'Microk8s, MetalLB and Emissary ingress integration

I have a Microk8s cluster with 3 nodes (1 master and 2 workers). I have enabled the dns and metallb(with the single public ip of master node) plugins and installed Emissary Ingress with Helm3.

All is up and running, Emissary service has type LoadBalancer and getting the correct external ip from MetalLB.

After this, I'm trying to set a mapping for Sonarqube service. These are the yaml:

apiVersion: getambassador.io/v3alpha1
kind: Listener
metadata:
  name: http-listener
  namespace: emissary-system
spec:
  port: 80
  protocol: HTTP
  securityModel: INSECURE
  hostBinding:
    namespace:
      from: ALL
---
apiVersion: getambassador.io/v3alpha1
kind: Listener
metadata:
  name: https-listener
  namespace: emissary-system
spec:
  port: 443
  protocol: HTTPS
  securityModel: SECURE
  hostBinding:
    namespace:
      from: ALL
---
apiVersion: getambassador.io/v3alpha1
kind: Host
metadata:
  name: sonarqube-host
  namespace: emissary-system
spec:
  hostname: "*"

---
apiVersion: getambassador.io/v3alpha1
kind:  Mapping
metadata:
  name: sonarqube-mapping
  namespace: emissary-system
spec:
  hostname: "*"
  prefix: /sonarqube
  service: "http://sonarqube-1645479242-sonarqube.sonarqube-system:9000"

On firewall side, I have this:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22                         ALLOW IN    Anywhere                   # SSH
80                         ALLOW IN    Anywhere                   # HTTP
443                        ALLOW IN    Anywhere                   # HTTPS
4789                       ALLOW IN    Anywhere                   # VXLAN
10250                      ALLOW IN    Anywhere                   # KUBELET
16443                      ALLOW IN    Anywhere                   # K8S API-SERVER
19001                      ALLOW IN    Anywhere                   # DQLITE
25000                      ALLOW IN    Anywhere                   # K8S CLUSTER-AGENT
Anywhere on vxlan.calico   ALLOW IN    Anywhere                  
Anywhere on cali+          ALLOW IN    Anywhere                  
22 (v6)                    ALLOW IN    Anywhere (v6)              # SSH
80 (v6)                    ALLOW IN    Anywhere (v6)              # HTTP
443 (v6)                   ALLOW IN    Anywhere (v6)              # HTTPS
4789 (v6)                  ALLOW IN    Anywhere (v6)              # VXLAN
10250 (v6)                 ALLOW IN    Anywhere (v6)              # KUBELET
16443 (v6)                 ALLOW IN    Anywhere (v6)              # K8S API-SERVER
19001 (v6)                 ALLOW IN    Anywhere (v6)              # DQLITE
25000 (v6)                 ALLOW IN    Anywhere (v6)              # K8S CLUSTER-AGENT
Anywhere (v6) on vxlan.calico ALLOW IN    Anywhere (v6)             
Anywhere (v6) on cali+     ALLOW IN    Anywhere (v6)             

Anywhere                   ALLOW OUT   Anywhere on vxlan.calico  
Anywhere                   ALLOW OUT   Anywhere on cali+         
Anywhere (v6)              ALLOW OUT   Anywhere (v6) on vxlan.calico
Anywhere (v6)              ALLOW OUT   Anywhere (v6) on cali+

But, when I try to connect I get a connection refused error. Seems that no one listening on 80 or 443. Anyone can help? Thanks

kubernetesmicrok8sambassadormetallb


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions