Is it possible to get TLS termination with a ingressrouteTCP object? It does not seem to want to load the certs. I keep getting the default traefik cert. See the object code below. Yes the tls secret is there.
The setup is that I want traefik to be able to handle TLS passthrough and termination on the same port. Is this possible with 1 entrypoint?
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: rancher
namespace: cattle-system
spec:
entryPoints:
- tcp
routes:
- match: HostSNI(`rancher.rfed.io`)
services:
- name: rancher
port: 80
tls:
secretName: tls-rancher-ingress
domains: - main: rancher.rfed.io
here is how I am deploying traefik
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: traefik
namespace: traefik
labels:
app: traefik
spec:
selector:
matchLabels:
app: traefik
template:
metadata:
labels:
app: traefik
spec:
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik
imagePullPolicy: IfNotPresent
args:
- --api.insecure
- --accesslog
- --entrypoints.web.Address=:80
- --entryPoints.web.forwardedHeaders.insecure
- --entrypoints.tcp.Address=:443
- --metrics.prometheus=true
- --metrics.prometheus.addEntryPointsLabels=true
- --metrics.prometheus.addServicesLabels=true
- --providers.kubernetescrd
- --global.sendAnonymousUsage=false
- --log.level=DEBUG
- --pilot.dashboard=false
ports:
- name: web
containerPort: 80
- name: tcp
containerPort: 443
- name: admin
containerPort: 8080
securityContext:
allowPrivilegeEscalation: true
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
hostNetwork: true