help to access my first kubernetes container

  • Hi all,


    Out of interest in kubernetes and the plugin, I have installed on my omv 7 rpi4 (test sbc) and kubernetes is running fine.


    I created a ssl certificate in OMV GUI and used rpi4.lan as the common name for the certificate. This is configured in the plugin settings.


    I can access the kubernetes dashboard on either https://ip_address:4443 or https://rpi4.lan:4443


    I used the recipe templates and deployed wetty and filebrowser. Both seem to be running OK.


    My issue is that I can't access either of them from https://wetty.rpi4.lan:8443 or https://filebrowser.rpi4.lan:8443


    I know i'm doing something silly but not sure what to do to investigate

  • trying to work out what is going on but I think it might have something to do with these logs that I have found in the traefik pod/container.


    I have tried deploying using 'host-selfsigned-cert' and 'host-imported-cert'


    Any help appreciated...


    Code
    time="2024-10-07T04:40:52Z" level=error msg="Error configuring TLS: secret filebrowser-app/host-imported-cert does not exist" namespace=filebrowser-app providerName=kubernetescrd ingress=filebrowser-websecure
    time="2024-10-07T04:40:52Z" level=error msg="Error configuring TLS: secret wetty-app/host-selfsigned-cert does not exist" providerName=kubernetescrd namespace=wetty-app ingress=wetty-websecure
    • Official Post

    Please have a look here; it seems there need to be done some additional changes on Raspi systems. Please report back if this fixes the issues.


  • Thanks votdev - very impressive plugin/project. I use docker quite a bit but this in another level.


    I already had followed all of this and everything is running fine on my rpi. For some reason, the traefik pod does not like the name of the certificate.


    I have looked in resources > certificates and I see it is there - looks like the secretName is correct.


  • not much to see in this log...


  • So I started again but this time using a clean omv install (VM using KVM plugin on my OMV minipc).


    I have the same issue. Installed k8s plugin. Confirmed kubernetes dashboard running. Deployed wetty from the recipe. Seems to deploy fine and I can see the wetty pod running.


    I just can't connect using either https://wetty.omv.lan:8443 or http://wetty.omv.lan:8080


    Similar situation with the traefik pod log - but not sure if this is the issue (or just me doing something stupid).


    traefik pod log:

    Code
    time="2024-10-08T05:41:56Z" level=info msg="Configuration loaded from flags."
    time="2024-10-08T05:45:07Z" level=error msg="Error configuring TLS: secret wetty-app/host-selfsigned-cert does not exist" namespace=wetty-app providerName=kubernetescrd ingress=wetty-websecure
    time="2024-10-08T05:45:07Z" level=error msg="subset not found for wetty-app/wetty" providerName=kubernetescrd ingress=wetty-websecure namespace=wetty-app
    time="2024-10-08T05:45:21Z" level=error msg="Error configuring TLS: secret wetty-app/host-selfsigned-cert does not exist" providerName=kubernetescrd ingress=wetty-websecure namespace=wetty-app
    time="2024-10-08T05:48:24Z" level=error msg="Error configuring TLS: secret wetty-app/host-selfsigned-cert does not exist" namespace=wetty-app providerName=kubernetescrd ingress=wetty-websecure


    wetty pod log (looks good):

    Code
    yarn run v1.22.19
    $ NODE_ENV=production node . --port=3000 --base=/ --force-ssh --ssh-port=22 --ssh-host=omv
    {"base":"/","label":"Wetty","level":"info","message":"Starting server","port":3000,"timestamp":"2024-10-08T05:48:24.979Z","title":"WeTTY - The Web Terminal Emulator"}
    {"connection":"http","label":"Wetty","level":"info","message":"Server started","port":3000,"timestamp":"2024-10-08T05:48:24.993Z"}
    • New
    • Official Post

    You can ignore the error messages; it is still working.


    If you can not reach https://wetty.omv.lan:8443 then your local DNS can not resolve wetty.omv.lan. Make sure the FQDN can be resolved by your DNS. For testing purposes you can add it to /etc/hosts on your host system.


    Code
    192.xxx.xxx.xxx omv omv.lan filebrowser.omv.lan wetty.omv.lan


    Alternatively you can use sslip.io if you do not have the capability to modify your DNS server.


    To do so you need to modify the IngressRoute object the following way:


    After that you can reach the app via https://immich.xxx.xxx.xxx.xxx.sslip.io.

  • Thanks votdev


    Good to know it is likely a DNS issue. I run opnsense firewall/router and this is usually working perfectly for DNS but I will investigate.


    I can currently resolve omv.lan and omv.local to the correct IP address so this is fine. The issue is with dns resolution of subdomain.omv.lan so I will see if I can fix this so subdomains resolve to same ip as omv.lan

  • Just an update to this thread as I have kubernetes working (thanks for your help votdev) :)


    It did require me to make a tricky/quirky change in my opnsense/unbound settings and add a wildcard host override.


    Now anything.omv.lan resoles to the ip of omv.lan as configured in the override.


    I personally do not like this solution so I will see if I can find a better way in opnsense/unbound.

  • jata1

    Added the Label resolved

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!