ServersTransport not working with Kubernetes Ingress + ingressClass filter
Traefik version: 3.6.10
Setup: Two Traefik controllers in the same cluster, each scoped with --providers.kubernetescrd.ingressClass=traefik-internal
I'm migrating from Nginx Ingress and need to replicate nginx.ingress.kubernetes.io/backend-protocol: HTTPS. My backend serves HTTPS on port 8080 with a self-signed cert (DNS SANs only, no IP SANs).
Traefik connects directly to pod IPs, so I get:
cannot validate certificate for 10.135.166.114 because it doesn't contain any IP SANs
I cannot use IngressRoute - I'm constrained to standard Kubernetes Ingress resources.
What I tried
1. ServersTransport with insecureSkipVerify: true referenced via:
traefik.ingress.kubernetes.io/service.serverstransport:`` namespace-test-insecure-transport@kubernetescrd
The resource exists in Kubernetes but never appears in /api/http/serverstransports. Silently ignored.
2. Added ingressClass annotation to ServersTransport - no effect.
3. Named Service port https - scheme correctly switches to HTTPS but the IP SAN error persists since ServersTransport isn't loaded.
Questions
- Is ServersTransport intentionally unsupported with Ingress resources?
- Is there any supported way to configure insecureSkipVerify for HTTPS backends when using Ingress?
- Should ServersTransport be exempt from the ingressClass filter since it has no ingressClass field?