英文:
Problem setting up an ingress traefik to be able to reach host port 8888 with k3d, argocd and a docker app
问题
我面临着为Traefik配置Ingress的问题。
设计很简单:
我希望能够通过CI/CD流程与ArgoCD和一个简单的Docker应用程序从主机访问端口8888和8080,所有这些都嵌入在使用k3d创建的集群中。我认为最简单的方法是执行类似于以下的命令:
k3d cluster create -p 8888:8888@loadbalancer -p 8080:80@loadbalancer
我已经安装了我需要的一切(ArgoCD CLI、kubectl...),并为应用程序和ArgoCD定义了一个“简单”的Ingress。
对于ArgoCD:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argocd-ingress
namespace: argocd
annotations:
ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- host: argocd.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: argocd-server
port:
number: 80
对于应用程序:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wil-app-ingress
namespace: dev
annotations:
ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- host: localhost
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: wil-app-svc
port:
number: 8888
对于ArgoCD,似乎一切都运行得很好:我能够访问UI,连接到它等等。
但对于应用程序,我什么都做不了。
事实上,如果我尝试在localhost:8888上使用curl,我会得到这个响应:
empty reply from server
当我尝试了解Ingress是如何定义的时,我得到了这个:
john@doe:~$ kubectl describe ing wil-app-ingress -n dev
Name: wil-app-ingress
Labels: <none>
Namespace: dev
Address: 172.18.0.2
Ingress Class: traefik
Default backend: <default>
Rules:
Host Path Backends
---- ---- --------
localhost
/ wil-app-svc:8888 (10.42.0.17:8888)
Annotations: ingress.kubernetes.io/ssl-redirect: false
Events: <none>
john@doe:~$ kubectl describe ing argocd-ingress -n argocd
Name: argocd-ingress
Labels: <none>
Namespace: argocd
Address: 172.18.0.2
Ingress Class: traefik
Default backend: <default>
Rules:
Host Path Backends
---- ---- --------
argocd.local
/ argocd-server:80 (10.42.0.16:8080)
Annotations: ingress.kubernetes.io/ssl-redirect: false
Events: <none>
综合来看:
john@doe:~$ kubectl get ing --all-namespaces
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
argocd argocd-ingress traefik argocd.local 172.18.0.2 80 16m
dev wil-app-ingress traefik localhost 172.18.0.2 80 14m
似乎Traefik指向了两个Ingress的端口80。如果我删除ArgoCD的Ingress,然后使用curl访问localhost:8080,我能够访问应用程序!就好像Traefik将所有流量重定向到相同的端口(这里是主机上的80和8080)。
我在Kubernetes中是新手,无法理解为什么会出现这个问题。如果我对某些概念使用了错误的术语,请原谅,我是一个初学者,这很复杂。
有人可以解释一下为什么会出现这个问题吗?我认为可能与Traefik及其基本行为有关,但我找不到关于这个问题的清晰解释。谢谢!
英文:
I'm facing a problem to configure an ingress for traefik.
The design is simple :
I want to be able to reach port 8888 and 8080 from the host via a CI/CD flow with argocd and a simple docker application, all the stuff embedded in a cluster created with k3d. I thought that the easiest way to do that is to execute something like this :
k3d cluster create -p 8888:8888@loadblancer -p 8080:80@loadbalancer
I installed everything I need (argocd cli, kubectl...) and defined for the application and argocd a "naive" ingress.
For argocd :
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argocd-ingress
namespace: argocd
annotations:
ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- host: argocd.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: argocd-server
port:
number: 80
For the application :
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wil-app-ingress
namespace: dev
annotations:
ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- host: localhost
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: wil-app-svc
port:
number: 8888
For argocd, it seems to work perfectly fine : I'm able to reach the ui, connect to it etc.
But for the app, I can do nothing.
Indeed, if I try to curl to localhost:8888 I have this response :
> empty reply from server
When I'm trying to know how the ingresses are defined, I have this :
john@doe:~$ kubectl describe ing wil-app-ingress -n dev
Name: wil-app-ingress
Labels: <none>
Namespace: dev
Address: 172.18.0.2
Ingress Class: traefik
Default backend: <default>
Rules:
Host Path Backends
---- ---- --------
localhost
/ wil-app-svc:8888 (10.42.0.17:8888)
Annotations: ingress.kubernetes.io/ssl-redirect: false
Events: <none>
john@doe:~$ kubectl describe ing argocd-ingress -n argocd
Name: argocd-ingress
Labels: <none>
Namespace: argocd
Address: 172.18.0.2
Ingress Class: traefik
Default backend: <default>
Rules:
Host Path Backends
---- ---- --------
argocd.local
/ argocd-server:80 (10.42.0.16:8080)
Annotations: ingress.kubernetes.io/ssl-redirect: false
Events: <none>
Synthetically :
john@doe:~$ kubectl get ing --all-namespaces
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
argocd argocd-ingress traefik argocd.local 172.18.0.2 80 16m
dev wil-app-ingress traefik localhost 172.18.0.2 80 14m
It seems that traefik point to port 80 for both ingress. If I delete the ingress for argocd, and I curl localhost:8080, I'm able to reach the app ! Like if traefik redirect all the trafic to the same port (here, 80 and 8080 on the host).
I'm a noob in kubernetes, I can't figure out why this happen. Sorry if I use the wrong term for such and such a notion, I'm a beginner and it's quite complicated.
Can someone explain me why I have this problem ? I think maybe it is related to traefik and its basic behaviour, but I was not able to find something clear about this. Thanks !
答案1
得分: 1
有一个解决方案。它没有回答我的初始问题(如何通过入口将应用程序映射到主机端口8888),但它使得可以轻松访问应用程序和argocd。
为了实现这一点,我按照以下方式公开了我的服务:https://k3d.io/v5.0.1/usage/exposing_services/#2-via-nodeport
这非常简单:
k3d cluster create p3-iot -p "8080:80@loadbalancer" -p "8888:30080@agent:0" --agents 2
然后,我们需要创建一个类型为nodePort的服务:
apiVersion: v1
kind: Service
metadata:
labels:
app: wil-app
name: wil-app-svc
spec:
ports:
- name: 8888-8888
nodePort: 30080
port: 8888
protocol: TCP
targetPort: 8888
selector:
app: wil-app
type: NodePort
这样,我们就不需要为应用程序创建入口。k3d似乎直接从nodePort类型的服务的端口公开服务。我认为这不是最佳做法,但它有效。另一种解决方案是使用nginx作为入口控制器。这是值得的,因为为这样的项目配置nginx的方式非常简单。
其余部分保持不变,我们可以访问argocd界面,并访问应用程序。
如果有人能够解释为什么我以前的方法无法完成这个任务,我将不胜感激。
英文:
Well, there is a solution. It do not answer to my initial question (how to get the application on the host port 8888 via an ingress), but it makes possible to reach the app and argocd without troubles.
To do so, I exposed my service following this : https://k3d.io/v5.0.1/usage/exposing_services/#2-via-nodeport
It's really simple :
k3d cluster create p3-iot -p "8080:80@loadbalancer" -p "8888:30080@agent:0" --agents 2
Then, we have to create a service of type nodePort :
apiVersion: v1
kind: Service
metadata:
labels:
app: wil-app
name: wil-app-svc
spec:
ports:
- name: 8888-8888
nodePort: 30080
port: 8888
protocol: TCP
targetPort: 8888
selector:
app: wil-app
type: NodePort
Like so, we do not have to create an ingress for the application. k3d seems to expose the service directly from the port of the service of type nodePort. I think it's not a best pratice, but it works. Another solution is to use nginx as an ingress controller. It is worth because the way to configure nginx for such a project is straightforward.
The rest is unchanged, we can reach argocd ui, and reach the application.
If someone can answer why my previous way to achieve this task did not work, I will be glad of it.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论