brash-controller-15153
03/21/2023, 5:04 PMk3s cluster
with a k3s server with public ip
and k3s agents in a private network behind nat (like home net for example)?.
• I opened the udp ports 8472,51820,51821
and tcp ports 6443,10250
in my router for allowing connections to the private ip where the agents are located.
• I also started the agents with the dynamic ip address given from my isp and the server with the public ip address.
but somehow the traefik ingress controller
or the Ingress
is not able to forward the incoming requests from the public url <http://staging.company.org|staging.company.org>
to the agents in my private net.
I also created other agents with public ips
and they are able to serve a whoami
application though <http://staging.company.org|staging.company.org>
but when the load balancer selects the pods running inside the nodes on private net, then it just hangs and any answer comes from the pods.
v1.24.10+k3s1
creamy-pencil-82913
03/21/2023, 5:33 PMbrash-controller-15153
03/21/2023, 6:24 PMiptables v1.8.7 (nf_tables)
so It should be ok.plain-byte-79620
03/22/2023, 11:11 AMbrash-controller-15153
03/22/2023, 11:18 AMplain-byte-79620
03/22/2023, 11:20 AMbrash-controller-15153
03/22/2023, 5:25 PMplain-byte-79620
03/23/2023, 9:32 AMbrash-controller-15153
03/23/2023, 4:19 PMapiVersion: apps/v1
kind: Deployment
metadata:
name: whoami-deployment
spec:
replicas: 1
selector:
matchLabels:
app: whoami
template:
metadata:
labels:
app: whoami
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: <http://kubernetes.io/hostname|kubernetes.io/hostname>
operator: In
values:
- k3sde3
# - k3sde2
# - k3sde3
containers:
- name: whoami
image: traefik/whoami
ports:
- containerPort: 80
resources:
limits:
memory: 256Mi
cpu: "0.5"
requests:
memory: 20Mi
cpu: "0.1"
---
# whoami Service
apiVersion: v1
kind: Service
metadata:
name: whoami-service
spec:
selector:
app: whoami
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
---
# whoami Ingress
apiVersion: <http://networking.k8s.io/v1|networking.k8s.io/v1>
kind: Ingress
metadata:
name: whoami-ingress
annotations:
<http://cert-manager.io/cluster-issuer|cert-manager.io/cluster-issuer>: "letsencrypt-staging"
spec:
tls:
- hosts:
- <http://staging.staging-buky.co|staging.staging-buky.co>
secretName: staging-co
rules:
- host: <http://staging.staging-buky.co|staging.staging-buky.co>
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: whoami-service
port:
name: http
plain-byte-79620
03/23/2023, 4:23 PMbrash-controller-15153
03/23/2023, 4:41 PMplain-byte-79620
03/23/2023, 4:53 PMbrash-controller-15153
03/23/2023, 5:15 PMcreamy-pencil-82913
03/23/2023, 5:31 PMbrash-controller-15153
03/23/2023, 7:28 PMwireguard
on the k3sserver
and on the k3sagents
in order to make it work. I also had to apply the port forwarding rules in my AirPort Express
for the known portscreamy-pencil-82913
03/23/2023, 8:04 PM