amazon-ekstraefikaws-nlb

Setup TLS termination on a NLB for traefik in EKS


I have a traefik setup in an EKS cluster (helm values):

ingressClass:
    enabled: true
    isDefaultClass: true
    name: "${ingress_class}"
ingressRoute:
    dashboard:
        enabled: false
service:
    annotations:
        service.beta.kubernetes.io/aws-load-balancer-type: nlb
        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "${ssl_cert}"
        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: websecure
providers:
    kubernetesIngress:
        enabled: true
        ingressClass: "${ingress_class}"
        publishedService: 
            enabled: true
externalTrafficPolicy: Local

As I understand, this is supposed to terminal SSL on the NLB that is created.

Now I set up an application e.g. argo-workflows which is supposed to run on e.g. example.host

server:
    ingress:
        enabled: true
        annotations:
            traefik.ingress.kubernetes.io/router.entrypoints: websecure
            external-dns.alpha.kubernetes.io/hostname: "${domain_address}"
        hosts:
        - "${domain_address}"

Now the NLB is created and accessing the application via example.host works, but it's insecure and uses the Traefik default certificate.
The TargetGroup in my NLB leads to TCP:443 and does not have a certificate set.

I am not sure what I have to give AWS to make this work. Can you help me?


Solution

  • The solution was so destroy and reapply everything. The Loadbalancer had a Cert then.