I'm building a new cluster utilizing Ubuntu 24.04 + K3S v1.32.4 + MetalLB v0.14.9 + Traefik v3.3.6.
I've searched google and this forum. I came across multiple posts with similar questions/issues, but for the most part unanswered; which I hope will not be my case here.
Here is my plan:
I have an operational 3 node HA cluster running on 2 node Proxmox cluster. I've already installed and configured MetalLB with IPPools and L2Advertisements. Here is a summary
IP Address Pools
local-pool = 192.168.40.50-192.168.40.70 private network
domain-a-pool = 10.60.60.10-10.60.60.20 dmz network
domain-b-pool = 10.60.60.30-10.60.60.40 dmz network
L2 Advertisement
local-l2 = local-pool bound to eth0 private network
domain-a-l2 = domain-a-pool bound to eth1 dmz network
domain-b-l2 = domain-b-pool bound to eth1 dmz network
Yes, I would like to segregate private and dmz traffic by interfaces. There will be two internet facing domains routed through dmz network. I will use firewall rules to manage connectivity.
Questions:
What is a Traefik deployment manifest for such an architecture?
Is this a workable architecture?
Does a single daemonset Traefik deployment satisfy this design?
Are there security concerns with this design?