Hello everyone,
I am trying to route TLS encrypted TCP traffic to a Pod using IngressRouteTCP.
I need to terminate TLS but then again connect via TLS from Traefik to the backend Pod.
Why?:
- The Client is running outside of Kubnetes
- I am using cert-manager and ACME and http01-Challenge
- The Endpoints (MongoDB Pods) require TLS and present certificates which are only valid for
*.cluster-local. (ACME cannot validate *.cluster-local) - ACME (http01-Challenge) is only able to issue certificates valid for external FQDN (
*.externaldomain.com)
From what I found IngressRouteTCP does never use TLS to communicate with the backend Pods.
When I look at IngressRoute I find IngressRouteTCP.spec.routes.services.serversTransport.
This is exactly what I would need in IngressRouteTCP.
Is there really no possibility to use upstream TLS (aka serversTransport) for TCP traffic routed by IngressRouteTCP?
Thanks & best regards,
J.