This message was deleted.
# generala
adamant-kite-43734
09/07/2023, 5:39 PMThis message was deleted.
c
creamy-pencil-82913
09/07/2023, 6:55 PMyou need to either use a load-balancer that supports websockets, or use ACE to bypass the loadbalancer and talk directly to the downstream cluster.
m
many-zebra-31494
09/07/2023, 7:01 PMok was getting the sense I may need to go the ACE route
many-zebra-31494
09/07/2023, 7:02 PMI’m attempting to route through the NLB on a non-standard port for the kubectl connection in order to work around AWS limitations but not sure if that’ll work
many-zebra-31494
09/07/2023, 7:03 PMdo you happen to know of a way to debug kubectl errors like
couldn't get current server API group list: the server rejected our request for an unknown reasonmany-zebra-31494
09/07/2023, 7:05 PMa found it - adding
-v=9many-zebra-31494
09/07/2023, 7:12 PMI’m seeing that once I get a connection to the rancher server I’m being redirected to a port
30443many-zebra-31494
09/07/2023, 7:19 PMwhich keeps redirecting to itself until failure
many-zebra-31494
09/07/2023, 7:20 PMany idea what this redirect is?
c
creamy-pencil-82913
09/07/2023, 7:30 PMno; is that coming from your LB?
m
many-zebra-31494
09/07/2023, 7:36 PMI don’t believe so but I’ll try to track it down (I assumed it was rancher)
Copy code
I0907 12:29:38.399065 46699 round_trippers.go:553] GET https://****:30456/k8s/clusters/c-***/api?timeout=32s 302 Found in 68 milliseconds
I0907 12:29:38.399114 46699 round_trippers.go:570] HTTP Statistics: GetConnection 0 ms ServerProcessing 67 ms Duration 68 ms
I0907 12:29:38.399128 46699 round_trippers.go:577] Response Headers:
I0907 12:29:38.399144 46699 round_trippers.go:580] Location: https://*****:30443/k8s/clusters/c-***/api?timeout=32s
I0907 12:29:38.399159 46699 round_trippers.go:580] Date: Thu, 07 Sep 2023 19:29:38 GMT
I0907 12:29:38.399174 46699 round_trippers.go:580] Content-Length: 101
I0907 12:29:38.399187 46699 round_trippers.go:580] Content-Type: text/html; charset=utf-8many-zebra-31494
09/07/2023, 7:36 PMeg I don’t have any rules in the LB that would redirect to that port
c
creamy-pencil-82913
09/07/2023, 7:37 PMdid you properly configure the server URL in Rancher?
creamy-pencil-82913
09/07/2023, 7:37 PMDid you tell it what its URL is, or is it still using the default?
creamy-pencil-82913
09/07/2023, 7:38 PMit sounds like it thinks its at
https://****:30456creamy-pencil-82913
09/07/2023, 7:38 PMIs your load-balancer rewriting requests so that the request URIs that are hitting rancher show the actual backend address and port, instead of the LB address and port?
m
many-zebra-31494
09/07/2023, 7:39 PMwe have rancher available at a fqdn on via AWS ALB with ssl termination which works
many-zebra-31494
09/07/2023, 7:40 PMbut perhaps my attempt to route through a non-standard port for kubectl is flawed conceptually
many-zebra-31494
09/07/2023, 7:40 PMthese ports are being proxied from 30456 to 80 in the rancher docker setup
many-zebra-31494
09/07/2023, 7:43 PMI think I may just have to go the ACE route as AWS is limiting what I can do via their load balancers/global accelerator rules
c
creamy-pencil-82913
09/07/2023, 7:54 PMwe run Rancher thought ELBs all the time, are you doing something weird with an ALB or something?
m
many-zebra-31494
09/07/2023, 7:58 PMyah we’re using an ALB for our applications with Global Accelerator in front of that
many-zebra-31494
09/07/2023, 7:59 PMwe also have an NLB for non http/https traffic since the ALB doesn’t support that
c
creamy-pencil-82913
09/07/2023, 7:59 PMyou might use an NLB in front of Rancher, instead of ALB.
creamy-pencil-82913
09/07/2023, 7:59 PMI don’t think we’ve tested it with ALB
m
many-zebra-31494
09/07/2023, 8:00 PMI think the issue I’m running into is that I can’t use the normal 80/443 ports in both the ALB and NLB - global accelerator doesn’t allow that
many-zebra-31494
09/07/2023, 8:00 PMso I’m attempting to use a non-standard port that I route through the NLB to the rancher instance
many-zebra-31494
09/07/2023, 8:01 PMfwiw everything works via the ALB except for
kubectl exec31 Views