I've been getting into Traefik Kubernetes due to its UDP capabilities.
I run Kubernetes myself. Binding a public IPv4 to the Traefik Instance with Automatic Failover seems to be complicated.
I tried using MetalLB, but it didn't work with my public IPs (because the K8s Nodes have private IPs) . Then I tried using a standalone Instance of Traefik using the Kubernetes Ingress Provider, but joining the Kubernetes Flannel Overlay Network with the Proxy Host was also a challenge and seemed to hacky for me.
My current Idea is to Chain Two Traefik Instances:
- I would have a DaemonSet of Ingress Controller on Kubernetes with NodePort Services.
- Two standalone Traefik Instances that are bound together using Keepalived would be in front of that and bind all the Public IPs.
I could use TCP Load Balancing to route all incoming Requests on 443 and 80 to the ingress controller, but I also want to be able to add a few Hosts (that are not running on Kubernetes) with a file provider.
So my Idea:
I use the HTTP Provider with a self-written adapter to fetch the Configuration of the Ingress Controller via the API and automatically generate a config for the standalone Traefik instances. TLS Termination would then not be handled by the ingress provider, but by the standalone instances.
This way I would be able to use the Features of Kubernetes Ingress and don't have to request all SSL Certificates myself on the Standalone Instances.
I currently see this as the best option for me. Do you know a better way to avoid chaining?
Is there a better way, apart from configuring the Ingress Controller for the services outside of the Cluster?