You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm going crazy because I'm totally unable to expose a service in k3d cluster to the Internet.
360° Situation
I have a domain.
A "vpn" subdomain DNS A record points to my public and static IP.
A "dns" subdomain DNS A record points to the same IP.
All the relevant ports on the router are open (53, 80, 443, 51820, etc) and redirected to a (Debian) home server.
Port 53 is open because I have a DNSMasq instance running on the home server (on the network interface eno1, which is my "eth0").
Port 51820 is open because I have a Wireguard VPN running on the home server (on the network interface wg0).
I have successfully verified that the VPN connection and the DNS are working correctly.
For instance, when the VPN tunnel is open, I'm able to SSH inside my home server through a domain that is only present on its /etc/hosts.
On the home server I'm running a k3d cluster with the configuration below.
As you may know, k3d creates a bridge network (k3d-k3s-default) and constraints the k8s nodes (which are containers) inside its subnet.
A Docker bridge network is reachable only by other containers.
The only exposed container is the ServerLB one (basically nginx-proxy with the configuration below), which is listening on ports 80 on all the network interfaces (0.0.0.0).
To attach the cluster to the host network I should be using only one node, but this solution is quite silly.
If I deploy an Ingress Route (as in the YAML below), it partially works on the Debian host.
curl, dig, wget and any other CLI tool do not (they do not resolve it): why?
My goal is to make this host reachable inside the VPN (when I'm not at home), but as you may imagine it doesn't work. What I'm missing?
I've tried with LoadBalancer, but nothing.
For instance, this is the load balancer of Traefik, but the ExternalIPs (bold) are in the bridge network subnet, so unreachable: kube-system traefik LoadBalancer 10.43.134.142 **172.21.0.2,172.21.0.3** 80:32223/TCP,443:30136/TCP 108m
I've tried with MetalLB, but nothing.
Honestly, I've tried so many unsuccessful things that I'd rather keep them private to preserve my honour. 🥹
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I'm going crazy because I'm totally unable to expose a service in k3d cluster to the Internet.
360° Situation
I have a domain.
A "vpn" subdomain DNS A record points to my public and static IP.
A "dns" subdomain DNS A record points to the same IP.
All the relevant ports on the router are open (53, 80, 443, 51820, etc) and redirected to a (Debian) home server.
Port 53 is open because I have a DNSMasq instance running on the home server (on the network interface eno1, which is my "eth0").
Port 51820 is open because I have a Wireguard VPN running on the home server (on the network interface wg0).
I have successfully verified that the VPN connection and the DNS are working correctly.
On the home server I'm running a k3d cluster with the configuration below.
As you may know, k3d creates a bridge network (k3d-k3s-default) and constraints the k8s nodes (which are containers) inside its subnet.
A Docker bridge network is reachable only by other containers.
The only exposed container is the ServerLB one (basically nginx-proxy with the configuration below), which is listening on ports 80 on all the network interfaces (0.0.0.0).
To attach the cluster to the host network I should be using only one node, but this solution is quite silly.
If I deploy an Ingress Route (as in the YAML below), it partially works on the Debian host.
http://argocd.localhost works fine in any web browser (I can access the dashboard).
curl, dig, wget and any other CLI tool do not (they do not resolve it): why?
My goal is to make this host reachable inside the VPN (when I'm not at home), but as you may imagine it doesn't work. What I'm missing?
I've tried with LoadBalancer, but nothing.
For instance, this is the load balancer of Traefik, but the ExternalIPs (bold) are in the bridge network subnet, so unreachable:
kube-system traefik LoadBalancer 10.43.134.142 **172.21.0.2,172.21.0.3** 80:32223/TCP,443:30136/TCP 108mI've tried with MetalLB, but nothing.
Honestly, I've tried so many unsuccessful things that I'd rather keep them private to preserve my honour. 🥹
I'm obviously missing some notions.
Help me, please.
K3d conf
Nginx configuration
ArgoCD IngressRoute
Beta Was this translation helpful? Give feedback.
All reactions