Hi, Can you please share the command you run ?
-Wei On Mon, Mar 11, 2024 at 8:43 AM Bharat Bhushan Saini <bharat.sa...@kloudspot.com.invalid> wrote: > Hi Community, > > > > I understand that if I want to use CKS service then I have to pass VLAN in > my network. I am trying to achieve that. > > > > But in meanwhile time I expose the service as a nodeport to access the > dashboard of my application on shared network. It is accessible over the > IP(http) of control node but I want to access it through https. The service > was running on nodeport with 31009 port but over the https it shows > > > > * Trying 10.x.x.185:31009... > > * Connected to k8scstack.internal.kloudspot.com (10.x.x.185) port 31009 > (#0) > > * ALPN, offering h2 > > * ALPN, offering http/1.1 > > * successfully set certificate verify locations: > > * CAfile: /etc/ssl/certs/ca-certificates.crt > > * CApath: /etc/ssl/certs > > * TLSv1.3 (OUT), TLS handshake, Client hello (1): > > * error:1408F10B:SSL routines:ssl3_get_record:wrong version number > > * Closing connection 0 > > curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number > > > > After port forwarding for the particular service 443:31009, encountered > with the below error, > > > > * Trying 10.1.10.185:443... > > * connect to 10.1.10.185 port 443 failed: Connection refused > > * Failed to connect to k8scstack.internal.kloudspot.com port 443: > Connection refused > > * Closing connection 0 > > curl: (7) Failed to connect to k8scstack.internal.kloudspot.com port 443: > Connection refused > > > > Can anyone pls suggest to move forward for that. > > > > Thanks and Regards, > > Bharat Saini > > > > [image: signature_2373681320] > > > > *From: *Jayanth Babu A <jayanth.b...@nxtgen.com.INVALID> > *Date: *Friday, 1 March 2024 at 11:25 PM > *To: *users@cloudstack.apache.org <users@cloudstack.apache.org> > *Subject: *Re: CKS with K8s Offering N/w > > EXTERNAL EMAIL: Please verify the sender email address before taking any > action, replying, clicking any link or opening any attachment. > > > +1 > > Bharat, see if you can start using the isolated network to get the full > experience of CKS. In shared network you should only rely on connecting to > node ports or have an external load balancer (outside of CloudStack) > balance the traffic to the node ports where any service like traefik runs. > > Thanks, > Jayanth > > ________________________________ > From: Wei ZHOU <ustcweiz...@gmail.com> > Sent: Friday, March 1, 2024 11:20:09 pm > To: users@cloudstack.apache.org <users@cloudstack.apache.org> > Subject: Re: CKS with K8s Offering N/w > > Hi, > > Just my 2 cents. > > If you use NodePort, you need to know which worker node the pod is runing > on. It is a problem if there are multiple nodes. To solve this problem, > LoadBalancer can be used. cloudstack creates a load balancing rule to the > NodePort of all worker nodes. So the service can be accessible no matter > where the pod is. However, this only works with Isolated networks, as > shared networks do not support Load Balancer. > > traefik may work for you, I did not look into it yet. Another way is as I > have suggested, use kubectl port-forward to access the services with > ClusterIP. > > -Wei > > > On Friday, March 1, 2024, Bharat Bhushan Saini > <bharat.sa...@kloudspot.com.invalid> wrote: > > > Hi Jayanth, > > > > > > > > Just as an query I want to know that when the cluster run on shared > > network the traefik-ingress-controller is required to access the > > application externally else nodeport defind is enough for that. > > > > > > > > Thanks and Regards, > > > > Bharat Saini > > > > > > > > [image: signature_3414558938] > > > > > > > > *From: *Jayanth Babu A <jayanth.b...@nxtgen.com.INVALID> > > *Date: *Friday, 1 March 2024 at 9:09 PM > > *To: *users@cloudstack.apache.org <users@cloudstack.apache.org> > > *Subject: *Re: CKS with K8s Offering N/w > > > > EXTERNAL EMAIL: Please verify the sender email address before taking any > > action, replying, clicking any link or opening any attachment. > > > > > > Hi Bharat, > > > > I don't seem to understand your question. Would you please explain in > more > > detail? > > > > Thanks, > > Jayanth > > > > ________________________________ > > From: Bharat Bhushan Saini <bharat.sa...@kloudspot.com.INVALID> > > Sent: Friday, March 1, 2024 3:15:18 pm > > To: users@cloudstack.apache.org <users@cloudstack.apache.org> > > Subject: Re: CKS with K8s Offering N/w > > > > Hi Wei, > > > > In shared n/w the traefik ingress is needed or only nodeport is enough > for > > that! > > > > Thanks and Regards, > > Bharat Saini > > > > [signature_1176335358] > > > > From: Wei ZHOU <ustcweiz...@gmail.com> > > Date: Friday, 1 March 2024 at 1:59 PM > > To: users@cloudstack.apache.org <users@cloudstack.apache.org> > > Subject: Re: CKS with K8s Offering N/w > > EXTERNAL EMAIL: Please verify the sender email address before taking any > > action, replying, clicking any link or opening any attachment. > > > > > > Hi Bharat, > > > > If you deploy a CKS cluster on an isolated network, please ensure the > > public Ips (which include the endpoint IP of the CKS cluster, and Load > > balancer IPs) are reachable from the management server. > > The management server configures the k8s nodes (controller/worker) via > the > > port 2222-222x of endpoint IP. > > > > If you deploy a CKS cluster on a shared network, Load balancer is not > > supported. > > If you create a K8s service with nodeport, you can access it by <k8s node > > IP>:<node port>. > > If clusterIP is used, to access the service, you need to run "kubectl > > port-forward" on the controller node. > > > > > > -Wei > > > > > > Disclaimer *** This e-mail contains PRIVILEGED AND CONFIDENTIAL > INFORMATION intended solely for the use of the addressee(s). If you are not > the intended recipient, please notify the sender by e-mail and delete the > original message. Further, you are not authorised to copy, disclose, or > distribute this e-mail or its contents to any other person and any such > actions are unlawful and strictly prohibited. This e-mail may contain > viruses. NxtGen Datacenter & Cloud Technologies Private Ltd ("NxtGen") has > taken every reasonable precaution to minimize this risk but is not liable > for any damage you may sustain as a result of any virus in this e-mail. You > should carry out your own virus checks before opening the e-mail or > attachment. NxtGen reserves the right to monitor and review the content of > all messages sent to or from this e-mail address. Messages sent to or from > this e-mail address may be stored on the NxtGen e-mail system. *** End of > Disclaimer ***NXTGEN*** > > --------------------------- Disclaimer: ------------------------------ > This message and its contents are intended solely for the designated > addressee and are proprietary to Kloudspot. The information in this email > is meant exclusively for Kloudspot business use. Any use by individuals > other than the addressee constitutes misuse and an infringement of > Kloudspot's proprietary rights. If you are not the intended recipient, > please return this email to the sender. Kloudspot cannot guarantee the > security or error-free transmission of e-mail communications. Information > could be intercepted, corrupted, lost, destroyed, arrive late or > incomplete, or contain viruses. Therefore, Kloudspot shall not be liable > for any issues arising from the transmission of this email. >