How to expose app deployed on Rancher k3s to the Internet

Question

I've different deployments over different namespaces and I would like to expose some of them to the Internet, even if I don't have a static and public IP available. The different services are deployed on Rancher k3s and every service which should be publicly accessible has an Ingress defined in the same namespace.

I was trying to follow Rancher - How to expose my services publicly?, but I didn't really get what I've to do and, moreover:

• Why do we need to define a LoadBalancer? It seems to me that the IngressController used by k3s (Traefik?) already creates one. If this is a must (or a good way to go), how it should the service defined exactly?
• I don't have any Rancher UI in my environment. Therefore, is there a way to achieve what described in that link in a declarative way?
• Is there a way to use services like No-IP or FreeDNS for the final hostname?

Answer 1

If I get it right, you deployed Kubernetes manually on barebone/vms nodes and now you want to reach you deployments running inside that cluster.

• There is two level of loadbalancing in this setup, the one managed by your ingress controller, sounds like it is traefik in your case, and it is recommanded to run a second L4 load balancer in front of your workers to reach the ingress pods that are usually deployed on multiple/all nodes. Traefik, or other lb controllers, will load balancer traffic inside the k8s cluster without issue even if you don't have a L4 load balancer, but it is not recommanded as if you loose this node, no traffic can reach the kubernetes cluster anymore. You "just" need to have your dns resolution pointing at your public ip and routed to one of your worker, or the LB in front of it. However, if you don't have a L4 LB, you'll need to have your ingress pods listening on ports 80 and/or 443.
• Most things that you do in Rancher UI is just an easier way to see your k8s objects, all ingress configuration can be achieved via kubectl, k9s (strongly recommand thatone!), lens or other methods. However k8s objects are still k8s objects. In this case, you need to have your services exposed with ClusterIP that are then reachable by the ingress pods.
• I've never used such a solution natively from k8s, but when I had too the internet router was able to do this part, once you're there, it is internal routing.

I hope this helps. Ingress can definitely be a tough one to grasp!