https://rancher.com/ logo
Join Slack
Powered by
I try to have a single ingress entry that will man...
# general
b
I try to have a single ingress entry that will manage 80 and 443. • 80 should be open and redirect traffic to 443 • 443 should be open and use let's encrypt I was unsuccessful doing this. At the end, I've created two ingress controller. http
Copy code
apiVersion: <http://networking.k8s.io/v1|networking.k8s.io/v1>
kind: Ingress
metadata:
  name: main-http
  namespace: demo-hw
  annotations:
    <http://traefik.ingress.kubernetes.io/router.entrypoints|traefik.ingress.kubernetes.io/router.entrypoints>: web
    <http://traefik.ingress.kubernetes.io/router.middlewares|traefik.ingress.kubernetes.io/router.middlewares>: traefik-custom-redirect-to-https-not-permanent@kubernetescrd
spec:
  ingressClassName: traefik
  rules:
  - host: <http://demo-hw.logilibre-vert.ch|demo-hw.logilibre-vert.ch>
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: main
            port:
              number: 8080
https
Copy code
apiVersion: <http://networking.k8s.io/v1|networking.k8s.io/v1>
kind: Ingress
metadata:
  name: main-https
  namespace: demo-hw
  annotations:
    <http://traefik.ingress.kubernetes.io/router.entrypoints|traefik.ingress.kubernetes.io/router.entrypoints>: websecure
    <http://traefik.ingress.kubernetes.io/router.tls.certresolver|traefik.ingress.kubernetes.io/router.tls.certresolver>: default
spec:
  ingressClassName: traefik
  rules:
  - host: <http://demo-hw.logilibre-vert.ch|demo-hw.logilibre-vert.ch>
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: main
            port:
              number: 8080
  tls:
  - hosts:
    - <http://demo-hw.logilibre-vert.ch|demo-hw.logilibre-vert.ch>
Can someone provide me a working example ?
c
what? don’t do that
Do you really mean that you installed two ingress CONTROLLERS?
Or just that you created two ingress RESOURCES?
b
thats what 
kubectl get ingresss
gives !
c
Traefik is an ingress controller. Did you install it twice, or did you just create two ingress resources.
Those are ingress resources. not controllers.
b
I've two ingress resource
c
You know the difference between a resource and a controller right?
b
yes
Copy code
kubectl get ingress
NAME         CLASS     HOSTS                       ADDRESS        PORTS     AGE
main-http    traefik   <http://demo-hw.logilibre-vert.ch|demo-hw.logilibre-vert.ch>   192.168.0.22   80        4d11h
main-https   traefik   <http://demo-hw.logilibre-vert.ch|demo-hw.logilibre-vert.ch>   192.168.0.22   80, 443   4d11h
I'm actually using a fresh install with k3s.
Oh, shit, I must leave my screen. But if you have any good documentation on this topics, I'd love to read them !
c
yes, the traefik docs: https://doc.traefik.io/traefik/routing/providers/kubernetes-ingress/ > 
<http://traefik.ingress.kubernetes.io/router.entrypoints|traefik.ingress.kubernetes.io/router.entrypoints>
 > See entry points for more information. >
Copy code
traefik.ingress.kubernetes.io/router.entrypoints: ep1,ep2
If you want it to use multiple entry points, you should specify both of them in the annotation on the ingress resource. This is covered in the docs.
b
Nope, it wasn't working. As you can read, I do enabled: • let's encrypt certfication managed by traefik • redirection from http to https
s
you can try 
kubectl describe -n demo-hw <your-ingress-resource>
That should give some text summary what is going on with those Ingress-es. The speciality of using the API service and declarative approach is that when you get an "OK" response from kubectl, that only means the API call went through and your request passed local and server-side validations, and stored for future processing. Even if that processing happens the next moment later. If anything goes sideways during the reactions to your manifest creation, there is no channel to get back that error message to the caller. You can get the list of the events, use "describe" on the resources, use "get" on the resources or if its a pod, then you can get the logs and/ or 
kubectl exec -ti
to the pod itself for debugging.
Open in Slack
PreviousNext
Powered by