I am using Traefik like a reverse proxy on my Kubernetes cluster and I'm looking a way to use multiple SSL Certificates.
According to the doc, is not possible to use multiple TLSStore, I must use only the default store.
For example, I have two domains app1.com and app2.com and two certificates for *.app1.com and *.app2.com known by Traefik using secret app1-com-ssl and app2-com-ssl, is it possible to store these two certificates in the same default TLSStore?
Here my TLSStore definition:
apiVersion: traefik.containo.us/v1alpha1
kind: TLSStore
metadata:
name: default
namespace: app1
spec:
defaultCertificate:
secretName: app1-com-sslHere my IngressRoute for app1:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: routes
namespace: app1
spec:
entryPoints:
- websecure
- web
routes:
- match: Host(`test.app1.com`)
kind: Rule
services:
- name: test-service
port: 8080
tls:
store:
name: defaultHere my IngressRoute for app2:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: routes
namespace: app2
spec:
entryPoints:
- websecure
- web
routes:
- match: Host(`test.app2.com`)
kind: Rule
services:
- name: test-service
port: 8080
tls:
store:
name: defaultThanks!
Good question. The TLSStore doesn't currently support multiple certificates it just supports a 'default certificate'. And as you have already seen you can only specify a 'default' TLSStore.
The Traefik configs do allow you to specify multiple certificates for the 'default' TLSStore (But not the K8s CRD) I have opened a feature request for the Traekik TLSStore CRD to add support for multiple certificates.
✌️