Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
a
average-arm-20932
07/15/2022, 5:23 PMHello Team,
I'm using K3s version(v1.22.4+k3s1), I need to send the SSL connections directly to the backend, not decrypt at my Traefik. The backend needs to receive https requests.
The below annotations is not working, could anyone help me here, any help appreciated.
apiVersion: <http://networking.k8s.io/v1|networking.k8s.io/v1>
kind: Ingress
metadata:
name: cp-certissuer-ing
namespace: cp-certissuer
annotations:
<http://traefik.ingress.kubernetes.io/ssl.passthrough|traefik.ingress.kubernetes.io/ssl.passthrough>: "True"
spec:
rules:
- host: <http://server.example.com|server.example.com>
http:
paths:
- backend:
service:
name: cp-certissuer
port:
number: 8080
path: /cert/actuator/info
pathType: Prefix
tls:
- hosts:
- <http://server.example.com|server.example.com>
secretName: cp-certissuer-ssl-secretw
worried-businessperson-13284
07/16/2022, 5:44 PMI used
metadata:
annotations:
<http://traefik.ingress.kubernetes.io/service.serversscheme|traefik.ingress.kubernetes.io/service.serversscheme>: httpsa
average-arm-20932
07/18/2022, 7:22 PMThank you! for the reply,
Do you mean I should use '<http://traefik.ingress.kubernetes.io/service.serversscheme|traefik.ingress.kubernetes.io/service.serversscheme>: https' rather '<http://traefik.ingress.kubernetes.io/ssl.passthrough|traefik.ingress.kubernetes.io/ssl.passthrough>: "True"' for SSL-PASSTHROUGH?
Though I have tired your options, but it is still not working, could you please reconfirm it.w
worried-businessperson-13284
07/18/2022, 7:34 PMmost important thing to do is enable logging on Traefik then watch it to see what's happening
there are so many variables between setups
a
average-arm-20932
07/18/2022, 7:49 PMOkay, let me try to enable the logging and see it, meantime I found an Traefik blog where they are talking about how to configure the Pass-through(IngressRouteTCP) in Kubernetes, but the configure is different in K3S.
https://doc.traefik.io/traefik/v2.1/routing/providers/kubernetes-crd/#kind-ingressroutetcp
w
worried-businessperson-13284
07/18/2022, 8:02 PMoooh, you want full pass thru! yeah, that's different to what I'm using. AIUI you'll need to use a Traefik IngressRoute, rather than an Ingress
a
average-arm-20932
07/18/2022, 8:08 PMI'm glad you understood what I meant.
I have noticed CRD (ingressroutetcps.traefik.containo.us), is already enabled and IngressRoute is a possible configuration, however do you have any sample settings which can be configured in K3S?
w
worried-businessperson-13284
07/18/2022, 8:22 PMtheir example is for TLS termination but there's a note on the pass thru option that sounds like what you want
a
average-arm-20932
07/21/2022, 2:42 PMI tried that option also, but no luck 😞 .