Rancher + MetalLb +ingress.tls.source=secret = ERR_SSL_PROTOCOL_ERROR

When I use MetalLb and ingress controller as LoadBalancer service, I get a ERR_SSL_PROTOCOL_ERROR.

Here´s what I am doing:

  1. I am using rke to install a k8s cluster without an ingress controller. All nodes are etcd, controplane and workers.
  2. I install via kubectl a MetalLb configured to use Layer 2.
  3. I install via helm a traefik ingress controller with a LoadBalancer service. It successfully catches an IP and the UI works fine.
  4. I install a simple http test application to check if the ingress works. It does.
  5. I install rancher 2.4.3 via helm, using a certificate signed by a private CA.

When I try to access the rancher url I get “ERR_SSL_PROTOCOL_ERROR”
At first I thought the problem was the keys or the certificates, but when I remove the MetalLb from the configuration it works.
It is configured as below:

  1. Use rke to install a 3 nodes k8s cluster without an ingress controller. All nodes are etcd, controplane and workers
  2. Configure a separate server with an HAProxy as a layer 2 load balancer forwarding ports 80 and 443 to the nodes (like described on rancher docs https://rancher.com/docs/rancher/v2.x/en/installation/k8s-install/create-nodes-lb/#2-set-up-the-load-balancer)
  3. I install via helm a traefik ingress controller as DaemonSet listening ports 80 and 443 in every node.
  4. I install an http test application to check if the ingress works. It does.
  5. I install rancher 2.4.3 via helm, using a certificate signed by a private CA (the same certificates as the MetalLb example.)

In this case the Rancher URL works fine.
I really like to remove the HAProx server from the game, but I can’t notice whats is wrong with the MetalLb configuration.
Can anybody help me?

Thanks in advamce,

Paulo Leal

1 Like