Skip to content

How to enable SSL passthrough on the nginx-ingress controller in RKE and RKE2 clusters

This document (000020147) is provided subject to the disclaimer at the end of this document.

Environment

  • A standalone or Rancher-provisioned RKE or RKE2 cluster, deployed within the bundled ingress-nginx controller

Situation

This article details how to enable SSL passthrough on the bundled nginx-ingress controller in an RKE or RKE2 cluster

Resolution

Standalone RKE clusters:

  1. Edit the cluster configuration YAML file to include the enable-ssl-passthrough: true option for the ingress, as follows:
ingress:
     provider: nginx
     extra_args:
       enable-ssl-passthrough: true
  1. Apply the changes to the cluster, by invoking rke up:
rke up --config <cluster configuration yaml file>

Standalone RKE2 clusters:

  1. Create the file /var/lib/rancher/rke2/server/manifest/rke2-ingress-nginx-config.yaml with the desired HelmChartConfig on server nodes within the cluster:
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
     name: rke2-ingress-nginx
     namespace: kube-system
spec:
     valuesContent:  |-
       controller:
         extraArgs:
           enable-ssl-passthrough: true
  1. Restart the rke2-server process to trigger a helm installation Job for the rke2-ingress-nginx chart, applying the new configuration:
systemctl restart rke2-server

Rancher-provisioned RKE clusters:

  1. Navigate to Cluster Management in the Rancher UI
  2. Click Edit Config for the relevant RKE cluster
  3. Click Edit as YAML
  4. Include the enable-ssl-passthrough: true option for the ingress, as follows:
ingress:
     provider: nginx
     extra_args:
       enable-ssl-passthrough: true
  1. Click Save

Rancher-provisioned RKE2 clusters:

  1. Navigate to Cluster Management in the Rancher UI
  2. Click Edit Config for the relevant RKE cluster
  3. Click Additional Manifests and add the desired HemChartConfig manifest:
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
     name: rke2-ingress-nginx
     namespace: kube-system
spec:
     valuesContent: |-
        extraArgs:
          enable-ssl-passthrough: true
  1. Click Save

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.