I have a traefik setup in an EKS cluster (helm values):
ingressClass:
enabled: true
isDefaultClass: true
name: "${ingress_class}"
ingressRoute:
dashboard:
enabled: false
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "${ssl_cert}"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: websecure
providers:
kubernetesIngress:
enabled: true
ingressClass: "${ingress_class}"
publishedService:
enabled: true
externalTrafficPolicy: Local
traefikssl_cert is an ARN of a certificateAs I understand, this is supposed to terminal SSL on the NLB that is created.
Now I set up an application e.g. argo-workflows which is supposed to run on e.g. example.host
server:
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
external-dns.alpha.kubernetes.io/hostname: "${domain_address}"
hosts:
- "${domain_address}"
domain_address would be example.host in this case.Now the NLB is created and accessing the application via example.host works, but it's insecure and uses the Traefik default certificate.
The TargetGroup in my NLB leads to TCP:443 and does not have a certificate set.
I am not sure what I have to give AWS to make this work. Can you help me?
The solution was so destroy and reapply everything. The Loadbalancer had a Cert then.