Reputation: 14269
Diagnosing K3S Ingress 404
I am unable to get even the most basic examples of Ingress Resources working in K3S.
According to the documentation, a Traefik Ingress Controller is installed by default but it doesn't seem to handle/see any Ingress Resources I create. The response is always 404 or 500. It does however respond with the correct TLS certificate configured in my Ingress Resource definition (secretName: tls-secret).
- How can I view traefik logs?
- And increase verbosity?
- No IngressClass exists in the cluster. Is this a problem?
- How are Ingress Resources linked/assigned an Ingress Controller?
- Any general diagnosis tips would be appreciated
I can see a traefik deployment and shell into a pod which has a traefik binary but I can see no traefik configuration in /etc nor any logs in /var/logs.
Service
The following service is exposed and accessible via NodePort on https://myhost.com:30005/v2/_catalog:
apiVersion: v1
kind: Service
metadata:
name: registry-docker-registry
namespace: registry
labels:
app: docker-registry
chart: docker-registry-2.0.0
release: registry
heritage: Helm
spec:
type: NodePort
ports:
- port: 5000
protocol: TCP
name: https-5000
targetPort: 5000
nodePort: 30005
selector:
app: docker-registry
release: registry
Ingress
Here is my Ingress Resource.
- I don't see how this resource is "linked" to any controller
- I don't see how this resource specifies HTTPS anywhere
- The ingress (in K9S) shows ports 80 and 443 - I only want HTPPS 443
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
namespace: registry
annotations:
kubernetes.io/ingress.class: traefik
spec:
tls:
- hosts:
- myhost.com
secretName: tls-secret
rules:
- host: myhost.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: registry-docker-registry
port:
number: 5000
UPDATE: According to this the issue could be that traefik does not trust the certificate installed on my application (pod). Indeed it is a corporate CA signed certificate so I would have to tell traefik about the CA Root somehow.
Upvotes: 3
Views: 3843
Answers (2)
Reputation: 14269
The issue was Traefik not trusting the signer of the backend TLS certificate.
Thanks to this thread the solution was to kubectl apply this configuration:
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: traefik
namespace: kube-system
spec:
valuesContent: |-
globalArguments:
- "--serversTransport.insecureSkipVerify=true"
logs:
access:
enabled: true
Upvotes: 4
Reputation: 2705
I think the Ingress resource must be in the same namespace as of the service object.
Upvotes: 0
Related Questions
- Traefik-ingress dashboard return 404
- Defining Ingress for k3s traefik
- Traefik shows 404 to everywhere except dashboard - Metallb
- Ingress not mapping to service
- Default Traefik ingress controller on k3s gives "Gateway Timeout"
- K3s traefik ingress returns gateway timeout
- Kubernetes Traefik, keep getting service unavailable
- Troubleshooting Ingress Service Unavailable 503
- Kubernetes Ingress does not work with traefisk
- Traefik ingress 404s