TCPIngress how can I use it?

Hi,

I’m a little bit new with Kong and I saw that on Kong for Kubernetes 0.8 there is support for TCPIngress.
I saw that code:
apiVersion: configuration.konghq.com/v1beta1
kind: TCPIngress
metadata:
name: sample-tcp
spec:
rules:
- port: 9000
backend:
serviceName: config-db
servicePort: 2701

but how can I attach it to the relevant ingress?
Can someone give me an example?

Thanks,
Ori.

Please refer to the guide on this topic: https://github.com/Kong/kubernetes-ingress-controller/blob/master/docs/guides/using-tcpingress.md

Amazing ! thanks ! will try it first thing tomorrow morning !
last question - how can I load my certificate ?

can I add to the TCPIngress
tls:

?

Hi Hbagdi, how can I replace Kong’s default certificate?

You can use tls section, similar to how you can do it in Ingress resource. This documentation is currently missing.

The tls section of TCPIngress and Ingress resource is exactly same.

it seems like something is broken on my side… I will try again…
how can I replace the localhost certificate to be my valid tls certificate ? (the default certificate)

As I said before, using the TLS section:
https://kubernetes.io/docs/concepts/services-networking/ingress/#tls

I have Kong running in K8S , KONG_STREAM_LISTEN is set to “0.0.0.0:9000, 0.0.0.0:9443”, I have a separate k8s service which is used for TCP traffic which use an AWS NLB.

In the cluster I use cert-manager for creating certificates. I’ve created a certificate which I use in the TCPIngress tls section.

But when I try to connect with openssl to check if the certificate is returned I can’t see that it is.
This is the response I get (except for the written packet which is not pasted)

read from 0x55e8e1d6d2e0 [0x55e8e1d87883] (5 bytes => 0 (0x0))
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 338 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
read from 0x55e8e1d6d2e0 [0x55e8e1caf160] (8192 bytes => 0 (0x0))

Any idea why Kong isn’t returning the cert?

EDIT: I noticed I hadn’t defined the TLS port as ‘ssl’ in KONG_STREAM_LISTEN, after doing that it worked.


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ