404 on TCP route

jealous-squirrel · June 21, 2021, 9:36am

Hi,

we are trying to expose the TCP interface of a service with Traefik. However, traefik always returns a "404 not found" message when the TCP endpoint is called. We try to route all traffik to a specific port (traefik entrypoint) to a specific service in our backend.

This is the definition of our IngressRouteTCP:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: 31672-tcp
    traefik.ingress.kubernetes.io/router.tls: "true"
  labels:
  name: traefik-ingress-routes-0
  namespace: dt-dev
spec:
  entryPoints:
  - 31672-tcp
  routes:
  - match: HostSNI(`*`)
    services:
    - name: our-service-0
      namespace: dt-dev
      port: 8445
  tls:
    passthrough: true
    secretName: tls-secret

Looking at the traefik dashboard, both the TCP router and the according TCP services are marked as healthy.

However, I cannot reach the service as expected and always receive a "404 not found" sent by traefik when calling the appropriate port (31672) of traefik (tested against our domain and with port-fowarding to exclude issues with the load balancer).

In addition, I could not find any problems looking at the debug logs:

time="2021-06-21T09:30:56Z" level=debug msg="Adding route for our-domain.de with TLS options default" entryPointName=31672-tcp                                                                                               time="2021-06-21T09:30:56Z" level=debug msg="Creating TCP server 0 at 10.200.0.31:8445" serviceName=dt-dev-traefik-ingress-routes-0-673acf455cb2dab0b43a serverName=0 entryPointName=31672-tcp routerName=dt-dev-traefik-ingress-routes-0-67 │
time="2021-06-21T09:30:56Z" level=debug msg="Adding route * on TCP" routerName=dt-dev-traefik-ingress-routes-0-673acf455cb2dab0b43a@kubernetescrd entryPointName=31672-tcp

I am running out of ideas how to find the cause of the issue. Does someone know what might be the cause of the 404 message and why the request is not forwarded to my service?

Thanks

Jan

rtribotte · June 22, 2021, 8:27am

Hello @jealous-squirrel,

Thanks for your in Traefik!

You don't need to provide a secret name when a TCP router is configured to passthrough, since the TLS termination would happen on the service side.
The annotations are not meant to be used with the IngressRoute provider, it's only for Ingress resources.
A 404 not found is an HTTP response code, so it has nothing to do with TCP.
Do you have HTTP routers configured?
Can you provide the full debug logs showing the request handled by Traefik?

jealous-squirrel · June 23, 2021, 5:38am

Hello @rtribotte,

Thanks for the quick response! I am also thankful for the explanations regarding the wrong usage of annotations in combination with the IngressRoute provider, although this is unrelated to the problem.

Do you have HTTP routers configured?

Good guess! I found a few HTTP routers in our system which did not have a specific entrypoint (websecure) set, so they were applied to all entrypoints including the TCP entrypoint. After limiting these routers to specific entrypoints, no more HTTP router applied to the TCP entrypoint and the TCP traffik is forwarded to the backend as expected.

Thanks again and have a great day!

Jan

Topic		Replies	Views
Traefik 2 tcp service 404 Traefik v2 kubernetes-ingress	6	690	December 18, 2019
Hosting a HTTP-App on a custom TCP-Port with TLS Traefik v2 kubernetes-crd , kubernetes-ingress , tcp	1	1299	March 25, 2022
IngressRouteTCP configured however backend service failing Traefik v2 tcp	2	687	March 18, 2020
404 Help, please Traefik v2 kubernetes-crd	4	3093	October 28, 2020
Ingress as backend service, posted 404 error Traefik v2 kubernetes-ingress	3	566	February 29, 2024

404 on TCP route

Related topics