I recently set up a Kubernetes cluster at home to replace my previous setup. I'm currently using Traefik with the Gateway API to manage my apps, which has been working well since I can connect to my network via WireGuard. However, I want to know the best methods to expose my apps externally without requiring a VPN while still keeping everything secure. Should I use a single gateway with multiple entry points, or would it be better to set up a separate gateway or even another instance of Traefik for improved network policy?
2 Answers
At my workplace, we utilize cloudflared tunnels to expose our traffic, but I’m a bit hesitant to use that for my personal home network. Just keep in mind that when using Cloudflare, TLS gets terminated at the edge, so make sure that fits your security needs.
I’ve used Pangolin with the Newt Helm chart for external access, and it went smoothly. For anything internal, I just stick with cert-manager alongside Traefik ingress. Just a thought on that!
I’m not familiar with Pangolin, but it looks like it's more of a VPN solution, right? I’m hoping to avoid using a VPN for this.