0

I have raised this exact query at stackoverflow as well, as, interestingly, "Traefik" and "Kubernetes-Ingress" tags are absent on ServerFault, but present on StackoVerflow.

When I only add the TLS secret to the Ingress, Traefik serves it's default certificate.

kind: Ingress
spec:
  rules:
    ....
  tls:
  - secretName: ingress-mgt-server-keys

Only when I mount the secret and add below parameter, does Traefik start serving the real certificate.

entryPoints.https.tls.certificates

Are TLS secrets to be define in both, Traefik Ingress and Ingress-controller? This forces me to repeat the keys as secrets to all the ingress namespaces as well as the ingress-controller namespace.

Paddy
  • 455
  • 1
  • 5
  • 8

1 Answers1

0

The TLS Secret isn't needed to be set up in the target (ingress) namespaces.

Only the ingress controller namespace needs the TLS Secret.

Paddy
  • 455
  • 1
  • 5
  • 8
  • Is better to put the ingress rules in the same namespace of the ingress controller and the tls secret too. – c4f4t0r Aug 01 '18 at 19:49
  • This is what Traefic documentation says : "In addition to the modified ingress you need to provide the TLS certificate via a Kubernetes secret in the same namespace as the ingress." But following this will mean many duplicate secrets, across namespaces, in my case. – Paddy Aug 03 '18 at 13:31