Add additional service for internal IP

[muffl0n]

We're running a private GKE cluster that is reachable via internal IPs (via VPN) as well as via external IPs (via external Loadbalancer). We currently use ingress-nginx where you can configure an additional internal service. See:

• https://github.com/kubernetes/ingress-nginx/blob/master/charts/ingress-nginx/templates/controller-service.yaml
• https://github.com/kubernetes/ingress-nginx/blob/master/charts/ingress-nginx/templates/controller-service-internal.yaml

controller:
  service:
    internal:
      enabled: true
      annotations:
        networking.gke.io/internal-load-balancer-subnet: gke-services
        networking.gke.io/load-balancer-type: Internal
      loadBalancerIP: 10.10.10.10

The benefit is, that we can allow some Ingresses to only be accessible via private IPs.

I could not find a smiliar possibility to do this in Traefik. Am I missing something?

[yogeek]

Hi ! Also interested by this feature. Any update or roadmap please ?

[christidis]

I have ended up applying this Service object manually as the Helm Chart doesn't provide an option for both Internal & External LB. If you need this managed by Helm you should be able to add a template file when installing.

>cat manifests/traefik/lb-internal.yaml 
apiVersion: v1
kind: Service
metadata:
  annotations:
    networking.gke.io/load-balancer-type: "Internal"
    networking.gke.io/internal-load-balancer-subnet: "int-01"
    networking.gke.io/internal-load-balancer-allow-global-access: "true"
  name: traefik-internal
  namespace: traefik
spec:
  externalTrafficPolicy: Cluster
  loadBalancerIP: 10.2.8.2
  ports:
    - name: web
      port: 80
      protocol: TCP
      targetPort: web
    - name: websecure
      port: 443
      protocol: TCP
      targetPort: websecure
  selector:
    app.kubernetes.io/instance: traefik
    app.kubernetes.io/name: traefik
  sessionAffinity: None
  type: LoadBalancer