Deploying multiple Traefik Ingresses with LetsEncrypt HTTPS certificates on Kubernetes

As detailed on my first article, I’ve set an architecture for Kubernetes to be as similar to “production” as possible even being run on small ARM boards.

Here I will detail the network where I use Weaveworks Net as the overlay and focus on the LoadBalancer and Ingress controllers.

Network Topology

IP Plan

Network: 192.168.1.0/24
Gateway: 192.168.1.1
DNS: 192.168.1.1 (running dnsmasq on DD-WRT Router)
Router DHCP range: 192.168.1.101 - 192.168.1.200
Reserved: 192.168.1.2 - 192.168.1.15
* 192.168.1.1 - Router
* 192.168.1.3 - Managed Switch
* 192.168.1.4 - RPi3 (media server)
Kubernetes Nodes:
    - Master1: 192.168.1.50
    - Node1: 192.168.1.55
    - Node2: 192.168.1.56
MetalLB CIDR: 192.168.1.16/28
    - 192.168.1.17 - 192.168.1.30
Traefik Internal Ingress IP: 192.168.1.20
Traefik External Ingress IP: 192.168.1.21

As detailed in the architecture above, I’ve deployed two Traefik instances to the cluster. One instance to serve the local requests in the internal wildcard domain managed in my router and another Traefik instance to…