How to set up Traefik running as ingress controller in Kubernet to forward requests to a Kubernetes service backend that uses the HTTPS protocol and self-signed certificate.
References links
- https://community.traefik.io/t/insecureskipverify-explanation/2195
- https://doc.traefik.io/traefik/routing/providers/kubernetes-ingress/
---
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: my-transport
namespace: default
spec:
insecureSkipVerify: true # Skip SSL verification
---
apiVersion: v1
kind: Service
metadata:
name: my-service
namespace: default
annotations:
traefik.ingress.kubernetes.io/service.serversscheme: https # Set backend is HTTPS
traefik.ingress.kubernetes.io/service.serverstransport: my-transport@kubernetescrd
spec:
internalTrafficPolicy: Cluster
ports:
- name: webserver-https
port: 8443
protocol: TCP
targetPort: 8443
selector:
app: my-app
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
namespace: default
annotations:
kubernetes.io/tls-acme: "true" # Cert-manager will manage the certificate between Client and Traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
rules:
- host: my-endpoint.varlogdiego.com
http:
paths:
- backend:
service:
name: my-service
port:
number: 8443
path: /
pathType: Prefix
tls:
- hosts:
- my-endpoint.varlogdiego.com
secretName: my-endpoint-varlogdiego-com