This message was deleted.
# generala
adamant-kite-43734
06/01/2023, 7:43 AMThis message was deleted.
c
creamy-pencil-82913
06/01/2023, 8:23 AMrancher doesn’t expose a service directly, it uses Ingress routing. You should configure your ingress (rke2-ingress-nginx by default) to use the correct service type.
creamy-pencil-82913
06/01/2023, 8:26 AMI will also say that many folks consider exposing the cluster network directly to things outside the cluster to be an anti-pattern, even though cilium does allow it. IMO, using LoadBalancer Services and Ingress routing as the choke point for traffic into your cluster gives you better control over things.
k
kind-air-74358
06/01/2023, 8:30 AMThank you for your reply, so if I understand it correctly, I can configure rke2-ingress-nginx to create a LoadBalancer Service based on the configured Ingresses. And then using Cilium to announce some IP’s for that (based on a specific pool). In this case I still can use the Ingress created by Rancher, but only a Service Type LoadBAlancer is creeated (instead of the ClusterIP currently)?
c
creamy-pencil-82913
06/01/2023, 8:33 AMno. You use a Service to reach ingress-nginx. ingress-nginx reads the Ingress resources managed by Rancher and knows how to route requests to the Rancher service within the cluster.
k
kind-air-74358
06/01/2023, 8:34 AMAh yes I understand. So fixing actually the RKE2 ingress-nginx instead of looking to Rancher
c
creamy-pencil-82913
06/01/2023, 8:34 AMService is L3, Ingress is L7. The Service gets traffic to the ingress controller, the ingress controller routes the http requests to the correct backend.
k
kind-air-74358
06/01/2023, 8:35 AMThank you for your reply 🙂
118 Views