Procedure 程序The default SSL certificate for ingress-nginx can be updated in the rke2-ingress-nginx Helm chart via the value controller.extraArgs.default-ssl-certificate. This value should reference the namespace and name of a TLS secret that you have already created in the cluster. This value can be defined in an RKE2 cluster via a HelmChartConfig, as described in this article.ingress-nginx 的默认 SSL 证书可以通过 value controller.extraArgs.default-ssl-certificate在 rke2-ingress-nginx Helm 图表中更新。这个值应指向你在集群中已创建的 TLS 秘密的命名空间和名称。该值可以通过 HelmChartConfig 在 RKE2 集群中定义如本文所述。Configuration for Rancher-provisioned RKE2 clustersRancher 配置的 RKE2 集群配置Login to the Rancher UI登录牧场主界面Navigate toCluster Management导航至集群管理ClickEdit Configfor the relevant Rancher-provisioned RKE2 cluster点击编辑配置以查看相关的 Rancher 配置 RKE2 集群ClickAdditional Manifestand provide the a HelmChartConfig, with the desired default-ssl-certificate, per the example below, setting namespace and secret_name as required to reference the appropriate TLS secret.点击“附加清单”提供 HelmChartConfig并按照下面的示例设置所需的默认 SSL 证书设置namespace 和secret_name以引用相应的 TLS 秘密。span stylecolor:#000000span stylebackground-color:#ffffffspan stylebackground-color:#efefefcodeapiVersion: a>ClickSaveat the bottom of the page点击页面底部的保存Configuration for standalone RKE2 clusters独立 RKE2 集群配置On server nodes in the cluster, create a HelmChartConfig manifest, with the desired default-ssl-certificate, for the rke2-ingress-nginx chart, within the directory /var/lib/rancher/rke2/server/manifests/ (e.g. /var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml). In the example below, set namespace and secret_name as required to reference the appropriate TLS secret.在集群中的服务器节点上创建一个 HelmChartConfig 清单包含所需的默认 ssl 证书用于 rke2-ingress-nginx 图表目录为/var/lib/rancher/rke2/server/manifests/例如/var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml。在下面的示例中设置namespace和 secret_name 如要求引用相应的 TLS 秘密。span stylecolor:#000000span stylebackground-color:#ffffffspan stylebackground-color:#efefefcodeapiVersion: a>Environment 环境A standalone or Rancher-provisioned RKE2, with the RKE2-bundled ingress-nginx ingress controller一个独立或由 Rancher 配置的 RKE2配备 RKE2 捆绑的 ingress-nginx 入口控制器访问Rancher-K8S解决方案博主企业合作伙伴 https://blog.csdn.net/lidw2009