Helm: configure a second loadbalancer service

Traefik Traefik v3 (latest)
,
1

Hey everyone,

actually i have some free time on work and wanted to learn something new. So i started to investigate Kubernetes and try to get something running.

Cluster (k3s) is UP, using hetzner-cloud-controller-manager, wanting to use it with Traefik to deploy 2 Loadbalancers. One for external ingress (Public) and one for internal ingress (LAN) - the one for the internal ingress (LAN) does not have a public IP address, it just haves a private IP within the LAN network.

So i installed Traefik via Helm Chart and then tried to configure the following values.yaml to deploy:

service:
  enabled: true
  single: true
  type: LoadBalancer
  annotations:
    load-balancer.hetzner.cloud/location: fsn1
    load-balancer.hetzner.cloud/name: lb-external
    load-balancer.hetzner.cloud/use-private-ip: "true"
  loadBalancerSourceRanges:
    - 0.0.0.0/0
  additionalServices:
    internal:
      type: LoadBalancer
      annotations:
        load-balancer.hetzner.cloud/location: nbg1
        load-balancer.hetzner.cloud/name: lb-internal
        load-balancer.hetzner.cloud/use-private-ip: "true"
      loadBalancerSourceRanges:
        - 10.1.0.0/16
        - 10.1.200.0/24
        - 10.1.201.0/24
        - 10.1.202.0/24
        - 10.1.203.0/24
        - 192.168.231.0/24

But when trying to upgrade the chart the following error appears:

ERROR: Cannot create Service traefik-internal without ports

I'm still very new to the whole subject and maybe someone can give me a tip as to whether I'm on the right track or whether I'm just producing complete garbage here.

Best regards

2

Hi,

I had the same issue and figured out what was needed. take a look at traefik-helm-chart/EXAMPLES.md at master · traefik/traefik-helm-chart · GitHub

you have to add an entry for your service name under the ports..expose
This can either the reuse of the default entrypoints, or what I am doing, make a new set of entrypoints. As I am wanting to set a different loadbalancer IP for private services.

Reuse entrypoints:

ports:
  web:
    expose:
      default: true
      internal: true
  websecure:
    expose:
      default: true
      internal: true
service:
  enabled: true
  single: true
  type: LoadBalancer
  annotations:
    load-balancer.hetzner.cloud/location: fsn1
    load-balancer.hetzner.cloud/name: lb-external
    load-balancer.hetzner.cloud/use-private-ip: "true"
  loadBalancerSourceRanges:
    - 0.0.0.0/0
  additionalServices:
    internal:
      type: LoadBalancer
      annotations:
        load-balancer.hetzner.cloud/location: nbg1
        load-balancer.hetzner.cloud/name: lb-internal
        load-balancer.hetzner.cloud/use-private-ip: "true"
      loadBalancerSourceRanges:
        - 10.1.0.0/16
        - 10.1.200.0/24
        - 10.1.201.0/24
        - 10.1.202.0/24
        - 10.1.203.0/24
        - 192.168.231.0/24

New entrypoints:

ports:
  web:
    expose:
      default: true
  websecure:
    expose:
      default: true
  private-web:
    port: 8000
    expose:
      default: false
      internal: true
    exposedPort: 80
  private-websecure:
    port: 8443
    expose:
      default: false
      internal: true
    exposedPort: 443
service:
  enabled: true
  single: true
  type: LoadBalancer
  annotations:
    load-balancer.hetzner.cloud/location: fsn1
    load-balancer.hetzner.cloud/name: lb-external
    load-balancer.hetzner.cloud/use-private-ip: "true"
  loadBalancerSourceRanges:
    - 0.0.0.0/0
  additionalServices:
    internal:
      type: LoadBalancer
      annotations:
        load-balancer.hetzner.cloud/location: nbg1
        load-balancer.hetzner.cloud/name: lb-internal
        load-balancer.hetzner.cloud/use-private-ip: "true"
      loadBalancerSourceRanges:
        - 10.1.0.0/16
        - 10.1.200.0/24
        - 10.1.201.0/24
        - 10.1.202.0/24
        - 10.1.203.0/24
        - 192.168.231.0/24

That way I see it being better in terms of isolation / separation and logging etc.