https://rancher.com/ logo
Title
s

stocky-fall-82040

02/08/2023, 5:11 PM
Is there a way to disable the default ingress certificate for rancher managed RKE downstream clusters?
b

bulky-sunset-52084

02/08/2023, 5:15 PM
Not really - that's built into ingress-ngnix.. without some kind of cert tls would not function... You can set a custom cert for an ingress tho. Nginx just generates a self signed cert to use if you do not give it one to use.
s

stocky-fall-82040

02/08/2023, 7:57 PM
Do you know of any instructions for replacing the self signed certificate used by the nginx in those clusters?
For the Rancher HA cluster, you can configure the default_backend with value false in the cluster.yml ingress:   provider: nginx   default_backend: false   options:     xxxxx I want to do the same for the downstream managed clusters.
b

bulky-sunset-52084

02/08/2023, 8:00 PM
https://kubernetes.io/docs/concepts/services-networking/ingress/#tls Yup create a 'TLS' secret with the cert then create an ingress object that points to the cert
s

stocky-fall-82040

02/08/2023, 8:02 PM
I found what I was looking for. I use the Rancher 2 Terraform provider and the rancher2_cluster resource. I has ingress configuration with default_backend. https://registry.terraform.io/providers/rancher/rancher2/latest/docs/resources/cluster#default_backend
I can set it through the UI as well for the cluster.