K
Q

Gloo TCP Proxy by Hostname

7/7/2020

Using Gloo TCP Proxy to forward port 27017 for MongoDB access in a Kubernetes cluster.

The following Gateway spec works for forwarding all port 27017 traffic to the specified upstream.

spec:
  bindAddress: '::'
  bindPort: 27017
  tcpGateway:
    tcpHosts:
      - destination:
          single:
            upstream:
              name: default-mongodb-27017
              namespace: gloo-system
        name: one
  useProxyProto: false

I would like to forward 27017 traffic based on hostname (for example, d.db.example.com points to the dev instance of Mongo and p.db.example.com points to the prod instance).

Is there a way to specify hostname (like in a virtual service route)?

(Note: This is for a educational simulation, and as such isn't a real "production" environment. This is why both the dev and prod instance will exist in the same Kubernetes cluster. This is also why a managed or external MongoDB solution isn't used)

-- PercyODI
api-gateway
gloo
kubernetes

Similar Questions

How to set PAM auth for jupyterhub on Kubernetes cluster?
Airflow k8s operator xcom - Handshake status 403 Forbidden
kubernetes default liveness and readiness probe
Kubernetes namespace vanished after cluster reboot
Kubernetes Master API SERVER IP

1 Answer

7/10/2020

As I mentioned in comments, as far as I know it´s not posibble to do in gateway,atleast I could not find anything about that in gateway documentation, but you can configure virtual services to make it work.

As mentioned in documentation there

The VirtualService is the root Routing object for the Gloo Gateway. A virtual service describes the set of routes to match for a set of domains.

It defines: - a set of domains - the root set of routes for those domains - an optional SSL configuration for server TLS Termination - VirtualHostOptions that will apply configuration to all routes that live on the VirtualService.

Domains must be unique across all virtual services within a gateway (i.e. no overlap between sets).

And there

Virtual Services define a set of route rules, an optional SNI configuration for a given domain or set of domains.

Gloo will select the appropriate virtual service (set of routes) based on the domain specified in a request’s Host header (in HTTP 1.1) or :authority header (HTTP 2.0).

Virtual Services support wildcard domains (starting with *).

Gloo will create a default virtual service for the user if the user does not provide one. The default virtual service matches the * domain, which will serve routes for any request that does not include a Host/:authority header, or a request that requests a domain that does not match another virtual service.

The each domain specified for a virtualservice must be unique across the set of all virtual services provided to Gloo.

Take a look at this tutorial.

And more specifically at this example where they use 2 domains, echo.example.com and foxtrot.example.com, in your case that would be d.db.example.com and p.db.example.com

Option 2: Separating ownership across domains

The first alternative we might consider is to model each service with different domains, so that the routes are managed on different objects. For example, if our primary domain was example.com, we could have a virtual service for each subdomain: echo.example.com and foxtrot.example.com.

apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
  name: echo
  namespace: echo
spec:
  virtualHost:
    domains:
      - 'echo.example.com'
    routes:
      - matchers:
          - prefix: /echo
---
apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
  name: foxtrot
  namespace: foxtrot
spec:
  virtualHost:
    domains:
      - 'foxtrot.example.com'
...

I hope this helps.

-- Jakub
Source: StackOverflow