kong
kong copied to clipboard
Kong TCP ingress SNI not working - no Route found with those values while prereading client data
Is there an existing issue for this?
- [X] I have searched the existing issues
Kong version ($ kong version
)
2.8
Current Behavior
Trying to connect to postgres db via hostname
env variable and container port set in kong as per doc https://docs.konghq.com/kubernetes-ingress-controller/latest/guides/using-tcpingress/ `- name: KONG_STREAM_LISTEN value: "0.0.0.0:5432"
- name: KONG_NGINX_STREAM_SSL_PREREAD value: "on" `
`apiVersion: configuration.konghq.com/v1beta1 kind: TCPIngress metadata: name: postgres annotations: kubernetes.io/ingress.class: kong konghq.com/strip-path: "false" konghq.com/preserve-host: "false" spec: rules:
- host: example1.local port: 5432 backend: serviceName: postgres servicePort: 5432
apiVersion: apps/v1 kind: Deployment metadata: name: postgres spec: selector: matchLabels: app: postgres template: metadata: labels: app: postgres spec: containers: - name: postgres image: postgres env: - name: POSTGRES_PASSWORD value: password resources: limits: memory: "128Mi" cpu: "500m" ports: - containerPort: 5432
apiVersion: v1 kind: Service metadata: name: postgres spec: selector: app: postgres ports:
- port: 5432 targetPort: 5432 protocol: TCP `
Expected Behavior
should be able to connect to postgres using hostname i.e example1.local.
Steps To Reproduce
No response
Anything else?
Log when establishing connection to postgres using hostname example1.local:5432
192.168.65.3 [13/Sep/2022:04:54:11 +0000] TCP 500 0 0 0.000
2022/09/13 04:54:11 [error] 1113#0: *680 stream [lua] handler.lua:1215: before(): no Route found with those values while prereading client data, client: 192.168.65.3, server: 0.0.0.0:5432
Kong loadbalancer ip is bound to localhost kong kong-kong-proxy LoadBalancer 10.97.17.126 localhost 80:30665/TCP,443:31181/TCP,5432:30030/TCP 12h
Hello @a-devops-guy,
sorry for the slow response. I have looked at your error report, but I cannot figure out how you determined that accessing the database server is the problem. Can you provide the error message that illustrates that? The log message seems to indicate that Kong started, but was unable to route your request. It would not normally be able to even get to that point if the database with the configuration was not available.
Thanks, Hans
cc @rainest
If you check the admin API for this route, does it show the configuration you'd expect (the route does have snis
set to the example1.local
hostname from the TCPIngress)? You'll need to use kubectl port-forward -n kong KONG_POD_NAME 8444:8444
and then curl -ks https://localhost:8444/routes
to access it in the default configuration.
If the route does have snis
(and other fields) set correctly, the issue is either in Kong's router or in the request. Sharing the route JSON from the admin API and the request you're using to test it (openssl s_client -connect 127.0.0.1:5432 -servername example1.local
or similar) should help us replicate it or spot the issue.
If snis
is not set, it should indicate an issue in the controller. We'd want to see the controller logs (kubectl logs -n kong KONG_POD_NAME -c ingress-controller
) and the TCPIngress to replicate the issue. Please provide the manifests as attachments or by surrounding them in triple backticks ("```"). Those will preserve the YAML properly and let us create the same resource in test environments.
Dear contributor, We're closing this issue as there hasn't been any update to it for a long time. If the issue is still relevant in the latest version, please feel free to reopen it. We're more than happy to revisit it again. Your contribution is greatly appreciated! Please have a look at our pledge to the community for more information. Sincerely, Kong Gateway Team