boilerplates
boilerplates copied to clipboard
traefik Kubernetes self signed.
Hey! Just watched your treafik vid on yt! thx! I now switch from nginx to traefik, but im not quite sure where I can implement my selfsigned tls keys in the ingress.yaml? If you just let me know where to put in the ingress.yaml =)
tls: certificates: - secretName: tls-cert?
Hi @chopp0r
Here a sample ingress.yaml from my home lab:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
namespace: nginx
# annotations:
# (Optional): Annotations for the Ingress Controller
# ---
# General:
# kubernetes.io/ingress.class: traefik
#
# TLS configuration:
# traefik.ingress.kubernetes.io/router.entrypoints: web, websecure
# traefik.ingress.kubernetes.io/router.tls: "true"
#
# Middleware:
# traefik.ingress.kubernetes.io/router.middlewares:your-middleware@kubernetescrd
spec:
rules:
- host: "nginx.example.com" # Your hostname
http:
paths:
# Path-based routing settings:
- path: /
pathType: Prefix
backend:
service:
name: nginx # The name of the service
port:
number: 80 # Service Portnumber
tls:
- hosts:
- nginx.example.com # Your hostname
secretName: nginx-tls-secret # Your TLS Secret
As you can see the secret is in the last line. I'm also using the cert manager (if you aren't familiar, take a look at this manual from christian boilerplates/certmanager) and the secret will be created like this:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: nginx-cert
namespace: nginx
spec:
secretName: nginx-tls-secret
issuerRef:
name: selfsigned-clusterissuer
kind: ClusterIssuer
dnsNames:
- nginx.example.com
Hope this helps with your issue - if it's still open 👨🏻💻