Traefik IngressRouteTCP with eks and nlb not working

sureshaml · August 18, 2022, 6:23pm

I have a TCP application that I am trying to deploy in the EKS cluster with an NLB load-balancer. I followed the Document and I created IngressRouteTCP even though I can not see the TCP server is working

step1: Deployed traefik via helm chart with the following values


ingressRoute:
 dashboard:
   enabled: true
providers:
 kubernetesCRD:
   enabled: true
   allowCrossNamespace: false
   allowExternalNameServices: false
 kubernetesIngress:
   enabled: true
   allowExternalNameServices: true
   allowEmptyServices: true
   publishedService:
     enabled: false
logs:
 general:
   level: DEBUG
 
dashboard:
 enable: true
additionalArguments:
 - "--log.level=DEBUG"
 
ports:
 traefik:
   port: 9000
   expose: false
   exposedPort: 9000
   protocol: TCP
 web:
   port: 8000
   expose: true
   exposedPort: 80
   protocol: TCP
 websecure:
   port: 8443
   expose: true
   exposedPort: 443
   protocol: TCP
service:
 enabled: true
 type: LoadBalancer
 annotations:
   service.beta.kubernetes.io/aws-load-balancer-type: "nlb"

Output of step1

CHART
traefik-10.24.0

APP VERSION
2.8.0

NLB was created and it's able to send HTTP requests to traefik but not TCP

Please note First tested a simple echo TCP application with port forwarding in EKS, and it was successful.

ECHO server manifest and ingress

# from https://raw.githubusercontent.com/istio/istio/master/samples/tcp-echo/tcp-echo-services.yaml
apiVersion: v1
kind: Service
metadata:
  name: tcp-echo
  labels:
    app: tcp-echo
    service: tcp-echo
spec:
  ports:
  - name: tcp
    port: 9000
  - name: tcp-other
    port: 9001
  # Port 9002 is omitted intentionally for testing the pass through filter chain.
  selector:
    app: tcp-echo
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: tcp-echo-v1
  labels:
    app: tcp-echo
    version: v1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: tcp-echo
      version: v1
  template:
    metadata:
      labels:
        app: tcp-echo
        version: v1
    spec:
      containers:
      - name: tcp-echo
        image: docker.io/istio/tcp-echo-server:1.2
        imagePullPolicy: IfNotPresent
        args: [ "9000,9001,9002", "one" ]
        ports:
        - containerPort: 9000
        - containerPort: 9001
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: tcp-echo-v2
  labels:
    app: tcp-echo
    version: v2
spec:
  replicas: 1
  selector:
    matchLabels:
      app: tcp-echo
      version: v2
  template:
    metadata:
      labels:
        app: tcp-echo
        version: v2
    spec:
      containers:
      - name: tcp-echo
        image: docker.io/istio/tcp-echo-server:1.2
        imagePullPolicy: IfNotPresent
        args: [ "9000,9001,9002", "two" ]
        ports:
        - containerPort: 9000
        - containerPort: 9001
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
  name: echotcp
spec:
  entryPoints:                      
    - web
  routes:                           
  - match: HostSNI(`*`) 
    services:                       
    - name: tcp-echo
      port: 9000 
---

What mistake I am doing here?
My expectation is along with HTTP and HTTPS port my TCP server server should be working

Topic		Replies	Views
Hosting a HTTP-App on a custom TCP-Port with TLS Traefik v2 (latest) kubernetes-crd , kubernetes-ingress , tcp	1	980	March 25, 2022
SSH/TCP Ingress with Traefik not working Traefik v2 (latest) kubernetes-crd , kubernetes-ingress , tcp	0	164	January 18, 2024
EKS w/ ALB & NodePort - Migrated to v2.5, IngressRoutes and Dashboard broken Traefik v2 (latest) kubernetes-crd , dashboard-api	0	576	September 7, 2021
Route TCP request to my service via traefik2 Traefik v2 (latest) kubernetes-ingress , tcp	0	213	June 29, 2023
TCP Routers not working in Kubernetes Traefik v2 (latest) kubernetes-crd	0	933	October 24, 2019

Traefik IngressRouteTCP with eks and nlb not working

step1: Deployed traefik via helm chart with the following values

Output of step1

Related Topics