TLS via secretName Kubernetes


Running into an issue whereby Traefik can't seem to see/find a secret which contains TLS certs.


apiVersion: v1
kind: Secret
  name: mysecret
  namespace: my-namespace
  tls.crt: base 64 encoded crt file LS0tLS1CRUd....
  tls.key: base 64 encoded key file LS0tLS1CRUd....

Ingress route

kind: IngressRoute
  name: my-app
  namespace: my-namespace
    - websecure
  - match: Host(`my-app.domain`)
    kind: Rule
    - name: my-app
      port: 1234
    - name: ipwhitelist
    secretName: mysecret

Error I'm getting from Traefik

Error configuring TLS: secret my-namespace/mysecret does not exist" ingress=my-app namespace=my-namespace providerName=kubernetescrd

Anyone else running into issues like this? Any ideas?


Hello @wattymelon

Could you explain how do you have created your Secret yaml file please?
Is it a self-signed certs ?


Sure! I used the below YAML as per the docs

And nope! Not self signed.


So, you're in the same situation as me, you need to replace the tls.crt / tls.key data with real keys/crt, and base64 encoded. The documentation doesn't explain how.

Just to confirm..

I didn't use the defaults from the documentation. I did replace tls.crt and tls.key with the real certificate.
I quoted them as below to keep the crt and key private.

Oh ok, could you please tell me how did you do that please? I've believed you was in the same situation as me.

Sure! You can use something like the below..

kubectl create secret tls CERT_NAME --key KEY_FILE --cert CERT_FILE

Replacing CERT_NAME for what you want the secret to be called. KEY_FILE with the cert .key file. Finally CERT_FILE with the cert .crt file

You can also add -n namespace to place it in a certain namespace.

Hope your's work!

Thanks a lots, but I would mean, how to generate the .crt / .key file, because I've believed openssl tool was requirede only for self-signed TLS, and I've believed Traefik could request TLS automaticaly.
To not continue to hijack your initial post, you may be prefer to answer on this thread: Question about kubernetes secret for TLS on v2 CRD