contour
contour copied to clipboard
projectcontour
TCP service exposing , is it possible with contour?
Discussed in https://github.com/projectcontour/contour/discussions/6645
Originally posted by dimashenkov August 27, 2024 Is this enough to expose tcp service ? I have difficulties , traffic on 443 and 80 works but on port 4222 cant pass through
apiVersion: projectcontour.io/v1
kind: HTTPProxy
metadata:
name: nats-server-nats-blackpearl-dev-product-frankfurt-****-cloud
namespace: blackpearl
labels:
argocd.argoproj.io/instance: nats-blackpearl-qa
spec:
ingressClassName: contour-private
tcpproxy:
healthCheckPolicy:
healthyThresholdCount: 5
intervalSeconds: 5
timeoutSeconds: 2
unhealthyThresholdCount: 3
services:
- name: nats-server
port: 4222
virtualhost:
fqdn: nats.blackpearl.dev.product.frankfurt.****.cloud
tls:
secretName: wildcard-tls
kc get svc -n contour-private
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
contour-private ClusterIP 172.20.223.171 <none> 8001/TCP 5h55m
contour-private-envoy LoadBalancer 172.20.236.186 a34aabb*********-020698b179c02278.elb.eu-central-1.amazonaws.com 80:31661/TCP,443:30803/TCP,4222:31010/TCP
telnet a34*********79c02278.elb.eu-central-1.amazonaws.com 4222
Trying 10.2.11.1...
telnet: connect to address 10.2.11.1: Connection refused
Trying 10.2.46.242...
telnet: connect to address 10.2.46.242: Connection refused
Trying 10.2.24.156...
telnet: connect to address 10.2.24.156: Connection refused
telnet: Unable to connect to remote host
This Endpoints: 10.2.11.129:4222,10.2.11.50:4222,10.2.13.186:4222 + 13 more also give Connection refused
kc describe svc contour-private-envoy -n contour-private
Name: contour-private-envoy
Namespace: contour-private
Labels: app.kubernetes.io/component=envoy
app.kubernetes.io/instance=product-dev-02-contour-private
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=contour-private
argocd.argoproj.io/instance=product-dev-02-contour-private
helm.sh/chart=contour-10.1.3
Annotations: service.beta.kubernetes.io/aws-load-balancer-internal: true
service.beta.kubernetes.io/aws-load-balancer-subnets: subnet-0936f17847f1177e7, subnet-0e41fc50ea4bddaf5, subnet-0febea0039995e959
service.beta.kubernetes.io/aws-load-balancer-type: nlb
Selector: app.kubernetes.io/component=envoy,app.kubernetes.io/instance=product-dev-02-contour-private,app.kubernetes.io/name=contour-private
Type: LoadBalancer
IP Family Policy: SingleStack
IP Families: IPv4
IP: 172.20.236.186
IPs: 172.20.236.186
LoadBalancer Ingress: a34aabbf06a9345a********8b179c02278.elb.eu-central-1.amazonaws.com
Port: http 80/TCP
TargetPort: http/TCP
NodePort: http 31661/TCP
Endpoints: 10.2.11.129:8080,10.2.11.50:8080,10.2.13.186:8080 + 13 more...
Port: https 443/TCP
TargetPort: https/TCP
NodePort: https 30803/TCP
Endpoints: 10.2.11.129:8443,10.2.11.50:8443,10.2.13.186:8443 + 13 more...
Port: nats 4222/TCP
TargetPort: 4222/TCP
NodePort: nats 31010/TCP
Endpoints: 10.2.11.129:4222,10.2.11.50:4222,10.2.13.186:4222 + 13 more...
Session Affinity: None
External Traffic Policy: Local
HealthCheck NodePort: 32479
Events: <none>
```</div>
Hey @dimashenkov! Thanks for opening your first issue. We appreciate your contribution and welcome you to our community! We are glad to have you here and to have your input on Contour. You can also join us on our mailing list and in our channel in the Kubernetes Slack Workspace
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
The Contour project currently lacks enough contributors to adequately respond to all Issues.
This bot triages Issues according to the following rules:
- After 60d of inactivity, lifecycle/stale is applied
- After 30d of inactivity since lifecycle/stale was applied, the Issue is closed
You can:
- Mark this Issue as fresh by commenting
- Close this Issue
- Offer to help out with triage
Please send feedback to the #contour channel in the Kubernetes Slack
HTTPProxy can only be reached in HTTP and HTTPS ports. Just to clarify, HTTPProxy.spec.tcpproxy.services.port specifies the target port of the service and does not assign new listening ports for Envoy. When setting up HTTPProxy.spec.tcpproxy connections to the HTTPS port with TLS SNI matching HTTPProxy.spec.tcpproxy.virtualhost.fqdn will be proxied to upstream service defined in HTTPProxy.spec.tcpproxy.services.
The Gateway API’sGateway and TCPProxy(link) allow for listening on arbitrary ports by utilizing Contour Gateway provisioner. For further details on Gateway provisioner, refer to the document here.
The Contour project currently lacks enough contributors to adequately respond to all Issues.
This bot triages Issues according to the following rules:
- After 60d of inactivity, lifecycle/stale is applied
- After 30d of inactivity since lifecycle/stale was applied, the Issue is closed
You can:
- Mark this Issue as fresh by commenting
- Close this Issue
- Offer to help out with triage
Please send feedback to the #contour channel in the Kubernetes Slack
The Contour project currently lacks enough contributors to adequately respond to all Issues.
This bot triages Issues according to the following rules:
- After 60d of inactivity, lifecycle/stale is applied
- After 30d of inactivity since lifecycle/stale was applied, the Issue is closed
You can:
- Mark this Issue as fresh by commenting
- Close this Issue
- Offer to help out with triage
Please send feedback to the #contour channel in the Kubernetes Slack