Setup TLS termination on a NLB for traefik in EKS

Question

I have a traefik setup in an EKS cluster (helm values):

ingressClass:
    enabled: true
    isDefaultClass: true
    name: "${ingress_class}"
ingressRoute:
    dashboard:
        enabled: false
service:
    annotations:
        service.beta.kubernetes.io/aws-load-balancer-type: nlb
        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "${ssl_cert}"
        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: websecure
providers:
    kubernetesIngress:
        enabled: true
        ingressClass: "${ingress_class}"
        publishedService: 
            enabled: true
externalTrafficPolicy: Local

• ingress_class is traefik
• ssl_cert is an ARN of a certificate

As I understand, this is supposed to terminal SSL on the NLB that is created.

Now I set up an application e.g. argo-workflows which is supposed to run on e.g. example.host

server:
    ingress:
        enabled: true
        annotations:
            traefik.ingress.kubernetes.io/router.entrypoints: websecure
            external-dns.alpha.kubernetes.io/hostname: "${domain_address}"
        hosts:
        - "${domain_address}"

• domain_address would be example.host in this case.

Now the NLB is created and accessing the application via example.host works, but it's insecure and uses the Traefik default certificate.
The TargetGroup in my NLB leads to TCP:443 and does not have a certificate set.

I am not sure what I have to give AWS to make this work. Can you help me?

Answer 1

The solution was so destroy and reapply everything. The Loadbalancer had a Cert then.