Hi,
I am using traefik 2.10 and currently I use ingress and ingress route setup on my traefik to route traffic to various backends and we are terminating SSL at traefik level. Now I am looking at ways to do TLS passthrough to my backend loadbalancer and route traffic from there.
My current Ingress set up is as follows. I deleted this so as to add a TCPRoute for passthrough.
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: traefik-public
meta.helm.sh/release-name: test
meta.helm.sh/release-namespace: test-beta
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
labels:
app.kubernetes.io/instance: test
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: test
app.kubernetes.io/version: 1.0.1
helm.sh/chart: test-0.1.179
name: test
namespace: test-beta
spec:
ingressClassName: traefik-public
rules:
- host: '*.test.com'
http:
paths:
- backend:
service:
name: my-test-service
port:
number: 8080
path: /
pathType: ImplementationSpecific
tls:
- hosts:
- '*.test.com’```
I deleted
1. The above Ingress
2. kubernetesCRD and kubernetesingress providers I have in my existing configuration
Added the following to allow for TLS passthrough. All my traffic is HTTPS
```apiVersion: v1
items:
- apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
annotations:
ingress.kubernetes.io/ssl-passthrough: "true"
name: test
namespace: test-beta
spec:
entryPoints:
- websecure
- web
routes:
- match: HostSNIRegexp(`^\w+\.test\.com$`)
priority: 1
services:
- name: test
namespace: test-beta
port: 8080
tls:
passthrough: true
kind: List```
Whenever I hit my website on browser I see the following logs
time="2024-03-29T16:50:41Z" level=debug msg="Serving default certificate for request: \"api-a1b2c3d4e5.test.com\""
time="2024-03-29T16:50:41Z" level=debug msg="http: TLS handshake error from IP:41614: remote error: tls: unknown certificate authority"
Where do I add certs in IngressRouteTCP config?