Hi all, I'm new to Traefik. I deployed Traefik 2.2.8 in AWS EKS like the following architecture:
I'm using AWS ALB in front of Traefik. I created a certificate in AWS Certificate Manager. I also created an ingress for Traefik, and using the certificate for that ingress. The following is the ingress configuration I'm using:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: traefik
labels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik
annotations:
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/certificate-arn: <acm-cert-arn>
alb.ingress.kubernetes.io/healthcheck-interval-seconds: "20"
alb.ingress.kubernetes.io/healthcheck-path: /ping
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/scheme: internet-facing
kubernetes.io/ingress.class: alb
spec:
rules:
- host: "*.example.com"
http:
paths:
- path: /*
backend:
serviceName: "ssl-redirect"
servicePort: use-annotation
- path: /*
backend:
serviceName: "traefik"
servicePort: 80
Also, I found that if I don't provide a certificate for Traefik, it will create a default certificate, which valid for a year:
https://github.com/containous/traefik/blob/master/pkg/tls/generate/generate.go
if expiration.IsZero() {
expiration = time.Now().Add(365 * (24 * time.Hour))
}
I would like to know do I still need to create another certificate using Let's encrypt or Cloudflare Origin Certificate for Traefik?
Also, if the default certificate is expired, will it auto renew?
I've checked the doc, but I don't whether it's applicable for Traefik default certificate.
Thank you.