1apiVersion: v1 2kind: Secret 3metadata: 4 name: root-ca0 5 namespace: foo 6 7data: 8 foobar: VEVTVFJPT1RDQVMw 9 10--- 11apiVersion: v1 12kind: Secret 13metadata: 14 name: root-ca1 15 namespace: foo 16 17data: 18 tls.ca: VEVTVFJPT1RDQVMx 19 20--- 21apiVersion: v1 22kind: Secret 23metadata: 24 name: root-ca2 25 namespace: foo 26 27data: 28 tls.ca: VEVTVFJPT1RDQVMy 29 30--- 31apiVersion: v1 32kind: Secret 33metadata: 34 name: root-ca3 35 namespace: foo 36 37data: 38 ca.crt: VEVTVFJPT1RDQVMz 39 40--- 41apiVersion: v1 42kind: Secret 43metadata: 44 name: root-ca4 45 namespace: foo 46 47data: 48 ca.crt: VEVTVFJPT1RDQVM0 49 tls.ca: VEVTVFJPT1RDQVM1 # <-- This should be the prefered one. 50 51--- 52apiVersion: v1 53kind: Secret 54metadata: 55 name: mtls1 56 namespace: foo 57 58data: 59 tls.crt: VEVTVENFUlQx 60 tls.key: VEVTVEtFWTE= 61 62--- 63apiVersion: v1 64kind: Secret 65metadata: 66 name: mtls2 67 namespace: foo 68 69data: 70 tls.crt: VEVTVENFUlQy 71 tls.key: VEVTVEtFWTI= 72 73--- 74apiVersion: v1 75kind: Secret 76metadata: 77 name: allcerts 78 namespace: foo 79 80data: 81 ca.crt: VEVTVEFMTENFUlRT 82 tls.crt: VEVTVENFUlQz 83 tls.key: VEVTVEtFWTM= 84 85--- 86apiVersion: traefik.containo.us/v1alpha1 87kind: ServersTransport 88metadata: 89 name: test 90 namespace: foo 91 92spec: 93 serverName: "test" 94 insecureSkipVerify: true 95 maxIdleConnsPerHost: 42 96 disableHTTP2: true 97 peerCertURI: foo://bar 98 rootCAsSecrets: 99 - root-ca0 100 - root-ca1 101 - root-ca2 102 - root-ca3 103 - root-ca4 104 - allcerts 105 certificatesSecrets: 106 - mtls1 107 - mtls2 108 - allcerts 109 forwardingTimeouts: 110 dialTimeout: 42 111 responseHeaderTimeout: 42s 112 idleConnTimeout: 42ms 113 readIdleTimeout: 42s 114 pingTimeout: 42s 115 116--- 117apiVersion: traefik.containo.us/v1alpha1 118kind: ServersTransport 119metadata: 120 name: test 121 namespace: default 122 123spec: 124 serverName: "test" 125 126--- 127apiVersion: traefik.containo.us/v1alpha1 128kind: IngressRoute 129metadata: 130 name: test.route 131 namespace: default 132 133spec: 134 entryPoints: 135 - foo 136 137 routes: 138 - match: Host(`foo.com`) 139 kind: Rule 140 services: 141 - name: external-svc-with-https 142 port: 443 143 serversTransport: test 144 - name: whoamitls 145 port: 443 146 serversTransport: default-test 147 148