How to use Traefik on k3s as reverse proxy for multiple LAN services

I want to preface this by saying: I'm new to kubernetes, so it's entirely possible this is an extremely easy fix I'm just missing, in which case I apologize but thank you in advance for your patience.

I'm running traefik on a small k3s cluster of 6x Raspberry Pi SBCs. Right now, all it does is act as ingress for an external-facing Mastodon instance. I want to see if I can reconfigure it to also act as a reverse proxy for other homelab services I run on my LAN that I don't want externally accessible, but which I would love to be able to access via something like https://jellyfin.my.local.domain rather than trying to remember the IP address and port number.

These other services--JellyFin, NextCloud, a NAS, and even some live feeds of wildlife cameras--run on separate hardware that isn't tied into the k3s cluster running traefik. But I don't want these accessible from outside the LAN.

I have a Firewalla router so setting up custom DNS entries isn't a problem, I'm just not sure how to set up traefik to reverse proxy these services and provide wildcard SSL certs for them. I've found a lot of tutorials out there for setting up traefik on Docker Compose to do exactly this, but none for traefik running on kubernetes. Any help would be greatly appreciated!

EDIT: Some additional details of my setup: I use metallb on the k3s cluster to do load balancing, and Cloudflare is my DNS solver (traefik uses cert-manager and the DNS-01 challenge to get SSL certs for my external-facing Mastodon instance, so all that's running too).

Sorry to bump, but I wanted to provide a little more clarification in case the initial post was confusing. I've attached a rough schematic of my current home network, as well as some notes around what I'm trying to achieve.

  • network objects are in black
  • current configuration (IPs, ports) are in blue
  • desired configuration (URLs) are in purple

Basically: I have a kubernetes cluster of Raspberry Pi 4Bs running Traefik (and serving as an ingress for a public-facing Mastodon instance), but I want to reconfigure Traefik to act as a reverse proxy for multiple other services running locally on physically distinct servers outside the kubernetes cluster running Traefik, so I can specify them using a nice URL and a wildcard SSL but only so they resolve locally. Right now, I have to remember local IP addresses and ports to access them, but instead I'd like to create a local subdomain on a domain I own so I can instead access these services with nice URLs complete with SSL, but which are only routable from within my home network.

Any advice would be much appreciated!