Help setting up Lets Encrypt on L4+L6 balanced Nginx Workload (simple use case, no special requirements)

Hi All,
I’ve discovered Rancher last week and trying to convert my setup to rancher.
I have a problem where the Layer 4 load balancer (the one that is automatically created when selecting a load balancer port in the workload) is stuck on “Pending” state.

My set up is running both rancher server and ranger-agent on the same physical machine.

My simple workload is nginx (default config) serving a directory of static HTMLfiles. This is proven to work (with hostport).

The second problem i have is getting Let’s Encrypt to work. I added the annotation kubernetes.io/tls-acme: "true" to the L7 load balancer but Let’s encrypt is not picking it up.

The config so far is as follows:

Nginx Workload “blog”:
Port config: Layer-4 Load Balancer: container port 80 to external port 80

Layer-4 Load Balancer (auto generated) “blog-loadbalancer”:

ports:
  - name: 80tcp803
    nodePort: 31178
    port: 80
    protocol: TCP
    targetPort: 80

Ingress Load Balancer (default config):
Port config: Using Service “blog-loadbalancer” on port 80 (only selectable option is port 80)
Port config: foward /.well-known/acme-challenge to cert-manager on port 80

What am i doing wrong here? The auto generated L4 load balancre is stuck in “pending” state. I’m a software engineer and the concepts make sense to me. L7 LB forwards to L4 LB depending on subdomain or context path. L4 LB does load balancing for a particular app/workload.

I’ve been at it for most of this weekend trying to get it to work. Rancher is far superior to my manual command line management of containers.

From my experience, L4 load-balancer is not usable on most environment. I would advise your to directly use a nodeport instead.

See https://rancher.com/docs/rancher/v2.x/en/faq/technical/#why-is-my-layer-4-load-balancer-in-pending-state regarding L4 Load balancer. This will be conditionally shown when we implement https://github.com/rancher/rancher/issues/12422