Are the LE certs stored persistently with k8s?

I assume so but couldn't find anything about it.

Does Traefik uses k8s' secrets for this or volumes? Does they stay persistent (1) after I deleted all deployments and (2) after I resetted k8s?

Or are the other extreme, are they requested again and again with every new run?

am having the same issue. Not only that I want to be able to use the secrets across different clusters. we are spinning up clusters on demand. Constantly hitting the rate limit...

Would love to hear what is the solution

I just checked myself, just applied/deleted manifests 2 times and voila, it generates new certificates everytime and doesn't save the prior one. I kept k8s running inbetween:

1st run:

2nd run:

The certs serial number also differ

I alos checked the debug log for legolog and both runs are identical, hence Traefik let LE everytime generate new certs :confused:

just posted a feature request in their issues, I think this is a must feature since k8s and other orchestrators offer a pers storage:

I had the same problem. The only way I have found to solve it is using a volume to store the certificate (Azure files in my case).

so how did you do this? putting acme.json into somefolder/ and somefolder/ is a volume mapped to the physical system?

Yes. I mount a volume mapped to a directory previouly configured in traefik to save the certificates.

  - mountPath: "/certs"
    name: certs

Configured volume:

  - name: certs
      claimName: traefik-certs
1 Like

That's actually how its ment to be :slight_smile: Mount a volume to store the file and it will be persistent

1 Like

I wanted to do just that but I ready the following ticket

Either a persistent volume or a backend like Consul or Etcd is the recommended way of doing it. If you run multiple instances that share a configuration, I would highly recommend to not just use a volume as that might create some issues with read/write deadlocks etc.