TCPIngress how can I use it?

ori · March 31, 2020, 10:29am

Hi,

I’m a little bit new with Kong and I saw that on Kong for Kubernetes 0.8 there is support for TCPIngress.
I saw that code:
apiVersion: configuration.konghq.com/v1beta1
kind: TCPIngress
metadata:
name: sample-tcp
spec:
rules:
- port: 9000
backend:
serviceName: config-db
servicePort: 2701

but how can I attach it to the relevant ingress?
Can someone give me an example?

Thanks,
Ori.

hbagdi · March 31, 2020, 9:37pm

Please refer to the guide on this topic: https://github.com/Kong/kubernetes-ingress-controller/blob/master/docs/guides/using-tcpingress.md

ori · March 31, 2020, 9:52pm

Amazing ! thanks ! will try it first thing tomorrow morning !
last question - how can I load my certificate ?

can I add to the TCPIngress
tls:

hosts:
- example.com
  secretName: example-certificate

?

ori · April 6, 2020, 6:56am

Hi Hbagdi, how can I replace Kong’s default certificate?

hbagdi · April 7, 2020, 4:52am

You can use tls section, similar to how you can do it in Ingress resource. This documentation is currently missing.

The tls section of TCPIngress and Ingress resource is exactly same.

ori · April 7, 2020, 8:08pm

it seems like something is broken on my side… I will try again…
how can I replace the localhost certificate to be my valid tls certificate ? (the default certificate)

hbagdi · April 8, 2020, 12:32am

As I said before, using the TLS section:

Kristoffer_Johansson · November 17, 2020, 1:07pm

I have Kong running in K8S , KONG_STREAM_LISTEN is set to “0.0.0.0:9000, 0.0.0.0:9443”, I have a separate k8s service which is used for TCP traffic which use an AWS NLB.

In the cluster I use cert-manager for creating certificates. I’ve created a certificate which I use in the TCPIngress tls section.

But when I try to connect with openssl to check if the certificate is returned I can’t see that it is.
This is the response I get (except for the written packet which is not pasted)

read from 0x55e8e1d6d2e0 [0x55e8e1d87883] (5 bytes => 0 (0x0))
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 338 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
read from 0x55e8e1d6d2e0 [0x55e8e1caf160] (8192 bytes => 0 (0x0))

Any idea why Kong isn’t returning the cert?

EDIT: I noticed I hadn’t defined the TLS port as ‘ssl’ in KONG_STREAM_LISTEN, after doing that it worked.

Topic		Replies	Views
Tls passthrough Kubernetes	1	1372	November 4, 2022
Kong Ingress Controller Default certificate Kubernetes	2	814	January 8, 2022
Custom SSL Certs not working Installation/Setup	4	1856	March 1, 2019
Does Kong Ingress Controller support TLS passthrough for HTTPs upstream service? Kubernetes	4	4592	May 14, 2020
Ssl ingress controller Questions	3	1624	December 30, 2019

TCPIngress how can I use it?

Related Topics