Open dnoland1 opened 4 years ago
That sounds weird @dnoland1 . Traefik shouldn't intercept /ping
uri on every entrypoint, just on an specific one, traefik
by default.
It seems that traefik ingress is not redirecting requests to proper entrypoint. Are you using proper FQDN to access Rancher??
Tested on k3s v1.17.4-k3s1 with traefik ingress and running rancher
$ curl -k https://172.17.0.5/ping
OK
$ curl -k --header 'Host: rancher.my.org' https://172.17.0.5/ping
pong
@rawmind0 Could you try this in your environment:
curl --header 'Host: rancher.my.org' http://172.17.0.5/ping
and let me know the results. It appears if you use https, pong
is returned, but http returns OK
.
In our environment, we are using the tls external option in Rancher and doing TLS termination on AWS ALB. The ALB will forward traffic onto traefik using http, not https.
Issue is with traefik and external LB configuration:
/ping
on http not matter FQDN (@dnoland1 you were right on that)/ping
requests due to is not going to rancher healthcheck.The provider needs to access proper rancher healthcheck at /ping
, due to it's checking rancher readiness before connect, https://github.com/terraform-providers/terraform-provider-rancher2/blob/master/rancher2/config.go#L73 and this configuration is redirecting /ping
requests on http, to the ingress healthcheck instead of Rancher healthcheck.
2 possible options to fix:
/ping
on https and let the external LB like it is/ping
like it is
On a k3s cluster with traefik, get the following error when attempting to using the rancher2 bootstrap resource (TF_LOG=debug) set:
This is because traefik intercepts /ping and returns OK and not the expected "pong":
See https://docs.traefik.io/operations/ping/#configuration-options
Note, works fine if we debug nginx-ingress controller instead of the default traefik ingress. Above testing was done with rancher2 v1.8.3 provider.