TLS Certificates Store
In Traefik Hub API Gateway, certificates are grouped together in certificates stores.
Traefik Only Uses the Default
TLSStoreTraefik Hub always looks for one TLSStore named default.
That store must live in a namespace that Traefik Hub can see. Because every IngressRoute and IngressRouteTCP automatically use this store, you never have to reference it in your manifests.
- You cannot create another
TLSStorenameddefaultin a different namespace. - The only
TLSStoresetting that usually matters is customizing that single default store (if you need different certificates or options). All other names or duplicatedefaultstores are ignored.
Configuration Example
- TLSStore
- TLS Certificate #1
- TLS Certificate #2
- Install Configuration
apiVersion: traefik.io/v1alpha1
kind: TLSStore
metadata:
name: default # Only the store with the name default is taken into account
namespace: traefik
spec:
certificates:
- secretName: secret-tls-01
- secretName: secret-tls-02
defaultGeneratedCert:
# Use the certificate resolver myresolver (defined in the install configuration) to generate the default certificate
resolver: myresolver
domain:
main: whoami-default.localhost
sans:
- \*.whoami-default.localhost
Domain: whoami.localhost
apiVersion: v1
kind: Secret
metadata:
name: secret-tls-01
namespace: traefik
type: kubernetes.io/tls
data:
# Self-signed certificate for the whoami.localhost domain.
tls.crt: |
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZWakNDQXo2Z0F3SUJBZ0lVWHEyUFUvNWtidkNSaThBd0pHR3VXa3dHcnFVd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1JERUxNQWtHQTFVRUJoTUNSbEl4RFRBTEJnTlZCQWNNQkV4NWIyNHhGVEFUQmdOVkJBb01ERlJ5WVdWbQphV3NnVEdGaWN6RVBNQTBHQTFVRUF3d0dWMmh2WVcxcE1DQVhEVEkwTURjeE9EQTNNVFV5TUZvWUR6SXhNalF3Ck5qSTBNRGN4TlRJd1dqQkVNUXN3Q1FZRFZRUUdFd0pHVWpFTk1Bc0dBMVVFQnd3RVRIbHZiakVWTUJNR0ExVUUKQ2d3TVZISmhaV1pwYXlCTVlXSnpNUTh3RFFZRFZRUUREQVpYYUc5aGJXa3dnZ0lpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQzgwcVlLcmc3OHNmWENBUFd6b3NTbjBhVlFaSW5WWTFGU2UrbXhOb3RuClV4YU5BUWNPc0RocU5SNi9lWWdoNjI2Mnl2QkxJa0t5dFlSMHJ4QlpzK3FFWndudTZXKy90UFlKS1Rqekg3N0YKNFM1S2NUYWxoWnFqRzlIZEs3RWhEVlkrajN5MGgxWmVBNlZkYVNkSkQ1REtxNm9jdGtJMXVybGF0L1hnbzRQLwoxZGhwc0Q0WGpWS3Y0VnNzeFlJWUtDUTBEclZWMG0vMWlUUHRYUTFnbkkyVVlTTFFkZkp0blljR1lqTWU1VHJwClE0UE83QW0wMWwvT05UTGRvZW9EdmhjbGp3UFFubVcyQk53Q3NNMjdSSVhYKzBwQWh2Vloxb3BMZGpvclppWUEKR1B2T2NrYlhRWUdKMGRralRka042ci9yWFpLbldrWVc0U1d6TkpFeU5YTXUrbU8ycmNJdXVzeGJFWk5rNUllMAoyMU1Cb2NDOEgyejR1Vm1MMTV1SUZFYzI5OTE0L242bEdSczJLSnVQcURmK1R3TkpSRkJCZEhpdHR1bXhvZ2FOCkRkQkZoeENLdzNPNGFvc1RhOHRSMW1yNDV2RFl2RU95QmFoMFlXUmE1d2RyTTlKeWtZQ2VwWWFnWDNiNjU5K1EKK2FPbmZyL1RlK3puUktUenBUeVdPS29wazV5UEkvbUllTFJuUVVlS1MvVzA3OTQ3QVJ6VEc0Q3dkZXhaMkQ3MgpBVDFiTlN3b2hSQ2t3QjQ3MjhGSk1lTG11anhXUzRsc29PTFZXNU9yWC82WEFMV2lJY3llTGh2SHQxTmVGVVhBCldnU1F4Q3UwamNpcTBmSG9VSXF4WFo5ek9yMG5pTmRFMWp5aFhuc0xuUmFiOVBxWHRhaXhESng0bW5VMGZQVFoKbHdJREFRQUJvejR3UERBYkJnTlZIUkVFRkRBU2doQjNhRzloYldrdWJHOWpZV3hvYjNOME1CMEdBMVVkRGdRVwpCQlFqQWJDV1VmNkhmVEhHdUJLTUI1eDZxZWo0a1RBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWw1Z0ZQeDVMCkhYdHdEbGt0U1dXWTVCNUVJVG41T2o0Rm5IZ3hDd1VxZTlsSUgxcFhWVlhicTc2U0ljYmllR21YN1ZGUFowRjQKZGM4UTAxbWFJaC9tT25QSmxSMHpRL1JpcmpUb25RbXY2blN4azArckFJSmRBWTJuOU9ORTBsY2ZpR2pDMUtMNwpaSHBwb0UyalplbGhTSURVNjBlcXhNQzZJMkY0TytxQlg1QXVOUE5QYXE3OUg3cDg3TzZ1MkgxNTNjaWJteDdNCjJrUUU4b0JxaS95cGJJa2R4L2JlZURSZVk2MVJ0OHlNc0R6MmRuMGhxc0ZnYkt3ZFllMjJkSzRVTGg2dVdmb3EKaXlWM0hsOFFoZDF3L3MzZU5tYnd0S0czNTBvT2VHMHVXN0FOK201Q1A5ZlFzZzRHdzdQVjVMSmlqa3Y3c1p1MQpkTndxclVZdkdLd2RrdnRGbFBPNm5QSFVlOHdxOHNkY294WGh4YzBleFVIZmNhYkVXYXBUWHp2RjVucmczTnFpCnRmSmUzWVNWdW5YME5CRyt4MjBlbUdNN2RxNTFKczNkcmJwaXVpbTFhcmlQMnJqUm5qOVQwcWlpYkd4K2s5Z3UKUkFzZXN5bXVXRmpkQTVRWFYzNG1VM1RtWG5zTlRSSlRuNTNSdlJaNFJWaHJMN0kxYlZUOTBsRU53UDFibGtNSwpYblJMNjJ1UDVtTWd0REVKQ05sMmVOZy92NThXMkIyQzZzSHdNUit4dVFUOU45ZjlLU3hNWnc1YmtZdHM1N1p0CmExR2JQMWRWRmZpUUdQRDZBRWo5M2kwMVVlSUJCR3NKZm1ueGd3MVFOUWttRGZOZ08yUlkzTTZVUmJMZG55bkYKZzV2QVJVZU4wNWdPYmRFRHhmdS9VZ2kzaW02Wjg5T0dwMVk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
tls.key: |
LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRUUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Nzd2dna25BZ0VBQW9JQ0FRQzgwcVlLcmc3OHNmWEMKQVBXem9zU24wYVZRWkluVlkxRlNlK214Tm90blV4YU5BUWNPc0RocU5SNi9lWWdoNjI2Mnl2QkxJa0t5dFlSMApyeEJacytxRVp3bnU2VysvdFBZSktUanpINzdGNFM1S2NUYWxoWnFqRzlIZEs3RWhEVlkrajN5MGgxWmVBNlZkCmFTZEpENURLcTZvY3RrSTF1cmxhdC9YZ280UC8xZGhwc0Q0WGpWS3Y0VnNzeFlJWUtDUTBEclZWMG0vMWlUUHQKWFExZ25JMlVZU0xRZGZKdG5ZY0dZak1lNVRycFE0UE83QW0wMWwvT05UTGRvZW9EdmhjbGp3UFFubVcyQk53QwpzTTI3UklYWCswcEFodlZaMW9wTGRqb3JaaVlBR1B2T2NrYlhRWUdKMGRralRka042ci9yWFpLbldrWVc0U1d6Ck5KRXlOWE11K21PMnJjSXV1c3hiRVpOazVJZTAyMU1Cb2NDOEgyejR1Vm1MMTV1SUZFYzI5OTE0L242bEdSczIKS0p1UHFEZitUd05KUkZCQmRIaXR0dW14b2dhTkRkQkZoeENLdzNPNGFvc1RhOHRSMW1yNDV2RFl2RU95QmFoMApZV1JhNXdkck05SnlrWUNlcFlhZ1gzYjY1OStRK2FPbmZyL1RlK3puUktUenBUeVdPS29wazV5UEkvbUllTFJuClFVZUtTL1cwNzk0N0FSelRHNEN3ZGV4WjJENzJBVDFiTlN3b2hSQ2t3QjQ3MjhGSk1lTG11anhXUzRsc29PTFYKVzVPclgvNlhBTFdpSWN5ZUxodkh0MU5lRlVYQVdnU1F4Q3UwamNpcTBmSG9VSXF4WFo5ek9yMG5pTmRFMWp5aApYbnNMblJhYjlQcVh0YWl4REp4NG1uVTBmUFRabHdJREFRQUJBb0lDQUJva2lXdjdIZ1RBZ3QwaHZZMlVkZWtpClErTExPTERSb21YQUt1SjlRY25FSFlyWGllbWFYbHFJdTViRHRjOEp4ZmRnUmtBR0lLUHJobk9Tb0E4N1hneUgKZmo3cUZRTVVMcEw2eThhNjJNZnBpR1l5eklwdGpWNW9oZmc2MzJMMXgydG1wRnUrVFNmbWExUEdoa2pvU0hkaApxRzRoNXkyQjM3M1VCYzB4OW5SS1lEOHB4cFJZM2JUazNQY1M2cjNRemtwaTFacHA4S21zY3dNUEdoWUw0WHp2ClYwbWVFRHJscE5jdWEyalYrMVVSSXU1WU54NThKbmJxQ0trdmpMTXpTTE1nM09TdnVZeW5tWlVmSGl6VkFqbWQKWE1kdHFBbmwyVVNLRVpNR3FURGtSS0RDL2xTT2lPZlMrbDd0Ui9yKzljN0VLQ29zSm40WkhWdDFaaER2TTR0MQpod0tDMXhxN0I0ZFZ5ZFpwYWdva2E1QUUrVndXUHFrdDBCT0NhK1RrV1JXMGZJbnNvUUpyVTVZalNLV0ZCeTRLCjhPczg5UnZ5UGVYUVlzOTlqWkRObW9XajZXTU1XRjk4UTZ5ZFVUZ1hZZmZGdE14a2x0M3ZBRW04VTZFdWpobk8KeTJvd3dYeWsvMk54L3JpNVMvTmNmbjdockxVbElFSWZJOG5tbGRjYkp1dXIyWkN1eGtTOG5QZ3FLU3pBV0xCLwo5Y3N0VXVCMC9RQisyek9VRU9TemJsY1poQXJkSWtxelVqdUF4aklScFBZM2VGRkZ2UXZkYkd3UFFBazBkRlBXClY3QW1GQkNuNlhwQVdHV2NpcEw3L0lxOFhIQ3dSd2o4ekt4Mkd6ZzlxUDBGZnBaYTAwM3Z0L1JYOC9JU3ZONGQKWkt5ME95UEY4TVRPUkJQdkltVXBBb0lCQVFEck56SDdXVDZNMlNNY2dFa1JpdVZQNnRRMHRhQXg5YlJVR1VRRgphWFVoUWxzNmV3V2R5a1FjVk0yanVoRkRENjkvY1dxek4xeFZmU24zN3dUOVhOZVZiVUNNaGluMlcwWldYdnUyCmllQkNTYUdyWVhQQXFRcExsTlVqWElzMkorRldsZWpiYjg3RGRUTmhQYmVFS2hHbXU0eDdTSkhvRnk0QlBDS3AKV1h5THdMcERYbWtxVXlYS3JpbWZVbFp5aWQ1OVZKNUdOR1ZYYVRnZ3kwajcrQmt1OVJJemliUE1wSkxDUHI0cApxQVRORjR4dTNEeXJQaDRaRStSMGFFd2ZxTzNUclJ6VVJKY2JxYVVqeHoxTHNDcVVielVzNFhnTVo4c012bUhFCmxuZmh2dzlmcWRWeU90RVpHSlBpMWxQOUFNN2dWdXo3VE5WVmNzKytrVEIwblpPVEFvSUJBUUROZ2dFVFlaWXEKU3pjMGxubDhaWjRjWlNWdEo2czV6TW9Ia00xZXF5K1BkRU02eVdpMVZBVFo5WnNVMHFaSjhKekZUNEdVR3pZVApFa1dmQ3UzSmtJcXhuUW5SdEpZd1RSWmdWYllCUDZ4cVFCUm5iMUtDeHZIdW4yMXJNS1p0bXEyTVAzM0tkcmVrCnRrL1VDaTdOY1k4NVJpWTgyclJZWitRU0gzcVh6OHJLYWJ4dGJYd29hMyswbG0xdW0rc3M1dWpMeS93L2syUFoKR1FsT2xUQ1gxaG1KZ2xmUUtiTm41WHBLQmU2aVdzcnl6NWF5WUpQZFE1UDZtZDMvOHBXUk9mNTBzeGhidDNzWQpsN1g2WjZzRVBvOUxpNDZFNDhxci9SVzRIcWkxeG9KRXpCcW9Bcm5Za2VEMlM0cFpaTHB5T3dBRWVESlF1MW42Clk3KzlOMnNzMld4dEFvSUJBQ21FcEozcE10Rkp3cGpWVEJCOG85MW5aZTJuNFk3di85U1lZUmxUZEFsYTNSK0YKZDRoU201TWtwT2V4Z0RxR0drUTBrTkR4aEtyU1hRWVdlcHIrT0U5MzZWemtrYU9hbU4vR0JFaEVMZ0dGWGJRUwpqNHdDU243czFuSlhjM3NycnVySnEwQ1FpNzZVZ1cwNHA1djhrUUVOT2M3SkVIZ1hIMWU0ZGFYTzFkMFZOOHVNCmJxTzU2WUhOSEN1ekxPOHF4c3I0bExkdnFETzFydUthLzFiNmcvZDE2ckNPTGQ2QmJpWTdUUFd0WXF1UTdJamsKOXhDQzltMFd4Y3lHWEdsNk9BQ1ZIZkdaNmRKSUw0NFJMUkNmRitUN2ZEZGYxUURia1V1K2p5TlVLL1Q4OUltKwpRSjdaSXU5N0Z4K0RGWEFqSkdFVTl0K2t3RU5FOE1hQ2Vqc2JWV0VDZ2dFQU02b25VeFFKaUlCNFZJUXY3cEl0CmViNEQ5cmt1VnMyaFROMmVnOXBOanFjUDc4dUt3MnRuL05PK05USHdGRTZsV3dWdDhpb1ZJaDVKMm40STRjK3cKem81SVZhd3N4ZC9iYkVTZ0NSaFU1REZQNytFUXdVZjZzcDdxQnpTbjRvNHNhMEhiQWZkdW03NHB1NGtEMHlwbApjMlNyWUVrclpiNVluQ1hGMER5eElzb0tVUWhoV2xnTU52NUtiTEJPSTIrNXZ1SjlmQTQxMy9KbllKWXBMVUxxCkVLUHdKNmtVTFY2SHEreHAzZTh0Ym5XNTBRWnVwZ1hEUWhGRXVuL21FaWllVEFCcWMwUmhjZ0ZTQXEzbFZKL1YKcm94YlBCVjRjbHlpQlRQUC9rTDFwUTRhOVhvWjl0UlYxaFdQcG9Hb1RlZC9UYUJhSmVtejZUc0NqVE5OZ216MgowUUtDQVFBWStIbWJaOVQxQUd6STlaeHptaGFXaDJHSXhaR3RyK2dqUVlMd0J4eGhNRzZ4ZmlNZ1RIL014cm1LCmpMYys2VGRHOHpoTWl4T0p1bFZSYUVOSUZ6Qk1YWFNJcVlSYzlqYmJvZlZWMlVCazVxWStsb1ZqRzJjS1RweU0KbGFrUElMYjZIV3prSVIzdDdXN0V0aG01dU9Dak53OGV4RElLZVNaWEphREpUOTJ1MGJZTm94clB0UmF4VEFqKwpIUnJqeWwzUXU1bGpKUWJidnA4VjB0em1udkNwMmNmczZnZGxoY0FuN2RDWG5GQW04R0liUUtnalNzaTRpTUNaCjljNDhzTExOdXA4N0Fwb3A3SFFZOGduN0E0NGxEYnJLdzJ0UFhuLy9FRGFCWmFFT2JmdXR6S2ZNYjFwWDRoTmQKR3RoR3Y5eTB6UFNBY3JNMjIvbkdTR1djTm5JYgotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==
Domain: whoami02.localhost
apiVersion: v1
kind: Secret
metadata:
name: secret-tls-02
namespace: traefik
type: kubernetes.io/tls
data:
# Self-signed certificate for the whoami02.localhost domain.
tls.crt: |
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZXRENDQTBDZ0F3SUJBZ0lVTGhPSWl6Mm5CYndYQ1R2TllLVHNaRFZ0M1VVd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1JERUxNQWtHQTFVRUJoTUNSbEl4RFRBTEJnTlZCQWNNQkV4NWIyNHhGVEFUQmdOVkJBb01ERlJ5WVdWbQphV3NnVEdGaWN6RVBNQTBHQTFVRUF3d0dWMmh2WVcxcE1DQVhEVEkwTURjeE9EQTNORGd6TmxvWUR6SXhNalF3Ck5qSTBNRGMwT0RNMldqQkVNUXN3Q1FZRFZRUUdFd0pHVWpFTk1Bc0dBMVVFQnd3RVRIbHZiakVWTUJNR0ExVUUKQ2d3TVZISmhaV1pwYXlCTVlXSnpNUTh3RFFZRFZRUUREQVpYYUc5aGJXa3dnZ0lpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQ2tmNkg4NTJmTEZtV1hVMXp6bDVrZFFrNW5QOEpadFpjemYwWjBHMENVCkpsS2VDWlhlUkYzekxmNDQ5ZDMrWTBwbFhZbjBwZ2lOZ3huYXBJTVBpV2lyL1hvU2hCTTVqcFhmWHdvNmRsNm0KTEJVME0rdEtLbThZa0JjRkxHQWVFMXh1aGZ4VjNlYk0xTCtxaWpRdXpzZlJpWXJmVDlCT1JQVm1Mb3RIL3VNOApkTHQ2WmFvVy93VFdKUnhwSkkwZGpnMWV6cjAyeDdTdFJQdUZFaFlSK3FadjNieUFBNWRBNDhXc0s4bXBrdXZJCjF1ZFFtY2Nobko0eitWc09GRzBPT0R0cnNIVm1CZk8zZitIY3ZURVU2VnBrU2wyY21CdXpCZmFKVzJSZWVaa0QKM0dOZVdpODRXNnpwQUllOThSVDExU0ZrSG9DeFNMcXdxckROL29ZVTJCOWZFM3I0eG81T29VVVdvTE85MXcwdApKRTZoVkczcVhUR3Rock1EbVlsVHVnNGxGTVJDK1lHL1lCY0dOVWpjVHZxM0FDVUxZY0RvdWs4RjZlSXFLNE1oClJjcmp2TEJHSnJiVXFtZnhnK3U2Z081ZXNzMVFESHRqTytBenFTYU1FalQ5ZWJYaUN0elRKOUVDMEljSUJad08KZDAxTllOQkMyakFZVm1rRDZmUk8yWm5BRmtkODRESDVmanJaL2tIakNJYVUvNzFNWU1USkRGcExhSTR6dTJPYgp0QXMwYk1uUklSSklxcXFDcUo4cERtcTdjOUdFYXpCbXIrSjNjUXl3OXFwRWIreXU4akRFdUhHZFlHYk1sUTNtCnBnOUgxQjU4SGs1YllFSkg0eU1CdDhudmZuTVhybGpzVTZWMWtqWGorUU1kV1RBNm9pR2pXWmR0dUJwRitEZnoKNndJREFRQUJvMEF3UGpBZEJnTlZIUkVFRmpBVWdoSjNhRzloYldrd01pNXNiMk5oYkdodmMzUXdIUVlEVlIwTwpCQllFRlBWbXVqMC9xTm1JVEkwZDE0VmkzUU9DWDlWNk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQW40OTM5CklER0ltb3gzZldZREFsV1M4cUowYWFZZEFOYUg3ajZwTmllSDNLOEFyZk5Eelk0R0RsVlcvL0ZaS3dDckgxVFEKOEpuVGhNdWhQaFdLYTVzM1BXaHdtb1BraFdXRlBWUHpGeExlUlhNRzBqTnhZdHF5ZXpublgwaW9yeldQellmTAo5NFJtNWFQTzlueExZWXlnUi9WWnhBSGxSSzRldFNubmZ0UVBoWlcyd1pBc3g5Ykw5eUVIUC80Z2xmZzJzbzd3CjZua2h6M1BZbjhMQUVnTjhxdnVEcGo4dWg0aXR6a3Jpd1VWRnBVQUc2WmdEV0cwMjdXWWNHTG5QMmtOVjVnRVkKVFNOZFREaWV4RXphbkFIczBVTzVobDcvc1B6eGJ2QTlFOGJUc0hkeWdlWE5VbkRjbEtrNU1CdFhYdk5vN2lZagp6ckN1K1A0MTdNb01hUWVXYkNJNXo0ckY0dXBhdHFuU1ZHcVlGNEtBeStnNnNLZksrbER3TksrUkFQNHlkUDJjCm9meGdtUE95RmRJSnFVcElHZGthUkg1RWhJSThDRHhXSjVHY2RkQjJyaGViZ2Rmd3pLS1lNTnd3aGt1ODZTRFEKVW5QWlF5ZnY1TXNKSG4xaGplK1E4cHhiRVUwQ0t1UjRiblA4Yk9Yd0lnbEwzcExlMW1xbjN4OVZXYmFqRTZ6QQpNZTkzckQ4SlVDYTIzTnc5MzRaMDMxck9mbjUyZWgwd2t6dlhmNHBYTU9hOFc2bGtmOWFtejZxVkFsZWU1Vm5VCjhrdnZMMnZQMU9TOW9vR05nNVJzR1N5b3RjTW9qbnhtMFFUQ3lkYXBLS2JDMW1EeE5NU0NOWTZVdVZwU1AzY28KS0VHbGZoeFowa25kdVo2bzVrWkREN2NjS3AyRWU0RlRHWTc1c1E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
tls.key: |
LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRQ2tmNkg4NTJmTEZtV1gKVTF6emw1a2RRazVuUDhKWnRaY3pmMFowRzBDVUpsS2VDWlhlUkYzekxmNDQ5ZDMrWTBwbFhZbjBwZ2lOZ3huYQpwSU1QaVdpci9Yb1NoQk01anBYZlh3bzZkbDZtTEJVME0rdEtLbThZa0JjRkxHQWVFMXh1aGZ4VjNlYk0xTCtxCmlqUXV6c2ZSaVlyZlQ5Qk9SUFZtTG90SC91TThkTHQ2WmFvVy93VFdKUnhwSkkwZGpnMWV6cjAyeDdTdFJQdUYKRWhZUitxWnYzYnlBQTVkQTQ4V3NLOG1wa3V2STF1ZFFtY2Nobko0eitWc09GRzBPT0R0cnNIVm1CZk8zZitIYwp2VEVVNlZwa1NsMmNtQnV6QmZhSlcyUmVlWmtEM0dOZVdpODRXNnpwQUllOThSVDExU0ZrSG9DeFNMcXdxckROCi9vWVUyQjlmRTNyNHhvNU9vVVVXb0xPOTF3MHRKRTZoVkczcVhUR3Rock1EbVlsVHVnNGxGTVJDK1lHL1lCY0cKTlVqY1R2cTNBQ1VMWWNEb3VrOEY2ZUlxSzRNaFJjcmp2TEJHSnJiVXFtZnhnK3U2Z081ZXNzMVFESHRqTytBegpxU2FNRWpUOWViWGlDdHpUSjlFQzBJY0lCWndPZDAxTllOQkMyakFZVm1rRDZmUk8yWm5BRmtkODRESDVmanJaCi9rSGpDSWFVLzcxTVlNVEpERnBMYUk0enUyT2J0QXMwYk1uUklSSklxcXFDcUo4cERtcTdjOUdFYXpCbXIrSjMKY1F5dzlxcEViK3l1OGpERXVIR2RZR2JNbFEzbXBnOUgxQjU4SGs1YllFSkg0eU1CdDhudmZuTVhybGpzVTZWMQpralhqK1FNZFdUQTZvaUdqV1pkdHVCcEYrRGZ6NndJREFRQUJBb0lDQUFsWFRCSUo2KzF1NEtiMnIyVVB1enliCm1zc25KamlrNUtpaWRoUTZ4ZkNEdXBaSjBnNVVrSWN5R2VrUElTT0ViT0dUcmJWTVJsa08xRVdEcVFPVldISEgKeTRwSW9MVFlnVzgxUE9YeitjenkzT05oZlY5eFNHeTdKZXQveVJkOEh2Z1J1TElCajAwYldhVHNBeW1UU1dwLwpKbmttMVp2VU02RXhUR3h5cjJHcitVZHFoWDJYenFVQVozd2EvTDVzWmhyM24yd0FiQ1NZc2JXdFFMNlZucVRrCmtRTXQ4UVZZeWMxTWtUK0ZYY2xDVnRGUFlpem84VnpmTUluOG8vSzJRNzJLUUNoaWR5UDQ2WkQ0MTFRcUtoMWUKMGJFR1BEQnV5c0NqQlhDTjlCL3hnRjBIdnYyeXl2OVNMZU1kMFFSaXJXbzdoekJLQW52c3ZXeDlJdzBFOXNiKwpmYmk2aWxyOWVLZjc0QXBHSGhHVWF6TjJIUkVFUEttMnFzZktTam1RQld0SGN2SVBhU1BPcXlQemtJMy96TUJyCm9YTEkxczBzTEFNaXBLVjExS0Y3eHUyY2JSM21kN3hjbTZmby8rcGMxWnNEZU9ycFBrUktNRENwUnBQOUhwUSsKdC9FMGg4ejlmQWMxUHNPM25FNWZQOEI3MlQ1NmZXTk1xeGhTV3dORkRoUmo1dGpXTXJBR2cxQk9DOEJnemtBSwplRkMxMXpSMEd2MEQxRjdvb2ZaRVlxdjUyMmt6UlR3SE9FSzIvWjZhWXBQL1ZQTSthQlk4N3h0WWV0dUJFWU5qCkhjRlB2dlF0U05DMEVFKytuVmlnSk9RNks0bWhBZVhDbUNtZGRYVTNLNURNSHpMOXp0c0I1aEd0SUt1L21pQTIKUGdqeXBadlROelY2UkRZZWl5eTlBb0lCQVFEY0ZtRmRQb3F0VkI4ZUZCZnJLZ2NCbW94alVvaHIxdG5FUnhvcAppdlNqMW55NXNUWFdaUjU1eWozYzd0WCtPUWo2WmZiNDVWTnZtUWpNbzdzVHRSd1g3Q2orc2c3Sm9Nelg5TzlnCmEwS3kzRU9INFN4OC96THdLamlIMjBLSzV1UTFCZk1CeVRjT2dvcXgzcXpnWGlxbHdwUm5IZEZyVjlqMjgvbWYKQXNEanREYXZFVzhleW42OGJWdldoVlFxZUo0ZVV3SWlpQVNLQkY2d3p3dXdON1dXazh3OFkweGVzWWo1WEhERwo0eVVrZGpTK2FKQzRkelZ5Y1d0cXkzRHFKWDdBYi9FaWttZFFHdlp0b2NiN3c5dm1vYVZ1TVpIKzhpQzVNL2dxCldrUDYvcXBrRmcwakR3andWZkhweVNuMnJ4NlJaeTZsRWQrQWkvME0rMUJKN09iZEFvSUJBUUMvVnltU0txK1IKbUw5WGJCU0dLSlFQM3NZZk1hbFRUSFFla01CbVUrTUszbEJaUlR1THFIWm1vVm5hNmVTNHlJc25meVZQNFpuNApxcStsaCtUY3RWWnRCbHdoM0JNQXFIWHVLNUc1Mm10d3FDVjdFUjhMTU5QWWhqZVFYMlBUc095UnJ5WGN6MmRSClZaTmdRQkxrQnhtdFNBUGhWSFJGaTd2WDh2NlJTc3pkSkkwNDVrYWtLc0huN0ZLd242djJIejIzOGU0eExGZFIKb3Y2My9zMy9mSFZQbFhGd2M0UVBGU204RmNVcUN5YXZ4LzQ4ak94ellVVDdMSEhUcmorSnY2aTNXcGVxekVtQwowcTR0OWtFQTZoQnNicjVzOVVsS0pUOTM1L0ptaXBQd1pyTzBHNjd6VHc5bFROeFpNSlFuOXUrV1Jqc0hLM1JvCmQraGw4S3dYeThWbkFvSUJBRXNHb2hoTVNxLzlua0g5clkyd0hRVlI3d3VveGZLbElrVkR5OHBmb1RmODFUWGsKRUN0TyswMmZRT21BelpoRlR5YzAvVFVwMEFDYUZhTFZLZC8wL0dlM1RONU9TclkzUjcxU3RRdVVaUDllRVBOUQpNbjlGNjlKdFFpb2w5NUFzVjUwdnN3Qm4zSW5vdkdrWU5LeWp6VHdHa2RwNUVydmFEWTlaNmoxbmplUFJ1bGFCCnhmU2tLUUlJOGFhMmV0T2puSnRQeHNtSXZxdGlBL21ZQ3k3K1BydmZGRjk5cGpvZG9Va0lWeldsbHpMUHpQa2YKNGozUC9YdE82TVJXSjk3WisxU1VsSW9waUdpSldIcFZET1VraG1FZnQ2cFI0YWdjV0VWcVR1MzVLWFYxdlJZegpZalVTV2dTNzk2U3Z1OHRwTlMxeUZEZVhXUzZVQ2lhVHdYSUIvVTBDZ2dFQkFJVXV0V2ZoUUYyV3RiQ3pNVUlFCm9ySzlQS2hmMTkxOFBPTTluRDVkcTQ1WUdoTlpKazVhanpkMm5lWExvZ0dnellOTGMvdzdLd0kwUkpoeWs3R3cKb3h5MkxaRC83MVlvN0JWQXpHbFNDRERkU1dGMUZHZWtzQUJwdytsQkRHcEFIeHAwa0dVM0ZGSS92NXBpWHdQTAprV3JVMHFhWU0ycHBEZklOV0hablcxdWVZcEkxYnZ3OEtzWTA3NFd6VG0yOVp5ZFBSWjJDb0xEWlJIVnI3WlVrCjJ6N3U1WXdCUysxM3JKb1hpU3B2b3BqK0d3K29nN2ozL3B6YVhjeWEzKzBRcys0VUo3ZWlCSlVEOG10Wm1mdDUKOEw2WkF3RXlacll1WVJRa0pjeU1MdGRKbFZJTFp1WkNwSk85UVM3dnFtQjYrRjlnT1J3UGVqSnhMQmt3d1lpNgp0SWNDZ2dFQWZUOEkxbENlK3lMMmtGc29vRi9kQml3bkNybkVuSXErQlJOR1hvMTJhMHZNQ1RKelRTQXZkYzAzCnlCVkNsVTl2bnFwaVRybXlKTHJvZkhMSDNkTDQyYndDNkpsS0d2QjMxcHNmUndWMFBaeTRBN0gwTjZHc0phVmUKeWtqT2Z5bU5vZzZRT0thQ2lFNGZ4alNHVGlhZXo1MmUzTWgwRWpzNUZtZkZCSU9UTWlXWWxSNEpwWnhzb0t1bQpRaTI2bzBySXlxMUVvdVFxdnViczIrY3VPZmhFK0lLUmFGRFc3ZGhnSnROamFDV09TMGRnc2RZeGgxUWpRQjhICkk2Zm9rK05wK2lOSE0zVGRNV00yRlNlM0ZORzdvL3ZHRWhhN2VmSlJITythZ1Vad29oQysyWC9oaFlkODN1VzIKOTNuRXpSVXJEeVE0RDhOV0ZmRXZoNTZzVzFVRnhnPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
YAML
certificatesResolvers:
myresolver:
distributedAcme:
email: "[email protected]"
storage:
kubernetes: true
httpChallenge:
entryPoint: "web"
Configuration Options
| Field | Description | Default | Required |
|---|---|---|---|
name | Name of the TLS Store. Only the default store name is taken into account yet. | True | |
certificates | List of Kubernetes Secrets, each of them holding a key/certificate pair to add to the store. List item format: secretName: $secret_name | False | |
defaultCertificate.secretName | Kubernetes Secret served for connections without a SNI, or without a matching domain. If no default certificate is provided, Traefik will use the generated one. Do not use if the option defaultGeneratedCert is set. | False | |
defaultGeneratedCert.resolver | Name of the ACME resolver to use to generate the default certificate. Do not use if the option defaultCertificate is set. | False | |
defaultGeneratedCert.domain.main | Main domain used to generate the default certificate. Do not use if the option defaultCertificate is set. | False | |
defaultGeneratedCert.domain.sans | List of Subject Alternative Name used to generate the default certificate. Do not use if the option defaultCertificate is set. | False |
DefaultCertificate vs DefaultGeneratedCert
If both defaultCertificate and defaultGeneratedCert are set, the TLS certificate contained in defaultCertificate.secretName is served.
The ACME default certificate is not generated.