The default SSL certificate for ingress-nginx can be updated in the rke2-ingress-nginx Helm chart via the value controller.extraArgs.default-ssl-certificate. This value should reference the namespace and name of a TLS secret that you have already created in the cluster. This value can be defined in an RKE2 cluster via a HelmChartConfig, as described in this article.
ingress-nginx 的默认 SSL 证书可以通过 value controller.extraArgs.default-ssl-certificate，在 rke2-ingress-nginx Helm 图表中更新。这个值应指向你在集群中已创建的 TLS 秘密的命名空间和名称。该值可以通过 HelmChartConfig 在 RKE2 集群中定义，如本文所述。

Configuration for Rancher-provisioned RKE2 clusters
Rancher 配置的 RKE2 集群配置

1. Login to the Rancher UI
   登录牧场主界面
2. Navigate to Cluster Management
   导航至集群管理
3. Click Edit Config for the relevant Rancher-provisioned RKE2 cluster
   点击编辑配置以查看相关的 Rancher 配置 RKE2 集群
4. Click Additional Manifest and provide the a HelmChartConfig, with the desired default-ssl-certificate, per the example below, setting <namespace> and <secret_name> as required to reference the appropriate TLS secret.
   点击 “附加清单 ”，提供 HelmChartConfig，并按照下面的示例设置所需的默认 SSL 证书，设置<namespace> 和<secret_name>，以引用相应的 TLS 秘密。

   <span style="color:#000000"><span style="background-color:#ffffff"><span style="background-color:#efefef"><code>apiVersion: <a data-cke-saved-href="http://helm.cattle.io/v1" href="http://helm.cattle.io/v1">helm.cattle.io/v1</a>
   kind: HelmChartConfig
   metadata:
     name: rke2-ingress-nginx
     namespace: kube-system
   spec:
     valuesContent: |-
       controller:
         extraArgs:
           default-ssl-certificate: "<namespace>/<secret_name>"</code></span></span></span>

5. Click Save at the bottom of the page
   点击页面底部的保存

Configuration for standalone RKE2 clusters
独立 RKE2 集群配置

On server nodes in the cluster, create a HelmChartConfig manifest, with the desired default-ssl-certificate, for the rke2-ingress-nginx chart, within the directory /var/lib/rancher/rke2/server/manifests/ (e.g. /var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml). In the example below, set <namespace> and <secret_name> as required to reference the appropriate TLS secret.
在集群中的服务器节点上，创建一个 HelmChartConfig 清单，包含所需的默认 ssl 证书，用于 rke2-ingress-nginx 图表，目录为/var/lib/rancher/rke2/server/manifests/（例如/var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml）。在下面的示例中，设置<namespace>和 <secret_name> 如要求引用相应的 TLS 秘密。

<span style="color:#000000"><span style="background-color:#ffffff"><span style="background-color:#efefef"><code>apiVersion: <a data-cke-saved-href="http://helm.cattle.io/v1" href="http://helm.cattle.io/v1">helm.cattle.io/v1</a>
kind: HelmChartConfig
metadata:
  name: rke2-ingress-nginx
  namespace: kube-system
spec:
  valuesContent: |-
    controller:
      extraArgs:
        default-ssl-certificate: "<namespace>/<secret_name>"</code></span></span></span>

 

A standalone or Rancher-provisioned RKE2, with the RKE2-bundled ingress-nginx ingress controller
一个独立或由 Rancher 配置的 RKE2，配备 RKE2 捆绑的 ingress-nginx 入口控制器