We are trying to encrypt communication between traefik ingress and middleware (forwardauth) & ingress to backend server also. Forwardauth redirects traffic to authentication server which is running over https and used selfsinged certificate.
In the wireshark i can see that ingress is communicating with authentication server using TCP insted TLS, but the communication between ingress and backend server using tls. Please help how to enable tls communication between traefik ingress and middleware .
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
annotations:
kubernetes.io/ingress.class: traefik
name: traefik-tls-1
namespace: sample-domain1-ns
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: PathPrefix(`/api`)
middlewares:
- name: test-auth-https
namespace: sample-domain1-ns
- name: test-auth
namespace: sample-domain1-ns
services:
- kind: Service
name: sample-svc
port: 8002
scheme: "https"
serversTransport: mytransport
tls:
secretName: domain1-tls-cert
options:
name: mtlsoption-ecprt
namespace: sample-domain1-ns
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-auth-https
namespace: sample-domain1-ns
spec:
redirectScheme:
scheme: https
permanent: true
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-auth
namespace: sample-domain1-ns
spec:
forwardAuth:
address: https://s-lb.sample-ns.svc.cluster.local:8080/auth
tls:
insecureSkipVerify: true
communication between traefik ingress and middleware as well as backend server should be on TLS.
