Question
How to expose tcp port of kubernetes-nginx-ingress in DigitalOcean managed Kubernetes
I am following the below the guide
[https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/](http://)
I also have deployed the nginx-ingress in kube-system namespace . These are the yamls files applied
apiVersion: v1
kind: ConfigMap
metadata:
name: tcp-nginx-rabbitmq
namespace: kube-system
data:
15672: "default/rabbitmq:15672"
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: kompose convert --controller deployment -v -o DO-Kubernetes
kompose.version: 1.21.0 (992df58d8)
creationTimestamp: null
labels:
io.kompose.service: rabbitmq
name: rabbitmq
spec:
ports:
- name: "15672"
port: 15672
targetPort: 15672
- name: "5672"
port: 5672
targetPort: 5672
selector:
io.kompose.service: rabbitmq
status:
loadBalancer: {}
apiVersion: v1
kind: Service
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{"service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protoco-nginx","app.kubernetes.io/managed-by":"Helm","app.kubernetes.io/name":"ingress-nginx","app.kubernetes.io/version":"0.35.0","helm.sh/externalTrafficPolicy":"Local","ports":[{"name":"http","port":80,"protocol":"TCP","targetPort":"http"},{"name":"https","port":443,"prrnetes.io/instance":"ingress-nginx","app.kubernetes.io/name":"ingress-nginx"},"type":"LoadBalancer"}}
kubernetes.digitalocean.com/load-balancer-id: <id>
service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"
creationTimestamp: "2020-09-26T04:51:57Z"
finalizers:
- service.kubernetes.io/load-balancer-cleanup
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/version: 0.35.0
helm.sh/chart: ingress-nginx-2.13.0
name: ingress-nginx-controller
namespace: kube-system
resourceVersion: "11774380"
selfLink: /api/v1/namespaces/kube-system/services/ingress-nginx-controller
uid: <uid>
spec:
clusterIP: 10.245.75.126
externalTrafficPolicy: Local
healthCheckNodePort: 30093
ports:
- name: http
nodePort: 30583
port: 80
protocol: TCP
targetPort: http
- name: https
nodePort: 30628
port: 443
protocol: TCP
targetPort: https
- name: rabbitmq-tcp-15672
nodePort: 31555
port: 15672
protocol: TCP
targetPort: 15672
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
sessionAffinity: None
type: LoadBalancer
status:
loadBalancer:
ingress:
- ip: <ip>
The service is up and I can see the starting logs of rabbitmq ....(no hits) . The tcp port is also open from the loadbalancer confirmed with nc -zv. Firefox is also giving me an error
Secure Connection failed
ip:15672 PR_END_OF_FILE_ERROR
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×
I have the same issue, you found any way to fix this ?
@kennethafreelancer
I have my doubts whether nginx TCP port supports https protocol. However non https services are able to be exposed via nginx ingress controller without the ingress yaml.
@favas My case is I think my port is opened, but somehow it still cannot reach internal service, in your case is rabbitmq, I am hosting a non https service (tcp oni service)
@favas if I expose the tcp service using normal load balancer it will work, but not if I use ingress-nginx, the same method as you
@kennethafreelancer can you post your yaml files ?
@kennethafreelancer
can you try removing 35088 .
Openvpn service yaml says the targetport is 443 but I am assuming 35088 in the configmap is the issue.
@favas tried, still have the same issue, the port is opened but not routed to openvpn. I tried expose openvpn with loadBalance will work, the reason I want to use nginx ingress is I want to keep only one load balancer.
@kennethafreelancer I see that proxy_protocol annotation is enabled in the service yaml of ingress-nginx. Can you change that to false .
So it’s two changes remove port 35088 and the proxy_protocol to false
@favas Thanks for reply, still no luck lol
@kennethafreelancer
i am back again. Actually i got the https part working as well. in your case do a
and find the below lines
if u dont see –tcp-services-configmap add it like above.
cat nginx config
if u see some results then nginx knows about openvpn.
also discard my changes for removing port in configmap.
check nginx logs
i removed the port in configmap and nginx logs said invalid entry.
@favas Brother thanks ALOT!!!! I can confirm this solution worked for this version of DO deployment of ingress-nginx https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.40.2/deploy/static/provider/do/deploy.yaml, so to expose the tcp service and http, https app using the same loadbalancer is completely possible
@favas Thanks man, I am new to kubernetes and I almost give up for implement this untill I saw your last message.
@kennethafreelancer so am I . But it’s fun .
Following the steps in this thread I got the tcp working, but it broke my http. Specifically setting the proxy protocol to false breaks my http.
On the other hand, setting it to “true” breaks tcp forwarding. Any advice?
@hcgaron This config works for me:
Word
PROXY
is crucial in this line: