L7 Ingress and TLS passthrough to pod

By default L7 Ingress will terminate TLS but I want to have it handled by an application on the pod.

My question is if this is possible to have it set for L7 Ingress via Rancher UI not doing edits to the yaml file afterwards if so where I can find that option as under Load Balancing / Add Ingress there is no such of option.


Depends. Technically tcp pass-thru isn’t an Ingress, but most ingress controllers will do it. If you’re using the nginx ingress controller, you can configure it with the tcp-services configmap, but you’ll need it on a different port or a different address. You can’t have the ingress controller selectively doing TLS termination on 443 for only some endpoints. It’s an all-or-none sort of thing.

I use this with non-HTTP workloads like MQTT, but they all listen on a different port.

Alternatively, use a NodePort service for your app and run an external tcp-only load balancer for it.