kirilovvv commented 1 year ago

What happened:

Install Ingress Nginx controller via Helm Chart with exposed tcp services. After installation I was not able to consume the defined services:

telnet <LoadBalancerIP> 25
Trying ***.***.***.***...
^C⏎

In the meanwhile connections to port 80 and 443 are working fine:

telnet <LoadBalancerIP> 80
Trying ***.***.***.***...
Connected to <LoadBalancerIP>.
Escape character is '^]'.

The LoadBalancer Service was created successfully (see below service description). Also the TCP Service Configmap was created successfully and passed as Args to the Deployment. In the logs of the controller there was error with fetching the Configmap:

W0812 17:34:25.510433       7 controller.go:446] Error getting ConfigMap "ingress-nginx-mail/ingress-nginx-mail-tcp": no object matching key "ingress-nginx-mail/ingress-nginx-mail-tcp" in local store

Also I have validated the the Service Account used by the controller has permissions to get the ngress-nginx-mail/ingress-nginx-mail-tcp Config Map.

What you expected to happen:

TCP Services to be loaded and be able to consume them.

NGINX Ingress controller version (exec into the pod and run nginx-ingress-controller --version.): 1.8.1

Kubernetes version (use kubectl version): 1.25.11

Environment: EKS

Cloud provider or hardware configuration: EKS
OS (e.g. from /etc/os-release): Amazon Linux 2
Kernel (e.g. uname -a): 5.10.179-168.710.amzn2.x86_64
Install tools:
- Please mention how/where was the cluster created like kubeadm/kops/minikube/kind etc.
Basic cluster related info:
- kubectl version: 1.25
- kubectl get nodes -o wide

How was the ingress-nginx-controller installed:

If helm was used then please show output of helm ls -A | grep -i ingress: ingress-nginx-mail ingress-nginx-mail 7 2023-08-12 20:34:06.079786 +0300 EEST deployed ingress-nginx-4.7.1 1.8.1

If helm was used then please show output of helm -n <ingresscontrollernamepspace> get values <helmreleasename>


controller:
addHeaders: {}
admissionWebhooks:
annotations: {}
certManager:
admissionCert:
duration: ""
enabled: false
rootCert:
duration: ""
certificate: /usr/local/certificates/cert
createSecretJob:
resources: {}
securityContext:
allowPrivilegeEscalation: false
enabled: true
existingPsp: ""
extraEnvs: []
failurePolicy: Fail
key: /usr/local/certificates/key
labels: {}
namespaceSelector: {}
networkPolicyEnabled: false
objectSelector: {}
patch:
enabled: true
image:
digest: sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f
image: ingress-nginx/kube-webhook-certgen
pullPolicy: IfNotPresent
registry: registry.k8s.io
tag: v20220916-gd32f8c343
labels: {}
nodeSelector:
kubernetes.io/os: linux
podAnnotations: {}
priorityClassName: ""
securityContext:
fsGroup: 2000
runAsNonRoot: true
runAsUser: 2000
tolerations: []
patchWebhookJob:
resources: {}
securityContext:
allowPrivilegeEscalation: false
port: 8443
service:
annotations: {}
externalIPs: []
loadBalancerSourceRanges: []
servicePort: 443
type: ClusterIP
affinity: {}
allowSnippetAnnotations: true
annotations: {}
autoscaling:
annotations: {}
apiVersion: autoscaling/v2
behavior: {}
enabled: false
maxReplicas: 11
minReplicas: 1
targetCPUUtilizationPercentage: 50
targetMemoryUtilizationPercentage: 50
autoscalingTemplate: []
config:
allow-snippet-annotations: "true"
server-snippet: |
real_ip_header CF-Connecting-IP;
use-forwarded-headers: "true"
use-proxy-protocol: "true"
configAnnotations: {}
configMapNamespace: ""
customTemplate:
configMapKey: ""
configMapName: ""
dnsConfig: {}
dnsPolicy: ClusterFirst
electionID: ""
enableMimalloc: true
extraArgs: {}
extraContainers: []
extraEnvs: []
extraInitContainers: []
extraModules: []
extraVolumeMounts: []
extraVolumes: []
healthCheckHost: ""
healthCheckPath: /healthz
hostNetwork: false
hostPort:
enabled: false
ports:
http: 80
https: 443
hostname: {}
ingressClass: nginx-mail
ingressClassByName: false
ingressClassResource:
controllerValue: k8s.io/ingress-nginx-mail
default: false
enabled: true
name: nginx-mail
parameters: {}
keda:
apiVersion: keda.sh/v1alpha1
behavior: {}
cooldownPeriod: 300
enabled: false
maxReplicas: 11
minReplicas: 1
pollingInterval: 30
restoreToOriginalReplicaCount: false
scaledObject:
annotations: {}
triggers: []
kind: Deployment
labels: {}
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
maxmindLicenseKey: ""
metrics:
enabled: true
port: 10254
portName: metrics
prometheusRule:
additionalLabels: {}
enabled: false
rules: []
service:
annotations: {}
externalIPs: []
loadBalancerSourceRanges: []
servicePort: 10254
type: ClusterIP
serviceMonitor:
additionalLabels: {}
enabled: false
metricRelabelings: []
namespace: ""
namespaceSelector: {}
relabelings: []
scrapeInterval: 30s
targetLabels: []
minAvailable: 1
minReadySeconds: 0
nodeSelector:
kubernetes.io/os: linux
opentelemetry:
containerSecurityContext:
allowPrivilegeEscalation: false
enabled: false
image: registry.k8s.io/ingress-nginx/opentelemetry:v20221114-controller-v1.5.1-6-ga66ee73c5@sha256:41076fd9fb4255677c1a3da1ac3fc41477f06eba3c7ebf37ffc8f734dad51d7c
podAnnotations:
prometheus.io/port: 10254
prometheus.io/scrape: "true"
podLabels: {}
podSecurityContext: {}
priorityClassName: ""
proxySetHeaders: {}
publishService:
enabled: true
pathOverride: ""
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
replicaCount: 1
reportNodeInternalIp: false
resources:
requests:
cpu: 100m
memory: 90Mi
scope:
enabled: true
namespace: mailserver
namespaceSelector: ""
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-type: external
appProtocol: true
enableHttp: true
enableHttps: true
enabled: true
external:
enabled: true
externalIPs: []
externalTrafficPolicy: Cluster
internal:
annotations: {}
enabled: false
loadBalancerSourceRanges: []
ipFamilies:

IPv4 ipFamilyPolicy: SingleStack labels: {} loadBalancerIP: "" loadBalancerSourceRanges: [] nodePorts: http: "" https: "" tcp: {} udp: {} ports: http: 80 https: 443 targetPorts: http: http https: https type: LoadBalancer shareProcessNamespace: false sysctls: {} tcp: annotations: {} configMapNamespace: ingress-nginx-mail terminationGracePeriodSeconds: 300 tolerations: [] topologySpreadConstraints: [] udp: annotations: {} configMapNamespace: "" updateStrategy: {} watchIngressWithoutClass: false defaultBackend: affinity: {} autoscaling: annotations: {} enabled: false maxReplicas: 2 minReplicas: 1 targetCPUUtilizationPercentage: 50 targetMemoryUtilizationPercentage: 50 containerSecurityContext: {} enabled: false existingPsp: "" extraArgs: {} extraEnvs: [] extraVolumeMounts: [] extraVolumes: [] image: allowPrivilegeEscalation: false image: defaultbackend-amd64 pullPolicy: IfNotPresent readOnlyRootFilesystem: true registry: registry.k8s.io runAsNonRoot: true runAsUser: 65534 tag: "1.5" labels: {} livenessProbe: failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 minAvailable: 1 name: defaultbackend nodeSelector: kubernetes.io/os: linux podAnnotations: {} podLabels: {} podSecurityContext: {} port: 8080 priorityClassName: "" readinessProbe: failureThreshold: 6 initialDelaySeconds: 0 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 5 replicaCount: 1 resources: {} service: annotations: {} externalIPs: [] loadBalancerSourceRanges: [] servicePort: 80 type: ClusterIP serviceAccount: automountServiceAccountToken: true create: true name: "" tolerations: [] dhParam: null imagePullSecrets: [] podSecurityPolicy: enabled: false portNamePrefix: "" rbac: create: true scope: false revisionHistoryLimit: 10 serviceAccount: annotations: {} automountServiceAccountToken: true create: true name: "" tcp: "25": mailserver/mail-frontend:25 "465": mailserver/mail-frontend:465 "993": mailserver/mail-frontend:993 "995": mailserver/mail-frontend:995 udp: {}
If helm was not used, then copy/paste the complete precise command used to install the controller, along with the flags and options used
if you have more than one instance of the ingress-nginx-controller installed in the same cluster, please provide details for all the instances

Current State of the controller:

kubectl describe ingressclasses

Name:         nginx-mail
Labels:       app.kubernetes.io/component=controller
      app.kubernetes.io/instance=ingress-nginx-mail
      app.kubernetes.io/managed-by=Helm
      app.kubernetes.io/name=ingress-nginx
      app.kubernetes.io/part-of=ingress-nginx
      app.kubernetes.io/version=1.8.1
      helm.sh/chart=ingress-nginx-4.7.1
Annotations:  meta.helm.sh/release-name: ingress-nginx-mail
      meta.helm.sh/release-namespace: ingress-nginx-mail
Controller:   k8s.io/ingress-nginx-mail
Events:       <none>

kubectl -n <ingresscontrollernamespace> get all -A -o wide

kubectl -n <ingresscontrollernamespace> describe po <ingresscontrollerpodname>:

Name:             ingress-nginx-mail-controller-74d667cbdc-nts2r
Namespace:        ingress-nginx-mail
Priority:         0
Service Account:  ingress-nginx-mail
Node:             ***
Start Time:       Sat, 12 Aug 2023 20:34:22 +0300
Labels:           app.kubernetes.io/component=controller
          app.kubernetes.io/instance=ingress-nginx-mail
          app.kubernetes.io/managed-by=Helm
          app.kubernetes.io/name=ingress-nginx
          app.kubernetes.io/part-of=ingress-nginx
          app.kubernetes.io/version=1.8.1
          helm.sh/chart=ingress-nginx-4.7.1
          pod-template-hash=74d667cbdc
Annotations:      prometheus.io/port: 10254
          prometheus.io/scrape: true
Status:           Running
IP:               172.26.31.202
IPs:
IP:           172.26.31.202
Controlled By:  ReplicaSet/ingress-nginx-mail-controller-74d667cbdc
Containers:
controller:
Container ID:  containerd://6a82e15c5c790efd376344c20bafe1f096d1fe857ce570729c259c82e6182a28
Image:         registry.k8s.io/ingress-nginx/controller:v1.8.1@sha256:e5c4824e7375fcf2a393e1c03c293b69759af37a9ca6abdb91b13d78a93da8bd
Image ID:      registry.k8s.io/ingress-nginx/controller@sha256:e5c4824e7375fcf2a393e1c03c293b69759af37a9ca6abdb91b13d78a93da8bd
Ports:         80/TCP, 443/TCP, 10254/TCP, 8443/TCP, 25/TCP, 465/TCP, 993/TCP, 995/TCP
Host Ports:    0/TCP, 0/TCP, 0/TCP, 0/TCP, 0/TCP, 0/TCP, 0/TCP, 0/TCP
Args:
/nginx-ingress-controller
--publish-service=$(POD_NAMESPACE)/ingress-nginx-mail-controller
--election-id=ingress-nginx-mail-leader
--controller-class=k8s.io/ingress-nginx-mail
--ingress-class=nginx-mail
--configmap=$(POD_NAMESPACE)/ingress-nginx-mail-controller
--tcp-services-configmap=ingress-nginx-mail/ingress-nginx-mail-tcp
--watch-namespace=mailserver
--validating-webhook=:8443
--validating-webhook-certificate=/usr/local/certificates/cert
--validating-webhook-key=/usr/local/certificates/key
State:          Running
Started:      Sat, 12 Aug 2023 20:34:23 +0300
Ready:          True
Restart Count:  0
Requests:
cpu:      100m
memory:   90Mi
Liveness:   http-get http://:10254/healthz delay=10s timeout=1s period=10s #success=1 #failure=5
Readiness:  http-get http://:10254/healthz delay=10s timeout=1s period=10s #success=1 #failure=3
Environment:
POD_NAME:       ingress-nginx-mail-controller-74d667cbdc-nts2r (v1:metadata.name)
POD_NAMESPACE:  ingress-nginx-mail (v1:metadata.namespace)
LD_PRELOAD:     /usr/local/lib/libmimalloc.so
Mounts:
/usr/local/certificates/ from webhook-cert (ro)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-mqcnr (ro)
Conditions:
Type              Status
Initialized       True 
Ready             True 
ContainersReady   True 
PodScheduled      True 
Volumes:
webhook-cert:
Type:        Secret (a volume populated by a Secret)
SecretName:  ingress-nginx-mail-admission
Optional:    false
kube-api-access-mqcnr:
Type:                    Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds:  3607
ConfigMapName:           kube-root-ca.crt
ConfigMapOptional:       <nil>
DownwardAPI:             true
QoS Class:                   Burstable
Node-Selectors:              kubernetes.io/os=linux
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                     node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:                      <none>

kubectl -n <ingresscontrollernamespace> describe svc <ingresscontrollerservicename>

Name:                     ingress-nginx-mail-controller
Namespace:                ingress-nginx-mail
Labels:                   app.kubernetes.io/component=controller
                  app.kubernetes.io/instance=ingress-nginx-mail
                  app.kubernetes.io/managed-by=Helm
                  app.kubernetes.io/name=ingress-nginx
                  app.kubernetes.io/part-of=ingress-nginx
                  app.kubernetes.io/version=1.8.1
                  helm.sh/chart=ingress-nginx-4.7.1
Annotations:              meta.helm.sh/release-name: ingress-nginx-mail
                  meta.helm.sh/release-namespace: ingress-nginx-mail
                  service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
                  service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: *
                  service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
                  service.beta.kubernetes.io/aws-load-balancer-type: external
Selector:                 app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx-mail,app.kubernetes.io/name=ingress-nginx
Type:                     LoadBalancer
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       10.100.55.171
IPs:                      10.100.55.171
LoadBalancer Ingress:   ***.elb.eu-central-1.amazonaws.com
Port:                     http  80/TCP
TargetPort:               http/TCP
NodePort:                 http  30655/TCP
Endpoints:                172.26.31.202:80
Port:                     https  443/TCP
TargetPort:               https/TCP
NodePort:                 https  31426/TCP
Endpoints:                172.26.31.202:443
Port:                     25-tcp  25/TCP
TargetPort:               25-tcp/TCP
NodePort:                 25-tcp  31927/TCP
Endpoints:                172.26.31.202:25
Port:                     465-tcp  465/TCP
TargetPort:               465-tcp/TCP
NodePort:                 465-tcp  31082/TCP
Endpoints:                172.26.31.202:465
Port:                     993-tcp  993/TCP
TargetPort:               993-tcp/TCP
NodePort:                 993-tcp  31157/TCP
Endpoints:                172.26.31.202:993
Port:                     995-tcp  995/TCP
TargetPort:               995-tcp/TCP
NodePort:                 995-tcp  32058/TCP
Endpoints:                172.26.31.202:995
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

Current state of ingress object, if applicable:
- kubectl -n <appnnamespace> get all,ing -o wide
- kubectl -n <appnamespace> describe ing <ingressname>
- If applicable, then, your complete and exact curl/grpcurl command (redacted if required) and the reponse to the curl/grpcurl command with the -v flag

Others:

Any other related information like ;
copy/paste of the snippet (if applicable)

kubectl describe ... of any custom configmap(s) created and in use:


Name:         ingress-nginx-mail-tcp
Namespace:    ingress-nginx-mail
Labels:       app.kubernetes.io/component=controller
      app.kubernetes.io/instance=ingress-nginx-mail
      app.kubernetes.io/managed-by=Helm
      app.kubernetes.io/name=ingress-nginx
      app.kubernetes.io/part-of=ingress-nginx
      app.kubernetes.io/version=1.8.1
      helm.sh/chart=ingress-nginx-4.7.1
Annotations:  meta.helm.sh/release-name: ingress-nginx-mail
      meta.helm.sh/release-namespace: ingress-nginx-mail

Data

465:

mailserver/mail-frontend:465 993:

mailserver/mail-frontend:993 995:

mailserver/mail-frontend:995 25:

mailserver/mail-frontend:25

BinaryData

Events:


    - Any other related information that may help

**How to reproduce this issue**:
Install ingress controller with TCP Services for port 25, 465, ... . Try accessing those services
`telnet <ingress-loadBalancer> 25`
`telnet <ingress-loadBalancer> 465`

k8s-ci-robot commented 1 year ago

This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

longwuyuan commented 1 year ago

the port is configured. so try the telnet command from within the pod or from a adjacent pod in the namespace like kubectl -n ingress-nginx-mail create deploy test0 --image nginx:alpine and then exec into it and install telnet or netcat/nc etc.

But on a different note, no sane provider and specially AWS will let SMTP port 25 , without at least a warning as to how bad that is as a security problem.

/remove-kind bug

kirilovvv commented 1 year ago

The port is not configured:

root@busybox:/# telnet ingress-nginx-mail-controller 80
Trying 10.100.55.171...
Connected to ingress-nginx-mail-controller.ingress-nginx-mail.svc.cluster.local.
Escape character is '^]'.

root@busybox:/# telnet ingress-nginx-mail-controller 25
Trying 10.100.55.171...
telnet: Unable to connect to remote host: Connection refused

I believe here the error is thrown. If I'm right the ports are not configured at all.

Note: the mail server I am testing against is still a POC, I am aware with the security issues related to using non encrypted connections.

longwuyuan commented 1 year ago

Port configuration is visible in the svc definition already. Socket not responding is a different matter from port config. Information you have posted about port 25 not connecting is not pointing to a problem on the controller just yet. it requires you to show the pod to which the controller has configured TCP port 25.

I am testing if it works on kind cluster or not.

longwuyuan commented 1 year ago

As you can see in screenshot below, the controller is not having a bug to block port 25

kirilovvv commented 1 year ago

Connectivity to the pod is working fine. I have started a busy box container next to the ingress nginx controller:

root@busybox:/# telnet mail-frontend.mailserver.svc.cluster.local 25
Trying 10.100.123.100...
Connected to mail-frontend.mailserver.svc.cluster.local.
Escape character is '^]'.
220 *** ESMTP ready
^]
root@busybox:/# telnet mail-frontend.mailserver.svc.cluster.local 465
Trying 10.100.123.100...
Connected to mail-frontend.mailserver.svc.cluster.local.
Escape character is '^]'.
^]

So connectivity to the mail pod is ok.

Again the error log from the controller points me to a direction that the controller cannot get the tcp configmap.

Error log:

W0812 17:34:25.510433       7 controller.go:446] Error getting ConfigMap "ingress-nginx-mail/ingress-nginx-mail-tcp": no object matching key "ingress-nginx-mail/ingress-nginx-mail-tcp" in local store

I have also checked that the Service Account created has the required permissions to get that ConfigMap. Based on the log data I believe that this operation fails to execute properly and there stops the processing tcp configurations.

longwuyuan commented 1 year ago

@kirilovvv the test I showed that I could reach port 25 of a pod from outside the cluster, over the ingress. And besides that we have not touched that part of the code recently for a new bug to be likely.

You are also right that the error is related to controller.go Line 449. But that is a misleading information.

Here is the only data that is provided by you, that is related to your problem

root@busybox:/# telnet ingress-nginx-mail-controller 25
Trying 10.100.55.171...
telnet: Unable to connect to remote host: Connection refused

So if you can not get a socket there, the next data you need to consider is the ipaddress/hostname of the AWS LoadBalancer allowing connections on port 25. Maybe securityGroups of AWS. The controller does not control all that and the controller does not block port25, if configured.

As per that error related to the cinfigMap itself, you have shown the cm but not the service it sends traffic to. Is there a service in namespace of the mailserver, with the name "mail-frontend", with a port 25.

Beyond tht, did you change the default serviceAccount as well ?

kirilovvv commented 1 year ago

Well if I read the code - after that error the function that configures the streaming services exits from the function so the configuration is never completed..

Also as seen in the telnet command, I am trying to connect to the nginx service using the internal Service domain - so Security Groups, Load Balancers, etc AWS resources are not used - only k8s internal resources.

Here is the mail-frontend service:

apiVersion: v1
kind: Service
metadata:
  creationTimestamp: "2023-04-05T12:14:12Z"
  labels:
    app: mail
  name: mail-frontend
  namespace: mailserver
  resourceVersion: "2955422"
  uid: 06186601-4867-4370-bef6-c1cf496a710f
spec:
  clusterIP: 10.100.123.100
  clusterIPs:
  - 10.100.123.100
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: smtp
    nodePort: 31583
    port: 25
    protocol: TCP
    targetPort: smtp
  - name: smtps
    nodePort: 32149
    port: 465
    protocol: TCP
    targetPort: smtps
  - name: submission
    nodePort: 31957
    port: 587
    protocol: TCP
    targetPort: submission
  - name: imap
    nodePort: 31846
    port: 143
    protocol: TCP
    targetPort: imap
- name: imap
    nodePort: 31846
    port: 143
    protocol: TCP
    targetPort: imap
  - name: imaps
    nodePort: 31850
    port: 993
    protocol: TCP
    targetPort: imaps
  - name: pop3s
    nodePort: 32103
    port: 995
    protocol: TCP
    targetPort: pop3s
  - name: pop3
    nodePort: 30962
    port: 110
    protocol: TCP
    targetPort: pop3
  selector:
    app: mail
  sessionAffinity: None
  type: ClusterIP
status:
  loadBalancer: {}

I have tested the connectivity to that Service from a test pod, deployed in the nginx ingress namespace:

root@busybox:/# telnet mail-frontend.mailserver.svc.cluster.local 25
Trying 10.100.123.100...
Connected to mail-frontend.mailserver.svc.cluster.local.
Escape character is '^]'.
220 *** ESMTP ready
^]
root@busybox:/# telnet mail-frontend.mailserver.svc.cluster.local 465
Trying 10.100.123.100...
Connected to mail-frontend.mailserver.svc.cluster.local.
Escape character is '^]'.
^]

The controller uses the default service account (Service Account: ingress-nginx-mail, as provided in the the pod description above). I have tested that this Service account has permissions to Get/List ConfigMaps. Here are the provided permissions:

longwuyuan commented 1 year ago

@kirilovvv I can only follow the data trail and not opinions.

This data in screenshot below shows that its possible to connect to port 25, from outside the cluster, through the controller, all the way to a pod listening on the unencrypted SMTP socket

The data you posted earlier and seen below, shows that configMap is not reachable

W0812 17:34:25.510433 7 controller.go:446] Error getting ConfigMap "ingress-nginx-mail/ingress-nginx-mail-tcp": no object matching key "ingress-nginx-mail/ingress-nginx-mail-tcp" in local store

These 2 pieces of data above, show what possible codepath was likely followed, covered, executed
These 2 pieces of data also are PROOF that the TCP stream to SMTP socket inside the cluster, can be reached happily, when configMap is readable

So the issue of unreadable configMap is not reproducible.

And if a issue is not reproducible, then it becomes a blocker for a developer to fix root cause.

The template of a new issue asks many questions for this reason. It helps to get a better understanding of the issue reported. I don't see all the answers to questions asked in a new issue template.

So at least I can see your opinions. But to work collaboratively, the first requirement is un-biased data being presented, that relates to the complete live state of K8S objects related to the issue and the info on the infra where the issue occured.

If you do desire some meaningful commenting, you need to consider that the IP-Address of the pod as seen in latest telnet command is from the subnet 10.100.x.x/x and the it is expected to be a ipaddress from the CNI subnets. But a reader here has to to scratch his head to understand how come the external-IP you showed telnet failure for, is also from the subnet 10.100.x.x/x . So that needs clarification if your CNI subnet and the LB subnet are overlapping. Why did you NOT send telnet to this LB

LoadBalancer Ingress:   ***.elb.eu-central-1.amazonaws.com

Why are you sending your telnet to an ipaddress from the subnet 10.10.x.x./x, instead of that LB ?

If possible, please post this data in one single post ;

kubectl get all -A -o wide
kubectl -n ingress-nginx-mail describe cm,svc
kubectl -n mailserver describe svc

kirilovvv commented 1 year ago

In the description/previous comments I have shown both telnet for the LB and using the internal service and they both fail. Also the telnets from the busybox are using the Service as mail-frontend Service is of type Cluster. Moreover I am not using the LB as its AWS Target Groups are unhealthy (for all ports except 80 and 443) and therefore won't accept traffic.

Here is the data that you requested:

kubectl get all -A -o wide


NAMESPACE            NAME                                                             READY   STATUS      RESTARTS      AGE     IP              NODE                                             NOMINATED NODE   READINESS GATES
calico-apiserver     pod/calico-apiserver-58f444b5c-mhtk7                             1/1     Running     6 (10d ago)   50d     172.26.16.19    ***                                              <none>           <none>
calico-apiserver     pod/calico-apiserver-58f444b5c-zfcf5                             1/1     Running     6 (10d ago)   50d     172.26.2.141    ***                                              <none>           <none>
calico-system        pod/calico-kube-controllers-6b96b8cc86-nf52p                     1/1     Running     0             50d     172.26.31.52    ***                                              <none>           <none>
calico-system        pod/calico-node-bpkdr                                            1/1     Running     0             50d     172.26.5.80     ***                                              <none>           <none>
calico-system        pod/calico-node-dxrkd                                            1/1     Running     0             65d     172.26.17.254   ***                                              <none>           <none>
calico-system        pod/calico-node-lrbtp                                            1/1     Running     0             50d     172.26.13.157   ***                                              <none>           <none>
calico-system        pod/calico-typha-85898bf5d9-jsxwb                                1/1     Running     0             65d     172.26.17.254   ***                                              <none>           <none>
calico-system        pod/calico-typha-85898bf5d9-k2s2t                                1/1     Running     0             50d     172.26.13.157   ***                                              <none>           <none>
calico-system        pod/csi-node-driver-bzhnr                                        2/2     Running     0             50d     172.26.1.209    ***                                              <none>           <none>
calico-system        pod/csi-node-driver-jxlxp                                        2/2     Running     0             50d     172.26.10.115   ***                                              <none>           <none>
calico-system        pod/csi-node-driver-kw87v                                        2/2     Running     0             65d     172.26.24.209   ***                                              <none>           <none>
cert-manager         pod/cert-manager-5667f46fc9-dpjmc                                1/1     Running     0             50d     172.26.27.242   ***                                              <none>           <none>
cert-manager         pod/cert-manager-cainjector-547c9b8f95-pkppv                     1/1     Running     0             50d     172.26.4.85     ***                                              <none>           <none>
cert-manager         pod/cert-manager-webhook-6787f645b9-p46b9                        1/1     Running     0             50d     172.26.7.14     ***                                              <none>           <none>
ingress-nginx-mail   pod/busybox                                                      1/1     Running     0             9d      172.26.28.254   ***                                              <none>           <none>
ingress-nginx-mail   pod/ingress-nginx-mail-controller-78cc8799dc-fsd6t               1/1     Running     0             10d     172.26.4.200    ***                                              <none>           <none>
kube-system          pod/aws-load-balancer-controller-786f47b99f-4tclp                1/1     Running     0             50d     172.26.14.86    ***                                              <none>           <none>
kube-system          pod/aws-load-balancer-controller-786f47b99f-zfpz4                1/1     Running     0             50d     172.26.20.75    ***                                              <none>           <none>
kube-system          pod/aws-node-89snv                                               1/1     Running     0             65d     172.26.17.254   ***                                              <none>           <none>
kube-system          pod/aws-node-8jhkd                                               1/1     Running     0             50d     172.26.13.157   ***                                              <none>           <none>
kube-system          pod/aws-node-zjvp5                                               1/1     Running     0             50d     172.26.5.80     ***                                              <none>           <none>
kube-system          pod/coredns-5c4469f767-hzf4k                                     1/1     Running     0             50d     172.26.16.245   ***                                              <none>           <none>
kube-system          pod/coredns-5c4469f767-mbtvl                                     1/1     Running     0             50d     172.26.0.177    ***                                              <none>           <none>
kube-system          pod/ebs-csi-controller-587f5bd575-4v8kj                          6/6     Running     3 (45d ago)   50d     172.26.10.30    ***                                              <none>           <none>
kube-system          pod/ebs-csi-controller-587f5bd575-62ml6                          6/6     Running     0             50d     172.26.16.56    ***                                              <none>           <none>
kube-system          pod/ebs-csi-node-chvh9                                           3/3     Running     0             50d     172.26.14.105   ***                                              <none>           <none>
kube-system          pod/ebs-csi-node-pq9zq                                           3/3     Running     0             50d     172.26.15.156   ***                                              <none>           <none>
kube-system          pod/ebs-csi-node-tlgwt                                           3/3     Running     0             65d     172.26.19.18    ***                                              <none>           <none>
kube-system          pod/efs-csi-controller-f5f978597-bxtxg                           3/3     Running     0             50d     172.26.13.157   ***                                              <none>           <none>
kube-system          pod/efs-csi-controller-f5f978597-q26zn                           3/3     Running     0             50d     172.26.17.254   ***                                              <none>           <none>
kube-system          pod/efs-csi-node-9cctb                                           3/3     Running     0             65d     172.26.17.254   ***                                              <none>           <none>
kube-system          pod/efs-csi-node-brsjc                                           3/3     Running     0             50d     172.26.13.157   ***                                              <none>           <none>
kube-system          pod/efs-csi-node-cxckr                                           3/3     Running     0             50d     172.26.5.80     ***                                              <none>           <none>
kube-system          pod/external-dns-b4d6f58b-77pg8                                  1/1     Running     0             50d     172.26.21.62    ***                                              <none>           <none>
kube-system          pod/kube-proxy-6psxq                                             1/1     Running     0             50d     172.26.5.80     ***                                              <none>           <none>
kube-system          pod/kube-proxy-pbdfn                                             1/1     Running     0             65d     172.26.17.254   ***                                              <none>           <none>
kube-system          pod/kube-proxy-sqkh8                                             1/1     Running     0             50d     172.26.13.157   ***                                              <none>           <none>
kube-system          pod/snapshot-controller-8696cb4477-5c7cj                         1/1     Running     0             50d     172.26.11.150   ***                                              <none>           <none>
kube-system          pod/tigera-operator-6675dc47f4-69ts7                             1/1     Running     0             50d     172.26.17.254   ***                                              <none>           <none>
mailserver           pod/mail-7c768cc875-2dw5k                                        1/1     Running     0             44d     172.26.7.63     ***                                              <none>           <none>
mailserver           pod/mailserver-7bb857989-7467f                                   1/1     Running     0             12d     172.26.18.80    ***                                              <none>           <none>
monitoring           pod/grafana-dfbf75d74-hnjvw                                      1/1     Running     0             50d     172.26.10.33    ***                                              <none>           <none>
monitoring           pod/prometheus-alertmanager-0                                    1/1     Running     0             50d     172.26.9.188    ***                                              <none>           <none>
monitoring           pod/prometheus-kube-state-metrics-5fdc4f6d6c-p6hvz               1/1     Running     0             50d     172.26.20.146   ***                                              <none>           <none>
monitoring           pod/prometheus-prometheus-node-exporter-bvqxp                    1/1     Running     0             65d     172.26.17.254   ***                                              <none>           <none>
monitoring           pod/prometheus-prometheus-node-exporter-kwvpx                    1/1     Running     0             50d     172.26.5.80     ***                                              <none>           <none>
monitoring           pod/prometheus-prometheus-node-exporter-p7j8l                    1/1     Running     0             50d     172.26.13.157   ***                                              <none>           <none>
monitoring           pod/prometheus-prometheus-pushgateway-59d858554f-pfz2v           1/1     Running     0             50d     172.26.12.183   ***                                              <none>           <none>
monitoring           pod/prometheus-server-7f64f585f-kbtz8                            2/2     Running     0             50d     172.26.8.246    ***                                              <none>           <none>
velero               pod/velero-55f6d8dbb5-cjs9g                                      1/1     Running     0             50d     172.26.0.108    ***                                              <none>           <none>

NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR calico-apiserver service/calico-api ClusterIP 10.100.180.88 443/TCP 142d apiserver=true calico-system service/calico-kube-controllers-metrics ClusterIP 10.100.170.89 9094/TCP 142d k8s-app=calico-kube-controllers calico-system service/calico-typha ClusterIP 10.100.45.120 5473/TCP 143d k8s-app=calico-typha cert-manager service/cert-manager ClusterIP 10.100.63.179 9402/TCP 143d app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager cert-manager service/cert-manager-webhook ClusterIP 10.100.235.185 443/TCP 143d app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook default service/kubernetes ClusterIP 10.100.0.1 443/TCP 143d ingress-nginx-mail service/ingress-nginx-mail-controller LoadBalancer 10.100.55.171 k8s-ingressn-ingressn-4905a63ad9-519447fdc8742ee8.elb.eu-central-1.amazonaws.com 80:30655/TCP,443:31426/TCP,25:31927/TCP,465:31082/TCP,993:31157/TCP,995:32058/TCP 13d app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx-mail,app.kubernetes.io/name=ingress-nginx ingress-nginx-mail service/ingress-nginx-mail-controller-admission ClusterIP 10.100.157.181 443/TCP 13d app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx-mail,app.kubernetes.io/name=ingress-nginx ingress-nginx-mail service/ingress-nginx-mail-controller-metrics ClusterIP 10.100.39.192 10254/TCP 13d app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx-mail,app.kubernetes.io/name=ingress-nginx kube-system service/aws-load-balancer-webhook-service ClusterIP 10.100.102.179 443/TCP 142d app.kubernetes.io/instance=aws-load-balancer-controller,app.kubernetes.io/name=aws-load-balancer-controller kube-system service/kube-dns ClusterIP 10.100.0.10 53/UDP,53/TCP 143d k8s-app=kube-dns mailserver service/mail-frontend LoadBalancer 10.100.123.100 ***.elb.eu-central-1.amazonaws.com 25:31583/TCP,465:32149/TCP,587:31957/TCP,143:31846/TCP,993:31850/TCP,995:32103/TCP,110:30962/TCP,443:31340/TCP,80:31768/TCP 140d app=mail mailserver service/mailcluster-svc ClusterIP 10.100.9.252 7000/TCP,9000/TCP 12d app=mailserver monitoring service/grafana ClusterIP 10.100.188.70 80/TCP 141d app.kubernetes.io/instance=grafana,app.kubernetes.io/name=grafana monitoring service/prometheus-alertmanager ClusterIP 10.100.168.17 9093/TCP 141d app.kubernetes.io/instance=prometheus,app.kubernetes.io/name=alertmanager monitoring service/prometheus-alertmanager-headless ClusterIP None 9093/TCP 141d app.kubernetes.io/instance=prometheus,app.kubernetes.io/name=alertmanager monitoring service/prometheus-kube-state-metrics ClusterIP 10.100.5.11 8080/TCP 141d app.kubernetes.io/instance=prometheus,app.kubernetes.io/name=kube-state-metrics monitoring service/prometheus-prometheus-node-exporter ClusterIP 10.100.106.149 9100/TCP 141d app.kubernetes.io/instance=prometheus,app.kubernetes.io/name=prometheus-node-exporter monitoring service/prometheus-prometheus-pushgateway ClusterIP 10.100.149.214 9091/TCP 141d app.kubernetes.io/instance=prometheus,app.kubernetes.io/name=prometheus-pushgateway monitoring service/prometheus-server ClusterIP 10.100.104.14 80/TCP 141d app=prometheus,component=server,release=prometheus velero service/velero ClusterIP 10.100.157.226 8085/TCP 118d app.kubernetes.io/instance=velero,app.kubernetes.io/name=velero,name=velero

NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE CONTAINERS IMAGES SELECTOR calico-system daemonset.apps/calico-node 3 3 3 3 3 kubernetes.io/os=linux 143d calico-node docker.io/calico/node:v3.24.1 k8s-app=calico-node calico-system daemonset.apps/csi-node-driver 3 3 3 3 3 kubernetes.io/os=linux 142d calico-csi,csi-node-driver-registrar docker.io/calico/csi:v3.24.1,docker.io/calico/node-driver-registrar:v3.24.1 k8s-app=csi-node-driver kube-system daemonset.apps/aws-node 3 3 3 3 3 143d aws-node 602401143452.dkr.ecr.eu-central-1.amazonaws.com/amazon-k8s-cni:v1.12.6-eksbuild.1 k8s-app=aws-node kube-system daemonset.apps/ebs-csi-node 3 3 3 3 3 kubernetes.io/os=linux 143d ebs-plugin,node-driver-registrar,liveness-probe 602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/aws-ebs-csi-driver:v1.18.0,602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/csi-node-driver-registrar:v2.7.0-eks-1-26-7,602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/livenessprobe:v2.9.0-eks-1-26-7 app=ebs-csi-node,app.kubernetes.io/name=aws-ebs-csi-driver kube-system daemonset.apps/ebs-csi-node-windows 0 0 0 0 0 kubernetes.io/os=windows 143d ebs-plugin,node-driver-registrar,liveness-probe 602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/aws-ebs-csi-driver:v1.18.0,602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/csi-node-driver-registrar:v2.7.0-eks-1-26-7,602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/livenessprobe:v2.9.0-eks-1-26-7 app=ebs-csi-node,app.kubernetes.io/name=aws-ebs-csi-driver kube-system daemonset.apps/efs-csi-node 3 3 3 3 3 kubernetes.io/os=linux 106d efs-plugin,csi-driver-registrar,liveness-probe amazon/aws-efs-csi-driver:v1.5.5,public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar:v2.7.0-eks-1-27-latest,public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.9.0-eks-1-27-latest app=efs-csi-node,app.kubernetes.io/instance=aws-efs-csi-driver,app.kubernetes.io/name=aws-efs-csi-driver kube-system daemonset.apps/kube-proxy 3 3 3 3 3 143d kube-proxy 602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/kube-proxy:v1.25.9-minimal-eksbuild.1 k8s-app=kube-proxy monitoring daemonset.apps/prometheus-prometheus-node-exporter 3 3 3 3 3 141d node-exporter quay.io/prometheus/node-exporter:v1.5.0 app.kubernetes.io/instance=prometheus,app.kubernetes.io/name=prometheus-node-exporter

NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR calico-apiserver deployment.apps/calico-apiserver 2/2 2 2 142d calico-apiserver docker.io/calico/apiserver:v3.24.1 apiserver=true calico-system deployment.apps/calico-kube-controllers 1/1 1 1 142d calico-kube-controllers docker.io/calico/kube-controllers:v3.24.1 k8s-app=calico-kube-controllers calico-system deployment.apps/calico-typha 2/2 2 2 143d calico-typha docker.io/calico/typha:v3.24.1 k8s-app=calico-typha cert-manager deployment.apps/cert-manager 1/1 1 1 143d cert-manager-controller quay.io/jetstack/cert-manager-controller:v1.11.0 app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager cert-manager deployment.apps/cert-manager-cainjector 1/1 1 1 143d cert-manager-cainjector quay.io/jetstack/cert-manager-cainjector:v1.11.0 app.kubernetes.io/component=cainjector,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cainjector cert-manager deployment.apps/cert-manager-webhook 1/1 1 1 143d cert-manager-webhook quay.io/jetstack/cert-manager-webhook:v1.11.0 app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook ingress-nginx-mail deployment.apps/ingress-nginx-mail-controller 1/1 1 1 13d controller registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx-mail,app.kubernetes.io/name=ingress-nginx kube-system deployment.apps/aws-load-balancer-controller 2/2 2 2 142d aws-load-balancer-controller public.ecr.aws/eks/aws-load-balancer-controller:v2.4.7 app.kubernetes.io/instance=aws-load-balancer-controller,app.kubernetes.io/name=aws-load-balancer-controller kube-system deployment.apps/coredns 2/2 2 2 143d coredns 602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/coredns:v1.9.3-eksbuild.3 eks.amazonaws.com/component=coredns,k8s-app=kube-dns kube-system deployment.apps/ebs-csi-controller 2/2 2 2 143d ebs-plugin,csi-provisioner,csi-attacher,csi-snapshotter,csi-resizer,liveness-probe 602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/aws-ebs-csi-driver:v1.18.0,602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/csi-provisioner:v3.4.1-eks-1-26-7,602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/csi-attacher:v4.2.0-eks-1-26-7,602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/csi-snapshotter:v6.2.1-eks-1-26-7,602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/csi-resizer:v1.7.0-eks-1-26-7,602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/livenessprobe:v2.9.0-eks-1-26-7 app=ebs-csi-controller,app.kubernetes.io/name=aws-ebs-csi-driver kube-system deployment.apps/efs-csi-controller 2/2 2 2 106d efs-plugin,csi-provisioner,liveness-probe amazon/aws-efs-csi-driver:v1.5.5,public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner:v3.4.0-eks-1-27-latest,public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.9.0-eks-1-27-latest app=efs-csi-controller,app.kubernetes.io/instance=aws-efs-csi-driver,app.kubernetes.io/name=aws-efs-csi-driver kube-system deployment.apps/external-dns 1/1 1 1 142d external-dns k8s.gcr.io/external-dns/external-dns:v0.10.2 app=external-dns kube-system deployment.apps/snapshot-controller 1/1 1 1 143d snapshot-controller registry.k8s.io/sig-storage/snapshot-controller:v6.2.1 app.kubernetes.io/instance=snapshot-controller,app.kubernetes.io/name=snapshot-controller kube-system deployment.apps/tigera-operator 1/1 1 1 143d tigera-operator quay.io/tigera/operator:v1.28.1 name=tigera-operator mailserver deployment.apps/mail 1/1 1 1 136d axigen axigen/axigen:10.5.1 app=mail mailserver deployment.apps/mailserver 1/1 1 1 12d axigen axigen/axigen:10.5.4 app=mailserver monitoring deployment.apps/grafana 1/1 1 1 141d grafana grafana/grafana:9.3.1 app.kubernetes.io/instance=grafana,app.kubernetes.io/name=grafana monitoring deployment.apps/prometheus-kube-state-metrics 1/1 1 1 141d kube-state-metrics registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.7.0 app.kubernetes.io/instance=prometheus,app.kubernetes.io/name=kube-state-metrics monitoring deployment.apps/prometheus-prometheus-pushgateway 1/1 1 1 141d pushgateway prom/pushgateway:v1.5.1 app.kubernetes.io/instance=prometheus,app.kubernetes.io/name=prometheus-pushgateway monitoring deployment.apps/prometheus-server 1/1 1 1 141d prometheus-server-configmap-reload,prometheus-server jimmidyson/configmap-reload:v0.8.0,quay.io/prometheus/prometheus:v2.41.0 app=prometheus,component=server,release=prometheus velero deployment.apps/velero 1/1 1 1 118d velero velero/velero:v1.11.0 app.kubernetes.io/instance=velero,app.kubernetes.io/name=velero

NAMESPACE NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR calico-apiserver replicaset.apps/calico-apiserver-58f444b5c 2 2 2 142d calico-apiserver docker.io/calico/apiserver:v3.24.1 apiserver=true,pod-template-hash=58f444b5c calico-system replicaset.apps/calico-kube-controllers-6b96b8cc86 1 1 1 142d calico-kube-controllers docker.io/calico/kube-controllers:v3.24.1 k8s-app=calico-kube-controllers,pod-template-hash=6b96b8cc86 calico-system replicaset.apps/calico-typha-6cdb87c98 0 0 0 143d calico-typha docker.io/calico/typha:v3.25.1 k8s-app=calico-typha,pod-template-hash=6cdb87c98 calico-system replicaset.apps/calico-typha-85898bf5d9 2 2 2 142d calico-typha docker.io/calico/typha:v3.24.1 k8s-app=calico-typha,pod-template-hash=85898bf5d9 cert-manager replicaset.apps/cert-manager-5667f46fc9 1 1 1 143d cert-manager-controller quay.io/jetstack/cert-manager-controller:v1.11.0 app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager,pod-template-hash=5667f46fc9 cert-manager replicaset.apps/cert-manager-59bf757d77 0 0 0 143d cert-manager-controller quay.io/jetstack/cert-manager-controller:v1.11.0 app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager,pod-template-hash=59bf757d77 cert-manager replicaset.apps/cert-manager-cainjector-547c9b8f95 1 1 1 143d cert-manager-cainjector quay.io/jetstack/cert-manager-cainjector:v1.11.0 app.kubernetes.io/component=cainjector,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cainjector,pod-template-hash=547c9b8f95 cert-manager replicaset.apps/cert-manager-webhook-6787f645b9 1 1 1 143d cert-manager-webhook quay.io/jetstack/cert-manager-webhook:v1.11.0 app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook,pod-template-hash=6787f645b9 ingress-nginx-mail replicaset.apps/ingress-nginx-mail-controller-5d54bccb87 0 0 0 13d controller registry.k8s.io/ingress-nginx/controller:v1.8.1@sha256:e5c4824e7375fcf2a393e1c03c293b69759af37a9ca6abdb91b13d78a93da8bd app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx-mail,app.kubernetes.io/name=ingress-nginx,pod-template-hash=5d54bccb87 ingress-nginx-mail replicaset.apps/ingress-nginx-mail-controller-64d595fb55 0 0 0 13d controller registry.k8s.io/ingress-nginx/controller:v1.8.1@sha256:e5c4824e7375fcf2a393e1c03c293b69759af37a9ca6abdb91b13d78a93da8bd app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx-mail,app.kubernetes.io/name=ingress-nginx,pod-template-hash=64d595fb55 ingress-nginx-mail replicaset.apps/ingress-nginx-mail-controller-6bbf5958ff 0 0 0 11d controller registry.k8s.io/ingress-nginx/controller:v1.8.1@sha256:e5c4824e7375fcf2a393e1c03c293b69759af37a9ca6abdb91b13d78a93da8bd app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx-mail,app.kubernetes.io/name=ingress-nginx,pod-template-hash=6bbf5958ff ingress-nginx-mail replicaset.apps/ingress-nginx-mail-controller-74d667cbdc 0 0 0 11d controller registry.k8s.io/ingress-nginx/controller:v1.8.1@sha256:e5c4824e7375fcf2a393e1c03c293b69759af37a9ca6abdb91b13d78a93da8bd app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx-mail,app.kubernetes.io/name=ingress-nginx,pod-template-hash=74d667cbdc ingress-nginx-mail replicaset.apps/ingress-nginx-mail-controller-78cc8799dc 1 1 1 10d controller registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx-mail,app.kubernetes.io/name=ingress-nginx,pod-template-hash=78cc8799dc kube-system replicaset.apps/aws-load-balancer-controller-786f47b99f 2 2 2 142d aws-load-balancer-controller public.ecr.aws/eks/aws-load-balancer-controller:v2.4.7 app.kubernetes.io/instance=aws-load-balancer-controller,app.kubernetes.io/name=aws-load-balancer-controller,pod-template-hash=786f47b99f kube-system replicaset.apps/coredns-5c4469f767 2 2 2 109d coredns 602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/coredns:v1.9.3-eksbuild.3 eks.amazonaws.com/component=coredns,k8s-app=kube-dns,pod-template-hash=5c4469f767 kube-system replicaset.apps/coredns-cbbbbb9cb 0 0 0 143d coredns 602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/coredns:v1.9.3-eksbuild.2 eks.amazonaws.com/component=coredns,k8s-app=kube-dns,pod-template-hash=cbbbbb9cb kube-system replicaset.apps/ebs-csi-controller-587f5bd575 2 2 2 109d ebs-plugin,csi-provisioner,csi-attacher,csi-snapshotter,csi-resizer,liveness-probe 602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/aws-ebs-csi-driver:v1.18.0,602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/csi-provisioner:v3.4.1-eks-1-26-7,602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/csi-attacher:v4.2.0-eks-1-26-7,602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/csi-snapshotter:v6.2.1-eks-1-26-7,602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/csi-resizer:v1.7.0-eks-1-26-7,602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/livenessprobe:v2.9.0-eks-1-26-7 app=ebs-csi-controller,app.kubernetes.io/name=aws-ebs-csi-driver,pod-template-hash=587f5bd575 kube-system replicaset.apps/ebs-csi-controller-59b7dfccbf 0 0 0 143d ebs-plugin,csi-provisioner,csi-attacher,csi-snapshotter,csi-resizer,liveness-probe 602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/aws-ebs-csi-driver:v1.17.0,602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/csi-provisioner:v3.4.0-eks-1-26-latest,602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/csi-attacher:v4.2.0-eks-1-26-latest,602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/csi-snapshotter:v6.2.1-eks-1-26-latest,602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/csi-resizer:v1.7.0-eks-1-26-latest,602401143452.dkr.ecr.eu-central-1.amazonaws.com/eks/livenessprobe:v2.9.0-eks-1-26-latest app=ebs-csi-controller,app.kubernetes.io/name=aws-ebs-csi-driver,pod-template-hash=59b7dfccbf kube-system replicaset.apps/efs-csi-controller-f5f978597 2 2 2 106d efs-plugin,csi-provisioner,liveness-probe amazon/aws-efs-csi-driver:v1.5.5,public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner:v3.4.0-eks-1-27-latest,public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.9.0-eks-1-27-latest app=efs-csi-controller,app.kubernetes.io/instance=aws-efs-csi-driver,app.kubernetes.io/name=aws-efs-csi-driver,pod-template-hash=f5f978597 kube-system replicaset.apps/external-dns-b4d6f58b 1 1 1 142d external-dns k8s.gcr.io/external-dns/external-dns:v0.10.2 app=external-dns,pod-template-hash=b4d6f58b kube-system replicaset.apps/snapshot-controller-8696cb4477 1 1 1 143d snapshot-controller registry.k8s.io/sig-storage/snapshot-controller:v6.2.1 app.kubernetes.io/instance=snapshot-controller,app.kubernetes.io/name=snapshot-controller,pod-template-hash=8696cb4477 kube-system replicaset.apps/tigera-operator-6675dc47f4 1 1 1 142d tigera-operator quay.io/tigera/operator:v1.28.1 name=tigera-operator,pod-template-hash=6675dc47f4 kube-system replicaset.apps/tigera-operator-6d85b97b7d 0 0 0 143d tigera-operator quay.io/tigera/operator:v1.29.3 name=tigera-operator,pod-template-hash=6d85b97b7d mailserver replicaset.apps/mail-574d9d4767 0 0 0 108d axigen axigen/axigen:10.4.8 app=mail,pod-template-hash=574d9d4767 mailserver replicaset.apps/mail-579f547f57 0 0 0 136d axigen axigen/axigen:10.4.8 app=mail,pod-template-hash=579f547f57 mailserver replicaset.apps/mail-66cf898cb8 0 0 0 108d axigen axigen/axigen:10.4.10 app=mail,pod-template-hash=66cf898cb8 mailserver replicaset.apps/mail-7c768cc875 1 1 1 44d axigen axigen/axigen:10.5.1 app=mail,pod-template-hash=7c768cc875 mailserver replicaset.apps/mailserver-7bb857989 1 1 1 12d axigen axigen/axigen:10.5.4 app=mailserver,pod-template-hash=7bb857989 monitoring replicaset.apps/grafana-76b5b6b4c6 0 0 0 141d grafana grafana/grafana:9.3.1 app.kubernetes.io/instance=grafana,app.kubernetes.io/name=grafana,pod-template-hash=76b5b6b4c6 monitoring replicaset.apps/grafana-dfbf75d74 1 1 1 140d grafana grafana/grafana:9.3.1 app.kubernetes.io/instance=grafana,app.kubernetes.io/name=grafana,pod-template-hash=dfbf75d74 monitoring replicaset.apps/prometheus-kube-state-metrics-5fdc4f6d6c 1 1 1 141d kube-state-metrics registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.7.0 app.kubernetes.io/instance=prometheus,app.kubernetes.io/name=kube-state-metrics,pod-template-hash=5fdc4f6d6c monitoring replicaset.apps/prometheus-prometheus-pushgateway-59d858554f 1 1 1 141d pushgateway prom/pushgateway:v1.5.1 app.kubernetes.io/instance=prometheus,app.kubernetes.io/name=prometheus-pushgateway,pod-template-hash=59d858554f monitoring replicaset.apps/prometheus-server-6758784968 0 0 0 141d prometheus-server-configmap-reload,prometheus-server jimmidyson/configmap-reload:v0.8.0,quay.io/prometheus/prometheus:v2.41.0 app=prometheus,component=server,pod-template-hash=6758784968,release=prometheus monitoring replicaset.apps/prometheus-server-7f64f585f 1 1 1 137d prometheus-server-configmap-reload,prometheus-server jimmidyson/configmap-reload:v0.8.0,quay.io/prometheus/prometheus:v2.41.0 app=prometheus,component=server,pod-template-hash=7f64f585f,release=prometheus velero replicaset.apps/velero-55f6d8dbb5 1 1 1 118d velero velero/velero:v1.11.0 app.kubernetes.io/instance=velero,app.kubernetes.io/name=velero,pod-template-hash=55f6d8dbb5 velero replicaset.apps/velero-66fbf5d59b 0 0 0 118d velero velero/velero:v1.11.0 app.kubernetes.io/instance=velero,app.kubernetes.io/name=velero,pod-template-hash=66fbf5d59b

NAMESPACE NAME READY AGE CONTAINERS IMAGES monitoring statefulset.apps/prometheus-alertmanager 1/1 141d alertmanager quay.io/prometheus/alertmanager:v0.25.0

* kubectl -n ingress-nginx-mail describe cm,svc

Name: ingress-nginx-mail-controller Namespace: ingress-nginx-mail Labels: app.kubernetes.io/component=controller app.kubernetes.io/instance=ingress-nginx-mail app.kubernetes.io/managed-by=Helm app.kubernetes.io/name=ingress-nginx app.kubernetes.io/part-of=ingress-nginx app.kubernetes.io/version=1.5.1 helm.sh/chart=ingress-nginx-4.4.2 Annotations: meta.helm.sh/release-name: ingress-nginx-mail meta.helm.sh/release-namespace: ingress-nginx-mail

Data

server-snippet:

real_ip_header CF-Connecting-IP;

use-forwarded-headers:

true use-proxy-protocol:

true allow-snippet-annotations:

true

BinaryData

Events:

Name: ingress-nginx-mail-tcp Namespace: ingress-nginx-mail Labels: app.kubernetes.io/component=controller app.kubernetes.io/instance=ingress-nginx-mail app.kubernetes.io/managed-by=Helm app.kubernetes.io/name=ingress-nginx app.kubernetes.io/part-of=ingress-nginx app.kubernetes.io/version=1.5.1 helm.sh/chart=ingress-nginx-4.4.2 Annotations: meta.helm.sh/release-name: ingress-nginx-mail meta.helm.sh/release-namespace: ingress-nginx-mail

Data

993:

mailserver/mail-frontend:993 995:

mailserver/mail-frontend:995 25:

mailserver/mail-frontend:25 465:

mailserver/mail-frontend:465

BinaryData

Events:

Name: kube-root-ca.crt Namespace: ingress-nginx-mail Labels: Annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubern...

Data

ca.crt:

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE----- BinaryData ==== Events: Name: ingress-nginx-mail-controller Namespace: ingress-nginx-mail Labels: app.kubernetes.io/component=controller app.kubernetes.io/instance=ingress-nginx-mail app.kubernetes.io/managed-by=Helm app.kubernetes.io/name=ingress-nginx app.kubernetes.io/part-of=ingress-nginx app.kubernetes.io/version=1.5.1 helm.sh/chart=ingress-nginx-4.4.2 Annotations: meta.helm.sh/release-name: ingress-nginx-mail meta.helm.sh/release-namespace: ingress-nginx-mail service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: * service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-type: external Selector: app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx-mail,app.kubernetes.io/name=ingress-nginx Type: LoadBalancer IP Family Policy: SingleStack IP Families: IPv4 IP: 10.100.55.171 IPs: 10.100.55.171 LoadBalancer Ingress: k8s-ingressn-ingressn-4905a63ad9-519447fdc8742ee8.elb.eu-central-1.amazonaws.com Port: http 80/TCP TargetPort: http/TCP NodePort: http 30655/TCP Endpoints: 172.26.4.200:80 Port: https 443/TCP TargetPort: https/TCP NodePort: https 31426/TCP Endpoints: 172.26.4.200:443 Port: 25-tcp 25/TCP TargetPort: 25-tcp/TCP NodePort: 25-tcp 31927/TCP Endpoints: 172.26.4.200:25 Port: 465-tcp 465/TCP TargetPort: 465-tcp/TCP NodePort: 465-tcp 31082/TCP Endpoints: 172.26.4.200:465 Port: 993-tcp 993/TCP TargetPort: 993-tcp/TCP NodePort: 993-tcp 31157/TCP Endpoints: 172.26.4.200:993 Port: 995-tcp 995/TCP TargetPort: 995-tcp/TCP NodePort: 995-tcp 32058/TCP Endpoints: 172.26.4.200:995 Session Affinity: None External Traffic Policy: Cluster Events: Name: ingress-nginx-mail-controller-admission Namespace: ingress-nginx-mail Labels: app.kubernetes.io/component=controller app.kubernetes.io/instance=ingress-nginx-mail app.kubernetes.io/managed-by=Helm app.kubernetes.io/name=ingress-nginx app.kubernetes.io/part-of=ingress-nginx app.kubernetes.io/version=1.5.1 helm.sh/chart=ingress-nginx-4.4.2 Annotations: meta.helm.sh/release-name: ingress-nginx-mail meta.helm.sh/release-namespace: ingress-nginx-mail Selector: app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx-mail,app.kubernetes.io/name=ingress-nginx Type: ClusterIP IP Family Policy: SingleStack IP Families: IPv4 IP: 10.100.157.181 IPs: 10.100.157.181 Port: https-webhook 443/TCP TargetPort: webhook/TCP Endpoints: 172.26.4.200:8443 Session Affinity: None Events: Name: ingress-nginx-mail-controller-metrics Namespace: ingress-nginx-mail Labels: app.kubernetes.io/component=controller app.kubernetes.io/instance=ingress-nginx-mail app.kubernetes.io/managed-by=Helm app.kubernetes.io/name=ingress-nginx app.kubernetes.io/part-of=ingress-nginx app.kubernetes.io/version=1.5.1 helm.sh/chart=ingress-nginx-4.4.2 Annotations: meta.helm.sh/release-name: ingress-nginx-mail meta.helm.sh/release-namespace: ingress-nginx-mail Selector: app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx-mail,app.kubernetes.io/name=ingress-nginx Type: ClusterIP IP Family Policy: SingleStack IP Families: IPv4 IP: 10.100.39.192 IPs: 10.100.39.192 Port: metrics 10254/TCP TargetPort: metrics/TCP Endpoints: 172.26.4.200:10254 Session Affinity: None Events: ``` * kubectl -n mailserver describe svc ``` Name: mail-frontend Namespace: mailserver Labels: app=mail Annotations: service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-type: external Selector: app=mail Type: LoadBalancer IP Family Policy: SingleStack IP Families: IPv4 IP: 10.100.123.100 IPs: 10.100.123.100 LoadBalancer Ingress: ***.elb.eu-central-1.amazonaws.com Port: transfer 25/TCP TargetPort: transfer/TCP NodePort: transfer 31583/TCP Endpoints: 172.26.7.63:25 Port: smtps 465/TCP TargetPort: smtps/TCP NodePort: smtps 32149/TCP Endpoints: 172.26.7.63:465 Port: submission 587/TCP TargetPort: submission/TCP NodePort: submission 31957/TCP Endpoints: 172.26.7.63:587 Port: imap 143/TCP TargetPort: imap/TCP NodePort: imap 31846/TCP Endpoints: 172.26.7.63:143 Port: imaps 993/TCP TargetPort: imaps/TCP NodePort: imaps 31850/TCP Endpoints: 172.26.7.63:993 Port: pop3s 995/TCP TargetPort: pop3s/TCP NodePort: pop3s 32103/TCP Endpoints: 172.26.7.63:995 Port: pop3 110/TCP TargetPort: pop3/TCP NodePort: pop3 30962/TCP Endpoints: 172.26.7.63:110 Port: https 443/TCP TargetPort: https/TCP NodePort: https 31340/TCP Endpoints: 172.26.7.63:443 Port: http 80/TCP TargetPort: http/TCP NodePort: http 31768/TCP Endpoints: 172.26.7.63:80 Session Affinity: None External Traffic Policy: Cluster Events: Name: mailcluster-svc Namespace: mailserver Labels: app=mailserver Annotations: Selector: app=mailserver Type: ClusterIP IP Family Policy: SingleStack IP Families: IPv4 IP: 10.100.9.252 IPs: 10.100.9.252 Port: cli 7000/TCP TargetPort: cli/TCP Endpoints: 172.26.18.80:7000 Port: web 9000/TCP TargetPort: web/TCP Endpoints: 172.26.18.80:9000 Session Affinity: None Events: ```

longwuyuan commented 1 year ago

Can you try tthis ;

kubectl -n mailserver delete svc mail-frontend
kubectl -n mailserver expose deployment mailserver --name mail-frontend --port 25 --port --port 993
From ouside the cluster try telnet k8s-ingressn-ingressn-4905a63ad9-519447fdc8742ee8.elb.eu-central-1.amazonaws.com 25

kirilovvv commented 1 year ago

I created new service mail-frontend-test:

Name:              mail-frontend-test
Namespace:         mailserver
Annotations:       <none>
Selector:          app=mail
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                10.100.169.222
IPs:               10.100.169.222
Port:              smtp  25/TCP
TargetPort:        25/TCP
Endpoints:         172.26.7.63:25
Port:              imap  993/TCP
TargetPort:        993/TCP
Endpoints:         172.26.7.63:993
Session Affinity:  None
Events:            <none>

Tested it and it works:

root@busybox:/# telnet mail-frontend-test.mailserver 25
Trying 10.100.169.222...
Connected to mail-frontend-test.mailserver.svc.cluster.local.
Escape character is '^]'.
220 *** ESMTP ready
^]
telnet> Connection closed.
root@busybox:/# telnet mail-frontend-test.mailserver 993
Trying 10.100.169.222...
Connected to mail-frontend-test.mailserver.svc.cluster.local.
Escape character is '^]'.
^]
telnet> Connection closed.
root@busybox:/#

I also reconfigured the tcp part in my values.yaml:

tcp: 
  25: "mailserver/mail-frontend-test:25"
  465: "mailserver/mail-frontend-test:465"
  993: "mailserver/mail-frontend-test:993"
  995: "mailserver/mail-frontend-test:995"

After upgrade the same log persist:

W0827 13:39:14.610841       7 controller.go:369] Error getting ConfigMap "ingress-nginx-mail/ingress-nginx-mail-tcp": no object matching key "ingress-nginx-mail/ingress-nginx-mail-tcp" in local store
W0827 13:45:04.323017       7 controller.go:369] Error getting ConfigMap "ingress-nginx-mail/ingress-nginx-mail-tcp": no object matching key "ingress-nginx-mail/ingress-nginx-mail-tcp" in local store
W0827 13:45:09.302332       7 controller.go:369] Error getting ConfigMap "ingress-nginx-mail/ingress-nginx-mail-tcp": no object matching key "ingress-nginx-mail/ingress-nginx-mail-tcp" in local store
W0827 13:45:20.178936       7 controller.go:369] Error getting ConfigMap "ingress-nginx-mail/ingress-nginx-mail-tcp": no object matching key "ingress-nginx-mail/ingress-nginx-mail-tcp" in local store
W0827 13:45:35.001914       7 controller.go:369] Error getting ConfigMap "ingress-nginx-mail/ingress-nginx-mail-tcp": no object matching key "ingress-nginx-mail/ingress-nginx-mail-tcp" in local store

Telnet from outside the cluster:

~/git ❯❯❯ telnet k8s-ingressn-ingressn-4905a63ad9-519447fdc8742ee8.elb.eu-central-1.amazonaws.com 25                                                                                                       ✘ 130
Trying 18.184.230.162...
^C⏎                                                                                                                                                                                                             ~/git ❯❯❯ telnet k8s-ingressn-ingressn-4905a63ad9-519447fdc8742ee8.elb.eu-central-1.amazonaws.com 993                                                                                                      ✘ 130
Trying 18.184.230.162...
^C⏎                                                                                                                                                                                                             ~/git ❯❯❯ telnet k8s-ingressn-ingressn-4905a63ad9-519447fdc8742ee8.elb.eu-central-1.amazonaws.com 80                                                                                                       ✘ 130
Trying 18.184.230.162...
Connected to k8s-ingressn-ingressn-4905a63ad9-519447fdc8742ee8.elb.eu-central-1.amazonaws.com.
Escape character is '^]'.
^]
telnet> Connection closed.
~/git ❯❯❯ telnet k8s-ingressn-ingressn-4905a63ad9-519447fdc8742ee8.elb.eu-central-1.amazonaws.com 443
Trying 52.28.51.1...
Connected to k8s-ingressn-ingressn-4905a63ad9-519447fdc8742ee8.elb.eu-central-1.amazonaws.com.
Escape character is '^]'.
^]
telnet> ^C⏎

longwuyuan commented 1 year ago

I had commented on the state that was visible in your earlier post. So your latest update is 100% useless to me as the state has changed and my comments are invalid.

But I have tested this and there is no bug in the controller.

So the problem is now limited to your use case and it looks like you need personalized support.

There are not many resources here on github to track individual support issues. Please wait and see if other people comment and help solve your problem. Or you can come and discuss this at kubernetes.slack.com in the ingress-nginx-users

/kind support

github-actions[bot] commented 1 year ago

This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach #ingress-nginx-dev on Kubernetes Slack.

rikatz commented 1 year ago

I'm not sure if helm is the right approach here, can you test following https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/?

rikatz commented 9 months ago

/close

No further answer, closing it.

k8s-ci-robot commented 9 months ago

@rikatz: Closing this issue.

In response to [this](https://github.com/kubernetes/ingress-nginx/issues/10307#issuecomment-1969921021): >/close > >No further answer, closing it. Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

kubernetes / ingress-nginx

Unable to expose TCP Services #10307

Data

465:

mailserver/mail-frontend:465 993:

mailserver/mail-frontend:993 995:

mailserver/mail-frontend:995 25:

BinaryData

Data

server-snippet:

use-forwarded-headers:

true use-proxy-protocol:

true allow-snippet-annotations:

BinaryData

Data

993:

mailserver/mail-frontend:993 995:

mailserver/mail-frontend:995 25:

mailserver/mail-frontend:25 465:

BinaryData

Data

ca.crt: