https://rancher.com/ logo
Title
l

lively-zoo-40381

04/03/2023, 10:56 AM
Hello, I came across this issue and need your help, I’ve set up Harvester v1.1.1 and registered it in Rancher, 2.7.1 then I provisioned a new RKE cluster, using Harvester. Harvester created the VMs, deployed masters and workers according to the pools I specified, and the cluster was created successfully. Then I added an additional pool for ingress (I made sure to disable the built-in ingress during the cluster creation) and deployed ingress using Flux and Helm The ingress pod is running (with node selector and taints for the ingress pool) and there are no errors. However I’m not able to access the ingress service in 443/80 or any other port beside 22. It seems that the ip 192.168.226.X which is the VM ip on which the ingress is running only opened to TCP 22 (SSH) I should mention that Linkerd is also installed but I see the same issue without Linkerd. the ingress ports are not exposed. I expected that if I will curl “http://192.168.226.x” then I’ll get 404 but the port is not even opened. What am i missing here ? I should also mentioned that without Harvester, same RKE + ingress + Linkerd works fine for me
r

refined-analyst-8898

04/05/2023, 12:21 PM
The VM network could be a factor. It sounds like you're using the Harvester node driver/cloud provider with an RKE1 or RKE2 guest cluster. With some VM network configurations, I found it convenient to use Harvester's built-in LoadBalancer (cloud) provider. This is simply a Service resource with type=LoadBalancer. Harvester will provision a LB with an external IP from the "node-pool" you configure in Harvester settings. Here's what mine looks like that I created for the Ingress controllers running across my guest cluster in order to expose them with a Harvester-provisioned LB.
apiVersion: v1
kind: Service
metadata:
  annotations:
    <http://field.cattle.io/publicEndpoints|field.cattle.io/publicEndpoints>: '[{"addresses":["192.168.1.203"],"port":80,"protocol":"TCP","serviceName":"kube-system:ingress-nginx-loadbalancer","allNodes":false},{"addresses":["192.168.1.203"],"port":443,"protocol":"TCP","serviceName":"kube-system:ingress-nginx-loadbalancer","allNodes":false}]'
    <http://kubectl.kubernetes.io/last-applied-configuration|kubectl.kubernetes.io/last-applied-configuration>: |
      {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"ingress-nginx-loadbalancer","namespace":"kube-system"},"spec":{"ports":[{"name":"http","port":80,"protocol":"TCP","targetPort":80},{"name":"https","port":443,"protocol":"TCP","targetPort":443}],"selector":{"<http://app.kubernetes.io/name|app.kubernetes.io/name>":"rke2-ingress-nginx"},"type":"LoadBalancer"}}
  creationTimestamp: "2023-03-28T03:08:19Z"
  finalizers:
  - <http://service.kubernetes.io/load-balancer-cleanup|service.kubernetes.io/load-balancer-cleanup>
  name: ingress-nginx-loadbalancer
  namespace: kube-system
  resourceVersion: "14807"
  uid: 3e1e39e1-e1a0-4082-8fd6-72d0bf70fa42
spec:
  allocateLoadBalancerNodePorts: true
  clusterIP: 10.43.206.41
  clusterIPs:
  - 10.43.206.41
  externalTrafficPolicy: Cluster
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: http
    nodePort: 30001
    port: 80
    protocol: TCP
    targetPort: 80
  - name: https
    nodePort: 30598
    port: 443
    protocol: TCP
    targetPort: 443
  selector:
    <http://app.kubernetes.io/name|app.kubernetes.io/name>: rke2-ingress-nginx
  sessionAffinity: None
  type: LoadBalancer
status:
  loadBalancer:
    ingress:
    - ip: 192.168.1.203