I'm trying to expose postgres via Traefik.
The postgres service is running in the postgres namespace and exposes the port 5432.
In Traefik, I've done the following:
Created an entrypoint like this:
additionalArguments: - "--entryPoints.postgres.address=:5432/tcp"
I've also exposed the port like this:
ports: postgres: expose: true port: 5432 exposedPort: 5432 protocol: TCP tls: enabled: true
I've then created an IngressRouteTCP in the postgres namespace like this:
apiVersion: traefik.io/v1alpha1 kind: IngressRouteTCP metadata: name: postgres labels: traefik.tcp.routers: "postgres" spec: entryPoints: - postgres routes: - match: HostSNI(`*`) services: - name: postgresql-primary namespace: postgres port: 5432 tls: secretName: local-my-domain-tls
However, this doesn't work. When looking in the Traefik dashboard, no TCP Routers or TCP Services are listed. I don't see any errors in the logs.
When trying to connect to the database I receive the following error SSL error: Remote host terminated the handshake.
So, I have two questions:
- Why doesn't the ingress show up in the dashboard under TCP Services/Routers?
- Have I missed anything? I was under the impression that adding the entrypoint, exposing the port and creating a IngressRouteTCP ingress should be enough?
I think that the entrypoint works because I can do the following from my computer:
nc -vz postgres.local.my.domain 5432 Connection to postgres.local.my.domain port 5432 [tcp/postgresql] succeeded!
If I remove the entrypoint, netcat fails.
So the problem seems to be with the communication between Traefik and the Postgres service?