Traefik and MetalLB with Multiple IPPools in Different Subnets

I'm building a new cluster utilizing Ubuntu 24.04 + K3S v1.32.4 + MetalLB v0.14.9 + Traefik v3.3.6.

I've searched google and this forum. I came across multiple posts with similar questions/issues, but for the most part unanswered; which I hope will not be my case here.

Here is my plan:
I have an operational 3 node HA cluster running on 2 node Proxmox cluster. I've already installed and configured MetalLB with IPPools and L2Advertisements. Here is a summary

IP Address Pools
local-pool = 192.168.40.50-192.168.40.70 private network
domain-a-pool = 10.60.60.10-10.60.60.20 dmz network
domain-b-pool = 10.60.60.30-10.60.60.40 dmz network

L2 Advertisement
local-l2 = local-pool bound to eth0 private network
domain-a-l2 = domain-a-pool bound to eth1 dmz network
domain-b-l2 = domain-b-pool bound to eth1 dmz network

Yes, I would like to segregate private and dmz traffic by interfaces. There will be two internet facing domains routed through dmz network. I will use firewall rules to manage connectivity.

Questions:
What is a Traefik deployment manifest for such an architecture?
Is this a workable architecture?
Does a single daemonset Traefik deployment satisfy this design?
Are there security concerns with this design?

I've done further research and discovered the old manifests I used for previous cluster where I implemented deamonset instance traefik deployment, but yet with traefik-internal and traefik-external settings which segregated each respective traffic. However, after doing a code comparison of the helm default values files of old and new versions there is a very big difference.

Has anyone implemented similar architecture and willing to share the code?