Trying to enable TLS but can't get it working with the default k3s traefik pod

I am new to kubernetes and traefik so perhaps I am misunderstanding, but I cannot figure out how to enable TLS while following the getting started guide.

I'm using k3s, so theres a default traefik-proxy pod deployed on kube-system. I then followed the "Deployment and Exposition" section of the guide to get http working. I then moved on to trying to get https working. The documentation mentions:

  • TLS can be enabled through the HTTP Options of an Entrypoint
  • To enable TLS on the underlying router created from an Ingress, one should configure it through annotations

I didn't know which route to take, so I decided to do it via annotations and just add

traefik.ingress.kubernetes.io/router.tls: "true"

but it didn't work, so I feel like I'm missing some steps.

So, I decided to instead follow the User Guide on "Traefik & CRD & Let's Encrypt". Walking through all the steps here worked... but now I have two Traefik pods. This new one and the default that came with k3s.

Any sort of guidance would be appreciated. Is there a way to edit the default to work so I don't have two? Or did I forget some steps while trying to enable TLS via annotations?

Thanks!

I am working with @tahoeschrader.

We also added the traefik.ingress.kubernetes.io/router.entrypoints: websecure annotation to the Ingress, but no observed change. After following the complete user guide, we do have TLS working on this dummy whoami service, but it required deploying traefik a second time and not using the builtin one that comes with k3s in kube-system. Advice for just using the builtin one?

Not sure if this is relevant, but there is an extensive How To Secure Your Site in Kubernetes with cert-manager, Traefik, and Let’s Encrypt tutorial from DigitalOcean.