This message was deleted Rancher Users #rke2

Join Slack

This message was deleted.

# rke2

adamant-kite-43734

11/13/2024, 6:26 PM

This message was deleted.

bland-article-62755

11/13/2024, 6:42 PM

Maybe one of your ingress pods has a bad config and when it gets hit doesn't know to attach the appropriate cert/route because it doesn't know about it? Did you try a re-deployment?

abundant-hair-58573

11/13/2024, 6:52 PM

Yea I redeployed the rke2-ingress-nginx-controller DaemonSet

abundant-hair-58573

11/13/2024, 6:55 PM

something like that was my first thought, but it's happening in two separate clusters in different AWS VPCs. The app is keycloak, we saw this problem when initially deploying it without enabling tls pass through. I enabled that by dropping an rke2-ingress-nginx-config.yaml into

/var/lib/rancher/rk2/server/manifests

on one of the control planes.

Copy code

apiVersion: helm.cattle.io/v1
  kind: HelmChartConfig
  metadata:
    name: rke2-ingress-nginx
    namespace: kube-system
  spec:
    valuesContent: |-
      controller:
        config:
          use-forwarded-headers: true
        extraArgs:
          enable-ssl-passthrough: true

Basically followed the steps from this blog https://ranchergovernment.com/blog/leveraging-rke2-with-tls-passthrough

abundant-hair-58573

11/13/2024, 7:56 PM

I just added that to the Add-On Config for the cluster itself, and I'm still seeing the same thing. It doesn't make any sense to me that a refresh of the page will suddenly get the correct cert

bland-article-62755

11/13/2024, 7:57 PM

I often find things like this harmful to my sanity. ¯\_(ツ)_/¯

🤣 1

abundant-hair-58573

11/13/2024, 8:13 PM

Yea, it's even more fun when you have 400 users complaining lol

113 Views

Open in Slack

Previous Next