So i have been playing with this over the last 6 months or so, and just spent about 3 days with the latest blog posts and versions of everything.
Latest of all software as of July 2021....
I have metallb and traefik installed pulling TLS from cloudflare.
When spun up everything works except one very small issue.
The metallb issues an IP (alternates between public ip group and private ip group in config. This is small issue, we want to specify which pool to draw from).
The traefik will route either web or websecure entries no problem. If websecure trafefik and cloudflare issue the correct cert and all good except everything must go through the external IP on the traefik service.
So the root question is; Can we use the metallb to issue new loadbalancer services and then have them route to the same traefik instance and all will have different IPs. Some external some private
traefik is in traefik namespace. metallb in metallb-system namespace. We are working in default namespace.
Step 1 - Deploy
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: nginx
name: nginx-full
spec:
replicas: 1
selector:
matchLabels:
run: nginx-main-full
template:
metadata:
labels:
run: nginx-main-full
spec:
containers:
- image: nginx
name: nginx
ports:
- containerPort: 80
Step 2 is the expose below.
This WORKS just fine. But everything is going through one external IP on the traefik service.
k expose deploy nginx-full --port 80
When I do this by using (does not work);
kubectl expose deploy nginx-full --type=LoadBalancer --port 80,443
Everything looks correct. A new service appears with a new IP. The route appears in the dashboard. nothing really in logs. But the website never responds. It's like the router is not getting to the end service.
Step 3 (for both services)(note: we own local.dev so this generates valid cert for us)
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nginx-deploy-full
spec:
entryPoints:
- websecure
routes:
- match: Host(`full-priv.local.dev`)
kind: Rule
services:
- name: nginx-full
port: 80
tls:
certResolver: letsencrypt
Thoughts? I'm guessing it is something incredibly simple that I have missed somewhere.
Much thanks.....