[ci skip] Fix HTTPS backend proxying for reverse-proxy services

- Add insecureSkipVerify=true globally for self-signed backend certs
- Name service ports with https- prefix for HTTPS backends so Traefik uses HTTPS
- Add ServersTransport CRD for per-service insecureSkipVerify
- Add serversscheme/serverstransport annotations to reverse-proxy factory

modules/kubernetes/reverse_proxy/factory/main.tf

@@ -49,7 +49,7 @@ resource "kubernetes_service" "proxied-service" {
     external_name = var.external_name
 
     port {
-      name        = "${var.name}-web"
+      name        = var.backend_protocol == "HTTPS" ? "https-${var.name}" : "${var.name}-web"
       port        = var.port
       protocol    = "TCP"
       target_port = var.port
@@ -70,7 +70,9 @@ resource "kubernetes_ingress_v1" "proxied-ingress" {
         var.rybbit_site_id != null ? "${var.namespace}-rybbit-analytics-${var.name}@kubernetescrd" : null,
         var.custom_content_security_policy != null ? "${var.namespace}-custom-csp-${var.name}@kubernetescrd" : null,
       ]))
-      "traefik.ingress.kubernetes.io/router.entrypoints" = "websecure"
+      "traefik.ingress.kubernetes.io/router.entrypoints"    = "websecure"
+      "traefik.ingress.kubernetes.io/service.serversscheme"  = var.backend_protocol == "HTTPS" ? "https" : null
+      "traefik.ingress.kubernetes.io/service.serverstransport" = var.backend_protocol == "HTTPS" ? "traefik-insecure-skip-verify@kubernetescrd" : null
     }, var.extra_annotations)
   }