Environment
- Traefik-Version:
2.10.5
- Kuberntes-Version:
1.27.4
Given configurations
- Secret:
ingress-controller-traefik-cluster-cert
apiVersion: v1 kind: Secret metadata: name: ingress-controller-traefik-cluster-cert namespace: kube-system type: kubernetes.io/tls data: tls.crt: LS0t # ... snip tls.key: LS0t # ... snip
- TLSStore
ingress-controller-traefik-default
apiVersion: traefik.io/v1alpha1 kind: TLSStore metadata: name: ingress-controller-traefik-default namespace: kube-system spec: defaultCertificate: secretName: ingress-controller-traefik-cluster-cert certificates: - secretName: ingress-controller-traefik-cluster-cert
- IngressRoute
my-app-https
apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: my-app-https namespace: kube-system spec: entryPoints: - https routes: - kind: Rule match: Host(`my-domain.com`) && PathPrefix(`/my-app`) services: - name: my-app port: 80 tls: store: name: ingress-controller-traefik-default
Test scenario
-
Insecure
- Command:
curl --insecure https://my-domain.com/my-app
- Actual result:
{"status":200,"ok":true}
- Command:
-
Regular
-
Command:
curl https://my-domain.com/my-app
-
Actual result:
curl: (60) schannel: SEC_E_UNTRUSTED_ROOT (0x80090325) - [..] More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.
-
Issuer:
TRAEFIK DEFAULT CERT
-
My question
The target certificate is not picked-up from the secret ingress-controller-traefik-cluster-cert
and I do not see any meaningful message in the logs of traefik. Also not log level debug
gives me a hint so far. I only see:
time="2023-11-19T21:56:25Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=kube-system-ingress-controller-traefik-default
What I'm doing wrong?
Thanks already in advance.