I'm trying to access a container in a pod hosted on my K3D cluster using an external address, yet I haven't had much luck. Here's what I've done so far:
1. I created a K3D cluster with the following command:
```
k3d cluster create fedora --api-port 6550 --k3s-arg "--disable=traefik@server:0" --k3s-arg "disable=servicelb@server:0" --no-lb --registry-use k3d-fedora.local:65000 --agents 4 --wait
```
2. I added NGINX as an ingress:
```
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx && helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx --namespace ingress-nginx --create-namespace --wait
```
3. Then I installed MetalLB:
```
helm repo add metallb https://metallb.github.io/metallb && helm repo update
helm install metallb metallb/metallb --namespace metallb-system --create-namespace --wait
```
4. After that, I created an address pool in the same network as the host device:
```
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: default-pool
namespace: metallb-system
spec:
addresses:
- 192.168.12.25-192.168.12.29
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: default-advertisement
namespace: metallb-system
spec:
ipAddressPools:
- default-pool
```
5. Finally, I configured my ingress:
```
ingresses:
my-app:
enabled: true
className: "nginx"
customAnnotations: {}
hosts:
- host: "my-app.apps.caspersbox.com"
paths:
- path: /
serviceName: "my-app-service"
servicePort: 8080
type: "Prefix"
tls:
enabled: true
selfSigned: true
customSecrets: []
```
However, the `ingress-nginx-controller` has an assigned IP, but I can't ping or access it. I also noticed a log error saying `Error configuring TLS: secret my-ns/my-app-tls-cert-ingress does not exist`. Do I need to create a secret with the TLS certificate, including the cert chain and key?
3 Answers
It can really be tricky with local K8s setups! You might want to check if you can hit the external IP directly to diagnose if it’s a service issue or a DNS problem. If you’re just testing locally, sometimes simplifying the setup with NodePort may help until you get everything nailed down. Just keep in mind that local setups may not reflect behaviors you would see in production clusters.
You're on the right track, but it seems like you're facing a couple of issues. First, the IP you see assigned to the ingress-nginx-controller is likely not reachable outside of the Docker network due to how K3D handles networking. You can try exposing the controller with 'host port mapping' or configure it as a NodePort service. This will make it accessible from your host system using 'host IP + port'. You'll want to check the config for your ingress accordingly.
Also, regarding the TLS error, yeah, you'll need to create that secret with the cert and key to avoid connectivity issues.
It sounds like you've set up quite a bit already! Remember, since K3s runs in a Docker container, the L2 advertisement from MetalLB might only be useful within the Docker network, not outside. The best solution would be to switch to using a NodePort or set up port forwarding to expose the services properly. That way, you can access it directly from your host.
By the way, when configuring your service, the `nodePort` you define is the actual port that your physical host will expose. If your service's port is 8080 and it listens within the pod, then set `targetPort` to 8080. The `nodePort` can be any port you choose that's open on your host.
Related Questions
How To Get Your Domain Unblocked From Facebook
How To Find A String In a Directory of Files Using Linux