TLS Error Cloudflared -> Traefik -> Service on Kubernetes
TLDR: Are there any security concerns to just using "invalid" tls certs internally to a cluster? Is there any way to tell the tunnel to check if the tls matches the external hostname of a service not the internal?
I have a k8s cluster with no load balancer. I intend to use a cloudflare tunnel to expose traefik to the internet.
I plan to use traefik to reverse proxy the services to expose.
I have a wildcard tls cert for the external hostnames of the services.
If I disable TLS verification everything works perfectly.
When I try to enable tls verification it fails because the certificate traefik is serving does not match the internal hostname. It matches the external hostname.
I have a k8s cluster with no load balancer. I intend to use a cloudflare tunnel to expose traefik to the internet.
I plan to use traefik to reverse proxy the services to expose.
I have a wildcard tls cert for the external hostnames of the services.
If I disable TLS verification everything works perfectly.
When I try to enable tls verification it fails because the certificate traefik is serving does not match the internal hostname. It matches the external hostname.
