Hello!
I'm trying to expose postgres via Traefik.
The postgres service is running in the postgres namespace and exposes the port 5432.
In Traefik, I've done the following:
Created an entrypoint like this:
additionalArguments:
- "--entryPoints.postgres.address=:5432/tcp"
I've also exposed the port like this:
ports:
postgres:
expose: true
port: 5432
exposedPort: 5432
protocol: TCP
tls:
enabled: true
I've then created an IngressRouteTCP in the postgres namespace like this:
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: postgres
labels:
traefik.tcp.routers: "postgres"
spec:
entryPoints:
- postgres
routes:
- match: HostSNI(`*`)
services:
- name: postgresql-primary
namespace: postgres
port: 5432
tls:
secretName: local-my-domain-tls
However, this doesn't work. When looking in the Traefik dashboard, no TCP Routers or TCP Services are listed. I don't see any errors in the logs.
When trying to connect to the database I receive the following error SSL error: Remote host terminated the handshake.
So, I have two questions:
- Why doesn't the ingress show up in the dashboard under TCP Services/Routers?
- Have I missed anything? I was under the impression that adding the entrypoint, exposing the port and creating a IngressRouteTCP ingress should be enough?
I think that the entrypoint works because I can do the following from my computer:
nc -vz postgres.local.my.domain 5432
Connection to postgres.local.my.domain port 5432 [tcp/postgresql] succeeded!
If I remove the entrypoint, netcat fails.
So the problem seems to be with the communication between Traefik and the Postgres service?