3 months ago, I initially installed traefik using helm by doing the following in a Kubernetes cluster:
helm install stable/traefik --name traefik --namespace traefik --set dashboard.enabled=true,serviceType=NodePort,dashboard.domain=traefik2.portworx.co,rbac.enabled=true,ssl.enabled=true,ssl.enforced=true --set-file ssl.defaultKey=tls.key.base64 --set-file ssl.defaultCert=tls.crt.base64
tls.key.base64 and tls.crt.base64 were files containing the TLS certificate that I obtained from Let's Encrypt, and which I base64 encoded.
Now the Let's Encrypt certificate has expired, so I used certbot to create a new one.
To update the certificate in traefik, I did the following:
- Base64 encode new
tls.key.base64andtls.crt.base64files. - Get the values from helm:
helm get values traefik > traefik-values.yml - Modify the
traefik-values.ymlfile, replace thedefaultCertvalue with the contents oftls.crt.base64, and replace thedefaultKeyvalue with the contents oftls.key.base64. - Update with:
helm upgrade -f traefik-values.yml traefik stable/traefik - Verify that certificate is in secret:
kubectl -n traefik get secret traefik-default-cert -o yaml
When I access traefik via the web interface, it is still serving the old certificate.
Any idea what I must do to serve the new certificate?
Do I have to delete the traefik pod, or is there a way I can get traefik to re-read it's config somehow?