Merge pull request #216 from mueller-ma/feat/configure-nginx-default-…

…cert Allow configuration of nginx ingress controller
lablabs · May 28, 2024 · 939ebd7 · 939ebd7
2 parents 56be8d5 + 1dd3ae9
commit 939ebd7
Show file tree

Hide file tree

Showing 5 changed files with 45 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -304,6 +304,13 @@ rke2_agents_group_name: workers
 # rke2_kube_scheduler_arg:
 #   - "bind-address=0.0.0.0"
 
+# (Optional) Configure nginx via HelmChartConfig: https://docs.rke2.io/networking/networking_services#nginx-ingress-controller
+# rke2_ingress_nginx_values:
+#   controller:
+#     config:
+#       use-forwarded-headers: "true"
+rke2_ingress_nginx_values: {}
+
 # Cordon, drain the node which is being upgraded. Uncordon the node once the RKE2 upgraded
 rke2_drain_node_during_upgrade: false
 

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -265,6 +265,13 @@ rke2_agents_group_name: workers
 # rke2_kube_scheduler_arg:
 #   - "bind-address=0.0.0.0"
 
+# (Optional) Configure nginx via HelmChartConfig: https://docs.rke2.io/networking/networking_services#nginx-ingress-controller
+# rke2_ingress_nginx_values:
+#   controller:
+#     config:
+#       use-forwarded-headers: "true"
+rke2_ingress_nginx_values: {}
+
 # Cordon, drain the node which is being upgraded. Uncordon the node once the RKE2 upgraded
 rke2_drain_node_during_upgrade: false
 

diff --git a/tasks/ingress-nginx.yml b/tasks/ingress-nginx.yml
@@ -0,0 +1,16 @@
+---
+- name: Create the RKE2 manifests directory
+  ansible.builtin.file:
+    state: directory
+    path: "{{ rke2_data_path }}/server/manifests"
+    owner: root
+    group: root
+    mode: 0700
+
+- name: Copy ingress-nginx files to first server
+  ansible.builtin.template:
+    src: "templates/ingress-nginx-config.yml.j2"
+    dest: "{{ rke2_data_path }}/server/manifests/rke2-ingress-nginx-config.yaml"
+    owner: root
+    group: root
+    mode: 0664
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -42,6 +42,11 @@
     - rke2_ha_mode_kubevip | bool
     - not rke2_ha_mode_keepalived | bool
 
+- name: Copy ingress-nginx manifests to the masternode
+  ansible.builtin.include_tasks: ingress-nginx.yml
+  when:
+    - inventory_hostname == groups[rke2_servers_group_name].0
+
 - name: Prepare very first server node in the cluster
   ansible.builtin.include_tasks: first_server.yml
   when:

diff --git a/templates/ingress-nginx-config.yml.j2 b/templates/ingress-nginx-config.yml.j2
@@ -0,0 +1,10 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChartConfig
+metadata:
+  name: rke2-ingress-nginx
+  namespace: kube-system
+spec:
+  valuesContent: |-
+{% if rke2_ingress_nginx_values | length > 0 %}
+    {{ rke2_ingress_nginx_values | to_nice_yaml | indent(2) }}
+{% endif %}