Question 98181 in Nginx Question posted in
The official documentation can be found here.

Diagnosing K3S Ingress 404 – Nginx

I am unable to get even the most basic examples of Ingress Resources working in K3S.

According to the documentation, a Traefik Ingress Controller is installed by default but it doesn’t seem to handle/see any Ingress Resources I create. The response is always 404 or 500. It does however respond with the correct TLS certificate configured in my Ingress Resource definition (secretName: tls-secret).

  • How can I view traefik logs?
    • And increase verbosity?
  • No IngressClass exists in the cluster. Is this a problem?
  • How are Ingress Resources linked/assigned an Ingress Controller?
  • Any general diagnosis tips would be appreciated

I can see a traefik deployment and shell into a pod which has a traefik binary but I can see no traefik configuration in /etc nor any logs in /var/logs.

Service

The following service is exposed and accessible via NodePort on https://myhost.com:30005/v2/_catalog:

apiVersion: v1
kind: Service
metadata:
  name: registry-docker-registry
  namespace: registry
  labels:
    app: docker-registry
    chart: docker-registry-2.0.0
    release: registry
    heritage: Helm
spec:
  type: NodePort
  ports:
    - port: 5000
      protocol: TCP
      name: https-5000
      targetPort: 5000
      nodePort: 30005
  selector:
    app: docker-registry
    release: registry

Ingress

Here is my Ingress Resource.

  • I don’t see how this resource is "linked" to any controller
  • I don’t see how this resource specifies HTTPS anywhere
  • The ingress (in K9S) shows ports 80 and 443 – I only want HTPPS 443
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-ingress
  namespace: registry
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  tls:
  - hosts:
    - myhost.com
    secretName: tls-secret
  rules:
    - host: myhost.com
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: registry-docker-registry
              port:
                number: 5000

UPDATE:
According to this the issue could be that traefik does not trust the certificate installed on my application (pod). Indeed it is a corporate CA signed certificate so I would have to tell traefik about the CA Root somehow.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    The issue was Traefik not trusting the signer of the backend TLS certificate.

    Thanks to this thread the solution was to kubectl apply this configuration:

    apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: traefik
  namespace: kube-system
spec:
  valuesContent: |-
    globalArguments:
    - "--serversTransport.insecureSkipVerify=true"
    logs:
      access:
        enabled: true

  2. 0

    I think the Ingress resource must be in the same namespace as of the service object.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search