We're running traefik on k8s, I'm able to build routes to http services but not TCP, e.g. I'm able to get the whoami service but not the postgres service.

Initial setups:

I installed postgres via standard helm chart

I installed traefik via it's helm chart as well.

This is working:

apiVersion: apps/v1
metadata:
  name: whoami
  namespace: shared
  labels:
    app: containous
    name: whoami

spec:
  replicas: 2
  selector:
    matchLabels:
      app: containous
      task: whoami
  template:
    metadata:
      labels:
        app: containous
        task: whoami
    spec:
      containers:
        - name: containouswhoami
          image: containous/whoami
          ports:
            - containerPort: 80

---
apiVersion: v1
kind: Service
metadata:
  name: whoami
  namespace: shared

spec:
  ports:
    - name: http
      port: 80
  selector:
    app: containous
    task: whoami

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: whoami
  namespace: shared
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
  - host: example.com
    postgres:
      paths:
      - backend:
          serviceName: whoami
          servicePort: http

I'm able to open my browser, navigate to http://example.com and get the expected whomai page.

Since we deployed postgres via helm, and the service has type ClusterIP, how can I provide my developers access to the database? Again I went with the "k8s ingress" and not the CRD cuz I'm not an expert.

Here's where I think I'm missing something basic, what I know is they're trying to use a client to reach something like this:

jdbc:postgresql://example.com:5432/postgres (of course the client allows the input of user/pass/database)

• Am I wrong in expecting to build a traefik TCP ingress that would allow such access?
• Any examples of such access on k8s? cuz I found a few posts that deal with docker-compose
• Any alternatives to traefik or generally a way to handle this challenge without opening a public IP (i.e. service type Loadbalancer).

Statefulset:

+ kubectl get statefulset -n shared
NAME                 READY   AGE
admindb-postgresql   1/1     23h

Service:

+ kubectl get service -n shared
NAME                          TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
admindb-postgresql            ClusterIP   10.100.75.113   <none>        5432/TCP   23h
admindb-postgresql-headless   ClusterIP   None            <none>        5432/TCP   23h
whoami                        ClusterIP   10.100.25.131   <none>        80/TCP     44m

Statefulset description:

+ kubectl describe statefulset admindb-postgresql -n shared
Name:               admindb-postgresql
Namespace:          shared
CreationTimestamp:  Tue, 10 Mar 2020 11:05:43 +0200
Selector:           app=postgresql,release=admindb,role=master
Labels:             app=postgresql
                    chart=postgresql-8.3.3
                    heritage=Helm
                    release=admindb
Annotations:        <none>
Replicas:           1 desired | 1 total
Update Strategy:    RollingUpdate
Pods Status:        1 Running / 0 Waiting / 0 Succeeded / 0 Failed
Pod Template:
  Labels:  app=postgresql
           chart=postgresql-8.3.3
           heritage=Helm
           release=admindb
           role=master
  Init Containers:
   init-chmod-data:
    Image:      docker.io/bitnami/minideb:buster
    Port:       <none>
    Host Port:  <none>
    Command:
      /bin/sh
      -cx
      echo "current user id: `id`"
      mkdir -p /bitnami/postgresql/data
      chmod 700 /bitnami/postgresql/data
      find /bitnami/postgresql -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \
        xargs chown -R 1001:1001
      chmod -R 777 /dev/shm

    Requests:
      cpu:        250m
      memory:     256Mi
    Environment:  <none>
    Mounts:
      /bitnami/postgresql from data (rw)
      /dev/shm from dshm (rw)
  Containers:
   admindb-postgresql:
    Image:      docker.io/bitnami/postgresql:11.6.0-debian-10-r5
    Port:       5432/TCP
    Host Port:  0/TCP
    Requests:
      cpu:      250m
      memory:   256Mi
    Liveness:   exec [/bin/sh -c exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432] delay=30s timeout=5s period=10s #success=1 #failure=6
    Readiness:  exec [/bin/sh -c -e exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432
[ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
] delay=5s timeout=5s period=10s #success=1 #failure=6
    Environment:
      BITNAMI_DEBUG:           false
      POSTGRESQL_PORT_NUMBER:  5432
      POSTGRESQL_VOLUME_DIR:   /bitnami/postgresql
      PGDATA:                  /bitnami/postgresql/data
      POSTGRES_USER:           postgres
      POSTGRES_PASSWORD:       <set to the key 'postgresql-password' in secret 'pg-default-password'>  Optional: false
      POSTGRESQL_ENABLE_LDAP:  no
    Mounts:
      /bitnami/postgresql from data (rw)
      /dev/shm from dshm (rw)
  Volumes:
   dshm:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:     Memory
    SizeLimit:  1Gi
Volume Claims:
  Name:          data
  StorageClass:
  Labels:        <none>
  Annotations:   <none>
  Capacity:      30Gi
  Access Modes:  [ReadWriteOnce]
Events:          <none>

Service description:

+ kubectl describe svc -n shared admindb-postgresql
Name:              admindb-postgresql
Namespace:         shared
Labels:            app=postgresql
                   chart=postgresql-8.3.3
                   heritage=Helm
                   release=admindb
Annotations:       <none>
Selector:          app=postgresql,release=admindb,role=master
Type:              ClusterIP
IP:                10.100.75.113
Port:              tcp-postgresql  5432/TCP
TargetPort:        tcp-postgresql/TCP
Endpoints:         10.55.0.17:5432
Session Affinity:  None
Events:            <none>