Channels
#general
Title
# general
s
stocky-fall-82040
02/08/2023, 5:11 PMIs there a way to disable the default ingress certificate for rancher managed RKE downstream clusters?
b
bulky-sunset-52084
02/08/2023, 5:15 PM
Not really - that's built into ingress-ngnix.. without some kind of cert tls would not function... You can set a custom cert for an ingress tho. Nginx just generates a self signed cert to use if you do not give it one to use.
s
stocky-fall-82040
02/08/2023, 7:57 PMDo you know of any instructions for replacing the self signed certificate used by the nginx in those clusters?
For the Rancher HA cluster, you can configure the default_backend with value false in the cluster.yml
ingress:
provider: nginx
default_backend: false
options:
xxxxx
I want to do the same for the downstream managed clusters.
b
bulky-sunset-52084
02/08/2023, 8:00 PM
https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
Yup create a 'TLS' secret with the cert then create an ingress object that points to the cert
s
stocky-fall-82040
02/08/2023, 8:02 PMI found what I was looking for. I use the Rancher 2 Terraform provider and the rancher2_cluster resource. I has ingress configuration with default_backend. https://registry.terraform.io/providers/rancher/rancher2/latest/docs/resources/cluster#default_backend
I can set it through the UI as well for the cluster.
91 Views