With a TLS-terminated HTTPS load balancer, web clients communicate with the load balancer over TLS protocols. The load balancer terminates the TLS session and forwards the decrypted requests to the back-end servers. By terminating the TLS session on the load balancer, we offload the CPU-intensive encryption work to the load balancer, and enable the possibility of using advanced load balancer features, like Layer 7 features and header manipulation. - https://docs.openstack.org/octavia/latest/user/guides/basic-cookbook.html#deploy-a-tls-terminated-https-load-balancer - https://docs.openstack.org/octavia/latest/user/guides/basic-cookbook.html#deploy-a-tls-terminated-https-load-balancer-with-sni - https://docs.openstack.org/octavia/latest/user/guides/basic-cookbook.html#deploy-http-and-tls-terminated-https-load-balancing-on-the-same-ip-and-backend Presently, TLS-terminated HTTPS load balancers are not supported in any released OSP version. This is a much-needed feature required in production environments.
TLS SNI scenario tests: https://review.opendev.org/#/c/690778/ Upstream CI jobs that run these tests are named octavia-v2-dsvm-tls-barbican.
HTTP and TLS-terminated HTTPS load balancing on the same IP and backend scenario test: https://review.opendev.org/#/c/696358/
RFE for OSP 16: https://bugzilla.redhat.com/show_bug.cgi?id=1779141
OSP13 support officially ended on 27 June 2023