Environment
- Traefik-Version:
2.10.5 - Kuberntes-Version:
1.27.4
Given configurations
- Secret:
ingress-controller-traefik-cluster-certapiVersion: v1 kind: Secret metadata: name: ingress-controller-traefik-cluster-cert namespace: kube-system type: kubernetes.io/tls data: tls.crt: LS0t # ... snip tls.key: LS0t # ... snip - TLSStore
ingress-controller-traefik-defaultapiVersion: traefik.io/v1alpha1 kind: TLSStore metadata: name: ingress-controller-traefik-default namespace: kube-system spec: defaultCertificate: secretName: ingress-controller-traefik-cluster-cert certificates: - secretName: ingress-controller-traefik-cluster-cert - IngressRoute
my-app-httpsapiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: my-app-https namespace: kube-system spec: entryPoints: - https routes: - kind: Rule match: Host(`my-domain.com`) && PathPrefix(`/my-app`) services: - name: my-app port: 80 tls: store: name: ingress-controller-traefik-default
Test scenario
-
Insecure
- Command:
curl --insecure https://my-domain.com/my-app - Actual result:
{"status":200,"ok":true}
- Command:
-
Regular
-
Command:
curl https://my-domain.com/my-app -
Actual result:
curl: (60) schannel: SEC_E_UNTRUSTED_ROOT (0x80090325) - [..] More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. -
Issuer:
TRAEFIK DEFAULT CERT
-
My question
The target certificate is not picked-up from the secret ingress-controller-traefik-cluster-cert and I do not see any meaningful message in the logs of traefik. Also not log level debug gives me a hint so far. I only see:
time="2023-11-19T21:56:25Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=kube-system-ingress-controller-traefik-default
What I'm doing wrong?
Thanks already in advance.