SSL Errors Prevent Access to Rancher UI After Cluster Deployment with Hetzner-K3s #435
-
|
I deployed a Kubernetes cluster using the following command, and everything appeared to work without any errors: hetzner-k3s create --config k3s.yaml | tee create.logNext, I deployed a load balancer on Hetzner, which shows as healthy, using this command: helm upgrade --install \
ingress-nginx ingress-nginx/ingress-nginx \
-f ./ingress-nginx-annotations.yaml \
--namespace ingress-nginx \
--create-namespaceThis was done with the following configuration file:
controller:
kind: DaemonSet
service:
annotations:
load-balancer.hetzner.cloud/location: nbg1
load-balancer.hetzner.cloud/name: ingress-nginx-lb
load-balancer.hetzner.cloud/use-private-ip: "true"
load-balancer.hetzner.cloud/uses-proxyprotocol: "true"
load-balancer.hetzner.cloud/hostname: k8s.larvepoire.app
load-balancer.hetzner.cloud/http-redirect-https: "false"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ingress-nginx-controller
namespace: ingress-nginx
data:
use-proxy-protocol: "true"I then installed helm upgrade --install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.15.3 \
--set crds.enabled=trueAnd applied the following configuration: kubectl apply -f ./lets-encrypt.yamlapiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: [email protected]
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
ingressClassName: nginxAt this point, everything seemed to be working correctly—all pods are running, and both However, I noticed something odd. When I send a GET request to my load balancer using Postman at <html>
<head>
<title>400 Bad Request</title>
</head>
<body>
<center>
<h1>400 Bad Request</h1>
</center>
<hr>
<center>nginx</center>
</body>
</html>Is this expected since no application is currently bound to this address, or am I mistaken? Finally, the main issue arises when I deploy my test application (Rancher) using This site can’t provide a secure connection What could be the cause of this issue? apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-world
labels:
app: hello-world
spec:
replicas: 1
selector:
matchLabels:
app: hello-world
template:
metadata:
labels:
app: hello-world
spec:
containers:
- name: hello-world
image: rancher/hello-world
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: hello-world
spec:
selector:
app: hello-world
ports:
- protocol: TCP
port: 80
targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hello-world
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- rancherk8s.larvepoire.app
secretName: rancherk8s.larvepoire.app-tls
rules:
- host: rancherk8s.larvepoire.app
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: hello-world
port:
number: 80 |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
|
Hello, it seems there's a small error :) You've mistakenly combined the YAML for the Nginx ConfigMap with the YAML for the Helm chart values. Instead, you should first install the ingress controller using the Helm chart, and then create a separate ConfigMap using the provided YAML for the ConfigMap. The "bad request" errors you're experiencing are due to this mistake: the proxy protocol is enabled on the load balancer but not configured in Nginx. I'm changing this to a discussion because it's not an issue with hetzner-k3s. |
Beta Was this translation helpful? Give feedback.
-
|
Indeed, the error was exactly that! Now I understand why everything worked perfectly last Friday, but today was a failure—I mistakenly thought I could merge the two configurations. Big mistake. Thank you so much for pointing that out; you’ve just saved a tormented man, HAHA! Sorry for posting this in the issues category; I won’t make that mistake again. |
Beta Was this translation helpful? Give feedback.
-
|
No problem, I'm glad to hear it's working now :) There's no need to rebuild the cluster. You can simply increase the number of workers and run the create command again. The tool will automatically generate the additional nodes you need, which is sufficient when you're increasing the number of nodes. However, if you want to reduce the size of a static node pool, you should:
I haven't automated this process yet because it's not a common scenario (it's more typical to scale up a node pool rather than down, or to use an autoscaled node pool), but it's straightforward to do manually by following these steps. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you so much for your clear and concise explanation! I really appreciate your help, and I'm glad my issue is resolved. Your guidance on scaling the cluster is very helpful, and I'll follow these steps if I need to adjust the node pool in the future. Thanks again for all your support! |
Beta Was this translation helpful? Give feedback.
-
|
I'm glad to assist! Feel free to reach out if you encounter any problems or have ideas on how to enhance the documentation. Although some subjects covered in the docs/tutorial are not exclusive to hetzner-k3s, those sections are designed to aid individuals who are new to Kubernetes as well. :) |
Beta Was this translation helpful? Give feedback.
Hello, it seems there's a small error :)
You've mistakenly combined the YAML for the Nginx ConfigMap with the YAML for the Helm chart values. Instead, you should first install the ingress controller using the Helm chart, and then create a separate ConfigMap using the provided YAML for the ConfigMap.
The "bad request" errors you're experiencing are due to this mistake: the proxy protocol is enabled on the load balancer but not configured in Nginx.
I'm changing this to a discussion because it's not an issue with hetzner-k3s.