How can inbound traffic be routed exclusively to the current node's Traefik pod?

[Arc-2023]

Currently, I have the following requirements:
Two nodes: node1 and node2
Services are running on node1, and Traefik's pod is running on node2, both with serviceLB enabled.
I want to achieve: when traffic passes through node1 or node2, I want the Traefik on the current node to exclusively handle inbound traffic on that node, rather than on other nodes (if there is no Traefik pod scheduled to the current node, the request should result in an error).
However, when both nodes have Traefik and serviceLB enabled, all requests are load-balanced before entering Traefik, and then evenly distributed to each Traefik pod (since the nodes in the cluster are in different networks, this leads to bandwidth and latency issues).
I understand that the service of type LoadBalancer in Kubernetes can specify externaltrafficpolicy and internaltrafficpolicy as Local. However, this still does not solve the problem.

there is the configuration of loadbalancer:

apiVersion: v1
kind: Service
metadata:
  name: traefik
spec:
  type: LoadBalancer
  selector:
    app: traefik
  externalTrafficPolicy: Local
  internalTrafficPolicy: Local
  ports:
    - protocol: TCP
      port: 80
      name: web80
      targetPort: 80
    - protocol: TCP
      port: 443
      name: https
      targetPort: 443
    - protocol: TCP
      port: 21115
      name: hbbs-1
    - protocol: TCP
      port: 21116
      name: hbbs-2
    - protocol: UDP
      port: 21116
      name: hbbs-3
    - protocol: TCP
      port: 21117
      name: hbbr-1
    - protocol: UDP
      port: 3478
      name: derper

[au2001]

I want to achieve: when traffic passes through node1 or node2, I want the Traefik on the current node to exclusively handle inbound traffic on that node, rather than on other nodes (if there is no Traefik pod scheduled to the current node, the request should result in an error).

So... no load balancing at all?
What you want is a Service of kind NodePort to expose Traefik directly

[Arc-2023]

I want to achieve: when traffic passes through node1 or node2, I want the Traefik on the current node to exclusively handle inbound traffic on that node, rather than on other nodes (if there is no Traefik pod scheduled to the current node, the request should result in an error).

So... no load balancing at all? What you want is a Service of kind NodePort to expose Traefik directly

well, it's not a convinent way to use node port to expose traefik's service.
to this problem, using the giving configuration can make an effect:

externaltrafficpolicy: Cluster
internaltrafficpolicy: Local

from now on, the traffic is only taken by local traefik pod , load balancing is handled by traefik, not serviceLB

i wonder why externaltrafficpolicy should be false, and why does this truth value affect the behavior of internal traffic policy: even if the internal traffic policy is set to local, load balancing still occurs before Traefik?

[l2dy]

I want to achieve: when traffic passes through node1 or node2, I want the Traefik on the current node to exclusively handle inbound traffic on that node, rather than on other nodes (if there is no Traefik pod scheduled to the current node, the request should result in an error).

So... no load balancing at all? What you want is a Service of kind NodePort to expose Traefik directly

I want to achieve the same thing, i.e. exposing port 80 and 443 on the host network, but NodePort exposes a different set of ports instead.

well, it's not a convinent way to use node port to expose traefik's service. to this problem, using the giving configuration can make an effect:

externaltrafficpolicy: Cluster
internaltrafficpolicy: Local

from now on, the traffic is only taken by local traefik pod , load balancing is handled by traefik, not serviceLB

Thanks for the example. The behavior is so weird, but at least there is a workaround for it.

I'd like to add that for my cluster it only works when the node has an external IP. If I remove the external IP from a node, requests sent to that node's internal IP at port 443 become randomly distributed to all Traefik pods again.

[manuelbuil]

I'd like to add that for my cluster it only works when the node has an external IP. If I remove the external IP from a node, requests sent to that node's internal IP at port 443 become randomly distributed to all Traefik pods again.

Let me understand one thing. When you use:

externaltrafficpolicy: Cluster
internaltrafficpolicy: Local

If there is an externalIP defined for a node, you can see traffic reaching the local Traefik pod. If there is no externalIP defined, i.e. you get the nodeIP as the externalIP for the Traefik service, traffic gets randomly distributed to all Traefik pods?

[l2dy]

@manuelbuil I'm not sure what you mean by "get the nodeIP as the externalIP", but the other parts are true. BTW, I'm sending requests to the nodeIP both before and after the change.

[manuelbuil]

@manuelbuil I'm not sure what you mean by "get the nodeIP as the externalIP", but the other parts are true. BTW, I'm sending requests to the nodeIP both before and after the change.

If you don't configure the node with an external IP, the service externalIP is the nodeIP