Rancher k3s build-in traefik ingress not connecting to https backend service

Hi

I have a Rancher k3s v1.26.6 cluster with the default traefik ingress controller. I run a pod with the gitlab/gitlab-ce image exposed with a ClusterIP Service:

apiVersion: v1
kind: Service
metadata:
 name: gitlab-service
 namespace: gitlab
spec:
 type: ClusterIP
 selector:
  k8s-app: gitlab
 ports:
 - name: "ssh"
  port: 22
  protocol: TCP
  targetPort: 22
 - name: "http"
  port: 80
  protocol: TCP
  targetPort: 80
 - name: "https"
  port: 443
  protocol: TCP
  targetPort: 443

The pod and service functions as expected and I can access the https port (443) of the service with no problem. The Ingress Rule fails to connect to the https port (443):

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
 name: gitlab-ingress
 namespace: gitlab
spec:
 ingressClassName: traefik
 tls:
 - hosts:
  - gitlab.jmol.dk
  secretName: gitlab-tls
 rules:
 - host: gitlab.jmol.dk
  http:
   paths:
   - path: /
    pathType: Prefix
    backend:
     service:
      name: gitlab-service
      port:
       number: 443

What annotations do I have to include in the Ingress specification for it to work? I have tried:

1. No annotations
2. traefik.ingress.kubernetes.io/router.insecureSkipVerify: "true"
3. traefik.ingress.kubernetes.io/service.serversscheme: https
4. traefik.ingress.kubernetes.io/router.tls: "true"
5. traefik.ingress.kubernetes.io/router.entrypoints: websecure

None seem to work.

Thank you in advance.

Kind regards,
Jakob

The solution was to deactivate the certificate verification by creating a ServersTransport object:

apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
  name: mytransport
  namespace: default

spec:
    insecureSkipVerify: true

And then annotate the Service object:

traefik.ingress.kubernetes.io/service.serverstransport: default-mytransport@kubernetescrd

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.