Problems setting up Tandoor 2 #4074
Description
Issue
Hi, I have set up a new Tandoor 2 instance in kubernetes and from what I understood, I don't need to have a seperate nginx to server media files, however, when I expose port 80 and try to connect, I only get HTTP 502 errors... when exposing port 8080 instead, everything works fine (except uploading and serving images)
I don't see any logs in the container as it only shows the guvicorn logs...
I have attached my configuration for deployment, service and ingress. If there is any Log File I could look into, please let me know.
Would be awesome if someone could help me out, but not having images isn't the worst thing, Tandoor 2 feels way better than Tandoor 1
Tandoor Version
v2.2.7
OS Version
Kubernetes
Setup
Kubernetes
Reverse Proxy
Traefik
Other
No response
Environment file
Docker-Compose file
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: recipes
environment: production
tier: frontend
name: recipes
namespace: tandoor
spec:
replicas: 1
selector:
matchLabels:
app: recipes
environment: production
strategy:
type: Recreate
template:
metadata:
labels:
app: recipes
environment: production
tier: frontend
namespace: tandoor
spec:
containers:
- env:
- name: ALLOWED_HOSTS
value: '*'
- name: SECRET_KEY
valueFrom:
secretKeyRef:
key: secret-key
name: recipes
- name: GUNICORN_MEDIA
value: '0'
- name: DB_ENGINE
value: django.db.backends.postgresql
- name: POSTGRES_HOST
value: recipes-postgresql
- name: POSTGRES_PORT
value: '5432'
- name: POSTGRES_USER
value: postgres
- name: POSTGRES_DB
value: recipes
- name: CSRF_TRUSTED_ORIGINS
value: https://tandoor.example.com
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
key: postgresql-postgres-password
name: recipes
image: vabene1111/recipes:2
imagePullPolicy: Always
name: recipes
ports:
- containerPort: 8080
name: recipes
protocol: TCP
resources:
requests:
cpu: 250m
memory: 64Mi
securityContext:
runAsUser: 65534
volumeMounts:
- mountPath: /opt/recipes/mediafiles
name: media
subPath: files
- mountPath: /opt/recipes/staticfiles
name: static
subPath: files
volumes:
- name: media
persistentVolumeClaim:
claimName: recipes-media
- name: static
persistentVolumeClaim:
claimName: recipes-static
---
apiVersion: v1
kind: Service
metadata:
labels:
app: recipes
tier: frontend
name: recipes
namespace: tandoor
spec:
internalTrafficPolicy: Cluster
ports:
- name: http
port: 80
protocol: TCP
targetPort: recipes
selector:
app: recipes
environment: production
tier: frontend
sessionAffinity: None
type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-cf
cert-manager.io/common-name: tandoor.example.com
cert-manager.io/private-key-algorithm: ECDSA
cert-manager.io/private-key-rotation-policy: Always
cert-manager.io/private-key-size: '384'
name: tandoor
namespace: tandoor
spec:
ingressClassName: traefik
rules:
- host: tandoor.example.com
http:
paths:
- backend:
service:
name: recipes
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- tandoor.example.com
secretName: tandoor