https://rancher.com/ logo
#rke2
Title
# rke2
a

adamant-kite-43734

03/27/2023, 12:33 PM
This message was deleted.
r

refined-analyst-8898

03/27/2023, 12:33 PM
Copy code
$ k get daemonsets.apps rke2-ingress-nginx-controller \
    --namespace kube-system \
    --output go-template='{{ range ((index .spec.template.spec.containers 0).args) }}{{.}}{{"\n"}}{{end}}'
/nginx-ingress-controller
--election-id=ingress-controller-leader
--controller-class=<http://k8s.io/ingress-nginx|k8s.io/ingress-nginx>
--ingress-class=nginx
--configmap=$(POD_NAMESPACE)/rke2-ingress-nginx-controller
--validating-webhook=:8443
--validating-webhook-certificate=/usr/local/certificates/cert
--validating-webhook-key=/usr/local/certificates/key
--watch-ingress-without-class=true

$ k patch daemonsets.apps "rke2-ingress-nginx-controller" \
            --namespace kube-system \
            --type json \
            --patch '[{"op": "add",
                "path": "/spec/template/spec/containers/0/args/-",
                "value":"--enable-ssl-passthrough"
            }]'
daemonset.apps/rke2-ingress-nginx-controller patched

$ k get daemonsets.apps rke2-ingress-nginx-controller \
    --namespace kube-system \
    --output go-template='{{ range ((index .spec.template.spec.containers 0).args) }}{{.}}{{"\n"}}{{end}}'
/nginx-ingress-controller
--election-id=ingress-controller-leader
--controller-class=<http://k8s.io/ingress-nginx|k8s.io/ingress-nginx>
--ingress-class=nginx
--configmap=$(POD_NAMESPACE)/rke2-ingress-nginx-controller
--validating-webhook=:8443
--validating-webhook-certificate=/usr/local/certificates/cert
--validating-webhook-key=/usr/local/certificates/key
--watch-ingress-without-class=true
--enable-ssl-passthrough
c

careful-mouse-42236

03/27/2023, 12:57 PM
I'm used to install RKE2 without NGINX Ingress Controller then install & manage it in a GitOps way with the officiel Helm chart (https://kubernetes.github.io/ingress-nginx/). It works fine. I use chart parameters to configure it, like
<http://nginx.ingress.kubernetes.io/ssl-passthrough|nginx.ingress.kubernetes.io/ssl-passthrough>
.
r

refined-analyst-8898

03/27/2023, 1:29 PM
Now I see that this appears to be viable as well.
Copy code
---
apiVersion: <http://helm.cattle.io/v1|helm.cattle.io/v1>
kind: HelmChartConfig
metadata:
  name: rke2-ingress-nginx
  namespace: kube-system
spec:
  valuesContent: |-
    controller:
      extraArgs:
        enable-ssl-passthrough: true
👍 1
I confirmed that applying the above manifest in namespace
kube-system
re-added the extra arg to the daemonset deployment.
85 Views