I'm creating the following ingress resource in a K3s cluster which uses Traefik 2.6.2 as its ingress controller.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-app-ing
namespace: default
annotations:
kubernetes.io/ingress.class: traefik
spec:
tls:
- hosts:
- "my-app.mydomain.com"
secretName: mydomain-cert
rules:
- host: "my-app.mydomain.com"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: my-app-service
port:
name: http
And the secret mydomain-cert is created and present in the same namespace (default in this case).
kubectl describe secret mydomain-cert
Name: mydomain-cert
Namespace: default
Labels: <none>
Annotations: <none>
Type: kubernetes.io/tls
Data
====
tls.crt: 5603 bytes
tls.key: 1704 bytes
The certificate is valid through end of the year and signed by Let's Encrypt. I also see the route created and healthy in the dashboard. However, when I hit to the endpoint through browser (https://my-app.mydomain.com), I get an invalid certificate error. The certificate being used is not the one utilized through the ingress, but Traefik's default auto-generated cert.
This wasn't a problem till recently. I had to rebuild my K3s cluster after which I started seeing this issue. I wonder if that meant getting a new version of Traefik and thus a change in how I should configure the ingress.