This message was deleted.
# k3sa
adamant-kite-43734
08/14/2022, 10:33 PMThis message was deleted.
✅ 1
k
kind-nightfall-56861
08/15/2022, 10:54 AMActually it seems to work identical if I don't use Ingress at all.
b
brash-furniture-43577
08/15/2022, 2:03 PMcan you post the yaml configs of the service and ingress? the service could be clusterip instead of nodeport too
k
kind-nightfall-56861
08/15/2022, 2:09 PMThat I can do 🙂
kind-nightfall-56861
08/15/2022, 2:12 PMif you'd like the deployment too, lmk. But it uses a private dockerhub, so you won't be able to test.
kind-nightfall-56861
08/15/2022, 2:14 PMBut the config in Rancher shows this;
kind-nightfall-56861
08/15/2022, 2:16 PMnginx for this specific app is the following.
But I have tried a different component as well, which uses this more expanded config:
b
brash-furniture-43577
08/15/2022, 3:07 PMI think your deployment and app are probably fine if it's working on the exposed nodeport, did you check the ingress controllers logs?
🙌 1
k
kind-nightfall-56861
08/15/2022, 3:38 PMnot sure how I can identify the ingress controller, it's not a deployment, job or daemonset from what I can see. I'm not sure if it's the traefik pod that runs at kube-system, but that pod shows LoadBalancing.
b
brash-furniture-43577
08/15/2022, 3:40 PMthe default one is traefik under kube-system namespace, not sure if rancher deploys something different though, here is a k3d cluster
Copy code
➜ kubectl get all -n kube-system
NAME READY STATUS RESTARTS AGE
pod/coredns-d76bd69b-k67wh 1/1 Running 0 4d18h
pod/helm-install-traefik-7khmm 0/1 Completed 1 4d18h
pod/helm-install-traefik-crd-rvxh5 0/1 Completed 0 4d18h
pod/local-path-provisioner-6c79684f77-4t84v 1/1 Running 0 4d18h
pod/metrics-server-7cd5fcb6b7-hq7m9 1/1 Running 0 4d18h
pod/svclb-traefik-392a46b3-r49ps 2/2 Running 1 (4d18h ago) 4d18h
pod/svclb-traefik-392a46b3-x2frx 2/2 Running 0 4d18h
pod/svclb-traefik-392a46b3-xlfxx 2/2 Running 0 4d18h
pod/traefik-df4ff85d6-vghwk 1/1 Running 0 4d18h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kube-dns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP,9153/TCP 4d18h
service/metrics-server ClusterIP 10.43.198.135 <none> 443/TCP 4d18h
service/traefik LoadBalancer 10.43.124.45 172.28.0.3,172.28.0.4,172.28.0.5 80:31144/TCP,443:32402/TCP 4d18h
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/svclb-traefik-392a46b3 3 3 3 3 3 <none> 4d18h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/coredns 1/1 1 1 4d18h
deployment.apps/local-path-provisioner 1/1 1 1 4d18h
deployment.apps/metrics-server 1/1 1 1 4d18h
deployment.apps/traefik 1/1 1 1 4d18h
NAME DESIRED CURRENT READY AGE
replicaset.apps/coredns-d76bd69b 1 1 1 4d18h
replicaset.apps/local-path-provisioner-6c79684f77 1 1 1 4d18h
replicaset.apps/metrics-server-7cd5fcb6b7 1 1 1 4d18h
replicaset.apps/traefik-df4ff85d6 1 1 1 4d18h
NAME COMPLETIONS DURATION AGE
job.batch/helm-install-traefik 1/1 26s 4d18h
job.batch/helm-install-traefik-crd 1/1 23s 4d18hk
kind-nightfall-56861
08/15/2022, 3:54 PMRebooted deleted many kube-system, cattle-fleet-system pods so they would be recreated, and all pods and services seem to be in a valid running state atm.
So that was a partial problem it seems. Sadly I'm atm getting a Bad Gateway on the webapp atm. So not yet done 😞
kind-nightfall-56861
08/15/2022, 3:55 PM Copy code
lt.kraken@draco:~ $ kubectl get all -n kube-system
NAME READY STATUS RESTARTS AGE
pod/helm-install-traefik-crd-wlvx4 0/1 Completed 0 15d
pod/helm-install-traefik-mmz4c 0/1 Completed 1 15d
pod/coredns-c69bc6c8c-qvcbx 1/1 Running 0 24m
pod/local-path-provisioner-6c79684f77-cpbhg 1/1 Running 0 23m
pod/traefik-df4ff85d6-czwpd 1/1 Running 0 23m
pod/metrics-server-7cd5fcb6b7-5qth6 1/1 Running 0 23m
pod/svclb-traefik-c339aa1a-lcsn4 2/2 Running 0 7m27s
pod/svclb-traefik-c339aa1a-6lq55 2/2 Running 0 7m17s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kube-dns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP,9153/TCP 15d
service/metrics-server ClusterIP 10.43.251.145 <none> 443/TCP 15d
service/traefik LoadBalancer 10.43.101.241 192.168.2.150,192.168.2.151 80:30270/TCP,443:32177/TCP 15d
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/svclb-traefik-c339aa1a 2 2 2 2 2 <none> 15d
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/coredns 1/1 1 1 15d
deployment.apps/metrics-server 1/1 1 1 15d
deployment.apps/local-path-provisioner 1/1 1 1 15d
deployment.apps/traefik 1/1 1 1 15d
NAME DESIRED CURRENT READY AGE
replicaset.apps/coredns-d76bd69b 0 0 0 15d
replicaset.apps/coredns-c69bc6c8c 1 1 1 24m
replicaset.apps/metrics-server-7cd5fcb6b7 1 1 1 15d
replicaset.apps/local-path-provisioner-6c79684f77 1 1 1 15d
replicaset.apps/traefik-df4ff85d6 1 1 1 15d
NAME COMPLETIONS DURATION AGE
job.batch/helm-install-traefik-crd 1/1 53s 15d
job.batch/helm-install-traefik 1/1 59s 15dkind-nightfall-56861
08/15/2022, 4:00 PMAh nvm, the latter was because my NodePort already configured an HTTPS port, but I didn't actually supply a certificate and valid SSL configuration for it. Once I deleted the 443 port from the NodePort, it worked like a charm
❤️ 1
kind-nightfall-56861
08/15/2022, 4:02 PMDo you happen to know how to configure SSL ports for Angular / .NET 6 WebApi's ?? My Dockerfile uses an nginx.conf supplied by the repository itself
kind-nightfall-56861
08/15/2022, 4:02 PMI've looked into certbot, but to no avail so far
b
brash-furniture-43577
08/15/2022, 4:04 PMyou'd want to offload it somewhere else, not in that container
so something like certmanager with LE certs that integrates with traefik, or maybe it's something cloudflare could help with, I'm not sure.
My preference is to have my cloud loadbalancer terminate ssl and then forward unencrypted traffic to my cluster
🙇 1
brash-furniture-43577
08/15/2022, 4:05 PMyou'll find lots of info online though with certmanager in k8s
k
kind-nightfall-56861
08/15/2022, 4:05 PMAight, thank you 😄 And thanks for your help
kind-nightfall-56861
08/15/2022, 7:45 PMIf anyone ever needs to know how to set up TLS certs for your websites; I used this guide to set up cert-manager. https://opensource.com/article/20/3/ssl-letsencrypt-k3s
But since it's outdated, just make sure you're using the latest versions.
• v1.9.1 instead of v0.11.0
• cert-manager.io/v1 instead of cert-manager.io/v1alpha2
• networking.k8s.io/v1 instead of networking.k8s.io/v1beta1
◦ With this upgrade also comes a change in the path configuration, see screenshot below for a correct config.
s
square-engine-61315
08/16/2022, 11:53 AMNice! I also went through this a few months ago. I made notes for future reference. Let me see if I can find them...
square-engine-61315
08/16/2022, 11:55 AMHere are my notes on getting cert-manager going, from a few months ago.
There are three certificate issuers here:
• production LetsEncrypt, for public production stuff
• staging LetsEncrypt, for public testing stuff
• custom certificate authority, for non-public testing stuff
14 Views