Traefik as a loadbalancer for kube-apiserver

Hi, has anyone successfully managed to use Traefik 2 as a loadbalancer for the kubernetes api server? I have been using nginx with stream settings:

stream {
  upstream k8s-c2 {
    server k8s-c2-m1:6443;
    server k8s-c2-m2:6443;
    server k8s-c2-m3:6443;
  }
  server {
    listen 6443;
    proxy_pass k8s-c2;
  }
}

but I'm in the process of moving everything over to traefik. I've tried using tcp router/service but nothing is getting through. I'm getting this error in the log: "http: TLS handshake error from 192.168.1.23:49906: remote error: tls: bad certificate". I have tried both with and without a tls config.

Here is my tcp config:

tcp:
  ## routers ##
  routers:
    # k8s-c1 api-server
    k8s-c1-api:
      entryPoints:
        - k8s
      rule: HostSNI(`k8s-c1-api`)
      service: k8s-c1-api
      middlewares:
        - acl-inner
      tls:
        passthrough: true

    k8s-c2-api:
      entryPoints:
        - k8s
      rule: HostSNI(`k8s-c2-api`)
      service: k8s-c2-api
      middlewares:
        - acl-inner
      tls:
        passthrough: true

    k8s-c3-api:
      entryPoints:
        - k8s
      rule: HostSNI(`k8s-c3-api`)
      service: k8s-c3-api
      middlewares:
        - acl-inner
      tls:
        passthrough: true

  ## services ##
  services:
    k8s-c1-api:
      loadBalancer:
        servers:
          - address: 'k8s-c1-m1:6443' 
          - address: 'k8s-c1-m2:6443'
          - address: 'k8s-c1-m3:6443'

    k8s-c2-api:
      loadBalancer:
        servers:
          - address: 'k8s-c2-m1:6443'
          - address: 'k8s-c2-m2:6443'
          - address: 'k8s-c2-m3:6443'

    k8s-c3-api:
      loadBalancer:
        servers:
          - address: 'k8s-c3-m1:6443'
          - address: 'k8s-c3-m2:6443'
          - address: 'k8s-c3-m3:6443'
1 Like

Same results here attempting to implement the same use case.