Traefik Proxy to External End Point Does not Work

Rancher
1

We have rancher running on two nodes behind an Nginx LB, everything so far is working, dashboard, one app deployed and traefik dashboard accessible.

But from the old Microk8s cluster we can not get some external endpoints working. They are almost working, but massively slow, get a login screen and then wont proceed.

We have tried both externalname and clusterIP endpoint services.

Currently the ingress is via a traefik IngreeRoute CRD.

We do not believe this is a traefik issue, its something to do with the application environment for Rancher accessing the external points. After all we have one webapp within Kubernetes happily operating.

kubectl apply -f - << EOF
apiVersion: v1
kind: Endpoints
metadata:
  name: traefikilo1endpoint
  namespace: traefik
subsets:
  - addresses:
      - ip: 10.2.0.34
    ports:
      - name: https
        port: 443
EOF

kubectl apply -f - << EOF
apiVersion: v1
kind: Service
metadata:
  name: traefikilo1endpoint
  namespace: traefik
spec:
  ports:
    - name: https
      port : 443
EOF

kubectl apply -f - << EOF
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: ilo1.ingress443
  namespace: traefik
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(\`ilo1.example.local\`)
      kind: Rule
      services:
        - name: traefikilo1endpoint
          kind: Service
          port: 443
          serversTransport : traefikilo1serverstransport
EOF
2

Do you run your workloads on the rancher cluster? Or did you correctly create downstream managed clusters for your workload?

You should never run workloads on the rancher cluster.

If using a downstream cluster, what kind is it and how is it set up?

And then 2 nodes is almost always incorrect ( you need an odd number of etcd nodes)

3

@bpedersen2 at the moment this is on the rancher cluster of 2 vm nodes (k3s and mysql datasource which I understand is fine with 2 nodes) and there are no workloads other than traefik itself… this is a ingres to an external endpoint (Hp Ilo hardware device) with no local k3s workload other than traefik.

Mysql is sat in a separate dedicated Alpine VM.

Have also tried installing k3s without traefik and adding that and metallb afterwards (so its like our microk8s cluster this is due to replace), but still same at moment, but at least now I can expose Traefik on a node port on a single node to rule out the Nginx loadbalancer