Gitea on Kubernetes - Git SSH behind same Ingress #768
-
Has anyone tried and if so could I get an explanation on how to use the default Traefik ingress for both http(s) and ssh on port 22? I don't want to use another LB just for Git SSH since it's costly and would be impractical to have different IPs. I found these resources: |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
@aleksasiriski I've asked a good AI friend of mine, here's what she says. Traefik TCP Routing.You:Hello, I'm using traefik on k3s, how to use the default Traefik ingress for both http(s) and ssh on port 22? I don't want to use another LB just for Git SSH since it's costly and would be impractical to have different IPs. ChatGPT:Traefik does not support TCP traffic by default, which means it cannot be used to load balance SSH traffic on port 22 without additional configuration. However, you can enable TCP support and configure Traefik to route both HTTP(s) and SSH traffic. Here's a step-by-step guide to enable TCP routing in Traefik for k3s:
Edit the Traefik Helm values.yaml file or create a new one and add the following lines to enable TCP support: additionalArguments:
- "--entrypoints.tcp=true"
Expose the ports you want to use for both HTTP(s) and SSH traffic. In this example, we'll use 80, 443, and 22: ports:
web:
expose: true
port: 80
websecure:
expose: true
port: 443
ssh:
expose: true
port: 22
protocol: TCP
Define the entry points for the exposed ports: entryPoints:
web:
address: ":80"
websecure:
address: ":443"
ssh:
address: ":22"
Use the
Create a Kubernetes IngressRoute resource for your HTTP(s) services as you normally would. Here's an example: apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: my-http-service
spec:
entryPoints:
- web
routes:
- match: Host(`example.com`)
kind: Rule
services:
- name: my-http-service
port: 80
Create a Kubernetes TCP Router resource to route the SSH traffic: apiVersion: traefik.containo.us/v1alpha1
kind: TCPRouter
metadata:
name: my-ssh-router
spec:
entryPoints:
- ssh
routes:
- match: HostSNI(`*`)
services:
- name: my-ssh-service
port: 22
Deploy your HTTP(s) and SSH services to your k3s cluster. Make sure the service names and ports match the ones defined in your IngressRoute and TCP Router resources. With this configuration, Traefik should route both HTTP(s) and SSH traffic to the appropriate services. The HTTP(s) traffic will be routed based on the domain name, while the SSH traffic will be routed based on the SNI value. |
Beta Was this translation helpful? Give feedback.
@aleksasiriski I've asked a good AI friend of mine, here's what she says.
Traefik TCP Routing.
You:
Hello, I'm using traefik on k3s, how to use the default Traefik ingress for both http(s) and ssh on port 22? I don't want to use another LB just for Git SSH since it's costly and would be impractical to have different IPs.
ChatGPT:
Traefik does not support TCP traffic by default, which means it cannot be used to load balance SSH traffic on port 22 without additional configuration. However, you can enable TCP support and configure Traefik to route both HTTP(s) and SSH traffic.
Here's a step-by-step guide to enable TCP routing in Traefik for k3s:
Edit the Tra…