Channels
#k3s
Title
# k3s
k
kind-nightfall-56861
08/14/2022, 10:33 PMHey, similar to many other people I have given up on hiring a provider to host my software due to cost and limitations.
So, a few weeks have I abandoned my webhost and my in-house windows server (powercost) and transfered everything to a Raspberry Pi minicluster.
While I'm still in the transition of moving my applications to docker containerizations, I'm already running into a few problems with the software that I did migrate.
At the moment the biggest pain in the * is the way Ingress works, and I'm not sure if that's my mistake or a limitation from Ingress.
So I'm using Cloudflare as my (proxied) DNS resolver, and Ingress to resolve requested hosts to specific pods.
While you'd think it's fine... It's acting kind of weird.
1. My pod has a nodeport, exposing port 80 targetting ports 31199 (Haven't figured out SSL certs yet)
2. Next I have an Ingress setup for my host (http://preview.krakensoftware.eu)
But strangly, when I navigate towards http://preview.krakensoftware.eu/ it doesn't work and returns either a Cloudflare error screen or a connection refused error. It only works if I navigate towards the chosen port http://preview.krakensoftware.eu:31199/ which buggs me out, I thought that this was one of the things that Ingress should resolve.
Does anyone have an idea?
✅ 1
Actually it seems to work identical if I don't use Ingress at all.
b
brash-furniture-43577
08/15/2022, 2:03 PMcan you post the yaml configs of the service and ingress? the service could be clusterip instead of nodeport too
k
kind-nightfall-56861
08/15/2022, 2:09 PMThat I can do 🙂
if you'd like the deployment too, lmk. But it uses a private dockerhub, so you won't be able to test.
b
brash-furniture-43577
08/15/2022, 3:07 PMI think your deployment and app are probably fine if it's working on the exposed nodeport, did you check the ingress controllers logs?
🙌 1
k
kind-nightfall-56861
08/15/2022, 3:38 PMnot sure how I can identify the ingress controller, it's not a deployment, job or daemonset from what I can see. I'm not sure if it's the traefik pod that runs at kube-system, but that pod shows LoadBalancing.
b
brash-furniture-43577
08/15/2022, 3:40 PMthe default one is traefik under kube-system namespace, not sure if rancher deploys something different though, here is a k3d cluster
Copy code
➜ kubectl get all -n kube-system
NAME READY STATUS RESTARTS AGE
pod/coredns-d76bd69b-k67wh 1/1 Running 0 4d18h
pod/helm-install-traefik-7khmm 0/1 Completed 1 4d18h
pod/helm-install-traefik-crd-rvxh5 0/1 Completed 0 4d18h
pod/local-path-provisioner-6c79684f77-4t84v 1/1 Running 0 4d18h
pod/metrics-server-7cd5fcb6b7-hq7m9 1/1 Running 0 4d18h
pod/svclb-traefik-392a46b3-r49ps 2/2 Running 1 (4d18h ago) 4d18h
pod/svclb-traefik-392a46b3-x2frx 2/2 Running 0 4d18h
pod/svclb-traefik-392a46b3-xlfxx 2/2 Running 0 4d18h
pod/traefik-df4ff85d6-vghwk 1/1 Running 0 4d18h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kube-dns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP,9153/TCP 4d18h
service/metrics-server ClusterIP 10.43.198.135 <none> 443/TCP 4d18h
service/traefik LoadBalancer 10.43.124.45 172.28.0.3,172.28.0.4,172.28.0.5 80:31144/TCP,443:32402/TCP 4d18h
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/svclb-traefik-392a46b3 3 3 3 3 3 <none> 4d18h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/coredns 1/1 1 1 4d18h
deployment.apps/local-path-provisioner 1/1 1 1 4d18h
deployment.apps/metrics-server 1/1 1 1 4d18h
deployment.apps/traefik 1/1 1 1 4d18h
NAME DESIRED CURRENT READY AGE
replicaset.apps/coredns-d76bd69b 1 1 1 4d18h
replicaset.apps/local-path-provisioner-6c79684f77 1 1 1 4d18h
replicaset.apps/metrics-server-7cd5fcb6b7 1 1 1 4d18h
replicaset.apps/traefik-df4ff85d6 1 1 1 4d18h
NAME COMPLETIONS DURATION AGE
job.batch/helm-install-traefik 1/1 26s 4d18h
job.batch/helm-install-traefik-crd 1/1 23s 4d18hk
kind-nightfall-56861
08/15/2022, 3:54 PMRebooted deleted many kube-system, cattle-fleet-system pods so they would be recreated, and all pods and services seem to be in a valid running state atm.
So that was a partial problem it seems. Sadly I'm atm getting a Bad Gateway on the webapp atm. So not yet done 😞
Copy code
lt.kraken@draco:~ $ kubectl get all -n kube-system
NAME READY STATUS RESTARTS AGE
pod/helm-install-traefik-crd-wlvx4 0/1 Completed 0 15d
pod/helm-install-traefik-mmz4c 0/1 Completed 1 15d
pod/coredns-c69bc6c8c-qvcbx 1/1 Running 0 24m
pod/local-path-provisioner-6c79684f77-cpbhg 1/1 Running 0 23m
pod/traefik-df4ff85d6-czwpd 1/1 Running 0 23m
pod/metrics-server-7cd5fcb6b7-5qth6 1/1 Running 0 23m
pod/svclb-traefik-c339aa1a-lcsn4 2/2 Running 0 7m27s
pod/svclb-traefik-c339aa1a-6lq55 2/2 Running 0 7m17s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kube-dns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP,9153/TCP 15d
service/metrics-server ClusterIP 10.43.251.145 <none> 443/TCP 15d
service/traefik LoadBalancer 10.43.101.241 192.168.2.150,192.168.2.151 80:30270/TCP,443:32177/TCP 15d
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/svclb-traefik-c339aa1a 2 2 2 2 2 <none> 15d
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/coredns 1/1 1 1 15d
deployment.apps/metrics-server 1/1 1 1 15d
deployment.apps/local-path-provisioner 1/1 1 1 15d
deployment.apps/traefik 1/1 1 1 15d
NAME DESIRED CURRENT READY AGE
replicaset.apps/coredns-d76bd69b 0 0 0 15d
replicaset.apps/coredns-c69bc6c8c 1 1 1 24m
replicaset.apps/metrics-server-7cd5fcb6b7 1 1 1 15d
replicaset.apps/local-path-provisioner-6c79684f77 1 1 1 15d
replicaset.apps/traefik-df4ff85d6 1 1 1 15d
NAME COMPLETIONS DURATION AGE
job.batch/helm-install-traefik-crd 1/1 53s 15d
job.batch/helm-install-traefik 1/1 59s 15dAh nvm, the latter was because my NodePort already configured an HTTPS port, but I didn't actually supply a certificate and valid SSL configuration for it. Once I deleted the 443 port from the NodePort, it worked like a charm
❤️ 1
Do you happen to know how to configure SSL ports for Angular / .NET 6 WebApi's ?? My Dockerfile uses an nginx.conf supplied by the repository itself
I've looked into certbot, but to no avail so far
b
brash-furniture-43577
08/15/2022, 4:04 PMyou'd want to offload it somewhere else, not in that container
so something like certmanager with LE certs that integrates with traefik, or maybe it's something cloudflare could help with, I'm not sure.
My preference is to have my cloud loadbalancer terminate ssl and then forward unencrypted traffic to my cluster
🙇 1
you'll find lots of info online though with certmanager in k8s
k
kind-nightfall-56861
08/15/2022, 4:05 PMAight, thank you 😄 And thanks for your help
s
square-engine-61315
08/16/2022, 11:53 AMNice! I also went through this a few months ago. I made notes for future reference. Let me see if I can find them...
14 Views