How to enable SSL passthrough on the nginx-ingress controller in RKE and RKE2 clusters
This document (000020147) is provided subject to the disclaimer at the end of this document.
Environment
- A standalone or Rancher-provisioned RKE or RKE2 cluster, deployed within the bundled ingress-nginx controller
Situation
This article details how to enable SSL passthrough on the bundled nginx-ingress controller in an RKE or RKE2 cluster
Resolution
Standalone RKE clusters:
- Edit the cluster configuration YAML file to include the
enable-ssl-passthrough: true
option for the ingress, as follows:
ingress:
provider: nginx
extra_args:
enable-ssl-passthrough: true
- Apply the changes to the cluster, by invoking
rke up
:
rke up --config <cluster configuration yaml file>
Standalone RKE2 clusters:
- Create the file /var/lib/rancher/rke2/server/manifest/rke2-ingress-nginx-config.yaml with the desired HelmChartConfig on server nodes within the cluster:
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: rke2-ingress-nginx
namespace: kube-system
spec:
valuesContent: |-
controller:
extraArgs:
enable-ssl-passthrough: true
- Restart the rke2-server process to trigger a helm installation Job for the rke2-ingress-nginx chart, applying the new configuration:
systemctl restart rke2-server
Rancher-provisioned RKE clusters:
- Navigate to Cluster Management in the Rancher UI
- Click Edit Config for the relevant RKE cluster
- Click Edit as YAML
- Include the
enable-ssl-passthrough: true
option for the ingress, as follows:
ingress:
provider: nginx
extra_args:
enable-ssl-passthrough: true
- Click Save
Rancher-provisioned RKE2 clusters:
- Navigate to Cluster Management in the Rancher UI
- Click Edit Config for the relevant RKE cluster
- Click Additional Manifests and add the desired HemChartConfig manifest:
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: rke2-ingress-nginx
namespace: kube-system
spec:
valuesContent: |-
extraArgs:
enable-ssl-passthrough: true
- Click Save
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.