SUSE Support

Here When You Need Us

How to enable SSL passthrough on the nginx-ingress controller in RKE and RKE2 clusters

This document (000020147) is provided subject to the disclaimer at the end of this document.

Environment

  • A standalone or Rancher-provisioned RKE or RKE2 cluster, deployed within the bundled ingress-nginx controller

Situation

This article details how to enable SSL passthrough on the bundled nginx-ingress controller in an RKE or RKE2 cluster

 

Resolution

Standalone RKE clusters:

  1. Edit the cluster configuration YAML file to include the enable-ssl-passthrough: true option for the ingress, as follows:
    ingress:
      provider: nginx
      extra_args:
        enable-ssl-passthrough: true
  2. Apply the changes to the cluster, by invoking rke up:
    rke up --config <cluster configuration yaml file>

Standalone RKE2 clusters:

  1. Create the file /var/lib/rancher/rke2/server/manifest/rke2-ingress-nginx-config.yaml with the desired HelmChartConfig on server nodes within the cluster:
    apiVersion: helm.cattle.io/v1
    kind: HelmChartConfig
    metadata:
      name: rke2-ingress-nginx
      namespace: kube-system
    spec: 
      valuesContent:  |-
        controller:
          extraArgs:
            enable-ssl-passthrough: true
  2. Restart the rke2-server process to trigger a helm installation Job for the rke2-ingress-nginx chart, applying the new configuration:
    systemctl restart rke2-server

Rancher-provisioned RKE clusters:

  1. Navigate to Cluster Management in the Rancher UI
  2. Click Edit Config for the relevant RKE cluster
  3. Click Edit as YAML
  4. Include the enable-ssl-passthrough: true option for the ingress, as follows:
    ingress:
      provider: nginx
      extra_args:
        enable-ssl-passthrough: true
  5. Click Save

Rancher-provisioned RKE2 clusters:

  1. Navigate to Cluster Management in the Rancher UI
  2. Click Edit Config for the relevant RKE cluster
  3. Click Additional Manifests and add the desired HemChartConfig manifest:
    apiVersion: helm.cattle.io/v1
    kind: HelmChartConfig
    metadata:
      name: rke2-ingress-nginx
      namespace: kube-system
    spec:
      valuesContent: |-
         extraArgs:
           enable-ssl-passthrough: true
  4. Click Save

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020147
  • Creation Date: 06-May-2021
  • Modified Date:25-Mar-2025
    • SUSE Rancher

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.