Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TCP service exposing , is it possible with contour? #6646

Open
dimashenkov opened this issue Aug 28, 2024 Discussed in #6645 · 3 comments
Open

TCP service exposing , is it possible with contour? #6646

dimashenkov opened this issue Aug 28, 2024 Discussed in #6645 · 3 comments

Comments

@dimashenkov
Copy link

Discussed in #6645

Originally posted by dimashenkov August 27, 2024
Is this enough to expose tcp service ? I have difficulties , traffic on 443 and 80 works but on port 4222 cant pass through

apiVersion: projectcontour.io/v1
kind: HTTPProxy
metadata:
  name: nats-server-nats-blackpearl-dev-product-frankfurt-****-cloud
  namespace: blackpearl
  labels:
    argocd.argoproj.io/instance: nats-blackpearl-qa
spec:
  ingressClassName: contour-private
  tcpproxy:
    healthCheckPolicy:
      healthyThresholdCount: 5
      intervalSeconds: 5
      timeoutSeconds: 2
      unhealthyThresholdCount: 3
    services:
      - name: nats-server
        port: 4222
  virtualhost:
    fqdn: nats.blackpearl.dev.product.frankfurt.****.cloud
    tls:
      secretName: wildcard-tls
kc get svc -n contour-private                  
NAME                    TYPE           CLUSTER-IP       EXTERNAL-IP                                                                        PORT(S)                                     AGE
contour-private         ClusterIP      172.20.223.171   <none>                                                                             8001/TCP                                    5h55m
contour-private-envoy   LoadBalancer   172.20.236.186   a34aabb*********-020698b179c02278.elb.eu-central-1.amazonaws.com   80:31661/TCP,443:30803/TCP,4222:31010/TCP 
telnet a34*********79c02278.elb.eu-central-1.amazonaws.com 4222
Trying 10.2.11.1...
telnet: connect to address 10.2.11.1: Connection refused
Trying 10.2.46.242...
telnet: connect to address 10.2.46.242: Connection refused
Trying 10.2.24.156...
telnet: connect to address 10.2.24.156: Connection refused
telnet: Unable to connect to remote host

This Endpoints: 10.2.11.129:4222,10.2.11.50:4222,10.2.13.186:4222 + 13 more also give Connection refused

kc describe svc contour-private-envoy -n contour-private     
Name:                     contour-private-envoy
Namespace:                contour-private
Labels:                   app.kubernetes.io/component=envoy
                          app.kubernetes.io/instance=product-dev-02-contour-private
                          app.kubernetes.io/managed-by=Helm
                          app.kubernetes.io/name=contour-private
                          argocd.argoproj.io/instance=product-dev-02-contour-private
                          helm.sh/chart=contour-10.1.3
Annotations:              service.beta.kubernetes.io/aws-load-balancer-internal: true
                          service.beta.kubernetes.io/aws-load-balancer-subnets: subnet-0936f17847f1177e7, subnet-0e41fc50ea4bddaf5, subnet-0febea0039995e959
                          service.beta.kubernetes.io/aws-load-balancer-type: nlb
Selector:                 app.kubernetes.io/component=envoy,app.kubernetes.io/instance=product-dev-02-contour-private,app.kubernetes.io/name=contour-private
Type:                     LoadBalancer
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       172.20.236.186
IPs:                      172.20.236.186
LoadBalancer Ingress:     a34aabbf06a9345a********8b179c02278.elb.eu-central-1.amazonaws.com
Port:                     http  80/TCP
TargetPort:               http/TCP
NodePort:                 http  31661/TCP
Endpoints:                10.2.11.129:8080,10.2.11.50:8080,10.2.13.186:8080 + 13 more...
Port:                     https  443/TCP
TargetPort:               https/TCP
NodePort:                 https  30803/TCP
Endpoints:                10.2.11.129:8443,10.2.11.50:8443,10.2.13.186:8443 + 13 more...
Port:                     nats  4222/TCP
TargetPort:               4222/TCP
NodePort:                 nats  31010/TCP
Endpoints:                10.2.11.129:4222,10.2.11.50:4222,10.2.13.186:4222 + 13 more...
Session Affinity:         None
External Traffic Policy:  Local
HealthCheck NodePort:     32479
Events:                   <none>
```</div>
Copy link

Hey @dimashenkov! Thanks for opening your first issue. We appreciate your contribution and welcome you to our community! We are glad to have you here and to have your input on Contour. You can also join us on our mailing list and in our channel in the Kubernetes Slack Workspace

Copy link

The Contour project currently lacks enough contributors to adequately respond to all Issues.

This bot triages Issues according to the following rules:

  • After 60d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, the Issue is closed

You can:

  • Mark this Issue as fresh by commenting
  • Close this Issue
  • Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 28, 2024
@tsaarni
Copy link
Member

tsaarni commented Oct 28, 2024

HTTPProxy can only be reached in HTTP and HTTPS ports. Just to clarify, HTTPProxy.spec.tcpproxy.services.port specifies the target port of the service and does not assign new listening ports for Envoy. When setting up HTTPProxy.spec.tcpproxy connections to the HTTPS port with TLS SNI matching HTTPProxy.spec.tcpproxy.virtualhost.fqdn will be proxied to upstream service defined in HTTPProxy.spec.tcpproxy.services.

The Gateway API’sGateway and TCPProxy(link) allow for listening on arbitrary ports by utilizing Contour Gateway provisioner. For further details on Gateway provisioner, refer to the document here.

@github-actions github-actions bot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants