Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IngressRouteTCP object not created when the route is a Service of type ExternalName #6390

Closed
mazzy89 opened this issue Feb 27, 2020 · 10 comments · Fixed by #6428
Closed

IngressRouteTCP object not created when the route is a Service of type ExternalName #6390

mazzy89 opened this issue Feb 27, 2020 · 10 comments · Fixed by #6428
Labels
area/provider/k8s/crd kind/enhancement a new or improved feature. priority/P2 need to be fixed in the future status/5-frozen-due-to-age
Projects
v2
Milestone
2.2

Comments

@mazzy89
Copy link

mazzy89 commented Feb 27, 2020
edited

Do you want to request a feature or report a bug?

Bug

What did you do?

I've created an object of kind: IngressRouteTCP and configured in such way:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
  name: external-tcp-service
spec:
  entryPoints:
    - tcp
  routes:
    - match: HostSNI(`my-external-service.domain.com`)
      services:
        - name: my-external-service
          port: 6379
  tls: {}
---
apiVersion: v1
kind: Service
metadata:
  name: external-tcp-service
spec:
  externalName: internaltcpsrv.domain.local
  type: ExternalName

What did you expect to see?

I would expect that the object external-tcp-service would be created.

What did you see instead?

level=error msg="Cannot create service: service port not found"

Output of traefik version: (What version of Traefik are you using?)

2.1.3

What is your environment & configuration (arguments, toml, provider, platform, ...)?

Kubernetes 1.15.9

I believe that the reason is of a bug here https://github.com/containous/traefik/blob/master/pkg/provider/kubernetes/crd/kubernetes_tcp.go#L165

There is an immediate lookup of the port in the Service and only after there is a check of the type to verify if the Service is type: ExternalName.

I believe that the logic must be rearranged a bit. I can wire a PR if is needed.
@jbdoumenjou
Copy link
Member

Hi @mazzy89,

Could you explain your use case with the ExternalName Service ?

@mazzy89
Copy link
Author

mazzy89 commented Feb 27, 2020
edited

Sure. The idea here is to expose a resource specifically an Elasticache cluster that is reachable only from the k8s cluster where Traefik runs.

The k8s Service would proxy internally this resource while IngressRouteTCP would create an entry to expose it publicly.

@mazzy89
Copy link
Author

mazzy89 commented Feb 28, 2020

There is anything I can help here? This is blocking us to adopt Traefik v2. I'm open to hearing different approaches

@ldez ldez added area/provider/k8s/crd kind/bug/possible a possible bug that needs analysis before it is confirmed or fixed. and removed status/0-needs-triage labels Feb 28, 2020
@ldez ldez added this to issues in v2 via automation Feb 28, 2020
@jbdoumenjou
Copy link
Member

You can specify a port on the ExternalName Service to map with the IngressRoute.
However, it could be a good feature to avoid the need of specifying the port on the ExternalName Service by using the IngressRoute service port.

Just a comment on your sample, the name of the service referenced in the IngressRoute does not match the ExternalName Service name.

WDYT ?

@mazzy89
Copy link
Author

mazzy89 commented Mar 3, 2020

You can specify a port on the ExternalName Service to map with the IngressRoute.
However, it could be a good feature to avoid the need of specifying the port on the ExternalName Service by using the IngressRoute service port.

I'm going to try by specifying the port in the Service of type ExternalName and see if it works. I was not sure if this is possible. But need definitely to try it.

I like your idea to use the port of the IngressRoute. Personally, it does fit our use case.

Just a comment on your sample, the name of the service referenced in the IngressRoute does not match the ExternalName Service name.

Yeah, that is a typo due to a work of removal of real references from the manifests. 🤓

@mazzy89
Copy link
Author

mazzy89 commented Mar 3, 2020
edited

Just tried here. Added to the Service the port having a Service looking like this:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
  name: external-tcp-service
spec:
  entryPoints:
    - redis
  routes:
    - match: HostSNI(`my-external-service.domain.com`)
      services:
        - name: external-tcp-service
          port: 6379
  tls: {}
---
apiVersion: v1
kind: Service
metadata:
  name: external-tcp-service
spec:
  externalName: internaltcpsrv.domain.local
  type: ExternalName
  ports:
    - port: 6379

The result from Traefik logs

+ reverse-proxy-traefikv2-767fd98689-xj2xq › reverse-proxy-traefikv2
reverse-proxy-traefikv2-767fd98689-xj2xq reverse-proxy-traefikv2 time="2020-03-03T14:40:50Z" level=error msg="Cannot create service: service not found" serviceName=external-tcp-service namespace=platform servicePort=6379 providerName=kubernetescrd ingress=external-tcp-service
reverse-proxy-traefikv2-767fd98689-xj2xq reverse-proxy-traefikv2 time="2020-03-03T14:40:50Z" level=error msg="Cannot create service: service not found" servicePort=6379 ingress=external-tcp-service serviceName=external-tcp-service  providerName=kubernetescrd namespace=platform
reverse-proxy-traefikv2-767fd98689-xj2xq reverse-proxy-traefikv2 time="2020-03-03T14:40:51Z" level=error msg="the service \"external-tcp-service-9888b30400de35951949@kubernetescrd\" does not exist" entryPointName=redis routerName=platform-external-tcp-service-9888b30400de35951949@kubernetescrd

@mazzy89
Copy link
Author

mazzy89 commented Mar 3, 2020
edited

@jbdoumenjou I was able to replicate the issue and actually the last one the error is just temporary and due to the order that objects are created. Once swapped the order in the manifest, the errors are not reported anymore and the resources look green in the Traefik dashboard.

Need to tests the connection though but at least now Traefik does not complain anymore.

It would be nice to have the feature in place. Do you need help here? Will you go ahead or should I give a try?

@jbdoumenjou
Copy link
Member

Thank you, we are working on it. 😄

@jbdoumenjou jbdoumenjou added kind/enhancement a new or improved feature. priority/P2 need to be fixed in the future and removed kind/bug/possible a possible bug that needs analysis before it is confirmed or fixed. contributor/waiting-for-feedback labels Mar 3, 2020
@mazzy89
Copy link
Author

mazzy89 commented Mar 3, 2020

Thank you for the fast reaction here.

@rtribotte rtribotte mentioned this issue Mar 5, 2020
Merged
2 tasks
@traefiker traefiker added this to the 2.2 milestone Mar 10, 2020
@traefiker
Copy link
Contributor

Closed by #6428.

v2 automation moved this from issues to Done Mar 10, 2020
@traefik traefik locked and limited conversation to collaborators Apr 28, 2020
@jbdoumenjou jbdoumenjou removed their assignment Sep 4, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area/provider/k8s/crd kind/enhancement a new or improved feature. priority/P2 need to be fixed in the future status/5-frozen-due-to-age
Projects
No open projects
v2
Done
Milestone
2.2
Development

Successfully merging a pull request may close this issue.

Improve kubernetes external name service support rtribotte/traefik
4 participants
@jbdoumenjou @mazzy89 @ldez @traefiker