Mqtt (mosquitto) with tcpingress

Hi,
is it possible to forward mqtt protocol with kongs tcpingress? I tried it with mosquitto but it didn’t work.

kong-kong-proxy                  LoadBalancer   10.247.122.124   8.118.2.23    9000:31703/TCP,9443:30566/TCP,80:30279/TCP,443:31716/TCP
apiVersion: configuration.konghq.com/v1beta1
kind: TCPIngress
metadata:
  annotations:
    kubernetes.io/ingress.class: kong
    meta.helm.sh/release-name: test
    meta.helm.sh/release-namespace: default
  generation: 1
  labels:
    app.kubernetes.io/managed-by: Helm
  name: mosquitto
  namespace: default
  rules:
  - backend:
      serviceName: test-mosquitto-cluster
      servicePort: 1883
    port: 9000
status:
  loadBalancer:
    ingress:
    - ip: 8.118.2.23

When I try to connect with a mosquitto client the request doesn’t show up in the proxy logs and the client can’t connect to the host.

Should be. TCP rules don’t care at all about the application protocol above the transport/TCP layer, and will just forward whatever packets sent to that port without regard for their contents. They are still proxied at the TCP level, so it’s possible that Mqtt has some unique characteristics that make it incompatible with TCP proxies, but it seems unlikey–I’m just not familiar enough with the protocol to say that for certain.

What errors are you seeing specifically? If your client doesn’t distinguish clearly between transport-level issues (e.g. being unable to establish a TCP connection at all) and application-level issues, are you able to connect successfully with netcat or similar?

The first thing I’d suspect is that 9000 isn’t actually being exposed on the proxy: the TCPIngress configuration tells Kong how to route that traffic, but due to the underlying implementation it doesn’t actually start listening on that port. The listen configuration is handled separately:

  • If you’re using Helm, the proxy.stream section of values.yaml needs to contain a list of all ports used in your TCPIngress.
  • If you’re building your manifests via other means, you need to set the KONG_STREAM_LISTEN environment variable (its syntax is documented in kong.conf) and add ports to your proxy’s Kubernetes Service definition.

© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ