Hello.
This is my situation:
- external AWS application load balancer and a DNS record to it (subdomain .mydomain.com - can be accessed externally)
- AWS load balancer controller installed in the EKS cluster
- Traefik helm chart (20.2) with Traefik 2.9.4 installed in the EKS cluster - the traefik service is the ClusterIP type
- a TargetGroupBinding resource that binds the traefik service to a Target Group
- a lot of ingresses of traefik class type that go to some applications (exposed externally) - ex.: subdomain .mydomain.com/app1, subdomain .mydomain.com/app2, etc.
- an IngressRoute which allows me to access the Traefik dashboard on the URL (exposed externally) https://subdomain .mydomain.com/dashboard/
- ingress-nginx installed in the EKS cluster for internal URLs (the nginx service is the LoadBalancer type) - prometheus .myinternaldomain.net, grafana .myinternaldomain.net
My question is: can the Traefik dashboard be accessed using a NginxClass ingress on the URL like traefik-dashboard .myinternaldomain.net? I want that the Traefik dashboard to be accessed only internally and not to be exposed externally through the ALB. Middleware auth is not an acceptable solution.
I tried to create an ingress, but with no success:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: ca-issuer
external-dns.alpha.kubernetes.io/hostname: traefik-dashboard .myinternaldomain.net
cert-manager.io/common-name: traefik-dashboard .myinternaldomain.net
name: traefik-dashboard
spec:
ingressClassName: nginx
rules:
- host: traefik-dashboard .myinternaldomain.net
http:
paths:
- backend:
service:
name: traefik
port:
number: 9000
path: /dashboard
pathType: Prefix
tls:
- hosts:
- traefik-dashboard .myinternaldomain.net
secretName: traefik-dashboard-tls
My current ingressRoute for the dashboard:
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
services:
- kind: TraefikService
name: api@internal
Thanks.