Hi,
If you access port 443 from other hosts (not controller), you need to
specify the listen address.
for example "--address 0.0.0.0"
-Wei
On Mon, Mar 11, 2024 at 10:35 AM Bharat Bhushan Saini
<bharat.sa...@kloudspot.com.invalid> wrote:
>
> Hi Wei,
>
>
>
> I fired below command,
>
> kubectl --kubeconfig kube.conf port-forward deployment/cloud 443:31009
>
>
>
> Just FYI, application uses a tls and it is also configured.
>
>
>
>
>
> Thanks and Regards,
>
> Bharat Saini
>
>
>
>
>
> From: Wei ZHOU <ustcweiz...@gmail.com>
> Date: Monday, 11 March 2024 at 1:18 PM
> To: users@cloudstack.apache.org <users@cloudstack.apache.org>
> Subject: Re: CKS with K8s Offering N/w
>
> EXTERNAL EMAIL: Please verify the sender email address before taking any
> action, replying, clicking any link or opening any attachment.
>
>
> Hi,
>
> Can you please share the command you run ?
>
> -Wei
>
> On Mon, Mar 11, 2024 at 8:43 AM Bharat Bhushan Saini
> <bharat.sa...@kloudspot.com.invalid> wrote:
>
> > Hi Community,
> >
> >
> >
> > I understand that if I want to use CKS service then I have to pass VLAN in
> > my network. I am trying to achieve that.
> >
> >
> >
> > But in meanwhile time I expose the service as a nodeport to access the
> > dashboard of my application on shared network. It is accessible over the
> > IP(http) of control node but I want to access it through https. The service
> > was running on nodeport with 31009 port but over the https it shows
> >
> >
> >
> > * Trying 10.x.x.185:31009...
> >
> > * Connected to k8scstack.internal.kloudspot.com (10.x.x.185) port 31009
> > (#0)
> >
> > * ALPN, offering h2
> >
> > * ALPN, offering http/1.1
> >
> > * successfully set certificate verify locations:
> >
> > * CAfile: /etc/ssl/certs/ca-certificates.crt
> >
> > * CApath: /etc/ssl/certs
> >
> > * TLSv1.3 (OUT), TLS handshake, Client hello (1):
> >
> > * error:1408F10B:SSL routines:ssl3_get_record:wrong version number
> >
> > * Closing connection 0
> >
> > curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
> >
> >
> >
> > After port forwarding for the particular service 443:31009, encountered
> > with the below error,
> >
> >
> >
> > * Trying 10.1.10.185:443...
> >
> > * connect to 10.1.10.185 port 443 failed: Connection refused
> >
> > * Failed to connect to k8scstack.internal.kloudspot.com port 443:
> > Connection refused
> >
> > * Closing connection 0
> >
> > curl: (7) Failed to connect to k8scstack.internal.kloudspot.com port 443:
> > Connection refused
> >
> >
> >
> > Can anyone pls suggest to move forward for that.
> >
> >
> >
> > Thanks and Regards,
> >
> > Bharat Saini
> >
> >
> >
> > [image: signature_2373681320]
> >
> >
> >
> > *From: *Jayanth Babu A <jayanth.b...@nxtgen.com.INVALID>
> > *Date: *Friday, 1 March 2024 at 11:25 PM
> > *To: *users@cloudstack.apache.org <users@cloudstack.apache.org>
> > *Subject: *Re: CKS with K8s Offering N/w
> >
> > EXTERNAL EMAIL: Please verify the sender email address before taking any
> > action, replying, clicking any link or opening any attachment.
> >
> >
> > +1
> >
> > Bharat, see if you can start using the isolated network to get the full
> > experience of CKS. In shared network you should only rely on connecting to
> > node ports or have an external load balancer (outside of CloudStack)
> > balance the traffic to the node ports where any service like traefik runs.
> >
> > Thanks,
> > Jayanth
> >
> > ________________________________
> > From: Wei ZHOU <ustcweiz...@gmail.com>
> > Sent: Friday, March 1, 2024 11:20:09 pm
> > To: users@cloudstack.apache.org <users@cloudstack.apache.org>
> > Subject: Re: CKS with K8s Offering N/w
> >
> > Hi,
> >
> > Just my 2 cents.
> >
> > If you use NodePort, you need to know which worker node the pod is runing
> > on. It is a problem if there are multiple nodes. To solve this problem,
> > LoadBalancer can be used. cloudstack creates a load balancing rule to the
> > NodePort of all worker nodes. So the service can be accessible no matter
> > where the pod is. However, this only works with Isolated networks, as
> > shared networks do not support Load Balancer.
> >
> > traefik may work for you, I did not look into it yet. Another way is as I
> > have suggested, use kubectl port-forward to access the services with
> > ClusterIP.
> >
> > -Wei
> >
> >
> > On Friday, March 1, 2024, Bharat Bhushan Saini
> > <bharat.sa...@kloudspot.com.invalid> wrote:
> >
> > > Hi Jayanth,
> > >
> > >
> > >
> > > Just as an query I want to know that when the cluster run on shared
> > > network the traefik-ingress-controller is required to access the
> > > application externally else nodeport defind is enough for that.
> > >
> > >
> > >
> > > Thanks and Regards,
> > >
> > > Bharat Saini
> > >
> > >
> > >
> > > [image: signature_3414558938]
> > >
> > >
> > >
> > > *From: *Jayanth Babu A <jayanth.b...@nxtgen.com.INVALID>
> > > *Date: *Friday, 1 March 2024 at 9:09 PM
> > > *To: *users@cloudstack.apache.org <users@cloudstack.apache.org>
> > > *Subject: *Re: CKS with K8s Offering N/w
> > >
> > > EXTERNAL EMAIL: Please verify the sender email address before taking any
> > > action, replying, clicking any link or opening any attachment.
> > >
> > >
> > > Hi Bharat,
> > >
> > > I don't seem to understand your question. Would you please explain in
> > more
> > > detail?
> > >
> > > Thanks,
> > > Jayanth
> > >
> > > ________________________________
> > > From: Bharat Bhushan Saini <bharat.sa...@kloudspot.com.INVALID>
> > > Sent: Friday, March 1, 2024 3:15:18 pm
> > > To: users@cloudstack.apache.org <users@cloudstack.apache.org>
> > > Subject: Re: CKS with K8s Offering N/w
> > >
> > > Hi Wei,
> > >
> > > In shared n/w the traefik ingress is needed or only nodeport is enough
> > for
> > > that!
> > >
> > > Thanks and Regards,
> > > Bharat Saini
> > >
> > > [signature_1176335358]
> > >
> > > From: Wei ZHOU <ustcweiz...@gmail.com>
> > > Date: Friday, 1 March 2024 at 1:59 PM
> > > To: users@cloudstack.apache.org <users@cloudstack.apache.org>
> > > Subject: Re: CKS with K8s Offering N/w
> > > EXTERNAL EMAIL: Please verify the sender email address before taking any
> > > action, replying, clicking any link or opening any attachment.
> > >
> > >
> > > Hi Bharat,
> > >
> > > If you deploy a CKS cluster on an isolated network, please ensure the
> > > public Ips (which include the endpoint IP of the CKS cluster, and Load
> > > balancer IPs) are reachable from the management server.
> > > The management server configures the k8s nodes (controller/worker) via
> > the
> > > port 2222-222x of endpoint IP.
> > >
> > > If you deploy a CKS cluster on a shared network, Load balancer is not
> > > supported.
> > > If you create a K8s service with nodeport, you can access it by <k8s node
> > > IP>:<node port>.
> > > If clusterIP is used, to access the service, you need to run "kubectl
> > > port-forward" on the controller node.
> > >
> > >
> > > -Wei
> > >
> > >
> >
> > Disclaimer *** This e-mail contains PRIVILEGED AND CONFIDENTIAL
> > INFORMATION intended solely for the use of the addressee(s). If you are not
> > the intended recipient, please notify the sender by e-mail and delete the
> > original message. Further, you are not authorised to copy, disclose, or
> > distribute this e-mail or its contents to any other person and any such
> > actions are unlawful and strictly prohibited. This e-mail may contain
> > viruses. NxtGen Datacenter & Cloud Technologies Private Ltd ("NxtGen") has
> > taken every reasonable precaution to minimize this risk but is not liable
> > for any damage you may sustain as a result of any virus in this e-mail. You
> > should carry out your own virus checks before opening the e-mail or
> > attachment. NxtGen reserves the right to monitor and review the content of
> > all messages sent to or from this e-mail address. Messages sent to or from
> > this e-mail address may be stored on the NxtGen e-mail system. *** End of
> > Disclaimer ***NXTGEN***
> >
> > --------------------------- Disclaimer: ------------------------------
> > This message and its contents are intended solely for the designated
> > addressee and are proprietary to Kloudspot. The information in this email
> > is meant exclusively for Kloudspot business use. Any use by individuals
> > other than the addressee constitutes misuse and an infringement of
> > Kloudspot's proprietary rights. If you are not the intended recipient,
> > please return this email to the sender. Kloudspot cannot guarantee the
> > security or error-free transmission of e-mail communications. Information
> > could be intercepted, corrupted, lost, destroyed, arrive late or
> > incomplete, or contain viruses. Therefore, Kloudspot shall not be liable
> > for any issues arising from the transmission of this email.
> >
>
> --------------------------- Disclaimer: ------------------------------
> This message and its contents are intended solely for the designated
> addressee and are proprietary to Kloudspot. The information in this email is
> meant exclusively for Kloudspot business use. Any use by individuals other
> than the addressee constitutes misuse and an infringement of Kloudspot's
> proprietary rights. If you are not the intended recipient, please return this
> email to the sender. Kloudspot cannot guarantee the security or error-free
> transmission of e-mail communications. Information could be intercepted,
> corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.
> Therefore, Kloudspot shall not be liable for any issues arising from the
> transmission of this email.
