we’ve got some network issues here, maybe combined with a lack of understanding.
The main thing is, we have a business application, which was developped by our external developer.
He handed us the source code and the original docker images. It is confirmed by the developer, that these images will work “as-is”, when applying them to a container.
Using Docker, I could confirm that.
Now, the application is dedicated to our customer. Which means, we have the code and the docker images, and have to develop a mechanism to get the new releases to the production environment of the customer. The customer environment is given. So we decided to rebuild the customer’s environment in our house.
Customer uses Kubernetes and Traefik. Customer uses some other stuff, that we cannot rebuild (something like code quality checking and artifacts).
But customer uses Ubuntu Server in their own cloud solution. We only have one Windows 2016 Datacenter Server.
Since it is always better to use Linux, when it comes to Application virtualization, we installed an Ubuntu Server on a HyperV machine.
On this server, we installed docker, kubernetes cluster and node unsing kubeadm (yes, on one single HyperV machine) and the other stuff we need.
We already got this far.
-1. Setting up the Ubuntu server, disabling ufw (firewall), setting up network to static IP+DNS configuration.
0. Creating kubernetes cluster, node, namespaces etc.
- Importing the supplied docker images with “docker load -i imagename.tar”
- Creating the yaml files for the deployments (=> pods), the services, the network policies, secrets and so on.
- Applying all these yaml files and confirming the functionality (the pods respond als expected)
Now, we wanted to connect the running application with the “world outside”. In this case, this is NOT meaning “the internet”. For us it is sufficient to get access to the application web site coming from the Windows Server. Internal use, you might say.
Customer is using traefik ingress, so we tried that, too. After applying several custom yaml files, we see all our changes, but we still cannot reach the application web interface from the outside (nor can we reach the traefik management web interface).
- From the Windows Server, we tried to reach port 80 and 443 on the Hyper-V machine (by querying http(s):// in a browser and by using telnet) - no success. Connection refused.
- From the Hyper-V machine, I can curl the IP of the non-traefik service directly and as return I get the HTML Code of the application web site.
- From the Hyper-V machine, I can curl the IP of the traefik service and I get “404 page not found” returned as plain string.
To 1, I have to say, I looked at the output of “netstat -tulp | grep LISTEN” and saw that no process listens on port 80, 443 or such.
Okay, to make it short, we now have two issues:
- How can we make the application web site accessible over http(s) from the Windows Server?
- How can we make the pods able to connect to another Hyper-V machine (in our case, the database machine, which is another Hyper-V machine on the Windows Server)?
Question number 2 is important, because without database connectivity, all the tool makes no sense.
In this case, we are talking about a MSSQL 2016 Database listening on 1433. It is configured and accessible from the Windows Server.
I know, I still did not post code here. Since we have 10 yaml files for all the ingress components, I did not want to post all of them.
Here are the most important - ask for more, if you need: