I have a problem where i can create an ingress object, and make it work with https but it does not provide a custom certificate I have created and specified in the "ingress" object.
I am using openshift as the orchestrator. I am using "ingress" as a provider and the "ingress" object for traefik.
How can I create and enable a self-signed certificate that traefik will use? In addition, how can I change the default certificate traefik gives me?
My configurations:
I have installed traefik via the default values.yaml file and via the helm chart here: https://github.com/traefik/traefik-helm-chart/tree/master
My ingress object:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: whoami-http
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
tls:
- hosts:
- traefik.ben-tests.com
secretName: my-tls
rules:
- host: traefik.ben-tests.com
http:
paths:
- path: /iamben
pathType: Prefix
backend:
service:
name: whoami-svc
port:
number: 80
When i do:
curl https://traefik.ben-tests.com/iamben -k or access via web i get the default traefik certificate.
I have created the certificate via the following commands:
To create the certificate:
openssl req -new -newkey rsa:2048 -nodes -keyout my.key -out my.crt
To create the secret:
oc create secret generic my-tls --from-file=tls.key=my.key --from-file=tls.crt=my.crt
What am i doing wrong? Ty very much for the help.
When i signed the certificate it had no SAN so the certificate was not valid, thus traefik served the default one.
Created a new valid crt via openssl (version 1.1.1)
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout my.key -out my.crt -subj "/CN=traefik.ben-tests.com" -addext "subjectAltName=DNS:*.traefik.ben-tests.com,DNS:traefik.ben-tests.com"
And it worked :)