We need to integrate with AWS API Gateway via Network loadblanacer while also maintaining a normal ELB type ingress. Can Trarfik configure both of these ingresses for a service at the same time?
Can Traefik use an Network Load balancer that is defines out side of traefik but providing it an existing name or arn?
Hi @bsteve , can you elaborate a bit more? Is Traefik running in Kubernetes? In a container? somewhere else?
Also, who is responsible for TLS termination? The Ingress ELB? Traefik ? Something Else?
Do you have a diagram of the architecture you are asking for?
Sorry. We are running k8s in AWS using kops. API Gateway connects into the VPC VIA a vpc-link and it requires a network loadblanacer to make this connection. We also have the APIs setup to just be behind a regular loadbalancer so someone can test them with out API gateway infront of it. In our current instance based setup this is accomplished by having the autoscalling group register to the ELB and the Target Group of the Network locabalancer. What we are looking for is the ability to have two different ingress points to one service in k8s.
Thanks for the details @btsteve. Starting to understand, but you need to clarify a bit (do you have a simplified diagram?) if my answer is not aligned with your context.
If the "gateway ELB" is reachable from within the k8s network (I suppose that yes since the ELB is linking the k8s VPC with the API gateway's), then you can totally enable the file provider in Traefik (ref. https://docs.traefik.io/v2.0/providers/file/), and use it to specify a static "Traefik router + Traefik Service" pointing to the "gateway ELB":
- Traefik will be the only "ingress" (exposed with its own Kubernetes Service of type LoadBalancer which uses the external ELB, either ALB or NLB)
- Traefik will get its configuration from Kubernetes with the CRD
IngressRoute
to be able to forward requests to the Kubernetes applications
- Traefik will get its configuration from the "file provider" to be able to forward requests to the API gateway
Alternatively, there could be a solution in "pure Kubernetes" with "Kubernetes Headless Service": https://kubernetes.io/docs/concepts/services-networking/service/#headless-services but I never tried with Traefik v2.0.