osm
osm copied to clipboard
openservicemesh
Question / Doc: Expose TCP services
I'm unable to figure out using the documentation if/how tcp-based services can be exposed to mesh-external or cluster-external sources or if that szenario is even supported.
This includes:
- Gradually onboarding services to the cluster but still allowing inbound TCP connections (SMTP and AMQP in my case)
- Exposing TCP-based services (IngressBackend with
protocol: tcpdoesn't seem to work)
Hi @dasMulli this can help https://release-v1-1.docs.openservicemesh.io/docs/demos/egress_policy/#tcp-egress ?
@dasMulli OSM does not support ingress (traffic from clients outside the cluster) for raw TCP traffic. Currently, OSM only supports HTTP and HTTPS ingress. Refer to the ingress guide to learn more about what's supported.
Gradually onboarding services to the cluster but still allowing inbound TCP connections (SMTP and AMQP in my case)
Currently, this capability does not exist for TCP traffic. All server pods within the mesh can only accept mTLS connections from clients within the mesh. For HTTP traffic, applying an IngressBackend configuration is a workaround for this, but this won't work for TCP traffic.
To summarize, OSM does not have a way to allow server pods to accept TCP traffic from clients that are not a part of the mesh.
What would be needed for TCP ingress? As in: does it interfere with mTLS config in other listeners / filter chains etc, parts of work that would need to be done etc.
This issue will be closed due to a long period of inactivity. If you would like this issue to remain open then please comment or update.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}