My application uses k8s API to dynamically create pod+service, uniquely identified via labels. Those come and go and are not predefined at deployment time.
Can traefik help me achieve the following scenario?
Based on the external URL path (e.g. 123.domain.io) hosted by GKE Ingress:
SSL termination is done at Ingress level
a connection to a pod with a matching label (app-id=123) is established via Service/NodePort
URL is rewritten (e.g. subdomain translated into query param)
Assuming you configured the IngressCRD provider, you can use your application that creates the service / pods to create an associated IngressRoute.
Because your application knows the type of rule you need to apply, you will be able to generate the configuration.
In the previous example, we supposed that Let's encrypt will manage the certificates.
With this mechanism, you can route "dynamically" all your requests with TLS termination on Traefik.
Concerning the last point, why do you want to rewrite the url with the subdomain as query param ?