Don't miss out on new posts! Sign up! Also, visit the VHT Forums!
Kubernetes Ingresse...
 
Notifications
Clear all

Kubernetes Ingresses Expose to the Public

8 Posts
2 Users
2 Likes
631 Views
(@bowenjnr)
Posts: 4
Active Member
Topic starter
 

I have bootstrapped k3s cluster on 4 virtual servers, the configuration for the loadbalancer metallb is as follows; kind: L2Advertisement and IP address pol is 10.0.0.20-10.0.0.80 which is from a private network subnet on eth01. The nginx ingress controller gets assigned 10.0.0.21. I have ingresses which now have an external IP 10.0.0.21 which I now want to expose to the external traffic. So now one of the ingresses is ui.sandbox.example.com with an external IP 10.0.0.21, On My cpanel I would want to have ui.sandbox.example.com created as an 'A record' pointing to an IP that sends traffic to 10.0.0.21.

Quite essentially have a public IP of the host machine serve the above.

 
Posted : 10/01/2024 3:50 am
Brandon Lee
(@brandon-lee)
Posts: 397
Member Admin
 

@bowenjnr nice! What platform are you running your k3s cluster on top of? Is this Proxmox? Also, I may be missing something here, but you are just wanting to forward traffic from the Internet to your internal private IP assigned by MetalLB to your ingress controller? What type of firewall are you using?

 
Posted : 10/01/2024 2:18 pm
(@bowenjnr)
Posts: 4
Active Member
Topic starter
 
  • K3s is not on top of anything, no Proxmox and the firewall is also turned off. I just want to forward traffic from the Internet to my internal private IP assigned by MetalLB to my ingress controller.
 
Posted : 10/01/2024 2:40 pm
Brandon Lee reacted
Brandon Lee
(@brandon-lee)
Posts: 397
Member Admin
 

@bowenjnr Gotcha. Do you have some type of firewall appliance in front of your k3s nodes that is protecting your Internet traffic coming in from your circuit? Are you running something like pfSense, etc? You would just need to configure port forwarding and the right firewall rules to allow traffic from the public side into your internal network to hit the private IP assigned by MetalLB.

 
Posted : 10/01/2024 8:46 pm
(@bowenjnr)
Posts: 4
Active Member
Topic starter
 

There is nothing firewall running, thanks for the suggestion. I tried to use IPTables but nothing was getting through.

 
Posted : 11/01/2024 2:22 am
Brandon Lee reacted
Brandon Lee
(@brandon-lee)
Posts: 397
Member Admin
 

@bowenjnr Let's start with the basics on troubleshooting. Before diving into external access (outside your network), let's focus on internal network testing. Are you saying that you can't connect to your 10.0.0.21 IP and see any of the containers internally?

Posted by: @bowenjnr

The nginx ingress controller gets assigned 10.0.0.21

 

 
Posted : 13/01/2024 5:37 pm
(@bowenjnr)
Posts: 4
Active Member
Topic starter
 

I did setup a reverse proxy using nginx and now the diagnosis led me to one problem, the local SSL. The error I was getting on Postman Client is 404 and the logs on nginx ingress controller is that of No local SSL certificate found for the services that the postman request affected.

 
Posted : 13/01/2024 6:25 pm
Brandon Lee
(@brandon-lee)
Posts: 397
Member Admin
 

@bowenjnr Can you post some screenshots of your configuration in Nginx? It is sounding like something may not be routing correctly to your internal services.

 
Posted : 13/01/2024 6:36 pm