I've been working with Kubernetes in cloud environments, where accessing multiple services is straightforward due to ample public IPv4 allocations. Now, I'm attempting to transition my Docker containers to a single-node K8s cluster at home. Currently, I run a Traefik container that handles all incoming traffic on port 443, managing routing based on the host header for various service containers.
I'm exploring whether I can use MetalLB to assign internal IPs from my RFC1918 range to different ingresses. However, I still face the limitation of having only one static external IP from my router, which doesn't seem to support HTTP(S) routing at the application level. I considered setting up a single ingress/load balancer for all services, which could route traffic from my router to the associated MetalLB IP, but that puts all services in the same namespace, which I wanted to avoid for better organization.
I'm also toying with the idea of using a VPN setup to secure the cluster, instead of direct exposure. Ultimately, I want to know how others have successfully managed similar setups, potentially with MetalLB and an ingress controller that efficiently routes external traffic based on the host header. I'm curious about alternative software solutions that might simplify this, without straying too far from my existing configurations.
5 Answers
Definitely use Traefik with MetalLB; it can assign a single IP that manages multiple ingresses across different namespaces. Traefik can even handle different certificates for each service, which is a plus. I personally use cert manager with this setup in my homelab.
Traefik is definitely a solid choice! You could also consider using Cloudflare Tunnels, which can create a secure connection from your server to Cloudflare, managing SSL for you. Plus, you would just have to handle DNS through Cloudflare.
You're overthinking it a bit! A load balancer service can be created to direct traffic to an ingress controller like Traefik or Nginx. Just set up one ingress object for each service you want to route through the proxy. This isn't too different from your Docker setup, where all traffic gets pointed at your proxy's IP, and it handles routing internally by hostname or path.
If you own a domain, you could set up a wildcard A record with your external IP and then use ingress rules to route subdomains to various services. This method allows you to use a single wildcard SSL certificate, protecting your setups without exposing everything directly.
Use Traefik to handle the application routing. Instead of one ingress, create multiple ingresses for various addresses you want to route into your cluster. It's just like virtual hosting on a single IP.
Related Questions
How To Get Your Domain Unblocked From Facebook
How To Find A String In a Directory of Files Using Linux