Can't expose mysql tcp service running inside kubernetes cluster publicly using nginx-ingress

9/7/2018

I ran into a problem exposing a mysql database running inside a kubernetes cluster publicly. The cluster runs with kops on AWS. Im using a helm chart for nginx-ingress: https://github.com/helm/charts/tree/master/stable/nginx-ingress

controller:
  config:
    use-proxy-protocol: "true"
  metrics:
    enabled: true
  replicaCount: 2
  service:
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
  stats:
    enabled: true
rbac:
  create: true
tcp:
  5000: default/cbioportal-prod-db-mysql:3306

From within the cluster I can telnet to the db through nginx over port 5000 :

# telnet eating-dingo-nginx-ingress-controller 5000
J
5.7.14
      ke_|c&tc"ui%]}mysql_native_passwordConnection closed by foreign host

But i can't seem to connect from outside using the hostname of the aws load balancer.

telnet xxx.us-east-1.elb.amazonaws.com 5000
Trying x.x.x.x...

When i look in aws ec2 dashboard i see the load balancer's security group allows connections from everywhere on port 5000.

UPDATE

I can connect when I use port 3306 instead of 5000:

tcp:
  3306: default/cbioportal-prod-db-mysql:3306

However now that the port is open:

 $ nmap --verbose  -Pn x.x.x.x
PORT     STATE SERVICE
21/tcp   open  ftp
80/tcp   open  http
443/tcp  open  https
3306/tcp open  mysql

I am getting an authorization issue:

$ mysql -h x.x.x.x  -uroot -pabcdef
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading authorization packet', system error: 2

I can connect directly to the nginx controller without issues from within the cluster:

kubectl run -it --rm --image=mysql:5.7 --restart=Never mysql-client -- mysql -h eating-dingo-nginx-ingress-controller  -uroot -pabcdef

I'm using this mysql helm chart:

https://github.com/helm/charts/tree/master/stable/mysql

-- inodb
amazon-web-services
kops
kubernetes
mysql
nginx-ingress

0 Answers