -i imageExample:
kubectl -n ingress-nginx describe pod ingress-nginx-controller-cb44m | grep -i imageSample output:

In the example, the version of the Ingress Controller installed is 1.9.6.(Skip this step if you have attached an SSL certificate at the Load Balancer) Update the service ingress-nginx-controller and add load balancer IP as an external IP by using the following command:
kubectl patch service/ingress-nginx-controller -n ingress-nginx -p '{"spec":{"externalIPs":["xxx.xxx.xxx.xxx"]}}'Here, xxx.xxx.xxx.xxx is the IP that the LB_HOST value resolves to.
To get the ingress-nginx-controller service port details, run the following command:
kubectl -n ingress-nginx get svcExample output:
For example, you will see output like below:
$ kubectl -n ingress-nginx get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.43.43.12 XXX.XXX.XXX.XXX 80:31764/TCP,443:31864/TCP 24h
ingress-nginx-controller-admission ClusterIP 10.43.46.181 <none> 443/TCP 24hNote the port details from the command output. For example:
- Node port 31764 maps to port 80 and must be used for HTTP connection.
- Node port 31864 maps to port 443 and must be used for HTTPS connection.
- Based on the output of the previous command (step 12), configure the load balancer to send HTTP or HTTPS traffic to the correct ports.
To deploy the NGINX Ingress Controller for Kubernetes as a Deployment
Run the following command and verify if the ingress-nginx namespace is present:
kubectl get nsIf you have the ingress-nginx namespace, delete it by running the following commands:
kubectl delete ds -n ingress-nginx ingress-nginx-controller
kubectl -n ingress-nginx delete svc ingress-nginx-controller-admission
kubectl delete clusterrole ingress-nginx
kubectl delete ClusterRoleBinding ingress-nginx
kubectl delete IngressClass nginx
kubectl delete ValidatingWebhookConfiguration ingress-nginx-admission
kubectl delete ns ingress-nginxBased on the version of your Kubernetes, run one of the following commands to get the deploy.yaml file for the NGINX Ingress Controller:
To get deploy.yaml file for Nginx Ingress Controller:
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-<version>/deploy/static/provider/cloud/deploy.yaml
Where, version is the Nginx Ingress Controller. Example:
To get deploy.yaml file for Nginx Ingress Controller version 1.14.0wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.14.0/deploy/static/provider/cloud/deploy.yamlTo get deploy.yaml file for Nginx Ingress Controller version 1.13.x
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.13.x/deploy/static/provider/cloud/deploy.yaml- Make the following changes in the deploy.yaml file:
(If deploying NGINX Ingress Controller 1.9.5 or later) Under kind: Deployment, locate securityContext, and then set the value of the flag allowPrivilegeEscalation as true.
- securityContext:
allowPrivilegeEscalation: true
To create a namespace (ingress-nginx), run the following command:
oc create ns ingress-nginx
Apply the Security Context Constraints (SCC) to service accounts by running the following commands:
oc adm policy add-scc-to-user ingress-scc -z default -n ingress-nginx
oc adm policy add-scc-to-user ingress-scc -z ingress-nginx-admission -n ingress-nginx
oc adm policy add-scc-to-user ingress-scc -z ingress-nginx -n ingress-nginxApply the deploy.yaml file by using the following command:
kubectl apply -f deploy.yamlTo verify that the pods are running on all worker nodes, run the following command:
kubectl get deploy -n ingress-nginxSample output:
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
ingress-nginx-controller 1 1 1 1 1 kubernetes.io/os=linux 15d- Run the following to edit the deployment:
kubectl edit deploy ingress-nginx-controller -n ingress-nginx
- Change the replicas from 1 to 3.
Sample:spec:
replicas: 3 - Run the following command to display the deployment details:
kubectl get deploy -n ingress-nginx
- Sample output:
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
ingress-nginx-controller 3 3 3 3 3 kubernetes.io/os=linux 1d
(Skip this step if you have attached an SSL certificate at the load balancer and are sending HTTP or HTTPS traffic to ingress.)
Create a secret with the certificate and key to be mounted on the Ingress Controller pods by using the following command:kubectl create secret tls my-tls-secret --cert=/path/to/cert.pem --key=/path/to/privkey.pem -n ingress-nginx- (Skip this step if you have attached an SSL certificate at the load balancer and are sending HTTP or HTTPs traffic to ingress.)
Edit the deployment as described:Set the parameter --default-ssl-certificate with values as <namespace>/<secret name> in the args section.
For example:
--default-ssl-certificate=ingress-nginx/my-tls-certificateRun the following command:
kubectl edit deployment ingress-nginx-controller -n ingress-nginxIn the output, set the ingress-class parameter according to your requirement:
...
spec:
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
- --election-id=ingress-controller-leader
- --controller-class=k8s.io/ingress-nginx
- --ingress-class=nginx
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
- --default-ssl-certificate=ingress-nginx/my-tls-secret
...
- To configure the NGINX Ingress Controller, perform the following steps:
Identify the configmap name by running the following command:
kubectl get cm -n <ingress_nginx_namespace>Change the configmap name to use the configmap in your environment by running the following command:
kubectl edit cm <ingress_nginx_configmap> -n <ingress_nginx_namespace>
data:
enable-underscores-in-headers: "true"
annotations-risk-level: "Critical" (only applicable for Ingress version 1.12.x and above)
proxy-body-size: 250m
server-name-hash-bucket-size: "1024"
ssl-redirect: "false"
use-forwarded-headers: "true"
worker-processes: "40"
allow-snippet-annotations: "true"
large-client-header-buffers: "4 64k"
To apply the changes made to the deployment, restart it:
kubectl -n ingress-nginx rollout restart ds ingress-nginx-controllerTo verify the version of the Ingress Controller, run the following command:
kubectl -n ingress-nginx describe <pod name> | grep -i imageExample:
kubectl -n ingress-nginx describe pod ingress-nginx-controller-cb44m | grep -i imageSample output:

In the example, the version of the Ingress Controller installed is 1.9.6.(Skip this step if you have attached an SSL certificate at the Load Balancer) Update the service ingress-nginx-controller and add load balancer IP as an external IP by using the following command:
kubectl patch service/ingress-nginx-controller -n ingress-nginx -p '{"spec":{"externalIPs":["xxx.xxx.xxx.xxx"]}}'Here, xxx.xxx.xxx.xxx is the IP that the LB_HOST value resolves to.
To get the ingress-nginx-controller service port details, run the following command:
kubectl -n ingress-nginx get svcExample output:
For example, you will see output like below:
$ kubectl -n ingress-nginx get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.43.43.12 XXX.XXX.XXX.XXX 80:31764/TCP,443:31864/TCP 24h
ingress-nginx-controller-admission ClusterIP 10.43.46.181 <none> 443/TCP 24hNote the port details from the command output. For example:
- Node port 31764 maps to port 80 and must be used for HTTP connection.
- Node port 31864 maps to port 443 and must be used for HTTPS connection.
- Based on the output of the previous command (step 12), configure the load balancer to send HTTP or HTTPS traffic to the correct ports.
To configure the F5 NGINX Plus Ingress Controller
- Create a namespace called nginx-ingress.
To create an image-registry secret to pull F5 NGINX Plus licensed images from the Docker hub, run the following command:
kubectl create secret docker-registry img-secret --docker-server=<docker image registry> --docker-username=<docker username> --docker-password="<docker password>" -n nginx-ingressTo deploy the F5 NGINX Plus Ingress Controller in the nginx-ingress namespace, run the following Helm command:
helm install nginx-ingress oci://ghcr.io/nginxinc/charts/nginx-ingress --version <version> --set controller.image.repository=<image repository name> --set controller.nginxplus=true,controller.kind=daemonset,controller.name=daemonset,controller.service.type=LoadBalancer,controller.nginxDebug=true,controller.logLevel=3,controller.ingressClass.name=nginxplus,controller.ingressClass.create=true,controller.enableCustomResources=false,controller.enableSnippets=true,controller.serviceAccount.imagePullSecretName=img-secret -n nginx-ingressReplace <version> with the version of your F5 NGINX Plus Ingress Controller (for example, 1.0.2) and <image repository name> with the Docker repository name where you pushed the licensed F5 NGINX Plus Ingress Controller images.
For more information, see Installation with Manifests in the F5 NGINX Ingress Controller documentation.To edit the daemonset, run the following command:
oc edit daemonset nginx-ingress-controller -n nginx-ingress- In the daemonset, set the following parameters in the securityContext section:
- securityContext.runAsNonRoot : false
- securityContext.allowPrivilegeEscalation=true
- Remove runAsUser.
In the daemonset, make sure the following parameters are set in the args section :
- args:
- -nginx-plus=true
- -nginx-configmaps=$(POD_NAMESPACE)/nginx-ingress
- -ingress-class=nginxplus
- -nginx-debug=true
- -v=3
- -external-service=nginx-ingress-daemonset
- -enable-leader-election=true
- -leader-election-lock-name=nginx-ingress-leader-election
- -enable-custom-resources=false
- -enable-snippets=true
- -disable-ipv6=false
- In the daemonset, set the following parameters in the securityContext section:
To get the F5 NGINX Plus configmap, run the following command:
oc get cm nginx-ingress-config -o yaml -n nginx-ingress- Apply the Security Context Constraints (SCC) to service accounts by running the following commands:
oc adm policy add-scc-to-user nginx-plus-scc -z nginxplus-admission -n nginx-ingress
oc adm policy add-scc-to-user nginx-plus-scc -z nginx-ingress -n nginx-ingress
- Set the value of the following parameters in the NGINX Plus configmap:
data:
allow-snippet-annotations: "true"
client-max-body-size: 250m
enable-underscores-in-headers: "true"
error-log-level: debug
proxy-buffers: "128 4k"
redirect-to-https: "True"
server-name-hash-bucket-size: "1024"
ssl-redirect: "false"
use-forwarded-headers: "true"
worker-processes: "40"
large-client-header-buffers: "4 64k"
To create a TLS secret in the BMC Helix ITOM namespace, run the following command:
oc create secret tls <name of the tls secret> --cert=/path/to/cert.pem --key=/path/to/privkey.pem -n <BMC Helix ITOM namespace>Example:
oc create secret tls my-tls-secret --cert=/path/to/cert.pem --key=/path/to/privkey.pem -n itom- Go to the helix-on-prem-deployment-manager/configs /infra.config.
- If you use a self-signed certificate, set the following parameters in the infra.config file:
- INGRESS_CLASS=nginxplus
- NGINX_CONTROLLER=NGINX_PLUS
- INGRESS_TLS_SECRET_NAME=<The TLS secret that you created in the BMC Helix ITOM namespace; for example my-tls-secret.>
- CUSTOM_CA_SIGNED_CERT_IN_USE=true
- If you use a public CA certificate or are enabling TLS termination at the load balancer, set the following parameters in the infra.config file:
- INGRESS_CLASS=nginxplus
- NGINX_CONTROLLER=NGINX_PLUS
- INGRESS_TLS_SECRET_NAME=Leave this value blank.
- CUSTOM_CA_SIGNED_CERT_IN_USE=false
- If you use a self-signed certificate, set the following parameters in the infra.config file:
When you run the deployment manager, the load balancer URLs become accessible to the applications through the F5 NGINX Plus Ingress Controller.