traefik-helm-chart icon indicating copy to clipboard operation
traefik-helm-chart copied to clipboard

Published 20 hours ago verified publisher icon traefik

Healthchecksports Value not working

Open giuramen opened this issue 3 years ago • 3 comments
trafficstars

Welcome!

  • [X] Yes, I've searched similar issues on GitHub and didn't find any.
  • [X] Yes, I've searched similar issues on the Traefik community forum and didn't find any.

What version of the Traefik's Helm Chart are you using?

10.13.0

What version of Traefik are you using?

2.6.0

What did you do?

Dear All,

I tried to change liveness and readness probe port with "healthchecksport" field in the values:

  traefik:
    healthchecksPort: 9001

What did you see instead?

After deployment I got this error:

time="2022-02-03T01:38:37Z" level=debug msg="Creating middleware" middlewareName=metrics-entrypoint middlewareType=Metrics entryPointName=traefik
time="2022-02-03T01:39:15Z" level=info msg="I have to go..."
time="2022-02-03T01:39:15Z" level=info msg="Stopping server gracefully"
time="2022-02-03T01:39:15Z" level=debug msg="Waiting 10s seconds before killing connections." entryPointName=web
time="2022-02-03T01:39:15Z" level=debug msg="Waiting 10s seconds before killing connections." entryPointName=websecure
time="2022-02-03T01:39:15Z" level=debug msg="Waiting 10s seconds before killing connections." entryPointName=traefik
time="2022-02-03T01:39:15Z" level=debug msg="Waiting 10s seconds before killing connections." entryPointName=metrics
time="2022-02-03T01:39:15Z" level=error msg="accept tcp [::]:8000: use of closed network connection" entryPointName=web
time="2022-02-03T01:39:15Z" level=error msg="Error while starting server: accept tcp [::]:8000: use of closed network connection" entryPointName=web
time="2022-02-03T01:39:15Z" level=error msg="accept tcp [::]:9100: use of closed network connection" entryPointName=metrics
time="2022-02-03T01:39:15Z" level=error msg="accept tcp [::]:9000: use of closed network connection" entryPointName=traefik
time="2022-02-03T01:39:15Z" level=error msg="Error while starting server: accept tcp [::]:9000: use of closed network connection" entryPointName=traefik
time="2022-02-03T01:39:15Z" level=error msg="Error while starting server: accept tcp [::]:9100: use of closed network connection" entryPointName=metrics
time="2022-02-03T01:39:15Z" level=error msg="accept tcp [::]:8443: use of closed network connection" entryPointName=websecure
time="2022-02-03T01:39:15Z" level=debug msg="Entry point traefik closed" entryPointName=traefik
time="2022-02-03T01:39:15Z" level=debug msg="Entry point web closed" entryPointName=web
time="2022-02-03T01:39:15Z" level=debug msg="Entry point metrics closed" entryPointName=metrics
time="2022-02-03T01:39:15Z" level=error msg="close tcp [::]:8443: use of closed network connection" entryPointName=websecure time="2022-02-03T01:39:15Z" level=debug msg="Entry point websecure closed" entryPointName=websecure
time="2022-02-03T01:39:15Z" level=info msg="Server stopped"
time="2022-02-03T01:39:15Z" level=info msg="Shutting down"

The pods started to restart and got CrashLoopBackOff

What is your environment & configuration?

Kubernetes EKS 1.21 Deployed by terraform

values.yaml

deployment:
  kind: DaemonSet

ingressClass:
  enabled: true
  isDefaultClass: true

ingressRoute:
  dashboard:
    enabled: false

providers:
  kubernetesCRD:
    enabled: true

service:
  type: NodePort

ports:
  traefik:
    healthchecksPort: 9001

logs:
  general:
    level: DEBUG

set values

set {
  name  = "additionalArguments"
  value = "{--providers.kubernetesingress.ingressendpoint.hostname=traefik.${var.local_domain}}"
}

Additional Information

No response

giuramen avatar Feb 03 '22 01:02 giuramen

This configuration is a bit confusing, to be honest. the healthcheckport is the port that would be configured in the deployment healthcheck, which is expected to answer. although the port that would be exposed on traefik remains the "port" argument:

https://github.com/traefik/traefik-helm-chart/blob/4e53fe085c70211474bbead3cc27727afec1905a/traefik/values.yaml#L276-L280

So your values file should be doing something like:

ports:
  traefik:
    port: 9001

Or

ports:
  traefik:
    healthchecksPort: 9001
    port: 9001

And now that I look back at this commit: https://github.com/traefik/traefik-helm-chart/commit/3d005176c26c44c14fb5fcabbed819d72f27a067

( #339, #353 )

Maybe the implementation was just bad ... Outside of that #353 , there's no reason you would ever need to set that healthchecksPort. Maybe we should have made it clearer ...

faust64 avatar Apr 17 '22 22:04 faust64

@faust64 healthchecksport adds the security group context that isn't automatically added by port, so now your security group would include 9000-32XXX or whatever the NodePort is. Without healthchecksport the security group only opens the NodePort. I'm all for better documentation though.

cajual avatar Sep 10 '22 18:09 cajual

@faust64 @gibbonsryan Current documentation on this field is :

Override the liveness/readiness port. This is useful to integrate traefik with an external Load Balancer that performs healthchecks.

I'm not sure to see how it can be more clearer. Any suggestion ?

mloiseleur avatar Sep 29 '22 14:09 mloiseleur

I've tried to improve it a little in this PR.

mloiseleur avatar Oct 10 '22 09:10 mloiseleur