222. 如何更新 RKE2 集群中的默认 ingress-nginx 证书
Procedure 程序

The default SSL certificate for ingress-nginx can be updated in the rke2-ingress-nginx Helm chart via the value controller.extraArgs.default-ssl-certificate. This value should reference the namespace and name of a TLS secret that you have already created in the cluster. This value can be defined in an RKE2 cluster via a HelmChartConfig, as described in this article.
ingress-nginx 的默认 SSL 证书可以通过 value controller.extraArgs.default-ssl-certificate,在 rke2-ingress-nginx Helm 图表中更新。这个值应指向你在集群中已创建的 TLS 秘密的命名空间和名称。该值可以通过 HelmChartConfig 在 RKE2 集群中定义,如本文所述。

Configuration for Rancher-provisioned RKE2 clusters
Rancher 配置的 RKE2 集群配置

  1. Login to the Rancher UI
    登录牧场主界面
  2. Navigate toCluster Management
    导航至集群管理
  3. ClickEdit Configfor the relevant Rancher-provisioned RKE2 cluster
    点击编辑配置以查看相关的 Rancher 配置 RKE2 集群
  4. ClickAdditional Manifestand provide the a HelmChartConfig, with the desired default-ssl-certificate, per the example below, setting <namespace> and <secret_name> as required to reference the appropriate TLS secret.
    点击“附加清单”,提供 HelmChartConfig,并按照下面的示例设置所需的默认 SSL 证书,设置<namespace> 和<secret_name>,以引用相应的 TLS 秘密。
    <span style="color:#000000"><span style="background-color:#ffffff"><span style="background-color:#efefef"><code>apiVersion: <a>ClickSaveat the bottom of the page
    点击页面底部的保存

Configuration for standalone RKE2 clusters
独立 RKE2 集群配置

On server nodes in the cluster, create a HelmChartConfig manifest, with the desired default-ssl-certificate, for the rke2-ingress-nginx chart, within the directory /var/lib/rancher/rke2/server/manifests/ (e.g. /var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml). In the example below, set <namespace> and <secret_name> as required to reference the appropriate TLS secret.
在集群中的服务器节点上,创建一个 HelmChartConfig 清单,包含所需的默认 ssl 证书,用于 rke2-ingress-nginx 图表,目录为/var/lib/rancher/rke2/server/manifests/(例如/var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml)。在下面的示例中,设置<namespace>和 <secret_name> 如要求引用相应的 TLS 秘密。

<span style="color:#000000"><span style="background-color:#ffffff"><span style="background-color:#efefef"><code>apiVersion: <a>

Environment 环境

A standalone or Rancher-provisioned RKE2, with the RKE2-bundled ingress-nginx ingress controller
一个独立或由 Rancher 配置的 RKE2,配备 RKE2 捆绑的 ingress-nginx 入口控制器

访问Rancher-K8S解决方案博主,企业合作伙伴 :
https://blog.csdn.net/lidw2009