Channels
extensions
rancher-extensions
supermicro-sixsq
ozt
os
one-point-x
rio
onlinemeetup
v16-v21-migration
events
onlinetraining
training-1220
training-0110
training-0124
k3s-contributor
submariner
storage
k3os
windows
ci-cd
theranchcast
rfed_ara
nederlands
ukranian
danish
training-0131
masterclass
training-0207
training-0214
terraform-controller
epinio
phillydotnet
swarm
rancher-wrangler
deutsch
russian
chinese
mesos
français
japanese
arm
longhorn-dev
terraform-provider-rke
service-mesh
azure
gcp
academy
random
elemental
espanol
lima
harvester-dev
portugues
kubernetes
kim
hypper
kubewarden
opni
logging
neuvector-security
rancher-setup
developer
office-hours
mexico
cabpr
rke
vsphere
longhorn-storage
k3s
k3d
terraform-provider-rancher2
fleet
amazon
harvester
rke2
s3gw
hobbyfarm
rancher-desktop
general
Title
r
refined-analyst-8898
03/27/2023, 12:33 PMI've migrated a workload to RKE2, a distro that's still new to me. The application requires ingress SSL-passthrough (as opposed to termination), which is not enabled by default in RKE2's tailoring of the
ingress-nginx$ k get daemonsets.apps rke2-ingress-nginx-controller \
--namespace kube-system \
--output go-template='{{ range ((index .spec.template.spec.containers 0).args) }}{{.}}{{"\n"}}{{end}}'
/nginx-ingress-controller
--election-id=ingress-controller-leader
--controller-class=<http://k8s.io/ingress-nginx|k8s.io/ingress-nginx>
--ingress-class=nginx
--configmap=$(POD_NAMESPACE)/rke2-ingress-nginx-controller
--validating-webhook=:8443
--validating-webhook-certificate=/usr/local/certificates/cert
--validating-webhook-key=/usr/local/certificates/key
--watch-ingress-without-class=true
$ k patch daemonsets.apps "rke2-ingress-nginx-controller" \
--namespace kube-system \
--type json \
--patch '[{"op": "add",
"path": "/spec/template/spec/containers/0/args/-",
"value":"--enable-ssl-passthrough"
}]'
daemonset.apps/rke2-ingress-nginx-controller patched
$ k get daemonsets.apps rke2-ingress-nginx-controller \
--namespace kube-system \
--output go-template='{{ range ((index .spec.template.spec.containers 0).args) }}{{.}}{{"\n"}}{{end}}'
/nginx-ingress-controller
--election-id=ingress-controller-leader
--controller-class=<http://k8s.io/ingress-nginx|k8s.io/ingress-nginx>
--ingress-class=nginx
--configmap=$(POD_NAMESPACE)/rke2-ingress-nginx-controller
--validating-webhook=:8443
--validating-webhook-certificate=/usr/local/certificates/cert
--validating-webhook-key=/usr/local/certificates/key
--watch-ingress-without-class=true
--enable-ssl-passthroughc
careful-mouse-42236
03/27/2023, 12:57 PMI'm used to install RKE2 without NGINX Ingress Controller then install & manage it in a GitOps way with the officiel Helm chart (https://kubernetes.github.io/ingress-nginx/). It works fine.
I use chart parameters to configure it, like
<http://nginx.ingress.kubernetes.io/ssl-passthrough|nginx.ingress.kubernetes.io/ssl-passthrough>r
refined-analyst-8898
03/27/2023, 1:29 PMNow I see that this appears to be viable as well.
---
apiVersion: <http://helm.cattle.io/v1|helm.cattle.io/v1>
kind: HelmChartConfig
metadata:
name: rke2-ingress-nginx
namespace: kube-system
spec:
valuesContent: |-
controller:
extraArgs:
enable-ssl-passthrough: true👍 1
I confirmed that applying the above manifest in namespace
kube-system