This message was deleted.
# k3sa
adamant-kite-43734
10/26/2022, 10:54 PMThis message was deleted.
c
creamy-pencil-82913
10/26/2022, 10:58 PMsounds like an issue with your ingress resource
creamy-pencil-82913
10/26/2022, 10:58 PMHow did you tell traefik to use your cert for that ingress?
l
lively-battery-54332
10/27/2022, 1:42 PMI referenced the cert with a secret in the tls section of the ingress. Do I need to further configure traefik too..?
Copy code
# apiVersion: <http://networking.k8s.io/v1beta1|networking.k8s.io/v1beta1> # for k3s < v1.19
apiVersion: <http://networking.k8s.io/v1|networking.k8s.io/v1>
kind: Ingress
metadata:
name: test-ingress
annotations:
<http://traefik.ingress.kubernetes.io/router.entrypoints|traefik.ingress.kubernetes.io/router.entrypoints>: websecure <http://traefik.ingress.kubernetes.io/router.tls|traefik.ingress.kubernetes.io/router.tls>: "true"
spec:
tls:
- secretName: manaul-rsa-cert-2048
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx
port:
number: 80lively-battery-54332
10/27/2022, 1:55 PMSnippet of the server cert that the above manaul-rsa-cert-2048 secret references:
Copy code
Certificate:
...
Issuer: CN=Dev Signer
Validity
Not Before: Oct 26 21:56:00 2022 GMT
Not After : Oct 29 21:56:00 2022 GMT
Subject: CN=192.168.1.6
...
X509v3 Subject Alternative Name:
DNS:<http://www.k3s.test.192.168.1.6.nip.io|www.k3s.test.192.168.1.6.nip.io>, DNS:<http://k3s.test.192.168.1.6.nip.io|k3s.test.192.168.1.6.nip.io>, IP Address:192.168.1.6lively-battery-54332
10/27/2022, 9:03 PMI needed to explicitly set Traefik's default certificate with my own server cert. I did this by deploying a TLSStore that references my secret as detailed here. Full TLSStore:
Copy code
apiVersion: <http://traefik.containo.us/v1alpha1|traefik.containo.us/v1alpha1>
kind: TLSStore
metadata:
name: default
namespace: test
spec:
defaultCertificate:
secretName: manual-rsa-cert-2048576 Views