SSH/TCP Ingress with Traefik not working
Summary
Hi, I would like to run Gitlab via Helm on my Kubernetes cluster. I use Traefik as an ingress controller and would like to make the container "gitlab-shell" accessible via a TCP route. According to the documentation, Helm automatically creates a corresponding IngressRouteTCP. I can also see this configuration, but the corresponding route is not displayed in Traefik and I cannot reach gitlab via ssh.
Steps to reproduce
I use a Traefik and a Cert Manager in my cluster and have not had them created by GitLab.
Configuration used
(Please provide a sanitized version of the configuration used wrapped in a code block (```yaml))
---
certmanager:
installCRDs: false
install: false
rbac:
create: false
nginx-ingress:
enabled: false
traefik:
install: false
global:
pages:
enable: true
hosts:
domain: <hidden>
ingress:
enabled: true
provider: traefik
class: traefik
annotations:
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
configureCertmanager: false
tls:
enabled: true
secretName: <hidden>
gitlab-shell:
traefik:
entrypoint: gitlab-shell
edition: ce
email:
<hidden>
Short extract from the Traefik config:
ports:
web:
redirectTo:
port: websecure
websecure:
tls:
enabled: true
gitlab-shell:
expose: true
exposedPort: 22
port: 2222
protocol: TCP
Current behavior
As you can see, the router is unfortunately not recognized/used. The logs from Traefik and also from the gitlab shell containers are unfortunately not meaningful.
Helm creates a service for gitlab-shell.
Expected behavior
I am not sure if there is a configuration error or if the created IngressRouterTCP simply does not work with Traefik anymore. In any case, I have tried a lot and would be grateful for any tips on how to get it to work.
Versions
- Chart: v7.7.3
- Platform:
- Self-hosted: Rancher RKE / v1.27.8+k3s2
- Kubernetes: (
kubectl version
)- Client: v1.28.2
- Server: v1.27.8+k3s2
- Helm: (
helm version
)- Client: v3.13.3
Relevant logs
This is what the generated IngressRouterTCP looks like:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
annotations:
meta.helm.sh/release-name: gitlab
meta.helm.sh/release-namespace: gitlab
creationTimestamp: '2024-01-14T14:40:34Z'
generation: 3
labels:
app: gitlab-shell
app.kubernetes.io/managed-by: Helm
chart: gitlab-shell-7.7.3
heritage: Helm
release: gitlab
managedFields:
- apiVersion: traefik.containo.us/v1alpha1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:meta.helm.sh/release-name: {}
f:meta.helm.sh/release-namespace: {}
f:labels:
.: {}
f:app: {}
f:app.kubernetes.io/managed-by: {}
f:chart: {}
f:heritage: {}
f:release: {}
f:spec:
.: {}
f:entryPoints: {}
f:routes: {}
manager: helm
operation: Update
time: '2024-01-14T18:29:26Z'
name: gitlab-gitlab-shell
namespace: gitlab
resourceVersion: '40239003'
uid: 45845aea-9881-434a-9d0a-445856bd31e9
spec:
entryPoints:
- gitlab-shell
routes:
- match: HostSNI(`*`)
services:
- name: gitlab-gitlab-shell
namespace: gitlab
port: 22