#🌱|help-and-getting-started
Non http ingress
# 🌱|help-and-getting-started
a
aloof-lamp-69262
05/03/2023, 4:30 PMIs it possible to have ingress like functionality but to non ingress endpoints? (TCP/UDP) for DB and other services?
b
bright-policeman-43626
05/04/2023, 6:55 AMI think you can currently change the protocols for your services using this:
https://docs.garden.io/reference/module-types/container#services-.ports-.protocol
And then inside the service add the ingress using this approach:
https://docs.garden.io/reference/module-types/container#services-.ingresses
I'm not sure if this is going to work but worth to give it a try, I can try it tomorrow and get back to you!
i
icy-furniture-17516
05/04/2023, 2:57 PMwe did it with nginx-ingress, but it required a command line flag in the controller:
Copy code
--enable-ssl-passthrough=truein order to do that, we had to disable the garden ingress and install our own
Copy code
providers:
- name: local-kubernetes
environments: [local]
namespace: ${environment.namespace}
defaultHostname: ${var.base-hostname}
ingressClass: nginx
setupIngressController: falseand now we install it via a helm chart before we deploy with garden, these are the helm values:
Copy code
controller:
extraArgs:
enable-ssl-passthrough: trueand then you can annotate your ingress to switch to layer4 load balancing, here is a full example:
Copy code
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kcp
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
spec:
ingressClassName: nginx
rules:
- host: "kcp.${var.base-hostname}"
http:
paths:
- backend:
service:
name: kcp
port:
number: 6443
path: /
pathType: Prefixthe path is required, but in this case it is omitted, since nginx won't be able to access anything other then the server name from the client hello in the tls handshake
would worth a blog post maybe? 🙂
q
quaint-dress-831
05/09/2023, 2:41 PM@icy-furniture-17516 is truly a hero to us all 🦸♂️
We could consider making this a docs page, I think 🤔
19 Views