Not able to reach an internal endpoint when using tcp-services

Question

I have an issue on which am blocked since few days . Tried lot of things but none worked .

I have a k8s cluster in which I have a pod running corda (https://docs.corda.net/docker-image.html) . This pod expose a RPC endpoint (10201), endpoint that I want to be able to reach from outside the cluster (my laptop) using the corda-shell tool .

So I created an ingress (using ingress-nginx) and added a config-map that looks like that :

apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ .Release.Name }}-tcp-services
  namespace: {{ .Release.Namespace }}
data:
  10201: {{ .Release.Namespace }}/{{ .Release.Name }}-corda-node:10201

The service.yaml for the corda pod looks like this :

apiVersion: v1
kind: Service
metadata:
  name: {{ include "corda-node.fullname" . }}
  labels:
{{ include "corda-node.labels" . | indent 4 }}
spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: http
      protocol: TCP
      name: http
    - port: 10200
      targetPort: p2p
      protocol: TCP
      name: p2p
    - port: 10201
      targetPort: rpc
      protocol: TCP
      name: rpc
    - port: 10202
      targetPort: rpcadmin
      protocol: TCP
      name: rpcadmin
  selector:
    app.kubernetes.io/name: {{ include "corda-node.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}

But so far, no matter what I tried I was not able to connect to it from the outside . From another pod / container in the cluster it is working fine, same as when I'm port-forwarding to my local .

Note : I can connect to other services in my cluster from the outside . In fact this corda pod has a sidecar which expose an API on 8080 and I can access it .

I can see the port '10201' being exposed by the ingress, so I guess it took my tcp-services into account, but does not seem to be able to forward the request to the corda pod .

If I try to do telnet public-ip-of-the-cluter 10201 , I just have a timeout . Same when running the corda-shell tool ...

I see no relevant logs in the ingress-controller pod as far as I can tell .

I created a small github repo with various 'kubectl describe xxx' commands in order to give you an overview of what I did .

If you need more info just ask me . Am really struggling with that, most likely I'm doing something stupid somewhere ...

Thanks !

EDIT :

I put the logs of the ingress on - --v=3 , I can see this when it starts :

I0215 09:30:32.081819 6 controller.go:333] Searching Endpoints with TCP port number 10201 for Service "salmon-locust/salmon-locust-corda-node-corda-node"
│ │ I0215 09:30:32.081836 6 endpoints.go:74] Getting Endpoints for Service "salmon-locust/salmon-locust-corda-node-corda-node" and port &ServicePort{Name:rpc,Protocol:TCP,Port:10201,TargetPort:{1 0 rpc},NodePort:0,} │ │ I0215 09:30:32.081849 6 endpoints.go:117] Endpoints found for Service "salmon-locust/salmon-locust-corda-node-corda-node": [{10.96.1.13 10201 &ObjectReference{Kind:Pod,Namespace:salmon-locust,Name:salmon-locust-corda-node-corda- │

But no activity when I’m trying to connect to it via the corda-tools-shell.

EDIT 2 :

We found what was the issue, the ingress -> dns resolved to the cloudflare proxy, which was not handling the 1xxxx port ...

Answer 1

We found what was the issue, the ingress -> dns resolved to the cloudflare proxy, which was not handling the 1xxxx port ...

Answer 2

Is any incoming request in ingress logs ? Ingress might be looking http header which may not work right Corda RPC