Traefik
Although k3s comes with Traefik v2 I switched to v3 to get full support for the Kubernetes Gateway API and HTTPRoute/TCPRoute functionality
The default traefik-gateway is only used by Longhorn for the frontend.
Homelab-Gateway
All my apps connect via a self-deployed gateway that allows access from outside
the homelab namespace via selector. Certificates are handled via
cert-manager .
gateway.yaml
[...]
spec:
gatewayClassName: traefik
listeners:
- allowedRoutes:
namespaces:
from: Selector
selector:
matchLabels:
homelab-access: "true"
[...]| Section | Port | Protocol | Cert (if TLS) |
|---|---|---|---|
| web | 80 | HTTP | N/A |
| websecure | 443 | HTTPS | wildcard-leechpepin-tls |
| postgres | 5432 | TCP | N/A |
| redis | 6379 | HTTP | N/A |
| ollama | 11434 | HTTPS | wildcard-leechpepin-tls |
| forgejo-ssh | 2222 | TCP | N/A |
| minio | 9000 | HTTPS | wildcard-leechpepin-tls |