Allow changing all options in HelmChartConfig

lablabs · May 27, 2024 · 1dd3ae9 · 1dd3ae9
1 parent b3e5319
commit 1dd3ae9
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -304,9 +304,12 @@ rke2_agents_group_name: workers
 # rke2_kube_scheduler_arg:
 #   - "bind-address=0.0.0.0"
 
-# Configure the nginx default certificate: https://kubernetes.github.io/ingress-nginx/user-guide/tls/#default-ssl-certificate
-# Leave empty to not set `--default-ssl-certificate`
-rke2_ingress_nginx_default_certificate: ""
+# (Optional) Configure nginx via HelmChartConfig: https://docs.rke2.io/networking/networking_services#nginx-ingress-controller
+# rke2_ingress_nginx_values:
+#   controller:
+#     config:
+#       use-forwarded-headers: "true"
+rke2_ingress_nginx_values: {}
 
 # Cordon, drain the node which is being upgraded. Uncordon the node once the RKE2 upgraded
 rke2_drain_node_during_upgrade: false

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -265,9 +265,12 @@ rke2_agents_group_name: workers
 # rke2_kube_scheduler_arg:
 #   - "bind-address=0.0.0.0"
 
-# Configure the nginx default certificate: https://kubernetes.github.io/ingress-nginx/user-guide/tls/#default-ssl-certificate
-# Leave empty to not set `--default-ssl-certificate`
-rke2_ingress_nginx_default_certificate: ""
+# (Optional) Configure nginx via HelmChartConfig: https://docs.rke2.io/networking/networking_services#nginx-ingress-controller
+# rke2_ingress_nginx_values:
+#   controller:
+#     config:
+#       use-forwarded-headers: "true"
+rke2_ingress_nginx_values: {}
 
 # Cordon, drain the node which is being upgraded. Uncordon the node once the RKE2 upgraded
 rke2_drain_node_during_upgrade: false

diff --git a/tasks/ingress-nginx.yml b/tasks/ingress-nginx.yml
@@ -1,7 +1,16 @@
+---
+- name: Create the RKE2 manifests directory
+  ansible.builtin.file:
+    state: directory
+    path: "{{ rke2_data_path }}/server/manifests"
+    owner: root
+    group: root
+    mode: 0700
+
 - name: Copy ingress-nginx files to first server
   ansible.builtin.template:
     src: "templates/ingress-nginx-config.yml.j2"
     dest: "{{ rke2_data_path }}/server/manifests/rke2-ingress-nginx-config.yaml"
     owner: root
     group: root
-    mode: 0664
+    mode: 0664
diff --git a/templates/ingress-nginx-config.yml.j2 b/templates/ingress-nginx-config.yml.j2
@@ -5,8 +5,6 @@ metadata:
   namespace: kube-system
 spec:
   valuesContent: |-
-    controller:
-      extraArgs:
-{% if rke2_ingress_nginx_default_certificate | length > 0 %}
-        default-ssl-certificate: "{{ rke2_ingress_nginx_default_certificate }}"
-{% endif %}
+{% if rke2_ingress_nginx_values | length > 0 %}
+    {{ rke2_ingress_nginx_values | to_nice_yaml | indent(2) }}
+{% endif %}