TLS passthrough with SNI and K3S


I have a service in kubernetes (k3s) that terminates it's own HTTPS connection and I'm running a recent k3s installation that has traefik installed as an ingress provider.

Are there any examples of configuring a kubernetes ingress to do TLS passthrough using SNI rather than termination+re-encrypt.

I am seeing that I can set various annotations in the kubernetes Ingress so I'm guessing I need some traefik specific annotations?

Many thanks


Hi @inorton, the default traefik installation in k3s is using v1.7: ->

Enabling TLS passthrough (without decryption by Traefik) requires to use Traefik v2.0 which support TCP routing (with SNI), which v1.7 does not.

How to make it work in k3s?

You might find useful examples here: (a demo of one of our talks: context is different than yours, but demonstrate Traefik v2.0 with k3s).

1 Like

Regarding the TLS passtrough, you'll have to: