Categories
Development

Not able to reach an internal endpoint when using tcp-services

I have an issue on which am blocked since few days . Tried lot of things but none worked .

I have a k8s cluster in which I have a pod running corda (https://docs.corda.net/docker-image.html) . This pod expose a RPC endpoint (10201), endpoint that I want to be able to reach from outside the cluster (my laptop) using the corda-shell tool .

So I created an ingress (using ingress-nginx) and added a config-map that looks like that :

apiVersion: v1
kind: ConfigMap
metadata:
  name: -tcp-services
  namespace: 
data:
  10201: /-corda-node:10201

The service.yaml for the corda pod looks like this :

apiVersion: v1
kind: Service
metadata:
  name: 
  labels:

spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: http
      protocol: TCP
      name: http
    - port: 10200
      targetPort: p2p
      protocol: TCP
      name: p2p
    - port: 10201
      targetPort: rpc
      protocol: TCP
      name: rpc
    - port: 10202
      targetPort: rpcadmin
      protocol: TCP
      name: rpcadmin
  selector:
    app.kubernetes.io/name: 
    app.kubernetes.io/instance: 

But so far, no matter what I tried I was not able to connect to it from the outside .
From another pod / container in the cluster it is working fine, same as when I’m port-forwarding to my local .

Note : I can connect to other services in my cluster from the outside . In fact this corda pod has a sidecar which expose an API on 8080 and I can access it .

I can see the port ‘10201’ being exposed by the ingress, so I guess it took my tcp-services into account, but does not seem to be able to forward the request to the corda pod .

If I try to do telnet public-ip-of-the-cluter 10201 , I just have a timeout .
Same when running the corda-shell tool …

I see no relevant logs in the ingress-controller pod as far as I can tell .

I created a small github repo with various ‘kubectl describe xxx’ commands in order to give you an overview of what I did .

If you need more info just ask me . Am really struggling with that, most likely I’m doing something stupid somewhere …

Thanks !

EDIT :

I put the logs of the ingress on – –v=3 , I can see this when it starts :

I0215 09:30:32.081819 6 controller.go:333] Searching Endpoints
with TCP port number 10201 for Service
“salmon-locust/salmon-locust-corda-node-corda-node”
│ │ I0215 09:30:32.081836 6 endpoints.go:74] Getting Endpoints
for Service “salmon-locust/salmon-locust-corda-node-corda-node” and
port &ServicePort{Name:rpc,Protocol:TCP,Port:10201,TargetPort:{1 0
rpc},NodePort:0,} │ │ I0215 09:30:32.081849 6
endpoints.go:117] Endpoints found for Service
“salmon-locust/salmon-locust-corda-node-corda-node”: [{10.96.1.13
10201
&ObjectReference{Kind:Pod,Namespace:salmon-locust,Name:salmon-locust-corda-node-corda-

But no activity when I’m trying to connect to it via the corda-tools-shell.

EDIT 2 :

We found what was the issue, the ingress -> dns resolved to the cloudflare proxy, which was not handling the 1xxxx port …

Leave a Reply

Your email address will not be published. Required fields are marked *