Hello Community! I am trying to deploy Rancher on my EKS Kubernetes cluster using the Helm chart. My use case is to have Rancher running on one cluster and then add the other EKS clusters I have in AWS, allowing me to access all of them from a single interface using SSO for login and managing the set of permissions directly from Rancher. The problem arises when I try to install and configure it so that TLS termination happens at the AWS Network Load Balancer (NLB) that is provisioned using the AWS Load Balancer Ingress Controller. When I configure the Helm chart as follows:

agentTLSMode: "system-store"
ingress:
  enabled: false

service:
  type: "LoadBalancer"
  annotations:
    <http://service.beta.kubernetes.io/aws-load-balancer-type|service.beta.kubernetes.io/aws-load-balancer-type>: external
    <http://service.beta.kubernetes.io/aws-load-balancer-healthcheck-path|service.beta.kubernetes.io/aws-load-balancer-healthcheck-path>: "/healthz"
    <http://service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval|service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval>: '60'
    <http://service.beta.kubernetes.io/aws-load-balancer-name|service.beta.kubernetes.io/aws-load-balancer-name>: "rancher"
    <http://service.beta.kubernetes.io/aws-load-balancer-scheme|service.beta.kubernetes.io/aws-load-balancer-scheme>: "internet-facing"
    <http://service.beta.kubernetes.io/aws-load-balancer-nlb-target-type|service.beta.kubernetes.io/aws-load-balancer-nlb-target-type>: "ip"
    <http://service.beta.kubernetes.io/aws-load-balancer-ssl-cert|service.beta.kubernetes.io/aws-load-balancer-ssl-cert>: "arn:aws:acm:us-east-1:x:certificate/2430e303-4077-47e0-a73e-826aa9a3f7c9"

tls: external

I get the error: "Client sent an HTTP request to an HTTPS server." I don’t fully understand what’s going wrong. Then, when I configure the listener on port 443 of the load balancer to forward requests to port 80 of the service instead of 444, and I try to access my domain, I encounter the error: "Too many redirects." If someone can help me understand what I need to do differently or additionally to make this work, I’d appreciate it. I’ve read the documentation on SSL termination and NLB configuration, and everything seems fine according to what the documentation states.