Please, help me to deal with accessibility of my simple application of k8s, via traefik in AWS.
I tried to expose ports 30000-32767 on master node, in security group and app is accessible from the world, doesn't want to work just 80 port of traefik! When I tried to expose 80 port in security group of master, I got CONNECTION REFUSED, when try access my app in browser and when I delete exposed port get an error CONNECTION TIMEOUT in browser.. what is the problem??? All services of k8s are up and no errors in traefik.
KOPS:
kops create cluster \
--node-count = 2 \
--networking calico \
--node-size = t2.micro \
--master-size = t2.micro \
--master-count = 1 \
--zones = us-east-1a \
--name = ${KOPS_CLUSTER_NAME}
K8S app.yml and traefik.yml:
When I will type myapp.com, want to get an output of echoserver app on 80 port.
You've set things up using a NodePort service:
kind: Service
apiVersion: v1
metadata:
name: traefik-ingress-service
# namespace: kube-system
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- protocol: TCP
port: 80
name: web
- protocol: TCP
port: 8080
name: admin
type: NodePort
This doesn't mean that that the service proxy will listen on port 80 from the PoV of the outside world. By default NodePort services automatically allocate their port at random. What you probably want to do is to use a LoadBalancer service instead. Check out https://github.com/Ridecell/kubernetes/blob/9e034f4d0fb38e49f808ae0852af74366f630d48/manifests/traefik.yml#L152-L171 for an example.
Omg, problem was the next.. I have illegal domain name, so I tried to register a new free legal domain on freenom.com. Set Amazon's NS records in domain settings, created hosted zone of new domain in R53, with alias A record to domain name of loadbalancer and it works! Also changed type: NodePort to type: LoadBalancer in service config of traefik.