Is there any way Traefik can do AWS internal ingress on Amazon EKS?

Is there any way Traefik can do AWS internal ingress on Amazon EKS?

Coming from alb ingress, that product has the ingress annotation alb.ingress.kubernetes.io/scheme that you can set to "internal" for AWS internal ingress or "internet-facing" for public internet ingress.
https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/

Can I do something similar with Traefik? It seems Traefik defaults to public internet ingress and I don't see any config option to specify internal ingress.

fyi, I'm installing Traefik via the Helm chart (https://github.com/containous/traefik-helm-chart/) and I'm using current versions of everything.

I'm defining ingresses with the CRD IngressRoute and IngressRouteTCP.

1 Like

Hi dev8

Actually I'm facing the same issue. Did you found something about it?

Thanks in advance

I figured out how to achieve this.

We have to use this scheme:
Annotations - AWS Load Balancer Controller.

So, the values file will be like this:

service:
  enabled: true
  ## -- Single service is using `MixedProtocolLBService` feature gate.
  ## -- When set to false, it will create two Service, one for TCP and one for UDP.
  single: true
  type: LoadBalancer
  # -- Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config)
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: nlb
    service.beta.kubernetes.io/aws-load-balancer-internal: "true"

Traefik is a popular open-source reverse proxy and load balancer that supports various configurations, including running on Kubernetes. If you want to use Traefik for AWS internal ingress on Amazon EKS (Elastic Kubernetes Service), you can follow general steps for setting up Traefik on EKS and then configure it to manage internal ingress.

Here are high-level steps you might consider:

  1. Deploy Traefik on EKS: Start by deploying Traefik on your EKS cluster. You can use Helm charts or standard Kubernetes manifests to deploy Traefik. Traefik's official documentation provides guidance on setting up Traefik on Kubernetes.
  2. Configure IngressRoute for Internal Ingress: To configure Traefik for AWS internal ingress, you'll typically use Traefik's custom resource called IngressRoute. Ensure that the spec.entryPoints are configured to use internal AWS services, and you may need to specify a specific class for your internal ingress.Example snippet:

yamlCopy code

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: example-internal-ingressroute
  namespace: your-namespace
spec:
  entryPoints:
    - web
  routes:
    - match: Host(`internal-service.your-namespace.svc.cluster.local`)
      kind: Rule
      services:
      - name: your-internal-service
        port: 80

Adjust the values according to your internal service and namespace.
3. Network Configuration: Ensure that your EKS cluster and VPC are configured to support internal communication. The necessary subnets, security groups, and route tables should be set up appropriately.
4. IAM Policies: Make sure that the IAM roles associated with your EKS nodes have the necessary permissions to interact with AWS services, as Traefik might need to discover and manage resources.
5. Traefik IngressClass: If using Kubernetes 1.18 or later, consider using the IngressClass resource to specify Traefik as the ingress controller for internal traffic. This allows you to use different ingress controllers for different purposes.

Please note that AWS, Traefik, and Kubernetes are continuously evolving, and it's advisable to check the official documentation for the most up-to-date information. Additionally, AWS and Kubernetes may have introduced new features or changes after my last update in January 2022.