I'm using Kubernetes with Traefik as Ingress Controller. I've some web services within my network that can't be containerized yet. Therefore I'm looking for a way to expose my non-Kubernetes web services through the Traefik Ingress. I've no more public IP's, so splitting both environments is not an option.
I've made an endpoint + service to solve this issue, but when I try to connect I get an SSL Protocol Error. Am I doing something wrong or does someone have another solution?
These are my (test)endpoints and service yaml:
kind: Endpoints
apiVersion: v1
metadata:
name: my-service
subsets:
- addresses:
- ip: 10.4.0.6
ports:
- port: 443
---
kind: Service
apiVersion: v1
metadata:
name: my-service
spec:
ports:
- protocol: TCP
port: 443
name: https
targetPort: 443
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: test-ingress
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host: host.com
http:
paths:
- path: /*
backend:
serviceName: my-service
servicePort: 443
There we're multiple issue regarding this problem. First of all I deployed Traefik with helm. I found out that SSL is disabled by default...
my values.yaml is as follows:
imageTag: 1.6.6
rbac:
enabled: true
dashboard:
enabled: true
domain: traefik.dahsboard.local
ssl:
enabled: true
insecureSkipVerify: true
upstream: true
Like Radek mentioned the port definition of the endpoints and service have to be the same.
mine are:
kind: Service
apiVersion: v1
metadata:
name: my-service
spec:
ports:
- protocol: TCP
port: 443
targetPort: 443
name: https
---
kind: Endpoints
apiVersion: v1
metadata:
name: my-service
subsets:
- addresses:
- ip: 10.4.0.6
ports:
- protocol: TCP
port: 443
name: https
You could try this: Creating a K8s service of type ExternalName that binds to your external web service and add an Ingress as you would to with a "native" K8s service.
ExternalName Service --> https://kubernetes.io/docs/concepts/services-networking/service/#externalname
Exp.
apiVersion: v1
kind: Service
metadata:
name: my-service
namespace: prod
spec:
type: ExternalName
externalName: my.database.example.com
For starters, I bet that when you kubectl describe svc my-service
you have empty endpoints, even though endpoints do exist, right ?
To fix that, you need to adapt your endpoints ports
key to have the same ports definition as your service has (name, protocol etc.). You should then see these endpoints in describe service
results and be able to use it normally.