I'm running a bare-metal Kubernetes cluster with Traefik and Metallb in L2 mode. I set Metallb svc's externalTrafficPolicy=Local to preserve source IPs as described here. That works, but now I can't access ingresses by their external dns names from inside the cluster.
My guess is that's because ipvs creates an interface with the external ip assigned to Traefik LB on every node. So when I try to send a request to the external dns name Traefik is supposed to serve from a pod the node sends it to it's local interface where nobody is listening on (instead of forwaring the request to the node running the endpoint of the service as it would with externalTrafficPolicy=Cluster).
I was able to work around that by turning my Traefik into a daemonset. That way a request from any pod gets served by a Traefik instance running on the same node. That seems redundant, though. Is there any better way to preserve source IPs with Metallb?
