This is my situation:
- external AWS application load balancer and a DNS record to it (subdomain .mydomain.com - can be accessed externally)
- AWS load balancer controller installed in the EKS cluster
- Traefik helm chart (20.2) with Traefik 2.9.4 installed in the EKS cluster - the traefik service is the ClusterIP type
- a TargetGroupBinding resource that binds the traefik service to a Target Group
- a lot of ingresses of traefik class type that go to some applications (exposed externally) - ex.: subdomain .mydomain.com/app1, subdomain .mydomain.com/app2, etc.
- an IngressRoute which allows me to access the Traefik dashboard on the URL (exposed externally) https://subdomain .mydomain.com/dashboard/
- ingress-nginx installed in the EKS cluster for internal URLs (the nginx service is the LoadBalancer type) - prometheus .myinternaldomain.net, grafana .myinternaldomain.net
My question is: can the Traefik dashboard be accessed using a NginxClass ingress on the URL like traefik-dashboard .myinternaldomain.net? I want that the Traefik dashboard to be accessed only internally and not to be exposed externally through the ALB. Middleware auth is not an acceptable solution.
I tried to create an ingress, but with no success:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: cert-manager.io/cluster-issuer: ca-issuer external-dns.alpha.kubernetes.io/hostname: traefik-dashboard .myinternaldomain.net cert-manager.io/common-name: traefik-dashboard .myinternaldomain.net name: traefik-dashboard spec: ingressClassName: nginx rules: - host: traefik-dashboard .myinternaldomain.net http: paths: - backend: service: name: traefik port: number: 9000 path: /dashboard pathType: Prefix tls: - hosts: - traefik-dashboard .myinternaldomain.net secretName: traefik-dashboard-tls
My current ingressRoute for the dashboard:
spec: entryPoints: - websecure routes: - kind: Rule match: PathPrefix(`/dashboard`) || PathPrefix(`/api`) services: - kind: TraefikService name: api@internal