I have configured an EKS cluster with Traefik for the ingress and cert-manager for managing SSL certs.
While cert-manager operates normally (with Route53 as the issuer) and I am able to generate certificates, when I define them as secrets on the IngressRoute manifest it seems that the certificate is not being fetched.
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: test-api
namespace: test
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`eks.api.test.mydomain.com`)
kind: Rule
services:
- name: test-api
port: 8000
tls:
secretName: wildcard-mydomain-com-staging-tls
secretName is correct and the secret is configured correctly as well.
In the logs of Traefiik pod I see the below:
time="2023-09-29T10:24:29Z" level=debug msg="Adding route for eks.api.test.mydomain.com with TLS options default" entryPointName=websecure
time="2023-09-29T10:27:25Z" level=debug msg="Serving default certificate for request: \"eks.api.test.mydomain.com\""
time="2023-09-29T10:27:25Z" level=debug msg="http: TLS handshake error from 10.0.4.207:24669: remote error: tls: unknown certificate"
time="2023-09-29T10:27:35Z" level=debug msg="Serving default certificate for request: \"eks.api.test.mydomain.com\""
time="2023-09-29T10:27:35Z" level=debug msg="http: TLS handshake error from 10.0.4.207:29373: remote error: tls: unknown certificate"