Question
In Kubernetes, Traefik is not exposing my test app, what I am doing wrong?
- Posted on December 12, 2024
- Kubernetes DeploymentDigitalOcean Kubernetes
Asked by Learning Netrunner
Hello, I asked also on another platform so if I get a valid answer I’ll post it here. I am running a kubernetes cluster and have a TestApplication that runs on TestPort (3000 actually). I managed to get Traefik v3.2.1 up and running and CertManager 1.16.1 with http challenge to letsencrypt up and running. I would like to protect the TestApplication making people pass trough TraefiK port 443 and land into TestApplication:TestPort. How do I create an appropriate Ingress resource for my application? so far I did:
#001-app-deployment.yml
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: kompose convert -f compose.yml
kompose.version: 1.34.0 (HEAD)
labels:
io.kompose.service: app-frontend
name: app-frontend
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: app-frontend
template:
metadata:
annotations:
kompose.cmd: kompose convert -f compose.yml
kompose.version: 1.34.0 (HEAD)
labels:
io.kompose.service: app-frontend
spec:
containers:
- env:
- name: API_GATEWAY_BASE_URL
value: http://edge-thinghy:9000
image: my-image-I-test
name: app-frontend
ports:
- name: app-frontend
containerPort: 3000
protocol: TCP
imagePullSecrets:
- name: ghcr-secret
restartPolicy: Always
#010-app-service.yml
apiVersion: v1
kind: Service
metadata:
name: app-frontend
spec:
ports:
- name: app-frontend
port: 80
targetPort: 3000
selector:
app: app-frontend
#011-app-ingress.yml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app-ingress
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: app-frontend
port:
name: app-frontend
#012-challenge.yml
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: app-challenge
namespace: default
spec:
acme:
email: my.mail@my.domain
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: app-issuer-account-key
solvers:
- http01:
ingress:
class: traefik
#013-ingress-rule.yml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app-ssl-ingress
namespace: default
annotations:
cert-manager.io/issuer: "app-challenge"
spec:
tls:
- hosts:
- app.domain.example
secretName: tls-app-ingress-http
rules:
- host: app.domain.example
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: app-frontend
port:
name: app-frontend
Since the certificates are issued I was expecting Traefik to automatically work but I get timeouted when I go to https://app.domain.example. I think I’m doing something wrong. If I open traefik pod logs I can see:
ERR Skipping service: no endpoints found ingress=app-ingress namespace=default providerName=kubernetes serviceName=app-frontend servicePort=&ServiceBackendPort{Name:app-frontend,Number:0,}
ERR Skipping service: no endpoints found ingress=app-ssl-ingress namespace=default providerName=kubernetes serviceName=app-frontend servicePort=&ServiceBackendPort{Name:app-frontend,Number:0,}
I can although get to http://app.domain.example not to https if I do:
kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS
app-ingress traefik * 80
app-ssl-ingress traefik app.domain.example 80, 443
so it seems the ingresses are fine. Am I forgetting something?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.
Hi there,
I’ve not used Traefik in a very long time but after a quick glance through your setup, it looks like Traefik is skipping the
app-frontendservice because no endpoints are found which might be because of a service selector mismatch.Your service definition has:
But your deployment labels use:
I think that you have to make sure they match exactly in both the Deployment and Service definitions.
Try updating your service selector to:
Also if the above is not the case, this could be because your ingress uses:
But your service exposes port
80(while the pod runs on3000). Instead of using a named port, try specifying the numeric port directly in the Ingress:- Bobby