This message was deleted.
# k3s
a
This message was deleted.
1
k
Actually it seems to work identical if I don't use Ingress at all.
b
can you post the yaml configs of the service and ingress? the service could be clusterip instead of nodeport too
k
That I can do 🙂
if you'd like the deployment too, lmk. But it uses a private dockerhub, so you won't be able to test.
But the config in Rancher shows this;
nginx for this specific app is the following. But I have tried a different component as well, which uses this more expanded config:
b
I think your deployment and app are probably fine if it's working on the exposed nodeport, did you check the ingress controllers logs?
🙌 1
k
not sure how I can identify the ingress controller, it's not a deployment, job or daemonset from what I can see. I'm not sure if it's the traefik pod that runs at kube-system, but that pod shows LoadBalancing.
b
the default one is traefik under kube-system namespace, not sure if rancher deploys something different though, here is a k3d cluster
Copy code
➜ kubectl get all -n kube-system
NAME                                          READY   STATUS      RESTARTS        AGE
pod/coredns-d76bd69b-k67wh                    1/1     Running     0               4d18h
pod/helm-install-traefik-7khmm                0/1     Completed   1               4d18h
pod/helm-install-traefik-crd-rvxh5            0/1     Completed   0               4d18h
pod/local-path-provisioner-6c79684f77-4t84v   1/1     Running     0               4d18h
pod/metrics-server-7cd5fcb6b7-hq7m9           1/1     Running     0               4d18h
pod/svclb-traefik-392a46b3-r49ps              2/2     Running     1 (4d18h ago)   4d18h
pod/svclb-traefik-392a46b3-x2frx              2/2     Running     0               4d18h
pod/svclb-traefik-392a46b3-xlfxx              2/2     Running     0               4d18h
pod/traefik-df4ff85d6-vghwk                   1/1     Running     0               4d18h

NAME                     TYPE           CLUSTER-IP      EXTERNAL-IP                        PORT(S)                      AGE
service/kube-dns         ClusterIP      10.43.0.10      <none>                             53/UDP,53/TCP,9153/TCP       4d18h
service/metrics-server   ClusterIP      10.43.198.135   <none>                             443/TCP                      4d18h
service/traefik          LoadBalancer   10.43.124.45    172.28.0.3,172.28.0.4,172.28.0.5   80:31144/TCP,443:32402/TCP   4d18h

NAME                                    DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
daemonset.apps/svclb-traefik-392a46b3   3         3         3       3            3           <none>          4d18h

NAME                                     READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/coredns                  1/1     1            1           4d18h
deployment.apps/local-path-provisioner   1/1     1            1           4d18h
deployment.apps/metrics-server           1/1     1            1           4d18h
deployment.apps/traefik                  1/1     1            1           4d18h

NAME                                                DESIRED   CURRENT   READY   AGE
replicaset.apps/coredns-d76bd69b                    1         1         1       4d18h
replicaset.apps/local-path-provisioner-6c79684f77   1         1         1       4d18h
replicaset.apps/metrics-server-7cd5fcb6b7           1         1         1       4d18h
replicaset.apps/traefik-df4ff85d6                   1         1         1       4d18h

NAME                                 COMPLETIONS   DURATION   AGE
job.batch/helm-install-traefik       1/1           26s        4d18h
job.batch/helm-install-traefik-crd   1/1           23s        4d18h
k
Rebooted deleted many kube-system, cattle-fleet-system pods so they would be recreated, and all pods and services seem to be in a valid running state atm. So that was a partial problem it seems. Sadly I'm atm getting a Bad Gateway on the webapp atm. So not yet done 😞
Copy code
lt.kraken@draco:~ $ kubectl get all -n kube-system
NAME                                          READY   STATUS      RESTARTS   AGE
pod/helm-install-traefik-crd-wlvx4            0/1     Completed   0          15d
pod/helm-install-traefik-mmz4c                0/1     Completed   1          15d
pod/coredns-c69bc6c8c-qvcbx                   1/1     Running     0          24m
pod/local-path-provisioner-6c79684f77-cpbhg   1/1     Running     0          23m
pod/traefik-df4ff85d6-czwpd                   1/1     Running     0          23m
pod/metrics-server-7cd5fcb6b7-5qth6           1/1     Running     0          23m
pod/svclb-traefik-c339aa1a-lcsn4              2/2     Running     0          7m27s
pod/svclb-traefik-c339aa1a-6lq55              2/2     Running     0          7m17s

NAME                     TYPE           CLUSTER-IP      EXTERNAL-IP                   PORT(S)                      AGE
service/kube-dns         ClusterIP      10.43.0.10      <none>                        53/UDP,53/TCP,9153/TCP       15d
service/metrics-server   ClusterIP      10.43.251.145   <none>                        443/TCP                      15d
service/traefik          LoadBalancer   10.43.101.241   192.168.2.150,192.168.2.151   80:30270/TCP,443:32177/TCP   15d

NAME                                    DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
daemonset.apps/svclb-traefik-c339aa1a   2         2         2       2            2           <none>          15d

NAME                                     READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/coredns                  1/1     1            1           15d
deployment.apps/metrics-server           1/1     1            1           15d
deployment.apps/local-path-provisioner   1/1     1            1           15d
deployment.apps/traefik                  1/1     1            1           15d

NAME                                                DESIRED   CURRENT   READY   AGE
replicaset.apps/coredns-d76bd69b                    0         0         0       15d
replicaset.apps/coredns-c69bc6c8c                   1         1         1       24m
replicaset.apps/metrics-server-7cd5fcb6b7           1         1         1       15d
replicaset.apps/local-path-provisioner-6c79684f77   1         1         1       15d
replicaset.apps/traefik-df4ff85d6                   1         1         1       15d

NAME                                 COMPLETIONS   DURATION   AGE
job.batch/helm-install-traefik-crd   1/1           53s        15d
job.batch/helm-install-traefik       1/1           59s        15d
Ah nvm, the latter was because my NodePort already configured an HTTPS port, but I didn't actually supply a certificate and valid SSL configuration for it. Once I deleted the 443 port from the NodePort, it worked like a charm
❤️ 1
Do you happen to know how to configure SSL ports for Angular / .NET 6 WebApi's ?? My Dockerfile uses an nginx.conf supplied by the repository itself
I've looked into certbot, but to no avail so far
b
you'd want to offload it somewhere else, not in that container so something like certmanager with LE certs that integrates with traefik, or maybe it's something cloudflare could help with, I'm not sure. My preference is to have my cloud loadbalancer terminate ssl and then forward unencrypted traffic to my cluster
🙇 1
you'll find lots of info online though with certmanager in k8s
k
Aight, thank you 😄 And thanks for your help
If anyone ever needs to know how to set up TLS certs for your websites; I used this guide to set up cert-manager. https://opensource.com/article/20/3/ssl-letsencrypt-k3s But since it's outdated, just make sure you're using the latest versions. • v1.9.1 instead of v0.11.0 • cert-manager.io/v1 instead of cert-manager.io/v1alpha2networking.k8s.io/v1 instead of networking.k8s.io/v1beta1 ◦ With this upgrade also comes a change in the path configuration, see screenshot below for a correct config.
s
Nice! I also went through this a few months ago. I made notes for future reference. Let me see if I can find them...
Here are my notes on getting cert-manager going, from a few months ago. There are three certificate issuers here: • production LetsEncrypt, for public production stuff • staging LetsEncrypt, for public testing stuff • custom certificate authority, for non-public testing stuff