I am running Traefik (v2.0) as ingress gateway for my EKS cluster. Traefik ingress is working fine.
Now, I need to add https support for my ingress using self signed certificate. For this, I have:
kubectl create secret tls tlssecret --key="eks.tls.key" --cert="eks.tls.crt"
/auth)
...After this deployment, when I browse ingress url, it still presents me the TRAEFIK DEFAULT CERT, not my self-signed certificate.
Please let me know what I am doing wrong here? Is there any other way of doing it?
Finally it worked out as below:
traefik-conf.yml:
apiVersion: v1
kind: ConfigMap
metadata:
name: traefik-conf
namespace: pulse
data:
traefik.yml: |
api:
dashboard: true
insecure: true
global:
checkNewVersion: false
sendAnonymousUsage: false
ping: {}
entryPoints:
websecure:
address: ":443"
web:
address: ":80"
providers:
kubernetesCRD: {}
file:
filename: /etc/traefik/traefik.yml
watch: true
tls:
stores:
default:
defaultCertificate:
certFile: /ssl/tls.pem
keyFile: /ssl/tls.key
options:
default:
minVersion: VersionTLS12
sniStrict: false
certificates:
- certFile: /ssl/tls.pem
keyFile: /ssl/tls.key
I changed ingress controller as below:
spec:
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v2.0
volumeMounts:
- name: config
mountPath: /etc/traefik/traefik.yml
subPath: traefik.yml
- name: ssl
mountPath: /ssl
ports:
- name: web
containerPort: 80
- name: websecure
containerPort: 443
- name: admin
containerPort: 8080
volumes:
- name: ssl
secret:
secretName: traefik-cert
- name: config
configMap:
name: traefik-conf
Ingress routes:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: pulseingressroutetls
namespace: pulse
spec:
entryPoints:
- websecure
tls:
secretname: traefik-cert
routes:
...