James Lab

Fix - Online Boutique External Access via Traefik Ingress

2 min read

Problem

Internal communication within the online-boutique application is fully functional, with the frontend successfully processing requests and completing orders. The only obstacle is external access: the frontend-external LoadBalancer service is failing to acquire an IP due to a port 80 conflict with Traefik.

Analysis Results

  • Workload Status: All 12 application pods are Running and healthy.
  • Internal Connectivity: Logs confirm successful service-to-service calls (Product Catalog, Cart, Checkout).
  • External Access Issue: The frontend-external Service (Type: LoadBalancer) is stuck because k3s svclb cannot bind to port 80, which is already held by Traefik.
  • Argo CD Status: Synced, but Progressing due to the pending ServiceLB pods.

Proposed Fix Plan

Transitioning from a LoadBalancer service to a Traefik-managed Ingress. This resolves the port conflict and leverages the existing ingress controller.

  1. Modify manifests: Create an Ingress resource for the frontend service in the apps/online-boutique/overlays/lab/ directory.
  2. Clean up: Remove the frontend-external LoadBalancer service from the manifests to clear the Progressing state in Argo CD.
  3. Verify: Confirm that the application is accessible via the Traefik ingress.

Resolution Steps

1. Added Ingress Resource

Created apps/online-boutique/overlays/lab/ingress.yaml:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: frontend-ingress
  namespace: boutique
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
  rules:
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: frontend
                port:
                  number: 80

2. Updated Kustomization

Added the ingress resource and a patch to remove the frontend-external service in apps/online-boutique/overlays/lab/kustomization.yaml:

resources:
  - ingress.yaml
 
patches:
  - target:
      kind: Service
      name: frontend-external
    patch: |-
      $patch: delete
      apiVersion: v1
      kind: Service
      metadata:
        name: frontend-external

3. Verified Access

Confirmed the frontend is accessible via any cluster node IP on port 80:

  • http://192.168.5.40
  • http://192.168.5.41
  • http://192.168.5.42
  • http://192.168.5.43

Verification

# Confirm ingress is ready
kubectl get ingress -n boutique
 
# Confirm frontend-external service is removed
kubectl get svc -n boutique
 
# Confirm Argo CD is synced and healthy
kubectl get application online-boutique -n argocd

Result

  • Argo CD status: Synced and Healthy
  • External access: Working via Traefik Ingress
  • Port conflict: Resolved

Backlinks