I am deploying Traefik 2.9.1 version in kubernetes environment through helm-chart. I used websecure entrypoint and ingressroute to route to grpc server.
After setting everything up, when I tested the app -> Traefik -> gRPC, I am getting a TLS Handshake error (PEER_DID_NOT_RETURN_A_CERTIFICATE) from the gRPC server.
The TLS communication between the app and the gRPC server is working fine without Traefik in the middle.
Below is an excerpt of my source code
apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: 'test-ingressroute' namespace: test spec: entryPoints: - websecure routes: - kind: Rule match: PathPrefix(`/test`) services: - name: grpc port: 8082 scheme: https middlewares: - name: 'test-middleware' tls: enabled: true options: name: test-cert namespace: test --- apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: name: 'test-middleware' spec: stripPrefix: prefixes: - /test --- apiVersion: traefik.containo.us/v1alpha1 kind: TLSOption metadata: name: test-cert namespace: test spec: clientAuth: secretNames: - ca-cert clientAuthType: RequireAndVerifyClientCert curvePreferences: - CurveP521 - CurveP384 cipherSuites: - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 sniStrict: true
In a architecture like this, is it possible to have the app connect to Traefik and the grpc via mTLS? I'm also wondering if I'm missing any configuration.
( I tried serversTransport.insecureSkipVerify but not worked )
And when configuring the server solely with helm-chart, without using a separate provider, I was wondering if it is possible to handle it with DNS-based communication instead of IP-based communication. (If there is documentation, I would appreciate a link).