Hi, has anyone successfully managed to use Traefik 2 as a loadbalancer for the kubernetes api server? I have been using nginx with stream settings:
stream {
upstream k8s-c2 {
server k8s-c2-m1:6443;
server k8s-c2-m2:6443;
server k8s-c2-m3:6443;
}
server {
listen 6443;
proxy_pass k8s-c2;
}
}
but I'm in the process of moving everything over to traefik. I've tried using tcp router/service but nothing is getting through. I'm getting this error in the log: "http: TLS handshake error from 192.168.1.23:49906: remote error: tls: bad certificate". I have tried both with and without a tls config.
Here is my tcp config:
tcp:
## routers ##
routers:
# k8s-c1 api-server
k8s-c1-api:
entryPoints:
- k8s
rule: HostSNI(`k8s-c1-api`)
service: k8s-c1-api
middlewares:
- acl-inner
tls:
passthrough: true
k8s-c2-api:
entryPoints:
- k8s
rule: HostSNI(`k8s-c2-api`)
service: k8s-c2-api
middlewares:
- acl-inner
tls:
passthrough: true
k8s-c3-api:
entryPoints:
- k8s
rule: HostSNI(`k8s-c3-api`)
service: k8s-c3-api
middlewares:
- acl-inner
tls:
passthrough: true
## services ##
services:
k8s-c1-api:
loadBalancer:
servers:
- address: 'k8s-c1-m1:6443'
- address: 'k8s-c1-m2:6443'
- address: 'k8s-c1-m3:6443'
k8s-c2-api:
loadBalancer:
servers:
- address: 'k8s-c2-m1:6443'
- address: 'k8s-c2-m2:6443'
- address: 'k8s-c2-m3:6443'
k8s-c3-api:
loadBalancer:
servers:
- address: 'k8s-c3-m1:6443'
- address: 'k8s-c3-m2:6443'
- address: 'k8s-c3-m3:6443'