Rancher 2.7 Ingress

Folks - in our situation we run RKE2 1.25.x have a workload and Rancher sharing a cluster. Each is terminating TLS on its ingress with a different cert. The Rancher ingress has no path (it is therefore effectively “/”) and the other worload ingress has a path like “/foo/bar”. What I’m seeing is that Nginx puts these together in the cluster nginx.conf - both ingresses are terminated by the Rancher cert. I tried hand-editing the Rancher Ingress to specify path: /rancher/.* (and other permutations) but then that always returns a 404. In other words - it looks like the Rancher mgmt UI can’t run behind an ingress with a path. I tried enabling --debug and --trace logging on the rancher pod but the resulting logs don’t seem to correlate to the browser-initiated traffic. Does anyone know why the Rancher mgmt UI won’t “just run” when the Ingress that is in front of it has a path?

Don’t run rancher as the same hostname as other workloads. There are probably hardcoded incoming URLS in the rancher UI, so just setting a different path on the ingress would not work.