Good morning Traefik experts!
I would like to run a containerized Snapcast Snapserver pod in a k3s cluster for streaming audio to Snapcast clients.
Context: this fully automated terraform script provisions a k3s cluster with kube-vip for cluster load balancing, metallb for application load balancing, and some additional services like cert-manager, and traefik. The automation creates a let's encrypt cert for the traefik namespace as well as an ingressroute for traefik.
Now, I would like to add a containerized application to the k3s cluster called Snapcast. This container exposes three ports:
- 1704
- 1705
- 1780 (for a web app)
Problem: My goal is to protect the web app w/ a TLS cert from Let's Encrypt, but allow external traffic on 1704 and 1705 to flow through to the Snapcast (snapserver) pod. Although I am able to load the web application, it seems I am having trouble with external Snapcast clients connecting to the Snapserver.
Relevant Config:
I think what is needed is a modification to the chart values.yaml for when I install traefik through helm.
ports:
web:
redirectTo:
port: websecure
priority: 10
websecure:
http3:
enabled: true
advertisedPort: 4443
tls:
enabled: true
snapserver1704:
port: 1704
containerPort: 1704
expose:
default: true
exposedPort: 1704
snapserver1705:
port: 1705
containerPort: 1705
expose:
default: true
exposedPort: 1705
And also an IngressRoute for each of these ports:
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: snapserver-1704
namespace: snapserver
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- snapserver1704
routes:
- match: Host(`${snapserver_host}`)
kind: Rule
services:
- name: snapserver
port: 1704
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: snapserver-1705
namespace: snapserver
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- snapserver1705
routes:
- match: Host(`${snapserver_host}`)
kind: Rule
services:
- name: snapserver
port: 1705
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: snapserver-web
namespace: snapserver
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`${snapserver_host}`)
kind: Rule
services:
- name: snapserver
port: 1780
tls:
secretName: snapserver-${cert_manager_cloudflare_dns_secret_name_prefix}-${cert_manager_issuer_environment}-tls
Currently:
- when I run
telnet snapserver.my-domain.com 443it connects. - when I run
telnet snapserver.my-domain.com 1704it connects. - when I run
telnet snapserver.my-domain.com 1705it connects.
When I run thse curl commands:
curl -kX GET https://snapserver.my-domain.comI get a reposnse containing the web UIcurl -kX GET http://snapserver.my-domain.comI get "Permanently Moved"curl -kX GET http://snapserver.my-domain.com:1780/jsonrpcI get curl: (7) Failed to connect to snapserver.my-domain.com port 1780 after 13 ms: Couldn't connect to server
Relevant Logs
Snapcast client:
2024-12-18 00-58-20.701 [Info] (Connection) Resolving host IP for: snapserver.my-domain.com
2024-12-18 00-58-20.702 [Info] (Connection) Connecting to 192.168.1.30:1704
2024-12-18 00-58-20.703 [Notice] (Connection) Connected to 192.168.1.30
2024-12-18 00-58-20.703 [Info] (Connection) My MAC: "02:xx:ac:11:xx:92", socket: 7
2024-12-18 00-58-20.705 [Error] (Controller) Failed to send hello request, error: Operation timed out
2024-12-18 00-58-20.705 [Error] (Controller) Time sync request failed: Operation timed out
2024-12-18 00-58-20.705 [Error] (Connection) Error reading message header of length 0: Operation canceled
Does any of this appear like I am on a sane path? What am I missing?