Exposing TCP endpoint (using tcp-echo sample app)

Networking
1

Hi everyone, I’ve been trying to expose the sample tcp-echo app (https://github.com/istio/istio/tree/master/samples/tcp-echo) on a EKS cluster (kubernetes 1.12 and Istio 1.1.1) but somehow can’t connect to it from outside the cluster. I’ve also looked at the discuss channel and istio’s github issues but couldn’t find people having similar problems.

Here is what I’ve tried to far, but if anyone has ideas on another approaches or logs to look out for while testing, please let me know:

  1. Added a new port to my Ingress configuration (61617), create the pod and service to expose the tcp echo server, then created the Gateway and VirtualService to configure a DNS entry using ExternalDNS (https://github.com/kubernetes-incubator/external-dns) on AWS Route53.
  2. Used an existing port (80) and deployed the same configuration as before.

I get the DNS working and I can connect to the endpoint using telnet/nc but it looks like once the connection pass through the ingress it never reaches the pod (no access is logged and no response is sent back):

echo world | nc -v tcp-echo.myhost.com 80
found 0 associations
found 1 connections:
     1: flags=82<CONNECTED,PREFERRED>
        outif en0
        src <ip> port 64362
        dst <ip> port 80
        rank info not available
        TCP aux info available

Connection to tcp-echo.preview.graingercloud.com port 80 [tcp/http] succeeded!
# but nothing gets back from the tcp echo server

If I use kubectl por-forward I can connect to the pod with telnet and get the expected Hello World message.

So it looks like the issue is between the Ingress and the Service, but I can’t figure out where to look for more information on what I might be missing. I can provide the configuration I’m using but it is pretty similar to the sample on Istio’s repo, the only difference are the ports/hosts.

Thanks!

2

Another quick update:
I deployed a nginx container along with the tcp-echo app, just to make sure I wasn’t missing any configuration and I’m able to hit the nginx server.
Is there any particularity in how tcp traffic is handled once it gets into the cluster?

1 Like
3

Just fyi, the problem I had was with a gateway misconfiguration :slight_smile: I forgot to add the host: part in the TCP port I was trying to expose (61617).

4

Hi, I am having the same issue. Can you share the gateway config for TCP?

5

Hi, I don’t have that exact config anymore but if you look at the gateway docs (https://istio.io/docs/reference/config/networking/gateway/) I had to adde the hosts: part, similar to:

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: tcp-echo-gw
spec:
  selector:
    app: tcp-echo
  servers:
  - port:
      number: 61617
      name: tcp
      protocol: TCP
    hosts:
    - tcp-echo.<your domain>
6

I used Hosts: * to open the tcp port on the gateway, then used the virtualservice to define the actual hostname. The gateway didn’t forward the traffic to the virtualservice.