I’m a little bit new with Kong and I saw that on Kong for Kubernetes 0.8 there is support for TCPIngress.
I saw that code:
apiVersion: configuration.konghq.com/v1beta1
kind: TCPIngress
metadata:
name: sample-tcp
spec:
rules:
- port: 9000
backend:
serviceName: config-db
servicePort: 2701
but how can I attach it to the relevant ingress?
Can someone give me an example?
it seems like something is broken on my side… I will try again…
how can I replace the localhost certificate to be my valid tls certificate ? (the default certificate)
I have Kong running in K8S , KONG_STREAM_LISTEN is set to “0.0.0.0:9000, 0.0.0.0:9443”, I have a separate k8s service which is used for TCP traffic which use an AWS NLB.
In the cluster I use cert-manager for creating certificates. I’ve created a certificate which I use in the TCPIngress tls section.
But when I try to connect with openssl to check if the certificate is returned I can’t see that it is.
This is the response I get (except for the written packet which is not pasted)
read from 0x55e8e1d6d2e0 [0x55e8e1d87883] (5 bytes => 0 (0x0))
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 338 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
read from 0x55e8e1d6d2e0 [0x55e8e1caf160] (8192 bytes => 0 (0x0))
Any idea why Kong isn’t returning the cert?
EDIT: I noticed I hadn’t defined the TLS port as ‘ssl’ in KONG_STREAM_LISTEN, after doing that it worked.