Hi all,
I am trying to configure my K3s Traefik instance with support for automatic provisioning of Tailscale certificates.
So far I have this in /var/lib/rancher/k3s/server/manifests/traefik-tailscale.yaml:
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: traefik
namespace: kube-system
spec:
valuesContent: |-
providers:
kubernetesGateway:
enabled: true
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
certificatesResolvers:
tailscale:
tailscale: {}
Next, I have this declaration in a YAML file that I kubectl apply. I based it on this document.
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: traefik
namespace: default
spec:
gatewayClassName: traefik
# Only Routes from the same namespace are allowed.
listeners:
- name: http
protocol: HTTP
port: 80
allowedRoutes:
namespaces:
from: Same
- name: https
protocol: HTTPS
port: 443
tls:
mode: Terminate
# certificateRefs: # Omitted because I want to use Tailscale?
allowedRoutes:
namespaces:
from: Same
Could someone explain to me what certificateRefs should be in order for it to work with Tailscale?
Thanks,
Sam