Traefik as a loabalancer before a K8s cluster with traefik as ingress controler

Hello !

I am experiencing some issue setting up the following configuration using traefik v2 (I have tested both branches 2.1 and 2.2).
I have set up traefik (deployed in docker-compose) on the frontend to act as a loadbalancer. I am using a dynamic configuration based on the file provider.
The traffic is routed using that traefic to a K8s cluster that is using traefik as an ingress controller, deployed as a daemonset.
The loadbalacing is used for balancing both the various ingress and also the K8s API. The loadbalancing is done correctly for the K8s API using a TCP router in order to let the K8s nodes do the TLS termninaison.

But I haven't been able to reach any website (I get a 404 error) exposed by the K8s cluster using either tcp or http router.
I guess the ingress is done correctly, because I am able to contact the webserver when connected on the K8s cluster.

Here are the various configurarion file I have. Please note that 10.68.134.105 is the IP of one of my K8s controller, and yes traefik is running on it, I have checked that. And I am confirming that while requesting locally with a simple curl on 127.0.0.1 port 80 (and the hostname I want to reach in header) the websites I am trying to expose...

static traefik.yml configuration

api:
  insecure: true
  dashboard: true

log:
  level: "DEBUG"
  filePath: "/logs/traefik/traefik.log"

accessLog:
  filePath: "/logs/traefik/access.log"

providers:
  file:
    directory: "/etc/traefik/file-provider/"
    watch: true

entryPoints:
  web:
    address: ":80"
    forwardedHeaders:
      insecure: true
  websecure:
    address: ":443"
    forwardedHeaders:
      insecure: true
  k8s:
    address: ":6443"
    forwardedHeaders:
      insecure: true

The dynamic configuration for http on port 80

http:
  routers:
    router-web:
      entryPoints:
      - web
      rule: "Host(`*`)"
      service: service-web
  services:
    service-web:
      loadBalancer:
        servers:
          - url: "http://10.68.134.105:80"

The dynamic configruation for https on port 443 (so using tcp because I don't want my traefik loadbalancer to do the SSL terminaison)

tcp:
  routers:
    router-websecure:
      entryPoints:
        - websecure
      rule: "HostSNI(`*`)"
      service: service-websecure
      tls:
        passthrough: true
  services:
    service-websecure:
      loadBalancer:
        servers:
        - address: "10.68.134.105:443"

I am just posting (for completion of my configuraiton) here the dynamic configuration used for the K8s loadbalancing which is working.

tcp:
  routers:
    router-k8s:
      entryPoints:
        - k8s
      rule: "HostSNI(`*`)"
      service: service-k8s
      tls:
        passthrough: true
  services:
    service-k8s:
      loadBalancer:
        servers:
        - address: "10.68.134.105:6443"

Does anyone has a clue of the error ? because I am loosing the last hair I have trying to figure out the issues

Hi, just one thing to check as I had some issues with a similar setup, did you add port 6443 to your docker-compose file for the træfik service? or is the problem only related to calls to the apps on the cluster?

Hello

Thanks for your feedback.
Yes the entrypoint on the docker-compose is correcly added, and I haven't any issue to use the kubectl commands (which uses port 6443)