08/14/2022, 10:33 PM
Hey, similar to many other people I have given up on hiring a provider to host my software due to cost and limitations. So, a few weeks have I abandoned my webhost and my in-house windows server (powercost) and transfered everything to a Raspberry Pi minicluster. While I'm still in the transition of moving my applications to docker containerizations, I'm already running into a few problems with the software that I did migrate. At the moment the biggest pain in the * is the way Ingress works, and I'm not sure if that's my mistake or a limitation from Ingress. So I'm using Cloudflare as my (proxied) DNS resolver, and Ingress to resolve requested hosts to specific pods. While you'd think it's fine... It's acting kind of weird. 1. My pod has a nodeport, exposing port 80 targetting ports 31199 (Haven't figured out SSL certs yet) 2. Next I have an Ingress setup for my host ( But strangly, when I navigate towards it doesn't work and returns either a Cloudflare error screen or a connection refused error. It only works if I navigate towards the chosen port which buggs me out, I thought that this was one of the things that Ingress should resolve. Does anyone have an idea?
Actually it seems to work identical if I don't use Ingress at all.


08/15/2022, 2:03 PM
can you post the yaml configs of the service and ingress? the service could be clusterip instead of nodeport too


08/15/2022, 2:09 PM
That I can do 🙂
if you'd like the deployment too, lmk. But it uses a private dockerhub, so you won't be able to test.


08/15/2022, 3:07 PM
I think your deployment and app are probably fine if it's working on the exposed nodeport, did you check the ingress controllers logs?
🙌 1


08/15/2022, 3:38 PM
not sure how I can identify the ingress controller, it's not a deployment, job or daemonset from what I can see. I'm not sure if it's the traefik pod that runs at kube-system, but that pod shows LoadBalancing.


08/15/2022, 3:40 PM
the default one is traefik under kube-system namespace, not sure if rancher deploys something different though, here is a k3d cluster
➜ kubectl get all -n kube-system
NAME                                          READY   STATUS      RESTARTS        AGE
pod/coredns-d76bd69b-k67wh                    1/1     Running     0               4d18h
pod/helm-install-traefik-7khmm                0/1     Completed   1               4d18h
pod/helm-install-traefik-crd-rvxh5            0/1     Completed   0               4d18h
pod/local-path-provisioner-6c79684f77-4t84v   1/1     Running     0               4d18h
pod/metrics-server-7cd5fcb6b7-hq7m9           1/1     Running     0               4d18h
pod/svclb-traefik-392a46b3-r49ps              2/2     Running     1 (4d18h ago)   4d18h
pod/svclb-traefik-392a46b3-x2frx              2/2     Running     0               4d18h
pod/svclb-traefik-392a46b3-xlfxx              2/2     Running     0               4d18h
pod/traefik-df4ff85d6-vghwk                   1/1     Running     0               4d18h

NAME                     TYPE           CLUSTER-IP      EXTERNAL-IP                        PORT(S)                      AGE
service/kube-dns         ClusterIP      <none>                             53/UDP,53/TCP,9153/TCP       4d18h
service/metrics-server   ClusterIP   <none>                             443/TCP                      4d18h
service/traefik          LoadBalancer,,   80:31144/TCP,443:32402/TCP   4d18h

NAME                                    DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
daemonset.apps/svclb-traefik-392a46b3   3         3         3       3            3           <none>          4d18h

NAME                                     READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/coredns                  1/1     1            1           4d18h
deployment.apps/local-path-provisioner   1/1     1            1           4d18h
deployment.apps/metrics-server           1/1     1            1           4d18h
deployment.apps/traefik                  1/1     1            1           4d18h

NAME                                                DESIRED   CURRENT   READY   AGE
replicaset.apps/coredns-d76bd69b                    1         1         1       4d18h
replicaset.apps/local-path-provisioner-6c79684f77   1         1         1       4d18h
replicaset.apps/metrics-server-7cd5fcb6b7           1         1         1       4d18h
replicaset.apps/traefik-df4ff85d6                   1         1         1       4d18h

NAME                                 COMPLETIONS   DURATION   AGE
job.batch/helm-install-traefik       1/1           26s        4d18h
job.batch/helm-install-traefik-crd   1/1           23s        4d18h


08/15/2022, 3:54 PM
Rebooted deleted many kube-system, cattle-fleet-system pods so they would be recreated, and all pods and services seem to be in a valid running state atm. So that was a partial problem it seems. Sadly I'm atm getting a Bad Gateway on the webapp atm. So not yet done 😞
lt.kraken@draco:~ $ kubectl get all -n kube-system
NAME                                          READY   STATUS      RESTARTS   AGE
pod/helm-install-traefik-crd-wlvx4            0/1     Completed   0          15d
pod/helm-install-traefik-mmz4c                0/1     Completed   1          15d
pod/coredns-c69bc6c8c-qvcbx                   1/1     Running     0          24m
pod/local-path-provisioner-6c79684f77-cpbhg   1/1     Running     0          23m
pod/traefik-df4ff85d6-czwpd                   1/1     Running     0          23m
pod/metrics-server-7cd5fcb6b7-5qth6           1/1     Running     0          23m
pod/svclb-traefik-c339aa1a-lcsn4              2/2     Running     0          7m27s
pod/svclb-traefik-c339aa1a-6lq55              2/2     Running     0          7m17s

NAME                     TYPE           CLUSTER-IP      EXTERNAL-IP                   PORT(S)                      AGE
service/kube-dns         ClusterIP      <none>                        53/UDP,53/TCP,9153/TCP       15d
service/metrics-server   ClusterIP   <none>                        443/TCP                      15d
service/traefik          LoadBalancer,   80:30270/TCP,443:32177/TCP   15d

NAME                                    DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
daemonset.apps/svclb-traefik-c339aa1a   2         2         2       2            2           <none>          15d

NAME                                     READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/coredns                  1/1     1            1           15d
deployment.apps/metrics-server           1/1     1            1           15d
deployment.apps/local-path-provisioner   1/1     1            1           15d
deployment.apps/traefik                  1/1     1            1           15d

NAME                                                DESIRED   CURRENT   READY   AGE
replicaset.apps/coredns-d76bd69b                    0         0         0       15d
replicaset.apps/coredns-c69bc6c8c                   1         1         1       24m
replicaset.apps/metrics-server-7cd5fcb6b7           1         1         1       15d
replicaset.apps/local-path-provisioner-6c79684f77   1         1         1       15d
replicaset.apps/traefik-df4ff85d6                   1         1         1       15d

NAME                                 COMPLETIONS   DURATION   AGE
job.batch/helm-install-traefik-crd   1/1           53s        15d
job.batch/helm-install-traefik       1/1           59s        15d
Ah nvm, the latter was because my NodePort already configured an HTTPS port, but I didn't actually supply a certificate and valid SSL configuration for it. Once I deleted the 443 port from the NodePort, it worked like a charm
❤️ 1
Do you happen to know how to configure SSL ports for Angular / .NET 6 WebApi's ?? My Dockerfile uses an nginx.conf supplied by the repository itself
I've looked into certbot, but to no avail so far


08/15/2022, 4:04 PM
you'd want to offload it somewhere else, not in that container so something like certmanager with LE certs that integrates with traefik, or maybe it's something cloudflare could help with, I'm not sure. My preference is to have my cloud loadbalancer terminate ssl and then forward unencrypted traffic to my cluster
🙇 1
you'll find lots of info online though with certmanager in k8s


08/15/2022, 4:05 PM
Aight, thank you 😄 And thanks for your help


08/16/2022, 11:53 AM
Nice! I also went through this a few months ago. I made notes for future reference. Let me see if I can find them...