Skip to content

How to enable SSL passthrough on the nginx-ingress controller in RKE and RKE2 clusters

This document (000020147) is provided subject to the disclaimer at the end of this document.

Environment

  • A standalone or Rancher-provisioned RKE or RKE2 cluster, deployed within the bundled ingress-nginx controller

Situation

This article details how to enable SSL passthrough on the bundled nginx-ingress controller in an RKE or RKE2 cluster

Resolution

Standalone RKE clusters:

  1. Edit the cluster configuration YAML file to include the enable-ssl-passthrough: true option for the ingress, as follows:

ingress:
  provider: nginx
  extra_args:
    enable-ssl-passthrough: true
2. Apply the changes to the cluster, by invoking rke up:

rke up --config <cluster configuration yaml file>

Standalone RKE2 clusters:

  1. Create the file /var/lib/rancher/rke2/server/manifest/rke2-ingress-nginx-config.yaml with the desired HelmChartConfig on server nodes within the cluster:

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: rke2-ingress-nginx
  namespace: kube-system
spec: 
  valuesContent:  |-
    controller:
      extraArgs:
        enable-ssl-passthrough: true
2. Restart the rke2-server process to trigger a helm installation Job for the rke2-ingress-nginx chart, applying the new configuration:

systemctl restart rke2-server

Rancher-provisioned RKE clusters:

  1. Navigate to Cluster Management in the Rancher UI
  2. Click Edit Config for the relevant RKE cluster
  3. Click Edit as YAML
  4. Include the enable-ssl-passthrough: true option for the ingress, as follows:

ingress:
  provider: nginx
  extra_args:
    enable-ssl-passthrough: true
5. Click Save

Rancher-provisioned RKE2 clusters:

  1. Navigate to Cluster Management in the Rancher UI
  2. Click Edit Config for the relevant RKE cluster
  3. Click Additional Manifests and add the desired HemChartConfig manifest:

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: rke2-ingress-nginx
  namespace: kube-system
spec:
  valuesContent: |-
     extraArgs:
       enable-ssl-passthrough: true
4. Click Save

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.