6

I want to expose my Mariadb pod using Nginx ingress TCP service by following this step https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/. Mariadb running in default name space, with mariadb service type as ClusterIP. I am running Nginx Ingress controller in nginx-ingress namespace, also defined tcp-services cofigmap for mariadb service. But I am unable to connect MariaDB database from outside of the cluster.

From Nginx controller log I can see its reading tcp-services.

Ingress configuration

containers:
      - args:
        - /nginx-ingress-controller
        - --default-backend-service=nginx-ingress/nginx-ingress-default-backend
        - --election-id=ingress-controller-leader
        - --ingress-class=nginx
        - --configmap=nginx-ingress/nginx-ingress-controller
        - --default-ssl-certificate=nginx-ingress/ingress-tls
        - --tcp-services-configmap=nginx-ingress/tcp-services
        - --udp-services-configmap=nginx-ingress/udp-services

ConfigMap:

apiVersion: v1
kind: ConfigMap
metadata:
  name: tcp-services
  namespace: nginx-ingress
data:
  3306: "default/mariadb:3306"

Ingress controller nginx config for TCP Service

 # TCP services

        server {
                preread_by_lua_block {
                        ngx.var.proxy_upstream_name="tcp-default-mariadb-3306";
                }

                listen                  3306;

                proxy_timeout           600s;
                proxy_pass              upstream_balancer;

        }

when I connect from external server, getting this message:

ERROR 2002 (HY000): Can't connect to MySQL server on

any tips to troubleshoot this issue?

thanks

I was missing my service with TCP Port info, after adding it I was able to access the MySQL with my service Port Number. Thanks for Emanuel Bennici pointing this one out.

Here is my service:

apiVersion: v1
kind: Service
metadata:
  name: nginx-ingress-controller  
spec:
  externalTrafficPolicy: Cluster
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: http
  - name: https
    port: 443
    protocol: TCP
    targetPort: https
  - name: 3066-tcp
    port: 3066
    protocol: TCP
    targetPort: 3066-tcp
  selector:
    app: nginx-ingress
    component: controller
    release: nginx-ingress
  sessionAffinity: None
  type: NodePort
sfgroups
  • 18,151
  • 28
  • 132
  • 204
  • Is your MariaDB application running inside your POD? If you test your connection using "telnet" command, what error do you get? – Armando Cuevas Dec 09 '19 at 20:21
  • yes, I can connect to the Mysql with-in kuberenets cluster by running client pod like this `kubectl run mariadb-client --rm --tty -i --restart='Never' --image docker.io/bitnami/mariadb:10.3.20-debian-9-r19 --namespace default --command -- bash` – sfgroups Dec 09 '19 at 22:01
  • Is your server block part of stream ? are able to telnet to 3306 from outside to you nginx container? it could be 3306 is not open on cluster as typicall only 80,443 are allowed – Shambu Dec 14 '19 at 11:15
  • @Sham332 not port is blocked on the host – sfgroups Dec 14 '19 at 16:49
  • Is your cluster not broken? There is a rule that says "All nodes can talk to all pods without NAT". If the cluster is broken, because of kubeproxy issue, if you try to "telnet" to the POD from the MASTER server, you will get a "NO ROUTE TO HOST". Can you please confirm that you can reach you POD address from all your NODES. – Armando Cuevas Dec 17 '19 at 17:04
  • @ArmandoCuevas my cluster is good, its running other applications, also able to access Mariadb with-in cluster. we are not blocking any ports in our server, firewall is disabled. – sfgroups Dec 18 '19 at 14:48

1 Answers1

2

Please check if you have opened the MySQL port in the Pod So to open the port on the Kubernetes-Port you have to create a pod like this:

apiVersion: v1
kind: Pod
metadata:
  name: mysql
  namespace: default
  labels:
    name: mysql
spec:
  containers:
  - name: mysql
    image: docker.io/bitnami/mariadb:10.3.20-debian-9-r19
    ports:
    - containerPort: 3306
      protocol: TCP

Then you have to create a service so you can talk directly to the MySQL Pod through the service:

apiVersion: v1
kind: Service
metadata:
  name: svc-mysql
  namespace: default
  labels:
    run: mysql
spec:
  ports:
  - port: 3306
    targetPort: 3306
    protocol: TCP
  selector:
    name: mysql

If the Nginx Ingress Controller is working correctly you can now add the following line to your tcp-services-configmap:

3306: "default/svc-mysql:3306"

Please note that you have to add the MySQL port to the Nginx Ingress Service, like this:

apiVersion: v1
kind: Service
metadata:
  name: ingress-nginx
  namespace: nginx-ingress
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
spec:
  type: LoadBalancer
  ports:
    - name: http
      port: 80
      targetPort: 80
      protocol: TCP
    - name: https
      port: 443
      targetPort: 443
      protocol: TCP
    - name: proxie-tcp-mysql
      port: 3306
      targetPort: 3306
      protocol: TCP
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

Now you can use the external IP of the Nginx Ingress Controller to connect to your MySQL Server.

Please provide more information about your setup in future Questions :)

Emanuel Bennici
  • 426
  • 3
  • 13
  • Thanks This works. only difference I have is my cluster is running in on-Prem I have to use service NodePort to access the service. let me post my service configuration. – sfgroups Dec 18 '19 at 16:39
  • I'm also working in a on-prem K8s environment and I don't like the _notePort_ feature, because it binds all requests to that specific node. To mitigate this I/ we are using [MetalLB](https://metallb.universe.tf/), so we can also use features like the _LoadBalancer_ in the `Service` kind. – Emanuel Bennici Dec 18 '19 at 16:44
  • @Emanuel Bennici can you please check why I cannot access my Service Port from outside? Please. Thank you https://stackoverflow.com/questions/66190275/kubernetes-ingress-controller-cannot-tcp-connect-from-outside-virtual-machine – vel Feb 14 '21 at 08:55
  • @EmanuelBennici can you please check why I cannot access my Service Port from outside? Please. Thank you https://stackoverflow.com/questions/66190275/kubernetes-ingress-controller-cannot-tcp-connect-from-outside-virtual-machine – vel Feb 14 '21 at 08:56