I am trying to set up Traefik as my application's load balancer in Kubernetes. I was able to successfully set it up on Minikube, but things are slightly different in production.
Using some network policies, traffic comes in through our org's PLB, which I want to reach Traefik. Based on rules, it should redirect to the corresponding service.
I can view the Traefik dashboard with the configuration below, but I get too many redirects on whoami at abc.com/ms/whoami
Infrastructure: Orgs PLB > Traefik LB > Role based routing > Microservice A/B/C...
Part of configurations
traefik.yaml
---
apiVersion: v1
kind: Service
metadata:
name: traefik
spec:
type: LoadBalancer
selector:
app: traefik
ports:
- protocol: TCP
port: 80
name: web
targetPort: 80
- protocol: TCP
port: 443
name: websecure
targetPort: 80
- protocol: TCP
port: 8080
name: admin
targetPort: 8080
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik-dashboard
spec:
tls: {}
entryPoints:
- web
- websecure
routes:
- match: Host(`traefik-abc.com`) && (PathPrefix(`/services/traefik`) || PathPrefix(`/api`))
kind: Rule
services:
- name: api@internal
kind: TraefikService
middlewares:
- name: basic-auth
name: stripprefix-traefik
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik-abc.com
annotations:
kubernetes.io/ingress.class: "org.plb"
spec:
backend:
serviceName: traefik
servicePort: 8080
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: abc.com
annotations:
kubernetes.io/ingress.class: "org.plb"
spec:
backend:
serviceName: traefik
servicePort: 80whoami.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
name: whoami
labels:
app: whoami
spec:
replicas: 1
selector:
matchLabels:
app: whoami
template:
metadata:
labels:
app: whoami
spec:
containers:
- name: whoami
image: containous/whoami
ports:
- name: web
containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: whoami
spec:
ports:
- protocol: TCP
name: web
port: 80
selector:
app: whoami
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: whoami
spec:
tls: {}
entryPoints:
- web
- websecure
routes:
- match: Host(`abc.com`) && PathPrefix(`/ms/whoami`)
kind: Rule
services:
- name: whoami
port: 80logs
- - [13/Aug/2020:23:56:09 +0000] "GET /ms/whoami HTTP/1.1" 301 17 "-" "-" 114 "web-to-websecure@internal" "-" 0ms
- - [13/Aug/2020:23:56:09 +0000] "GET /ms/whoami HTTP/1.1" 301 17 "-" "-" 115 "web-to-websecure@internal" "-" 0ms
- - [13/Aug/2020:23:56:09 +0000] "GET /ms/whoami HTTP/1.1" 301 17 "-" "-" 116 "web-to-websecure@internal" "-" 0ms
.....
.....
- - [13/Aug/2020:23:56:09 +0000] "GET /ms/whoami HTTP/1.1" 301 17 "-" "-" 128 "web-to-websecure@internal" "-" 0msI would follow the logs on the client too 🔎. It could be that your whoami application is redirecting from /ms/whoami to /ms/whoami/ and then your external load balancer from /ms/whoami/ to /ms/whoami.
Or it could be that your application/microservice is redirecting from /ms/whoami to something else like / and then your load balancer is redirecting that back to /ms/whoami. (You can also try stripprefix-traefik middleware if this is the case)
The above are just examples, as you can see it's evident you have a loop 🤷.
✌️