Accessing service from custom port using k3d and traefik

Question

I am trying to configure traefik and loadbalancer to accept traffic from host port 9200. Everything works fine for port 8443 (websecure). I am using k3d and traefik is initially disabled.

I can curl my "2048" service from my macos host. The ingress is configured for "websecure" endpoint and a match is found.

curl --cacert ca.crt -I https://2048.127.0.0.1.nip.io:8443
HTTP/2 200

I have installed the exact same service and named it "2049". I want this service to be available from 9200 (I have de-configured tls to simplify things).

+ curl -vvv -k -I http://2049.127.0.0.1.nip.io:9200
*   Trying 127.0.0.1:9200...
* Connected to 2049.127.0.0.1.nip.io (127.0.0.1) port 9200 (#0)
> HEAD / HTTP/1.1
> Host: 2049.127.0.0.1.nip.io:9200
> User-Agent: curl/7.79.1
> Accept: */*
>
* Empty reply from server
* Closing connection 0
curl: (52) Empty reply from server

Both services can be accessed from within the cluster.

I have installed traefik through helm and made sure ports are available.

# 
k get -n traefik-system svc
NAME      TYPE           CLUSTER-IP     EXTERNAL-IP                        PORT(S)                                                    AGE
traefik   LoadBalancer   10.43.86.220   172.27.0.3,172.27.0.4,172.27.0.5   80:30039/TCP,443:30253/TCP,9092:30179/TCP,9200:31428/TCP   61m

 # just to display, the lb is configured for port 9200 (iptables, /pause container)
 k logs -n traefik-system pod/svclb-traefik-h5zs4
 error: a container name must be specified for pod svclb-traefik-h5zs4, choose one of: [lb-tcp-80 lb-tcp-443 lb-tcp-9092 lb-tcp-9200]


# my ingress
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: game-2049
spec:
  entryPoints: # We listen to requests coming from port 9200
    - elasticsearch
  routes:
    - match: Host(`2049.127.0.0.1.nip.io`)
      kind: Rule
      services:
        - name: game-2049 # Requests will be forwarded to this service
          port: 80

 # traefik is configured with these endpoint addresses: 
      - "--entrypoints.web.address=:8000/tcp"
      - "--entrypoints.websecure.address=:8443/tcp"
      - "--entrypoints.kafka.address=:9092/tcp"
      - "--entrypoints.elasticsearch.address=:9200/tcp"

My goal is to access elasticsearch 9200 and kafka 9092 from my MacOS host using k3d. But first I need to get this configuration for "2049" right.

What I am missing?

Answer 1

I have this working on K3s using bitnami kafka

You need two things:

1. Define the entry point in traefik config -- which from your note you already have.

   kubectl describe pods traefik-5bcf476bb9-qrqg7 --namespace traefik
   
   Name:             traefik-5bcf476bb9-qrqg7
   Namespace:        traefik
   Priority:         0
   Service Account:  traefik
   ...
   Status:           Running
   ...
   Image:         traefik:2.9.1
    Image ID:      docker.io/library/traefik@sha256:4ebf68cdb33c162e8786ac83ece782ec0dbe583471c04dfd0af43f245b96c88f
    Ports:         9094/TCP, 9100/TCP, 9000/TCP, 8000/TCP, 8443/TCP
    Host Ports:    0/TCP, 0/TCP, 0/TCP, 0/TCP, 0/TCP
    Args:
      --global.checknewversion
      --global.sendanonymoususage
      --entrypoints.kafka.address=:9094/tcp
      --entrypoints.metrics.address=:9100/tcp
      --entrypoints.traefik.address=:9000/tcp
      --entrypoints.web.address=:8000/tcp
      --entrypoints.websecure.address=:8443/tcp
      --api.dashboard=true
      --ping=true
      --metrics.prometheus=true
      --metrics.prometheus.entrypoint=metrics
      --providers.kubernetescrd
      --providers.kubernetescrd.allowCrossNamespace=true
      --providers.kubernetescrd.allowExternalNameServices=true
      --providers.kubernetesingress
      --providers.kubernetesingress.allowExternalNameServices=true
      --providers.kubernetesingress.allowEmptyServices=true
      --entrypoints.websecure.http.tls=true
    State:          Running
      Started:      Thu, 27 Oct 2022 16:27:22 -0400
    Ready:          True
   

I'm using TCP port 9094 for kafka traffic.

2. Is the Ingress- I'm using IngressRouteTCP CRD

   apiVersion: traefik.containo.us/v1alpha1
   kind: IngressRouteTCP
   metadata:
     name: kafka-ingress
     namespace: bitnami-kafka
   spec:
     entryPoints:
       - kafka
     routes:
     - match: HostSNI(`*`)
       services:
       - name: my-bkafka-0-external
         namespace: bitnami-kafka
         port : 9094
   

Note: traefik is routing to a k8 LoadBalancer

kubectl get services --namespace bitnami-kafka
NAME                           TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)                      AGE
my-bkafka                      ClusterIP      10.43.153.8     <none>          9092/TCP                     20h
my-bkafka-0-external           LoadBalancer   10.43.45.233    10.55.10.243   9094:30737/TCP               20h
my-bkafka-headless             ClusterIP      None            <none>          9092/TCP,9093/TCP            20h
my-bkafka-zookeeper            ClusterIP      10.43.170.229   <none>          2181/TCP,2888/TCP,3888/TCP   20h
my-bkafka-zookeeper-headless   ClusterIP      None            <none>          2181/TCP,2888/TCP,3888/TCP   20h

which is option A from bitnami's write-up on Kafka external access.