I use the latest helm repository to deploy traefik version 2.2.8. I now deploy the traefik service in the cluster and I can access its dashboard through configuration, but when I configure other ingressroutes, I cannot access my service. I checked the RABC permission configuration many times and confirmed the required resource files.
I think there may be a problem with the DNS service in my cluster that caused the communication failure between POD and SERVICE. This is my guess. I use the cluster created automatically by kubeadm.
The following is my configuration file:
traefik/templates/service.yaml:
apiVersion: v1
kind: List
items:
- apiVersion: v1
kind: Service
metadata:
name: tr-traefik
labels:
app.kubernetes.io/name: traefik
helm.sh/chart: traefik-8.9.2
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: tr
annotations:
spec:
type: LoadBalancer
selector:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: tr
ports:
- port: 9000
name: traefik
targetPort: "traefik"
protocol: "TCP"
- port: 80
name: web
targetPort: "web"
protocol: "TCP"
- port: 443
name: websecure
targetPort: "websecure"
protocol: "TCP"
traefik/templates/deployment.yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
name: tr-traefik
labels:
app.kubernetes.io/name: traefik
helm.sh/chart: traefik-8.9.2
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: tr
annotations:
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: tr
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
template:
metadata:
annotations:
labels:
app.kubernetes.io/name: traefik
helm.sh/chart: traefik-8.9.2
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: tr
spec:
serviceAccountName: tr-traefik
terminationGracePeriodSeconds: 60
hostNetwork: false
containers:
- image: traefik:2.2.8
name: tr-traefik
resources:
readinessProbe:
httpGet:
path: /ping
port: 9000
failureThreshold: 1
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
livenessProbe:
httpGet:
path: /ping
port: 9000
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
ports:
- name: "traefik"
containerPort: 9000
protocol: "TCP"
- name: "web"
containerPort: 8000
hostPort: 80
protocol: "TCP"
- name: "websecure"
containerPort: 8443
hostPort: 443
protocol: "TCP"
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
runAsGroup: 0
runAsNonRoot: false
runAsUser: 0
volumeMounts:
- name: data
mountPath: /data
- name: tmp
mountPath: /tmp
args:
- "--global.checknewversion"
- "--global.sendanonymoususage"
- "--log.level=ERROR"
- "--log.filePath=/var/log/error.log"
- "--log.format=json"
- "--accesslog=true"
- "--accesslog.filePath=/var/log/access.log"
- "--accesslog.format=json"
- "--entryPoints.traefik.address=:9000/tcp"
- "--entryPoints.web.address=:8000/tcp"
- "--entryPoints.websecure.address=:8443/tcp"
- "--api.dashboard=true"
- "--ping=true"
- "--providers.kubernetescrd"
- "--providers.kubernetesingress"
volumes:
- name: data
emptyDir: {}
- name: tmp
emptyDir: {}
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
nodeSelector:
node-role.kubernetes.io/master: ""
securityContext:
fsGroup: 0
traefik/templates/dashboard-hook-ingressroute.yaml:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: tr-traefik-dashboard
annotations:
helm.sh/hook: "post-install,post-upgrade"
labels:
app.kubernetes.io/name: traefik
helm.sh/chart: traefik-8.9.2
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: tr
spec:
entryPoints:
- web
routes:
- match: Host(`traefik.path.net`)
kind: Rule
services:
- name: api@internal
kind: TraefikService
- match: Host(`whoami.path.net`)
kind: Rule
services:
- name: whoami
kind: Service
port: 80
namespace: default
- match: Host(`whoistraefik.path.net`)
kind: Rule
services:
- name: whoami
kind: Service
port: 80
schme: http
namespace: traefik
and I try to use ingress:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: app
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
rules:
- host: whoisingress.path.net
http:
paths:
- backend:
serviceName: whoami
servicePort: 80
If I am missing something, please remind me
The following is the access log:
success for traefik-dashboard:
{"ClientAddr":"112.5.88.149:21941","ClientHost":"112.5.88.149","ClientPort":"21941","ClientUsername":"-","DownstreamContentSize":462,"DownstreamStatus":200,"Duration":79001,"OriginContentSize":462,"OriginDuration":53501,"OriginStatus":200,"Overhead":25500,"RequestAddr":"traefik..path.net","RequestContentSize":0,"RequestCount":2286,"RequestHost":"traefik..path.net","RequestMethod":"GET","RequestPath":"/api/overview","RequestPort":"-","RequestProtocol":"HTTP/1.1","RequestScheme":"http","RetryAttempts":0,"RouterName":"default-traefik-dashboard-1f4c714cbfc33102294c@kubernetescrd","StartLocal":"2020-08-17T04:49:50.765886821Z","StartUTC":"2020-08-17T04:49:50.765886821Z","entryPointName":"web","level":"info","msg":"","time":"2020-08-17T04:49:50Z"}
and failed:
{"ClientAddr":"112.5.88.149:35204","ClientHost":"112.5.88.149","ClientPort":"35204","ClientUsername":"-","DownstreamContentSize":15,"DownstreamStatus":504,"Duration":30000399280,"OriginContentSize":15,"OriginDuration":30000369380,"OriginStatus":504,"Overhead":29900,"RequestAddr":"whoami.path.net","RequestContentSize":0,"RequestCount":2102,"RequestHost":"whoami.path.net","RequestMethod":"GET","RequestPath":"/","RequestPort":"-","RequestProtocol":"HTTP/1.1","RequestScheme":"http","RetryAttempts":0,"RouterName":"default-traefik-dashboard-ab04af69dc135e01080e@kubernetescrd","ServiceAddr":"192.168.127.234:80","ServiceName":"default-traefik-dashboard-ab04af69dc135e01080e@kubernetescrd","ServiceURL":{"Scheme":"http","Opaque":"","User":null,"Host":"192.168.127.234:80","Path":"","RawPath":"","ForceQuery":false,"RawQuery":"","Fragment":""},"StartLocal":"2020-08-17T04:42:12.293511686Z","StartUTC":"2020-08-17T04:42:12.293511686Z","entryPointName":"web","level":"info","msg":"","time":"2020-08-17T04:42:42Z"}
Whether it is whoami, whoisingress or others are inaccessible.
Thinks for you help!