K
Q

Traefik Kubernetes: Expose non Kubernetes service

9/16/2018

I'm using Kubernetes with Traefik as Ingress Controller. I've some web services within my network that can't be containerized yet. Therefore I'm looking for a way to expose my non-Kubernetes web services through the Traefik Ingress. I've no more public IP's, so splitting both environments is not an option.

I've made an endpoint + service to solve this issue, but when I try to connect I get an SSL Protocol Error. Am I doing something wrong or does someone have another solution?

These are my (test)endpoints and service yaml:

kind: Endpoints
apiVersion: v1
metadata:
  name: my-service
subsets:
  - addresses:
      - ip: 10.4.0.6
    ports:
      - port: 443
---
kind: Service
apiVersion: v1
metadata:
  name: my-service
spec:
  ports:
  - protocol: TCP
    port: 443
    name: https
    targetPort: 443
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
  - host: host.com
    http:
      paths:
      - path: /*
        backend:
          serviceName: my-service
          servicePort: 443
-- Ferron Nijland
kubernetes
traefik

Similar Questions

Kubernetes ExternalName service not visible in DNS
Should all pods using a redis cache be constrained to the same node as the rediscache itself?
Kubernetes: find Java application specific logs in one pod when application crashes
PDO establishing connection to Azure PostgreSQL is very slow
Start two jars into same kubernetes container sequentially
With Helm 3 and K8s cluster w/RBAC (X509 certs), what permissions does Helm need? I think it creates ConfigMaps for release info?

3 Answers

9/17/2018

There we're multiple issue regarding this problem. First of all I deployed Traefik with helm. I found out that SSL is disabled by default...

my values.yaml is as follows:

imageTag: 1.6.6
rbac:
  enabled: true
dashboard:
  enabled: true
  domain: traefik.dahsboard.local
ssl:
  enabled: true
  insecureSkipVerify: true
  upstream: true

Like Radek mentioned the port definition of the endpoints and service have to be the same.

mine are:

kind: Service
apiVersion: v1
metadata:
  name: my-service
spec:
  ports:
  - protocol: TCP
    port: 443
    targetPort: 443
    name: https
---
kind: Endpoints
apiVersion: v1
metadata:
  name: my-service
subsets:
  - addresses:
    - ip: 10.4.0.6
    ports:
    - protocol: TCP
      port: 443
      name: https
-- Ferron Nijland
Source: StackOverflow
5/29/2019

You could try this: Creating a K8s service of type ExternalName that binds to your external web service and add an Ingress as you would to with a "native" K8s service.

ExternalName Service --> https://kubernetes.io/docs/concepts/services-networking/service/#externalname

Exp.

apiVersion: v1
kind: Service 
metadata:
  name: my-service
  namespace: prod
spec:
  type: ExternalName
  externalName: my.database.example.com
-- RemoH
Source: StackOverflow
9/16/2018

For starters, I bet that when you kubectl describe svc my-service you have empty endpoints, even though endpoints do exist, right ?

To fix that, you need to adapt your endpoints ports key to have the same ports definition as your service has (name, protocol etc.). You should then see these endpoints in describe service results and be able to use it normally.

-- Radek 'Goblin' Pieczonka
Source: StackOverflow