How can SSL passthrough be implemented with Traefik in Kubernetes?

edit

SSL passthrough can be implemented with Traefik in Kubernetes by following these steps:

1. Disable SSL termination in Traefik by adding the following config to the Traefik deployment spec:

- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.web.http.redirections.entryPoint.scheme=https

1. Add a new entry point for SSL passthrough:

- --entrypoints.websecure.address=:443

1. Add a new service to Kubernetes for SSL passthrough:

apiVersion: v1
kind: Service
metadata:
  name: my-service
  annotations:
    traefik.frontend.passHostHeader: "true"
spec:
  selector:
    app: my-app
  ports:
  - name: https
    port: 443
    protocol: TCP
    targetPort: 443

1. Configure Traefik to use SSL passthrough for this service by adding the following to the Traefik deployment spec:

- --tcp.services=my-service
- --tcp.routers=my-service
- --tcp.routers.my-service.entrypoints=websecure
- --tcp.routers.my-service.rule=HostSNI(`mydomain.com`)
- --tcp.services.my-service.loadBalancer.server.port=443

Replace mydomain.com with the domain name used for SSL connections to the service.

1. Apply the updated Traefik and Kubernetes configs.

After completing these steps, Traefik will pass SSL traffic through to the Kubernetes service without terminating the SSL connection.