Traefik default tls on kubernetes

Traefik Traefik v2
,
1

I'm trying to configure traefik on kubernetes to use my own cloudflare tls cert, however I can't seem to make it work, it will continue the self generated cert or no longer accept https connections at all.

Bellow is my applied manifests (note: Using helmoperator from flux cd):

apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: traefik-public
spec:
  releaseName: traefik-public
  chart:
    spec:
      chart: traefik
      sourceRef:
        kind: HelmRepository
        name: traefik
        namespace: kube-system
  interval: 1h0m0s
  timeout: 30m
  install:
    remediation:
      retries: 3
  values:
    ingressRoute:
      dashboard:
        annotations:
          # Using ingress class makes the dashboard give 404 unless this annotation is set
          kubernetes.io/ingress.class: traefik-public
    ingressClass:
      enabled: true
      isDefaultClass: false
    providers:
      kubernetesCRD:
        enabled: true
        ingressClass: traefik-public
      kubernetesIngress:
        enabled: true
        publishedService:
          enabled: true
    globalArguments: [] # to disable anonymous usage reports
    additionalArguments:
    - "--log.level=TRACE" # to try and figure out why it doesn't work
    - "--providers.kubernetesingress.ingressclass=traefik-public"
    # Enable HTTPS redirection on web entrypoint
    - "--providers.file.filename=/config/dynamic.yml"
    - "--providers.file.watch=true"
    - "--entryPoints.web.http.redirections.entryPoint.to=websecure"
    - "--entryPoints.web.http.redirections.entryPoint.scheme=https"
    volumes:
    - name: cloudflare-tls
      mountPath: "/certs"
      type: secret
    - name: 'traefik-public-config'
      mountPath: "/config"
      type: configMap
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: traefik-public-config
data:
  dynamic.yml: |
    tls:
      certificates:
      - certFile: /certs/tls.crt
        keyFile: /certs/tls.key
      stores:
        default:
          defaultCertificate:
            certFile: /certs/tls.crt
            keyFile: /certs/tls.key

The errors i get:

traefik-public time="2021-12-28T02:21:35Z" level=error msg="Unable to append certificate <redacted> to store: unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=default
traefik-public time="2021-12-28T02:21:35Z" level=error msg="Error during the build of the default TLS configuration: TLS store default not found" entryPointName=websecure

I've already tried searching for a solution, double checked my cert is ok and paths are correct...

2

After some more troubleshooting seems the issue was the cert having windows line breaks (CRLF) instead of linux line breaks (LF) making it invalid.

3

Hello @dafzor,

Thanks for your interest in Traefik!

After some more troubleshooting seems the issue was the cert having windows line breaks (CRLF) instead of linux line breaks (LF) making it invalid.

If it was indeed the root cause of your issue, can you please mark this topic as resolved?