So, I figured this out myself and the solution does require Traefik v2.1, v2.0 won't work because of the lack of support to sticky sessions in CRDs
After a lot of trial and error, it turns out that my assumption (that IngressRoute and Ingress were mutually exclusive) was wrong. Using the Kubernetes ingress I am able to have cert-manager handling the certificates and with IngressRoute I can enable sticky sessions on the service:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: my-service-ingressroute
namespace: othernamespace
annotations:
kubernetes.io/ingress.class: traefik #<-- This is optional depending of your setup.
spec:
entryPoints:
- websecure
routes:
- match: Host(`my-service.mydomain.com`)
kind: Rule
services:
- name: my-service
port: 80
sticky:
cookie:
httpOnly: true
tls:
secretName: my-service.mydomain.com-secret
domains:
- main: my-service.mydomain.com
By the way, the ability to do this in the IngressRoute is still undocumented. Although you can see the sticky session on the sample in v2.1 documentation, there is really no documentation about sticky session except using dynamic configuration (which I couldn't find a way to make it work).
It's been a wild ride (not always in the good sense) trying to replace nginx with traefik and most of it is because of poor documentation. And clearly a lot of my frustrations could have been avoided with proper documentation.
It's obvious to me that Traefik is a great product and that it should not be outshined by its documentation. It overcomes the limitations that I have with nginx and if any of the Traefik's team can read this, I would love to contribute to improve the documentation. I certainly thought about giving up multiple times for the wrong reasons.
I think it wouldn't take me more than a day to improve the user guide (which by the way should be more easily discoverable, for example, from the getting started part) so that it's more complete and that provides a picture that covers more scenarios other than just deploying it to Kubernetes, which alone does not accomplish anything.
I hope this is helpful for someone.
Cheers,
Fábio