Traefik an Kubernetes in cluster VPN

Traefik Traefik v1
1

Hello people,

I am implementing traefik on kubernetes here in my company, but I have difficulty accessing hosts

My kuberntes cluster is below an internal network (VPN) without external access.

kubectl get nodes
NAME          STATUS   ROLES    AGE    VERSION
itp-kub-01    Ready    <none>   3d8h   v1.15.4
itp-kub-02    Ready    <none>   3d8h   v1.15.4
itp-kub-clx   Ready    master   3d8h   v1.15.4 (172.16.50.144)

kubectl cluster-info
Kubernetes master is running at https://172.16.50.144:6443
KubeDNS is running at https://172.16.50.144:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

By setting service/traefik-web-ui to type: NodePort, I can easily access

But accessing from the host configured on ingress does not work(https://github.com/containous/traefik/blob/v1.7/examples/k8s/ui.yaml):

$ curl http://traefik-ui.minikube/  
curl: (7) Failed to connect to traefik-ui.minikube port 80: connection refused

Ingress description

kubectl describe ing -n kube-system
Name:             traefik-web-ui
Namespace:        kube-system
Address:          
Default backend:  default-http-backend:80 (<none>)
Rules:
  Host                 Path  Backends
  ----                 ----  --------
  traefik-ui.minikube  
                       /   traefik-web-ui:web (10.40.0.3:8080)
Annotations:
  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"traefik-web-ui","namespace":"kube-system"},"spec":{"rules":[{"host":"traefik-ui.minikube","http":{"paths":[{"backend":{"serviceName":"traefik-web-ui","servicePort":"web"},"path":"/"}]}}]}}

Events:  <none>


vi /etc/hosts 

127.0.0.1       localhost 
127.0.1.1       fplima 
172.16.50.144   questcode.org 
35.247.235.201  staging.questcode.org 
200.215.80.66   fernandodelima.com.br 
172.16.50.144   traefik-ui.minikube 
172.16.50.142   itp-dock-01 
172.16.50.142   itp-dock-01.portoitapoa.local 
172.16.50.143   itp-dock-02 
172.16.50.143   itp-dock-02.portoitapoa.local 
172.16.50.71    itp-db-02.portoitapoa.local 
192.168.99.100  dpaula.com 
172.16.50.144   itp-kub-clx 
172.16.50.144   itp-kub-clx.portoitapoa.local 
172.16.50.145   itp-kub-01 
172.16.50.145   itp-kub-01.portoitapoa.local 
172.16.50.146   itp-kub-02 
172.16.50.146   itp-kub-02.portoitapoa.local 
172.16.50.75    NODE1.portoitapoa.local 
172.16.50.75    NODE1 
172.16.50.144   teste.dpaula.org 

# The following lines are desirable for IPv6 capable hosts 
::1     ip6-localhost ip6-loopback 
fe00::0 ip6-localnet 
ff00::0 ip6-mcastprefix 
ff02::1 ip6-allnodes 
ff02::2 ip6-allrouters
2

curl http://http://traefik-ui.minikube/ two http:// ?

3

corrected the post, thanks

4

you gonna need to provide new curl output now, after correction as well

5

should there be something here?

Default backend: default-http-backend:80 (<none>)
6

So your traefik-ui.minikube resolves to some ip address. You expect traefik to listen on port 80 at this address. How did you configure it to listen there?

7

so my cluster is on an internal lan without access to an external ip.

How do I configure traefik in this case?

8

Sorry, I was talking to kubernetes configuration, not traefik. In this context traefik is just a pod same as any in your cluster. How do you connect to it externally?

From traefik configuration perspective, when we can prove that we can connect to traefik at all, we can continue working on this.

9

In my case, will my cluster be the only internal access in the enterprise, or will it not be connected externally, such as configuring the inbound controller for work traffic?

10

I'm not sure I entirely understand that question. It sounds like something that only you would know.