Rancher Server Setup
- Rancher version: 2.14.0
- Installation option (Docker install/Helm Chart):
- If Helm Chart, Kubernetes Cluster and version (RKE1, RKE2, k3s, EKS, etc): Helm and RKE2
- Proxy/Cert Details:
Information about the Cluster
- Kubernetes version: v1.35.2
- Cluster Type (Local/Downstream): Downstream
- If downstream, what type of cluster? (Custom/Imported or specify provider for Hosted/Infrastructure Provider): Any
User Information
- What is the role of the user logged in? (Admin/Cluster Owner/Cluster Member/Project Owner/Project Member/Custom)
- If custom, define the set of permissions:
Describe the bug
I have an RKE2 cluster using ingress-nginx. When I want to start the migration, I click on "Edit Config" and select the "Dual-mode" option. Then I press save. In the next minutes, I can observe that ingress-nginx gets redeployed.
The reason is that when selecting "dual-mode", even if coming from ingress-nginx, the RKE2 cluster configuration includes (note that traefik is first):
"ingress-controller": [
"traefik",
"ingress-nginx"
],
RKE2 includes a global variable that it injects in all helm charts called: global.systemDefaultIngressClass and its value is derived from the first ingress-controller. Therefore, if you were using ingres-nginx, when selecting the dual-mode option, the global.systemDefaultIngressClass changes from ingress-nginx to traefik. As a result, ingress-nginx gets redeployed and depending on hooks, etc... it can leave the cluster without any ingress capability for some minutes
To Reproduce
1 - Deploy RKE2 + ingress-nginx
2 - Change the ingress controller in the cluster configuration to dual-mode
3 - After some time, all ingress-nginx gets redeployed. If you ssh into the control-plane node and check any of the manifests in /var/lib/rancher/rke2/server/manifests/, you will see that global.systemDefaultIngressClass: traefik
Result
Ingress-nginx gets redeployed
Expected Result
The previously used ingress controller stays the first in the list. The new ingress controller gets second. That way, we are not changing the defaultIngress and thus ingress-nginx is not redeployed
Screenshots
Additional context
Rancher Server Setup
Information about the Cluster
User Information
Describe the bug
I have an RKE2 cluster using ingress-nginx. When I want to start the migration, I click on "Edit Config" and select the "Dual-mode" option. Then I press save. In the next minutes, I can observe that ingress-nginx gets redeployed.
The reason is that when selecting "dual-mode", even if coming from ingress-nginx, the RKE2 cluster configuration includes (note that traefik is first):
RKE2 includes a global variable that it injects in all helm charts called:
global.systemDefaultIngressClassand its value is derived from the first ingress-controller. Therefore, if you were using ingres-nginx, when selecting the dual-mode option, theglobal.systemDefaultIngressClasschanges from ingress-nginx to traefik. As a result, ingress-nginx gets redeployed and depending on hooks, etc... it can leave the cluster without any ingress capability for some minutesTo Reproduce
1 - Deploy RKE2 + ingress-nginx
2 - Change the ingress controller in the cluster configuration to dual-mode
3 - After some time, all ingress-nginx gets redeployed. If you ssh into the control-plane node and check any of the manifests in
/var/lib/rancher/rke2/server/manifests/, you will see thatglobal.systemDefaultIngressClass: traefikResult
Ingress-nginx gets redeployed
Expected Result
The previously used ingress controller stays the first in the list. The new ingress controller gets second. That way, we are not changing the defaultIngress and thus ingress-nginx is not redeployed
Screenshots
Additional context