This message was deleted.

I have an external HAProxy configured to forward 443 to round robin through my worker nodes and have a wildcard DNS set up to point at the haproxy (say *.mydomain.com). I was able to then create ingress resources in the Rancher UI for host1.mydomain.com pointing at services and it worked fine. I won't say I didn't have any fiddly bits with getting my certs working for that, but I did get it working on a couple of different setups.

As far as I understand you are describing an Ingress Controller deployment. I already have n ingress controller running, but by default this just works with HTTP and HTTPS. I am trying to change HelmChartConfig for nginx-ingress but it does not work as expected as it does not add the arguments required for the ingress controller binary.

I did get SSL passthru working, though only by editing the ingress controller config manually and didn't mess with trying to do it through RKE2's config.yaml or a helm chart. I didn't try to do binary other than SSL passthru either. The main thing I can say is that Rancher folks told me that they did little to no changes with nginx, so they didn't really have documentation for the ingress controller and I should look at upstream documentation. Sadly that's not necessarily true for getting options through config.yaml there and may or may not be different for how they have their helm charts set up. About all I can say is https://kubernetes.github.io/ingress-nginx/user-guide/tls/ is the page I used for the nginx ingress controller documentation to find the options I needed. Good luck.

OK, so you disabled RKE2 Ingress default config and deployed your own ingress. I am trying to use already enabled resources. Maybe is too hard to reconfigure and a better idea just to deploy a second ingress controller.

Nope, I looked through the docs for options and then did

kubectl edit daemonset rke2-ingress-nginx-controller --namespace kube-system

and added the options I needed and waited for the pods to restart and then just went ahead.

In this case, I am not sure if following upgrades will reconfigure and remove your configuration.

Quite possible, I only needed it for a limited trial license test of something, so it wasn't a concern at the time and I've since scrapped that cluster anyway. About all that'd do for you is help a verification step if your attempted config got through properly. Also, since the nginx ingress controller is installed with RKE2, then I'm betting you need to do this through config.yaml and am not sure that a helm option would persist (unless you exclude installing it in config.yaml and install manually through helm or install a second one as you mentioned).

As far as I understand from documentation, the "expected way" would be using HelChartConfig kind, where you define the expected behavior for your automated deployed Ingress Controller.

Can't say I'm certain on that. You could probably edit the RKE install .sh script to pull the .0 release for the Kubernetes version you're using and try applying things and then just slowly do a yum install for each patch release to see what takes and stays stable. You should be able to do that in even a single node RKE2 in a VM, which is probably how I'd test my config.

Thanks for your interest and answers 🙂