Traefik k3s additional configuration problems (add custom tcp entrypoint)

My starting point is standard k3s installation(stable v1.21.5+k3s2), with the default uncluded Traefik setup. I'm trying to use the CRD style. For http everything(IngressRoute, websecure entrypoint, tls setup, host matching, etc.) just works. I think the correct way to setup tcp routing is something like:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
  namespace: somenamespace
  name: someingressname
spec:
  entryPoints:
    - someentrypointname
  routes:
  - match: HostSNI(`*`)
    kind: Rule
    services:
    - name: targetservname
      port: targetport

And the problem is that I can't seem to figure out the correct way to setup the new entryPoint. It looks like part of the static traefik configuration. And from the k3s documentation - I'm trying to use HelmChartConfig and avoid directly modifying the traefik deployment and service. Here is what I've tried in /var/lib/rancher/k3s/server/manifests/traefik-config.yaml:

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: traefik
  namespace: kube-system
spec:
  valuesContent: |-
    entryPoints:
      web:
        address: ":80"
        http:
          redirections:
            entryPoint:
              to: websecure
              scheme: https
      websecure:
        address: ":443"
      someentrypointname:
        address: ":222/tcp"

--

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: traefik
  namespace: kube-system
spec:
  valuesContent: |-
    additionalArguments:
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.someentrypointname.address=:222/tcp"

--

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: traefik
  namespace: kube-system
spec:
  valuesContent: |-
    additionalArguments:
      - "--entrypoints.someentrypointname.address=:222/tcp"
    ports:
    - containerPort: "222"
      name: someentrypointname
      protocol: TCP

The first 2 apply correctly, but the port doesn't seem to be accessible. With the last configuration the helm-install-traefik-xxx pod fails - "Error: template: traefik/templates/service.yaml:9:27: executing "traefik/templates/service.yaml" at <$name>: wrong type for value; expected string; got int."

1 Like

Hi,

The first hit is the line: "- containerPort: "222", which makes 222 a string. So delete the double quotes

If that not helps do:

  • First check you firewall, it the port is open. If unsure run in a testenvironment without firewall.

  • Regarding k3s. k3s maintains it's bootup config in/var/lib/rancher/k3s/server/manifests/traefik-config.yaml. Check if you file is copied there.

  • Then check if the helm install files are finished without errors kubectl -n kube-system get po. If one of the helm install * have an error traefik will not work, the svc pods on the k3s nodes are not created.

  • Then check the rules with tool like socat. Hint when like to have socat in a pod. You can use the nginx file and install it there, because it runs a navtive debian.

  • If you run the k3s behind a reverse proxy. Don't forget to configure as well the reverse proxy
    If you don't get error message this should work then.

Hope this helps,

Stefan