refined-analyst-8898
03/27/2023, 12:33 PMingress-nginx
chart. That's expected, but I'm hesitant to customize it because I don't have a complete mental map of the life cycle, especially upgrades. I've patched the daemonset to add the optional arg. It'd be helpful to hear from someone more familiar with RKE2 that this is entirely expected or a patently bad idea!$ k get daemonsets.apps rke2-ingress-nginx-controller \
--namespace kube-system \
--output go-template='{{ range ((index .spec.template.spec.containers 0).args) }}{{.}}{{"\n"}}{{end}}'
/nginx-ingress-controller
--election-id=ingress-controller-leader
--controller-class=<http://k8s.io/ingress-nginx|k8s.io/ingress-nginx>
--ingress-class=nginx
--configmap=$(POD_NAMESPACE)/rke2-ingress-nginx-controller
--validating-webhook=:8443
--validating-webhook-certificate=/usr/local/certificates/cert
--validating-webhook-key=/usr/local/certificates/key
--watch-ingress-without-class=true
$ k patch daemonsets.apps "rke2-ingress-nginx-controller" \
--namespace kube-system \
--type json \
--patch '[{"op": "add",
"path": "/spec/template/spec/containers/0/args/-",
"value":"--enable-ssl-passthrough"
}]'
daemonset.apps/rke2-ingress-nginx-controller patched
$ k get daemonsets.apps rke2-ingress-nginx-controller \
--namespace kube-system \
--output go-template='{{ range ((index .spec.template.spec.containers 0).args) }}{{.}}{{"\n"}}{{end}}'
/nginx-ingress-controller
--election-id=ingress-controller-leader
--controller-class=<http://k8s.io/ingress-nginx|k8s.io/ingress-nginx>
--ingress-class=nginx
--configmap=$(POD_NAMESPACE)/rke2-ingress-nginx-controller
--validating-webhook=:8443
--validating-webhook-certificate=/usr/local/certificates/cert
--validating-webhook-key=/usr/local/certificates/key
--watch-ingress-without-class=true
--enable-ssl-passthrough
careful-mouse-42236
03/27/2023, 12:57 PM<http://nginx.ingress.kubernetes.io/ssl-passthrough|nginx.ingress.kubernetes.io/ssl-passthrough>
.refined-analyst-8898
03/27/2023, 1:29 PM---
apiVersion: <http://helm.cattle.io/v1|helm.cattle.io/v1>
kind: HelmChartConfig
metadata:
name: rke2-ingress-nginx
namespace: kube-system
spec:
valuesContent: |-
controller:
extraArgs:
enable-ssl-passthrough: true
kube-system
re-added the extra arg to the daemonset deployment.