Hi Community,
I understand that if I want to use CKS service then I have to pass VLAN in my
network. I am trying to achieve that.
But in meanwhile time I expose the service as a nodeport to access the
dashboard of my application on shared network. It is accessible over the
IP(http) of control node but I want to access it through https. The service was
running on nodeport with 31009 port but over the https it shows
* Trying 10.x.x.185:31009...
* Connected to k8scstack.internal.kloudspot.com (10.x.x.185) port 31009 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* error:1408F10B:SSL routines:ssl3_get_record:wrong version number
* Closing connection 0
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
After port forwarding for the particular service 443:31009, encountered with
the below error,
* Trying 10.1.10.185:443...
* connect to 10.1.10.185 port 443 failed: Connection refused
* Failed to connect to k8scstack.internal.kloudspot.com port 443: Connection
refused
* Closing connection 0
curl: (7) Failed to connect to k8scstack.internal.kloudspot.com port 443:
Connection refused
Can anyone pls suggest to move forward for that.
Thanks and Regards,
Bharat Saini
[signature_2373681320]
From: Jayanth Babu A <jayanth.b...@nxtgen.com.INVALID>
Date: Friday, 1 March 2024 at 11:25 PM
To: users@cloudstack.apache.org <users@cloudstack.apache.org>
Subject: Re: CKS with K8s Offering N/w
EXTERNAL EMAIL: Please verify the sender email address before taking any
action, replying, clicking any link or opening any attachment.
+1
Bharat, see if you can start using the isolated network to get the full
experience of CKS. In shared network you should only rely on connecting to node
ports or have an external load balancer (outside of CloudStack) balance the
traffic to the node ports where any service like traefik runs.
Thanks,
Jayanth
________________________________
From: Wei ZHOU <ustcweiz...@gmail.com>
Sent: Friday, March 1, 2024 11:20:09 pm
To: users@cloudstack.apache.org <users@cloudstack.apache.org>
Subject: Re: CKS with K8s Offering N/w
Hi,
Just my 2 cents.
If you use NodePort, you need to know which worker node the pod is runing
on. It is a problem if there are multiple nodes. To solve this problem,
LoadBalancer can be used. cloudstack creates a load balancing rule to the
NodePort of all worker nodes. So the service can be accessible no matter
where the pod is. However, this only works with Isolated networks, as
shared networks do not support Load Balancer.
traefik may work for you, I did not look into it yet. Another way is as I
have suggested, use kubectl port-forward to access the services with
ClusterIP.
-Wei
On Friday, March 1, 2024, Bharat Bhushan Saini
<bharat.sa...@kloudspot.com.invalid> wrote:
> Hi Jayanth,
>
>
>
> Just as an query I want to know that when the cluster run on shared
> network the traefik-ingress-controller is required to access the
> application externally else nodeport defind is enough for that.
>
>
>
> Thanks and Regards,
>
> Bharat Saini
>
>
>
> [image: signature_3414558938]
>
>
>
> *From: *Jayanth Babu A <jayanth.b...@nxtgen.com.INVALID>
> *Date: *Friday, 1 March 2024 at 9:09 PM
> *To: *users@cloudstack.apache.org <users@cloudstack.apache.org>
> *Subject: *Re: CKS with K8s Offering N/w
>
> EXTERNAL EMAIL: Please verify the sender email address before taking any
> action, replying, clicking any link or opening any attachment.
>
>
> Hi Bharat,
>
> I don't seem to understand your question. Would you please explain in more
> detail?
>
> Thanks,
> Jayanth
>
> ________________________________
> From: Bharat Bhushan Saini <bharat.sa...@kloudspot.com.INVALID>
> Sent: Friday, March 1, 2024 3:15:18 pm
> To: users@cloudstack.apache.org <users@cloudstack.apache.org>
> Subject: Re: CKS with K8s Offering N/w
>
> Hi Wei,
>
> In shared n/w the traefik ingress is needed or only nodeport is enough for
> that!
>
> Thanks and Regards,
> Bharat Saini
>
> [signature_1176335358]
>
> From: Wei ZHOU <ustcweiz...@gmail.com>
> Date: Friday, 1 March 2024 at 1:59 PM
> To: users@cloudstack.apache.org <users@cloudstack.apache.org>
> Subject: Re: CKS with K8s Offering N/w
> EXTERNAL EMAIL: Please verify the sender email address before taking any
> action, replying, clicking any link or opening any attachment.
>
>
> Hi Bharat,
>
> If you deploy a CKS cluster on an isolated network, please ensure the
> public Ips (which include the endpoint IP of the CKS cluster, and Load
> balancer IPs) are reachable from the management server.
> The management server configures the k8s nodes (controller/worker) via the
> port 2222-222x of endpoint IP.
>
> If you deploy a CKS cluster on a shared network, Load balancer is not
> supported.
> If you create a K8s service with nodeport, you can access it by <k8s node
> IP>:<node port>.
> If clusterIP is used, to access the service, you need to run "kubectl
> port-forward" on the controller node.
>
>
> -Wei
>
>
Disclaimer *** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION
intended solely for the use of the addressee(s). If you are not the intended
recipient, please notify the sender by e-mail and delete the original message.
Further, you are not authorised to copy, disclose, or distribute this e-mail or
its contents to any other person and any such actions are unlawful and strictly
prohibited. This e-mail may contain viruses. NxtGen Datacenter & Cloud
Technologies Private Ltd ("NxtGen") has taken every reasonable precaution to
minimize this risk but is not liable for any damage you may sustain as a result
of any virus in this e-mail. You should carry out your own virus checks before
opening the e-mail or attachment. NxtGen reserves the right to monitor and
review the content of all messages sent to or from this e-mail address.
Messages sent to or from this e-mail address may be stored on the NxtGen e-mail
system. *** End of Disclaimer ***NXTGEN***
--------------------------- Disclaimer: ------------------------------
This message and its contents are intended solely for the designated addressee
and are proprietary to Kloudspot. The information in this email is meant
exclusively for Kloudspot business use. Any use by individuals other than the
addressee constitutes misuse and an infringement of Kloudspot's proprietary
rights. If you are not the intended recipient, please return this email to the
sender. Kloudspot cannot guarantee the security or error-free transmission of
e-mail communications. Information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or contain viruses. Therefore, Kloudspot
shall not be liable for any issues arising from the transmission of this email.
