How to configure the IngressRouteTCP to receiveTCP/NonSSL and forward to more than one backend services

Traefik Traefik v2
,
1

Hi All,

I have two back-end services (TCP) running in kubernetes namespace which is monitored by the traefik proxy. I want to configure these in traefik proxy to receive the TCP/NON-SSL requests and forward them to matching services. Used the IngressRouteTCP with HostSNI matching rule.

The configuration is working good for TCP/SSL requests. But it not working for TCP/NonSSL request. I tried using HostSNI(*) but need to forward to specific services depending on the SNI.

The sample IngressRouteTCP CRs are:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:

  • annotations:*
  • meta.helm.sh/release-name: test-messaging*
  • meta.helm.sh/release-namespace: n1*
  • labels:*
  • app.kubernetes.io/managed-by: Helm*
  • name: bootstrap-test-messaging-ingress*
  • namespace: n1*
    spec:
  • entryPoints:*
    • web*
  • routes:*
    • match: HostSNI(test.domain1.org)*
  • services:*
    • name: test-messaging-kafka-clusterip-bootstrap*
  •  port: 9095*

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:

  • annotations:*
  • meta.helm.sh/release-name: test-messaging*
  • meta.helm.sh/release-namespace: n1*
  • labels:*
  • app.kubernetes.io/managed-by: Helm*
  • name: broker-1-test-messaging-ingress*
  • namespace: n1*
    spec:
  • entryPoints:*
    • web*
  • routes:*
    • match: HostSNI(1-broker-test.domain1.org)*
  • services:*
    • name: test-messaging-kafka-clusterip-1*
  •  port: 9095*
2

Please use 3 backticks or the </> button to make your code readable.

3

I could not find edit button on my post to add the formatting's. Can you let me know how to edit the existing topic?

By the way is the above topic is not clear? My main question, there are more than one routes which should be receiving the TCP non-tls traefik. I documentation it mentioned to use use HostSNI(*) for TCP non tls but I need to filter the requests and route to different TCP routes.

4

Below your post there is usually a little pen icon to edit.

As far as I know you can not use a rule to match for host and use different services behind a TCP router. Traefik will not look into a plain TCP stream, therefore can not differentiate between hosts used for connecting, like you can do with HTTP.