K
Q

Adding new Listener using Traefik helm chart redirecting to TLS entryPoint

1/8/2022

I have a rather peculiar use case, that a client makes requests to my domain on port 3030. Currently I have a kubernetes cluster on EKS with Traefik as the ingress controller with an NLB.

I'd like to add a new listener to the NLB, for TCP port 3030 targeting the same target group as that of the tls listener that traefik created originally.

I tried adding a new entry on the ports section of the ingress, and it did create a new listener, but also created a new target, on a different node port than that of the TLS listener, which led to the health check failing and it not working.

     ports: {
       web: {
         redirectTo: "websecure",
       },
+      anvil: {
+        port: 8443,
+        expose: true,
+        exposedPort: 3030,
+        protocol: "TCP",
+        redirectTo: "websecure",
+      },
     },
     service: {
       annotations: {
         "service.beta.kubernetes.io/aws-load-balancer-type": "nlb",
         "service.beta.kubernetes.io/aws-load-balancer-ssl-cert": "<our-dynamically-updated-arn>",
-        "service.beta.kubernetes.io/aws-load-balancer-ssl-ports": "443",
+        "service.beta.kubernetes.io/aws-load-balancer-ssl-ports": "443,anvil",

This in fact breaks the traefik pod because it tries to bind port 8443 again (and it's already in use by the actual tls entry point).

How can I go about having another listener that forwards requests to the same target?

Thanks for any help!!

-- Donato Azevedo
amazon-eks
kubernetes
traefik

Similar Questions

Unable to access websocket over Kubernetes ingress
Nodemon takes a while to pick up nfs changes
Not able to access service on minikube cluster| Istio
Spark UI History server on Kubernetes?
postgres on kubernetes volume permission error

0 Answers