Hi all,
I'm attempting to implement a basic mTLS example in my Kubernetes cluster, following the docs here: https://doc.traefik.io/traefik/https/tls/#client-authentication-mtls.
As soon as I annotate my ingress with traefik.ingress.kubernetes.io/router.tls.options
all I receive from the URL is a 404.
I have confirmed in the dashboard that the TLS option has been associated to the route successfully.
TLSOption + Ingress yaml:
apiVersion: traefik.io/v1alpha1
kind: TLSOption
metadata:
name: tls-option
namespace: test
spec:
clientAuth:
secretNames:
- mtls-cert
clientAuthType: RequireAndVerifyClientCert
minVersion: VersionTLS12
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress
namespace: test
annotations:
traefik.ingress.kubernetes.io/router.tls.options: test-tls-option@kubernetescrd
spec:
rules:
- host: host.example.com
http:
paths:
- backend:
service:
name: app
port:
number: 8080
path: /
pathType: ImplementationSpecific
tls:
- hosts:
- host.example.com
secretName: app-cert
Log:
{"ClientAddr":"1.1.1.1:60622","ClientHost":"1.1.2.2","ClientPort":"60622","ClientUsername":"-","DownstreamContentSize":19,"DownstreamStatus":404,"Duration":116987,"GzipRatio":0,"OriginContentSize":0,"OriginDuration":0,"OriginStatus":0,"Overhead":116987,"RequestAddr":"host.example.com","RequestContentSize":0,"RequestCount":19,"RequestHost":"host.example.com","RequestMethod":"GET","RequestPath":"/","RequestPort":"-","RequestProtocol":"HTTP/1.1","RequestScheme":"http","RetryAttempts":0,"StartLocal":"2025-04-28T11:00:24.894326798Z","StartUTC":"2025-04-28T11:00:24.894326798Z","entryPointName":"websecure","level":"info","msg":"","time":"2025-04-28T11:00:24Z"}
Any ideas?