diff --git a/docs/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md b/docs/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md index 427b06f4df1..f903eb1e4ec 100644 --- a/docs/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md +++ b/docs/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md @@ -212,7 +212,7 @@ If you are using a Private CA signed certificate (or if `agent-tls-mode` is set Your load balancer must support long lived websocket connections and will need to insert proxy headers so Rancher can route links correctly. -### Configuring Ingress for External TLS when Using NGINX v0.25 +### Configuring Ingress for External TLS when Using NGINX v0.22 In NGINX v0.22, the behavior of NGINX has [changed](https://github.com/kubernetes/ingress-nginx/blob/06efac9f0b6f8f84b553f58ccecf79dc42c75cc6/Changelog.md) regarding forwarding headers and external TLS termination. Therefore, in the scenario that you are using external TLS termination configuration with NGINX v0.22, you must enable the `use-forwarded-headers` option for ingress: diff --git a/versioned_docs/version-2.10/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md b/versioned_docs/version-2.10/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md index d84c4e70792..f88467d50d9 100644 --- a/versioned_docs/version-2.10/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md +++ b/versioned_docs/version-2.10/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md @@ -213,10 +213,11 @@ If you are using a Private CA signed certificate (or if `agent-tls-mode` is set Your load balancer must support long lived websocket connections and will need to insert proxy headers so Rancher can route links correctly. -### Configuring Ingress for External TLS when Using NGINX v0.25 +### Configuring Ingress for External TLS when Using NGINX v0.22 -In NGINX v0.25, the behavior of NGINX has [changed](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0220) regarding forwarding headers and external TLS termination. Therefore, in the scenario that you are using external TLS termination configuration with NGINX v0.25, you must edit the `cluster.yml` to enable the `use-forwarded-headers` option for ingress: +In NGINX v0.22, the behavior of NGINX has [changed](https://github.com/kubernetes/ingress-nginx/blob/06efac9f0b6f8f84b553f58ccecf79dc42c75cc6/Changelog.md) regarding forwarding headers and external TLS termination. Therefore, in the scenario that you are using external TLS termination configuration with NGINX v0.22, you must enable the `use-forwarded-headers` option for ingress: +For RKE installations, edit the `cluster.yml` to add the following settings. ```yaml ingress: provider: nginx @@ -224,6 +225,22 @@ ingress: use-forwarded-headers: 'true' ``` +For RKE2 installations, you can create a custom `rke2-ingress-nginx-config.yaml` file at `/var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml` containing this required setting to enable using forwarded headers with external TLS termination. Without this required setting applied, the external LB will continuously respond with redirect loops it receives from the ingress controller. (This can be created before or after rancher is installed, rke2 server agent will notice this addition and automatically apply it.) + +```yaml +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChartConfig +metadata: + name: rke2-ingress-nginx + namespace: kube-system +spec: + valuesContent: |- + controller: + config: + use-forwarded-headers: "true" +``` + ### Required Headers - `Host` diff --git a/versioned_docs/version-2.11/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md b/versioned_docs/version-2.11/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md index ae3d62a426c..f903eb1e4ec 100644 --- a/versioned_docs/version-2.11/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md +++ b/versioned_docs/version-2.11/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md @@ -212,10 +212,11 @@ If you are using a Private CA signed certificate (or if `agent-tls-mode` is set Your load balancer must support long lived websocket connections and will need to insert proxy headers so Rancher can route links correctly. -### Configuring Ingress for External TLS when Using NGINX v0.25 +### Configuring Ingress for External TLS when Using NGINX v0.22 -In NGINX v0.25, the behavior of NGINX has [changed](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0220) regarding forwarding headers and external TLS termination. Therefore, in the scenario that you are using external TLS termination configuration with NGINX v0.25, you must edit the `cluster.yml` to enable the `use-forwarded-headers` option for ingress: +In NGINX v0.22, the behavior of NGINX has [changed](https://github.com/kubernetes/ingress-nginx/blob/06efac9f0b6f8f84b553f58ccecf79dc42c75cc6/Changelog.md) regarding forwarding headers and external TLS termination. Therefore, in the scenario that you are using external TLS termination configuration with NGINX v0.22, you must enable the `use-forwarded-headers` option for ingress: +For RKE installations, edit the `cluster.yml` to add the following settings. ```yaml ingress: provider: nginx @@ -223,6 +224,22 @@ ingress: use-forwarded-headers: 'true' ``` +For RKE2 installations, you can create a custom `rke2-ingress-nginx-config.yaml` file at `/var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml` containing this required setting to enable using forwarded headers with external TLS termination. Without this required setting applied, the external LB will continuously respond with redirect loops it receives from the ingress controller. (This can be created before or after rancher is installed, rke2 server agent will notice this addition and automatically apply it.) + +```yaml +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChartConfig +metadata: + name: rke2-ingress-nginx + namespace: kube-system +spec: + valuesContent: |- + controller: + config: + use-forwarded-headers: "true" +``` + ### Required Headers - `Host` diff --git a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md index 911c5dc2477..7aa4ee57baf 100644 --- a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md @@ -209,10 +209,11 @@ If you are using a Private CA signed certificate, add `--set privateCA=true` and Your load balancer must support long lived websocket connections and will need to insert proxy headers so Rancher can route links correctly. -### Configuring Ingress for External TLS when Using NGINX v0.25 +### Configuring Ingress for External TLS when Using NGINX v0.22 -In NGINX v0.25, the behavior of NGINX has [changed](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0220) regarding forwarding headers and external TLS termination. Therefore, in the scenario that you are using external TLS termination configuration with NGINX v0.25, you must edit the `cluster.yml` to enable the `use-forwarded-headers` option for ingress: +In NGINX v0.22, the behavior of NGINX has [changed](https://github.com/kubernetes/ingress-nginx/blob/06efac9f0b6f8f84b553f58ccecf79dc42c75cc6/Changelog.md) regarding forwarding headers and external TLS termination. Therefore, in the scenario that you are using external TLS termination configuration with NGINX v0.22, you must enable the `use-forwarded-headers` option for ingress: +For RKE installations, edit the `cluster.yml` to add the following settings. ```yaml ingress: provider: nginx @@ -220,6 +221,22 @@ ingress: use-forwarded-headers: 'true' ``` +For RKE2 installations, you can create a custom `rke2-ingress-nginx-config.yaml` file at `/var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml` containing this required setting to enable using forwarded headers with external TLS termination. Without this required setting applied, the external LB will continuously respond with redirect loops it receives from the ingress controller. (This can be created before or after rancher is installed, rke2 server agent will notice this addition and automatically apply it.) + +```yaml +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChartConfig +metadata: + name: rke2-ingress-nginx + namespace: kube-system +spec: + valuesContent: |- + controller: + config: + use-forwarded-headers: "true" +``` + ### Required Headers - `Host` diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md index c6ff10ea455..b1145be7fd2 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md @@ -212,10 +212,11 @@ If you are using a Private CA signed certificate, add `--set privateCA=true` and Your load balancer must support long lived websocket connections and will need to insert proxy headers so Rancher can route links correctly. -### Configuring Ingress for External TLS when Using NGINX v0.25 +### Configuring Ingress for External TLS when Using NGINX v0.22 -In NGINX v0.25, the behavior of NGINX has [changed](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0220) regarding forwarding headers and external TLS termination. Therefore, in the scenario that you are using external TLS termination configuration with NGINX v0.25, you must edit the `cluster.yml` to enable the `use-forwarded-headers` option for ingress: +In NGINX v0.22, the behavior of NGINX has [changed](https://github.com/kubernetes/ingress-nginx/blob/06efac9f0b6f8f84b553f58ccecf79dc42c75cc6/Changelog.md) regarding forwarding headers and external TLS termination. Therefore, in the scenario that you are using external TLS termination configuration with NGINX v0.22, you must enable the `use-forwarded-headers` option for ingress: +For RKE installations, edit the `cluster.yml` to add the following settings. ```yaml ingress: provider: nginx @@ -223,6 +224,22 @@ ingress: use-forwarded-headers: 'true' ``` +For RKE2 installations, you can create a custom `rke2-ingress-nginx-config.yaml` file at `/var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml` containing this required setting to enable using forwarded headers with external TLS termination. Without this required setting applied, the external LB will continuously respond with redirect loops it receives from the ingress controller. (This can be created before or after rancher is installed, rke2 server agent will notice this addition and automatically apply it.) + +```yaml +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChartConfig +metadata: + name: rke2-ingress-nginx + namespace: kube-system +spec: + valuesContent: |- + controller: + config: + use-forwarded-headers: "true" +``` + ### Required Headers - `Host` diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md index 94ed2a8d64e..f1e5443f40c 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md @@ -213,10 +213,11 @@ If you are using a Private CA signed certificate (or if `agent-tls-mode` is set Your load balancer must support long lived websocket connections and will need to insert proxy headers so Rancher can route links correctly. -### Configuring Ingress for External TLS when Using NGINX v0.25 +### Configuring Ingress for External TLS when Using NGINX v0.22 -In NGINX v0.25, the behavior of NGINX has [changed](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0220) regarding forwarding headers and external TLS termination. Therefore, in the scenario that you are using external TLS termination configuration with NGINX v0.25, you must edit the `cluster.yml` to enable the `use-forwarded-headers` option for ingress: +In NGINX v0.22, the behavior of NGINX has [changed](https://github.com/kubernetes/ingress-nginx/blob/06efac9f0b6f8f84b553f58ccecf79dc42c75cc6/Changelog.md) regarding forwarding headers and external TLS termination. Therefore, in the scenario that you are using external TLS termination configuration with NGINX v0.22, you must enable the `use-forwarded-headers` option for ingress: +For RKE installations, edit the `cluster.yml` to add the following settings. ```yaml ingress: provider: nginx @@ -224,6 +225,22 @@ ingress: use-forwarded-headers: 'true' ``` +For RKE2 installations, you can create a custom `rke2-ingress-nginx-config.yaml` file at `/var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml` containing this required setting to enable using forwarded headers with external TLS termination. Without this required setting applied, the external LB will continuously respond with redirect loops it receives from the ingress controller. (This can be created before or after rancher is installed, rke2 server agent will notice this addition and automatically apply it.) + +```yaml +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChartConfig +metadata: + name: rke2-ingress-nginx + namespace: kube-system +spec: + valuesContent: |- + controller: + config: + use-forwarded-headers: "true" +``` + ### Required Headers - `Host` diff --git a/versioned_docs/version-2.9/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md b/versioned_docs/version-2.9/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md index d84c4e70792..f88467d50d9 100644 --- a/versioned_docs/version-2.9/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md +++ b/versioned_docs/version-2.9/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md @@ -213,10 +213,11 @@ If you are using a Private CA signed certificate (or if `agent-tls-mode` is set Your load balancer must support long lived websocket connections and will need to insert proxy headers so Rancher can route links correctly. -### Configuring Ingress for External TLS when Using NGINX v0.25 +### Configuring Ingress for External TLS when Using NGINX v0.22 -In NGINX v0.25, the behavior of NGINX has [changed](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0220) regarding forwarding headers and external TLS termination. Therefore, in the scenario that you are using external TLS termination configuration with NGINX v0.25, you must edit the `cluster.yml` to enable the `use-forwarded-headers` option for ingress: +In NGINX v0.22, the behavior of NGINX has [changed](https://github.com/kubernetes/ingress-nginx/blob/06efac9f0b6f8f84b553f58ccecf79dc42c75cc6/Changelog.md) regarding forwarding headers and external TLS termination. Therefore, in the scenario that you are using external TLS termination configuration with NGINX v0.22, you must enable the `use-forwarded-headers` option for ingress: +For RKE installations, edit the `cluster.yml` to add the following settings. ```yaml ingress: provider: nginx @@ -224,6 +225,22 @@ ingress: use-forwarded-headers: 'true' ``` +For RKE2 installations, you can create a custom `rke2-ingress-nginx-config.yaml` file at `/var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml` containing this required setting to enable using forwarded headers with external TLS termination. Without this required setting applied, the external LB will continuously respond with redirect loops it receives from the ingress controller. (This can be created before or after rancher is installed, rke2 server agent will notice this addition and automatically apply it.) + +```yaml +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChartConfig +metadata: + name: rke2-ingress-nginx + namespace: kube-system +spec: + valuesContent: |- + controller: + config: + use-forwarded-headers: "true" +``` + ### Required Headers - `Host`