I'm currently setting up Traefik as an ingress controller in my Kubernetes cluster and I'm attempting to route traffic to a CockroachDB service using IngressRouteTCP
. Despite following the documentation and applying the necessary configurations, I'm unable to establish a connection to the database from outside the cluster. Below are the details of my setup and the steps I've taken so far.
Traefik Deployment Configuration:
I'm using the following Helm values to deploy Traefik:
globalArguments:
- "--global.sendanonymoususage=false"
- "--global.checknewversion=false"
additionalArguments:
- "--serversTransport.insecureSkipVerify=true"
- "--log.level=INFO"
- "--entrypoints.web.address=:8000"
- "--entrypoints.websecure.address=:8443"
- "--entrypoints.cockroachdb.address=:26257"
- "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.le.acme.email=business@def.wtf"
- "--certificatesresolvers.le.acme.storage=/data/acme.json"
- "--certificatesresolvers.le.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
deployment:
enabled: true
replicas: 1
annotations: {}
podAnnotations: {}
additionalContainers: []
initContainers: []
ports:
web:
redirectTo:
port: websecure
priority: 10
websecure:
http3:
enabled: true
advertisedPort: 4443
tls:
enabled: true
ingressRoute:
dashboard:
enabled: false
providers:
kubernetesCRD:
enabled: true
ingressClass: traefik
allowExternalNameServices: true
kubernetesIngress:
enabled: true
allowExternalNameServices: true
publishedService:
enabled: false
rbac:
enabled: true
service:
enabled: true
type: LoadBalancer
annotations: {}
labels: {}
spec:
ports:
- name: web
port: 80
targetPort: 8000
- name: websecure
port: 443
targetPort: 8443
- name: cockroachdb
port: 26257
targetPort: 26257
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
permanent: true
websecure:
address: ":443"
http:
tls:
certResolver: myresolver
certificatesResolvers:
myresolver:
acme:
email: business@def.wtf
storage: /acme.json
httpChallenge:
entryPoint: web
IngressRouteTCP Configuration:
To route TCP traffic to CockroachDB, I have the following IngressRouteTCP resource configured:
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: cockroachdb-rc
namespace: rc
spec:
entryPoints:
- cockroachdb
routes:
- match: HostSNI(`*`)
services:
- name: cockroachdb-rc-public
namespace: rc
port: 26257
tls:
passthrough: true
Service Configuration:
The CockroachDB service is configured as follows:
kubectl get svc -n rc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
cockroachdb-rc ClusterIP None <none> 26257/TCP,8080/TCP 2d
cockroachdb-rc-public ClusterIP 10.245.123.99 <none> 26257/TCP,8080/TCP 2d
Steps Taken and Troubleshooting:
Network Connectivity: Verified that the external IP (209.38.176.214) is reachable from outside the cluster using tools like nc and telnet. However, I still cannot establish a connection on port 26257.
Logs: Checked Traefik logs for errors, but nothing indicates why the connection might be failing.
Direct Connection: Tried connecting directly to the CockroachDB service from within the cluster using the ClusterIP, which works, but the connection through Traefik does not.
Configuration Review: Double-checked the IngressRouteTCP and Traefik entry points configurations to ensure there are no mismatches in ports or other settings.
Question:
Despite all these steps, I'm still unable to connect to CockroachDB via the Traefik LoadBalancer IP on port 26257. Could someone please help identify what might be wrong in my setup or provide guidance on additional steps I can take to resolve this issue?
Thank you in advance for your assistance!