traefik Kubernetes self signed.

[chopp0r]

Hey! Just watched your treafik vid on yt! thx! I now switch from nginx to traefik, but im not quite sure where I can implement my selfsigned tls keys in the ingress.yaml? If you just let me know where to put in the ingress.yaml =)

tls: certificates: - secretName: tls-cert?

[dortlii]

Hi @chopp0r

Here a sample ingress.yaml from my home lab:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-ingress
  namespace: nginx
  # annotations:
    # (Optional): Annotations for the Ingress Controller
    # ---
    # General:
    # kubernetes.io/ingress.class: traefik
    # 
    # TLS configuration:
    # traefik.ingress.kubernetes.io/router.entrypoints: web, websecure
    # traefik.ingress.kubernetes.io/router.tls: "true"
    # 
    # Middleware:
    # traefik.ingress.kubernetes.io/router.middlewares:your-middleware@kubernetescrd
spec:
  rules:
  - host: "nginx.example.com"  # Your hostname
    http:
      paths:
      # Path-based routing settings:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nginx  # The name of the service
            port:
              number: 80  # Service Portnumber
  tls:
  - hosts:
    - nginx.example.com # Your hostname
    secretName: nginx-tls-secret  # Your TLS Secret

As you can see the secret is in the last line. I'm also using the cert manager (if you aren't familiar, take a look at this manual from christian boilerplates/certmanager) and the secret will be created like this:

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: nginx-cert
  namespace: nginx
spec:
  secretName: nginx-tls-secret
  issuerRef:
    name: selfsigned-clusterissuer
    kind: ClusterIssuer
  dnsNames:
    - nginx.example.com

Hope this helps with your issue - if it's still open 👨🏻‍💻