K
Q

Traefik doesn't pick TLS certificates secrets from the ingress definition in Kubernetes

7/23/2018

When I only add the TLS secret to the Ingress, Traefik serves it's default certificate.

kind: Ingress
spec:
  rules:
    ....
  tls:
  - secretName: ingress-mgt-server-keys

Only when I mount the secret and add below parameter, does Traefik start serving the real certificate.

entryPoints.https.tls.certificates

Are TLS secrets to be define in both Ingress and Ingress-controller? This forces me to repeat the keys as secrets to all the ingress namespaces as well as the ingress-controller namespace.

[Update]: Traefik has RBAC to read secrets from the target namespace.

-- Paddy
https
kubernetes
kubernetes-ingress
traefik

Similar Questions

Kubernetes secrets and service accounts
Kubernetes manifest on Azure for port 443
When we set new SSH key using kops for existing Kubernetes cluster, would it break anything?
How to achieve hazelcast syncing in kubernetes with different pod (App and Hazel insatnce)?
How to use imagePullSecrets: [] in Helm 3

2 Answers

2/4/2019

Hmm, that does not seem to be the case.

https://docs.traefik.io/user-guide/kubernetes/#add-a-tls-certificate-to-the-ingress

In addition to the modified ingress you need to provide the TLS certificate via a Kubernetes secret in the same namespace as the ingress.

-- Ho Man
Source: StackOverflow
7/23/2018

The TLS Secret isn't needed to be set up in the target (ingress) namespaces.

Only the ingress controller namespace needs the TLS Secret.

-- Paddy
Source: StackOverflow