Hello
Is it possible to control which service is exposed externally?
i.e app1.mynetwork.com only accessible within the LAN but app2.mynetwork.com is visible both internally and over the public internet while both being accessible on port 443
I would like to be able to select which app/service/url is exposed to the outside world based on the url that the service is being accessed on.
Hello @tam481
The another entrypoint has to be created in the static configuration e.g. web-int.
--entrypoints.web-int.address=:8080
Then a new Kubernetes service has to be created that is reachable within your local LAN network. That service requires to have IP address belonging to your local network. You can use the example service as a reference.
---
apiVersion: v1
kind: Service
metadata:
name: traefik-int
namespace: traefik
labels:
app.kubernetes.io/instance: traefik
app.kubernetes.io/name: traefik
annotations:
metallb.universe.tf/address-pool: private-ips
spec:
loadBalancerIP: 172.16.14.1
selector:
app.kubernetes.io/instance: traefik
app.kubernetes.io/name: traefik
type: LoadBalancer
ports:
- port: 80
name: web-int
targetPort: web-int
In the Traefik deployment in a section ports the following lines should be added:
ports:
- name: web-int
containerPort: 8080
protocol: TCP
Ingress or Ingressroute should refer to the newly created entrypoint.
I hope that helps.
Thank you @jakubhajek
I don't use Kubernetes. Just simple docker-compose files for services. Are you suggesting that I create a new Traefik instance or just a new entry point say on port 8443 then forward traffic to that entry point. Do I then configure the app to use that entry point. Would that isolate the other services given that they're not using that entry point?