1

I have been running an application stack successfully on a server using the k3s Kubernetes implementation. I am now attempting to deploy it on my Windows PC in Docker Desktop. I get a 404 not found when accessing the application on the localhost.

  • I tried using 'localhost', '127.0.0.1' and 'kubernetes.docker.internal' (the latter is assigned to 127.0.0.1 by Docker Desktop on installation) - none work.
  • I have tried all these host names with ports 80, 8000, 443, 8443, etc. No luck.

I'm using Traefik as my ingress controller, with TLS switched on, certificates are issued by cert-manager. For the local deployment, I use the cert-manager self-signed option. I have also removed the TLS spec from my ingress, but it makes no difference.

Here is my ingress definition, using 'kubernetes.docker.internal' as host:

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: traefik-ingress
      annotations:
        kubernetes.io/ingress.class: "traefik"
        cert-manager.io/issuer: self-signed
    spec:
      tls:
        - secretName: s3a-tls-certificate-secret
          hosts:
            - kubernetes.docker.internal
      rules:
      - http:
          paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: s3a-frontend
                  port:
                    number: 80
  • When I try https://kubernetes.docker.internal (implied port 443), on first attempt, Chrome shows me the "unsafe self-signed certificate, press Advanced to continue" stuff, but when I do continue, I get 404 page not found.
  • When I try plain http://kubernetes.docker.internal (implied port 80), I get Chrome ERR_EMPTY_RESPONSE.
  • When I remove the TLS stuff completely from the ingress, it does exactly the same as above for ports http and https.
  • You'll see the spec/rules don't specify a specific host, i.e. the spec applies to all hosts. I've tried fixing it to host 'kubernetes.docker.internal', but as expected, it makes no difference.

The target service "s3a-frontend" is running on its exposed port 80: I can access it when hitting it directly on its node port, but not via the ingress.

EDIT: The Traefik ingress controller comes with k3s, but I installed it manually in Docker Desktop. When I attach to the traefik pod, I can see a request being logged when I access https://kubernetes.docker.internal, here are the logs. You can see the cluster health checks ("ping@internal"), but also my request for root ("/") and then Chrome's request for favicon, neither of which return a response code.

10.1.0.1     - - [05/Nov/2021:16:36:23 +0000] "GET /ping HTTP/1.1" 200 2 "-" "-" 2141 "ping@internal" "-" 0ms
192.168.65.3 - - [05/Nov/2021:16:36:24 +0000] "GET / HTTP/2.0" - - "-" "-" 2142 "-" "-" 0ms
10.1.0.1     - - [05/Nov/2021:16:36:24 +0000] "GET /ping HTTP/1.1" 200 2 "-" "-" 2143 "ping@internal" "-" 0ms
192.168.65.3 - - [05/Nov/2021:16:36:24 +0000] "GET /favicon.ico HTTP/2.0" - - "-" "-" 2144 "-" "-" 0ms

/END EDIT

I have done a lot of research, including on the possibility that something else is hogging ports 80/443. netstat says that Docker itself is listening on those ports: how can I claim those ports if Docker itself is using it, or is this a red herring?

System

  • Windows 10 Pro, 10.0.19043
  • WSL2
  • Docker Desktop reports engine v20.10.8
Cornel Masson
  • 1,352
  • 2
  • 17
  • 33
  • k3s comes bundled with the traefik ingress controller. kubernetes on docker-desktop does not. see this question for more information and a solution: https://stackoverflow.com/questions/65193758/enable-ingress-controller-on-docker-desktop-with-wls2 – meaningqo Nov 04 '21 at 09:39
  • Did solution provided in comment above help you? – kkopczak Nov 04 '21 at 17:57
  • I installed Traefik manually. I'll update my question with more details. – Cornel Masson Nov 05 '21 at 16:39

1 Answers1

1

I couldn't get this working on Docker Desktop. I switched to Rancher Desktop and it worked.

Cornel Masson
  • 1,352
  • 2
  • 17
  • 33