I would like to configure Traefik running under Kubernetes to work with an internal ACME certificate authority. I've tried to configure Traefik to trust the CA root certificate by injecting the following configuration into the ingress Deployment:
Okay, after some further work I see that Traefik itself doesn't provide any facility for injecting additional trusted CA certificates. The only solution is to install them at the OS level.
Since I'm installing Traefik via the helm chart, that customization ends up being a little tricky: the helm chart doesn't provide any facility for doing this. I ended up passing the helm chart output through kustomize so that I can patch the Deployment.
This does require me to manually calculate the certificates hashes in order to mount them at the right places, but now things are working: I'm able to create new IngressRoutes and Traefik will successfully request a certificate from the ACME server.
I don't know if this is the best solution for setting things up when using the helm chart. I do think the documentation could be more clear around this use case (that is, using an internal ACME server), and I'm curious how other folks are doing this in their kubernetes deployments.