Documentation suggestion: Setting up an Ingress with TLS enabled

[ameyp]

Is your feature request related to a problem? Please describe.
The default cr-*.yaml files set up an Ingress that doesn't seem to work. There's no host matching, and with a traefik ingress controller I couldn't figure out how to access the Vault UI. I tried creating an Ingress for it the same way I have for other services, but https wouldn't work. Here's the YAML I used:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: vault-ingress
  namespace: vault
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
    - host: &host vault.wirywolf.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: vault
                port:
                  number: 8200
  tls:
    - hosts:
      - *host

The Ingress was created, but visiting it in my browser would just give me an error:

Client sent an HTTP request to an HTTPS server.

I couldn't figure out what was going wrong, and after searching for that error and trying solutions in vain, I happened upon the answer while reading https://kubernetes.io/docs/concepts/services-networking/ingress/:

and assumes TLS termination at the ingress point (traffic to the Service and its Pods is in plaintext)

That helped me realize that Traefik was terminating my TLS traffic, and attempting to send regular HTTP traffic to the vault service, hence the error. I then created the following ingress with TLS passthrough, and it worked:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
  namespace: vault
  name: vault-ingress
spec:
  entryPoints:
    - "websecure"
  routes:
  - match: HostSNI(`vault.example.com`)
    services:
      - name: vault
        port: 8200
        weight: 1
  tls:
    passthrough: true

Describe the solution you'd like
If this is valuable information, I'd like to see it added to the documentation to help others in the future. I'm happy to send a PR for the documentation update if you tell me which section I should add it to.

Describe alternatives you've considered
Not having TLS enabled, which doesn't seem like a very good alternative

Additional context
Add any other context or screenshots about the feature request here.

[github-actions]

Thank you for your contribution! This issue has been automatically marked as stale because it has no recent activity in the last 60 days. It will be closed in 20 days, if no further activity occurs. If this issue is still relevant, please leave a comment to let us know, and the stale label will be automatically removed.

[akijakya]

Hi @ameyp, thank you for sharing the solution you found! We would be grateful if you could add this information to the Tips and tricks section of our docs page!

[github-actions]

Thank you for your contribution! This issue has been automatically marked as stale because it has no recent activity in the last 60 days. It will be closed in 20 days, if no further activity occurs. If this issue is still relevant, please leave a comment to let us know, and the stale label will be automatically removed.