How to setup mTLS in only one endpoint/route

Traefik Traefik v2
1

Hello! I have a Kubernetes application that uses Traefik with ingress. The problem is, I need to add mTLS authentication on a specific endpoint, to validate the origin of webhooks. This is my current ingress:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: traefik
spec:
  rules:
    - host: 'my-domain.com'
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: web-service
                port:
                  number: 80

  tls:
    - hosts:
        - my-domain.com
      secretName: my-secret

How do I add a "/webhook" route, for example, with the same host, that points to my service's "/webhook", but validates the user's mTLS certificate only on that specific endpoint? I checked this article, but I'm still confused on how to apply this to my ingress.

2

I stumbled on the same problem.
I think that there is no way of doing it with traefik.
Creating multiple IngressRoutes or Ingress, with a different tls configuration will fail and traefik will revert to the default as it does not like multiple tls configs for the same Host.

It seems such a basic feature, and yet I havent figured out:

  1. if it is possible at all
  2. how to do (if possible)

If you found a solution, please post it so others can learn.

I would rather refrain from using external plugins, as I noticed there are few that would help solve the problem (Plugins + search for "tls")