Trying to enable TLS but can't get it working with the default k3s traefik pod

I am new to kubernetes and traefik so perhaps I am misunderstanding, but I cannot figure out how to enable TLS while following the getting started guide.

I'm using k3s, so theres a default traefik-proxy pod deployed on kube-system. I then followed the "Deployment and Exposition" section of the guide to get http working. I then moved on to trying to get https working. The documentation mentions:

  • TLS can be enabled through the HTTP Options of an Entrypoint
  • To enable TLS on the underlying router created from an Ingress, one should configure it through annotations

I didn't know which route to take, so I decided to do it via annotations and just add "true"

but it didn't work, so I feel like I'm missing some steps.

So, I decided to instead follow the User Guide on "Traefik & CRD & Let's Encrypt". Walking through all the steps here worked... but now I have two Traefik pods. This new one and the default that came with k3s.

Any sort of guidance would be appreciated. Is there a way to edit the default to work so I don't have two? Or did I forget some steps while trying to enable TLS via annotations?


I am working with @tahoeschrader.

We also added the websecure annotation to the Ingress, but no observed change. After following the complete user guide, we do have TLS working on this dummy whoami service, but it required deploying traefik a second time and not using the builtin one that comes with k3s in kube-system. Advice for just using the builtin one?

Not sure if this is relevant, but there is an extensive How To Secure Your Site in Kubernetes with cert-manager, Traefik, and Let’s Encrypt tutorial from DigitalOcean.