I'm trying to configure traefik on kubernetes to use my own cloudflare tls cert, however I can't seem to make it work, it will continue the self generated cert or no longer accept https connections at all.
Bellow is my applied manifests (note: Using helmoperator from flux cd):
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: traefik-public
spec:
releaseName: traefik-public
chart:
spec:
chart: traefik
sourceRef:
kind: HelmRepository
name: traefik
namespace: kube-system
interval: 1h0m0s
timeout: 30m
install:
remediation:
retries: 3
values:
ingressRoute:
dashboard:
annotations:
# Using ingress class makes the dashboard give 404 unless this annotation is set
kubernetes.io/ingress.class: traefik-public
ingressClass:
enabled: true
isDefaultClass: false
providers:
kubernetesCRD:
enabled: true
ingressClass: traefik-public
kubernetesIngress:
enabled: true
publishedService:
enabled: true
globalArguments: [] # to disable anonymous usage reports
additionalArguments:
- "--log.level=TRACE" # to try and figure out why it doesn't work
- "--providers.kubernetesingress.ingressclass=traefik-public"
# Enable HTTPS redirection on web entrypoint
- "--providers.file.filename=/config/dynamic.yml"
- "--providers.file.watch=true"
- "--entryPoints.web.http.redirections.entryPoint.to=websecure"
- "--entryPoints.web.http.redirections.entryPoint.scheme=https"
volumes:
- name: cloudflare-tls
mountPath: "/certs"
type: secret
- name: 'traefik-public-config'
mountPath: "/config"
type: configMap
---
apiVersion: v1
kind: ConfigMap
metadata:
name: traefik-public-config
data:
dynamic.yml: |
tls:
certificates:
- certFile: /certs/tls.crt
keyFile: /certs/tls.key
stores:
default:
defaultCertificate:
certFile: /certs/tls.crt
keyFile: /certs/tls.key
The errors i get:
traefik-public time="2021-12-28T02:21:35Z" level=error msg="Unable to append certificate <redacted> to store: unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=default
traefik-public time="2021-12-28T02:21:35Z" level=error msg="Error during the build of the default TLS configuration: TLS store default not found" entryPointName=websecure
I've already tried searching for a solution, double checked my cert is ok and paths are correct...