Hi,
Can you please share the command you run ?
-Wei
On Mon, Mar 11, 2024 at 8:43 AM Bharat Bhushan Saini
<bharat.sa...@kloudspot.com.invalid> wrote:
> Hi Community,
>
>
>
> I understand that if I want to use CKS service then I have to pass VLAN in
> my network. I am trying to achieve that.
>
>
>
> But in meanwhile time I expose the service as a nodeport to access the
> dashboard of my application on shared network. It is accessible over the
> IP(http) of control node but I want to access it through https. The service
> was running on nodeport with 31009 port but over the https it shows
>
>
>
> * Trying 10.x.x.185:31009...
>
> * Connected to k8scstack.internal.kloudspot.com (10.x.x.185) port 31009
> (#0)
>
> * ALPN, offering h2
>
> * ALPN, offering http/1.1
>
> * successfully set certificate verify locations:
>
> * CAfile: /etc/ssl/certs/ca-certificates.crt
>
> * CApath: /etc/ssl/certs
>
> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
>
> * error:1408F10B:SSL routines:ssl3_get_record:wrong version number
>
> * Closing connection 0
>
> curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
>
>
>
> After port forwarding for the particular service 443:31009, encountered
> with the below error,
>
>
>
> * Trying 10.1.10.185:443...
>
> * connect to 10.1.10.185 port 443 failed: Connection refused
>
> * Failed to connect to k8scstack.internal.kloudspot.com port 443:
> Connection refused
>
> * Closing connection 0
>
> curl: (7) Failed to connect to k8scstack.internal.kloudspot.com port 443:
> Connection refused
>
>
>
> Can anyone pls suggest to move forward for that.
>
>
>
> Thanks and Regards,
>
> Bharat Saini
>
>
>
> [image: signature_2373681320]
>
>
>
> *From: *Jayanth Babu A <jayanth.b...@nxtgen.com.INVALID>
> *Date: *Friday, 1 March 2024 at 11:25 PM
> *To: *users@cloudstack.apache.org <users@cloudstack.apache.org>
> *Subject: *Re: CKS with K8s Offering N/w
>
> EXTERNAL EMAIL: Please verify the sender email address before taking any
> action, replying, clicking any link or opening any attachment.
>
>
> +1
>
> Bharat, see if you can start using the isolated network to get the full
> experience of CKS. In shared network you should only rely on connecting to
> node ports or have an external load balancer (outside of CloudStack)
> balance the traffic to the node ports where any service like traefik runs.
>
> Thanks,
> Jayanth
>
> ________________________________
> From: Wei ZHOU <ustcweiz...@gmail.com>
> Sent: Friday, March 1, 2024 11:20:09 pm
> To: users@cloudstack.apache.org <users@cloudstack.apache.org>
> Subject: Re: CKS with K8s Offering N/w
>
> Hi,
>
> Just my 2 cents.
>
> If you use NodePort, you need to know which worker node the pod is runing
> on. It is a problem if there are multiple nodes. To solve this problem,
> LoadBalancer can be used. cloudstack creates a load balancing rule to the
> NodePort of all worker nodes. So the service can be accessible no matter
> where the pod is. However, this only works with Isolated networks, as
> shared networks do not support Load Balancer.
>
> traefik may work for you, I did not look into it yet. Another way is as I
> have suggested, use kubectl port-forward to access the services with
> ClusterIP.
>
> -Wei
>
>
> On Friday, March 1, 2024, Bharat Bhushan Saini
> <bharat.sa...@kloudspot.com.invalid> wrote:
>
> > Hi Jayanth,
> >
> >
> >
> > Just as an query I want to know that when the cluster run on shared
> > network the traefik-ingress-controller is required to access the
> > application externally else nodeport defind is enough for that.
> >
> >
> >
> > Thanks and Regards,
> >
> > Bharat Saini
> >
> >
> >
> > [image: signature_3414558938]
> >
> >
> >
> > *From: *Jayanth Babu A <jayanth.b...@nxtgen.com.INVALID>
> > *Date: *Friday, 1 March 2024 at 9:09 PM
> > *To: *users@cloudstack.apache.org <users@cloudstack.apache.org>
> > *Subject: *Re: CKS with K8s Offering N/w
> >
> > EXTERNAL EMAIL: Please verify the sender email address before taking any
> > action, replying, clicking any link or opening any attachment.
> >
> >
> > Hi Bharat,
> >
> > I don't seem to understand your question. Would you please explain in
> more
> > detail?
> >
> > Thanks,
> > Jayanth
> >
> > ________________________________
> > From: Bharat Bhushan Saini <bharat.sa...@kloudspot.com.INVALID>
> > Sent: Friday, March 1, 2024 3:15:18 pm
> > To: users@cloudstack.apache.org <users@cloudstack.apache.org>
> > Subject: Re: CKS with K8s Offering N/w
> >
> > Hi Wei,
> >
> > In shared n/w the traefik ingress is needed or only nodeport is enough
> for
> > that!
> >
> > Thanks and Regards,
> > Bharat Saini
> >
> > [signature_1176335358]
> >
> > From: Wei ZHOU <ustcweiz...@gmail.com>
> > Date: Friday, 1 March 2024 at 1:59 PM
> > To: users@cloudstack.apache.org <users@cloudstack.apache.org>
> > Subject: Re: CKS with K8s Offering N/w
> > EXTERNAL EMAIL: Please verify the sender email address before taking any
> > action, replying, clicking any link or opening any attachment.
> >
> >
> > Hi Bharat,
> >
> > If you deploy a CKS cluster on an isolated network, please ensure the
> > public Ips (which include the endpoint IP of the CKS cluster, and Load
> > balancer IPs) are reachable from the management server.
> > The management server configures the k8s nodes (controller/worker) via
> the
> > port 2222-222x of endpoint IP.
> >
> > If you deploy a CKS cluster on a shared network, Load balancer is not
> > supported.
> > If you create a K8s service with nodeport, you can access it by <k8s node
> > IP>:<node port>.
> > If clusterIP is used, to access the service, you need to run "kubectl
> > port-forward" on the controller node.
> >
> >
> > -Wei
> >
> >
>
> Disclaimer *** This e-mail contains PRIVILEGED AND CONFIDENTIAL
> INFORMATION intended solely for the use of the addressee(s). If you are not
> the intended recipient, please notify the sender by e-mail and delete the
> original message. Further, you are not authorised to copy, disclose, or
> distribute this e-mail or its contents to any other person and any such
> actions are unlawful and strictly prohibited. This e-mail may contain
> viruses. NxtGen Datacenter & Cloud Technologies Private Ltd ("NxtGen") has
> taken every reasonable precaution to minimize this risk but is not liable
> for any damage you may sustain as a result of any virus in this e-mail. You
> should carry out your own virus checks before opening the e-mail or
> attachment. NxtGen reserves the right to monitor and review the content of
> all messages sent to or from this e-mail address. Messages sent to or from
> this e-mail address may be stored on the NxtGen e-mail system. *** End of
> Disclaimer ***NXTGEN***
>
> --------------------------- Disclaimer: ------------------------------
> This message and its contents are intended solely for the designated
> addressee and are proprietary to Kloudspot. The information in this email
> is meant exclusively for Kloudspot business use. Any use by individuals
> other than the addressee constitutes misuse and an infringement of
> Kloudspot's proprietary rights. If you are not the intended recipient,
> please return this email to the sender. Kloudspot cannot guarantee the
> security or error-free transmission of e-mail communications. Information
> could be intercepted, corrupted, lost, destroyed, arrive late or
> incomplete, or contain viruses. Therefore, Kloudspot shall not be liable
> for any issues arising from the transmission of this email.
>
