Is there a way to avoid using the port 80 when calling the mesh services?

manju-rn commented 1 week ago

What happened?

I have a multizone setup and is working properly

I have this DB hosted in a Zone2 - appears as jp-pg-svc_db-ns_svc_5432.mesh:80 in the Kuma UI
I also have 2 UI for DB - adminer and pgadmin in Zone1
- In pgadmin - there is no issue when I give db host name as jp-pg-svc_db-ns_svc_5432.mesh:80 it connects fine
- In adminer - there is a restriction on using port 80 (as it considers it priviedge port), hence jp-pg-svc_db-ns_svc_5432.mesh:80 fails - see snapshot.
  Q1: So is there a way for Mesh service to have other port and not 80 by default? Q2: Is there an alternative where I could create a dummy service (similar to how istio allows it) in Zone1 and have it redirect to jp-pg-svc_db-ns_svc_5432.mesh:80 which is in Zone1. So that in adminer UI, i could give this service name instead of ...mesh:80 ?

Snapshot from adminer

Kuma UI

lahabana commented 1 week ago

Hey!

3 ways to go around this:

The old way virtual-outbound
An ok workaround for you: set the env var KUMA_DNS_SERVICE_SERVICE_VIP_PORT to another non privilege port (like 8080) and then you'll be able to use 8080 instead of 80 everywhere
The new way (still beta) meshservice and hostname generator

manju-rn commented 1 week ago

3. The new way (still beta) meshservice and hostname generator

Thanks, I was trying the 3rd way, i gave the following

apiVersion: kuma.io/v1alpha1
kind: MeshService
metadata:
  name: pg-jp-svc
  namespace: db-ns
  labels:
    kuma.io/mesh: mesh2
spec:
  selector:
    dataplaneTags:
      app: jp-pg
      k8s.kuma.io/namespace: db-ns
  ports:
  - port: 5432
    targetPort: 5432
    appProtocol: tcp

apiVersion: kuma.io/v1alpha1
kind: HostnameGenerator
metadata:
  name: all
  namespace: kuma-system
  labels:
    kuma.io/mesh: mesh2
    kuma.io/origin: zone
spec:
  selector:
    meshService:
      matchLabels:
        k8s.kuma.io/namespace: db-ns
  template: "{{ .DisplayName }}.{{ .Namespace }}.mesh"

In Kuma GUI, I have the following

But when I try using the adminer (or pgadmin). It is not able connect

Note that the "normal" k8s service is still existing and hence pgadmin is still able to connect via `jp-pg-svc_db-ns_svc_5432.mesh:80`. Both this as well as the above MeshService should be pointing to same dataplane proxies, is it not?

On the option of VirtualBound, i did setup but i am not sure where to look at generatef hostname. It does not show up in UI
For the workround you stated, KUMA_DNS_SERVICE_SERVICE_VIP_PORT where do i set it?

jakubdyszkiewicz commented 6 days ago

Triage: Can you post the MeshService YAML that you have on Kubernetes? Kuma control plane updates the status of this service and I wonder if it picked this up. Can you also paste YAML of a Dataplane object of jp-pg?

For the workround you stated, KUMA_DNS_SERVICE_SERVICE_VIP_PORT where do i set it?

On the zone CP, take a look how to set it https://kuma.io/docs/2.8.x/documentation/configuration/

kumahq / kuma

Is there a way to avoid using the port 80 when calling the mesh services? #10741

What happened?

Note that the "normal" k8s service is still existing and hence pgadmin is still able to connect via `jp-pg-svc_db-ns_svc_5432.mesh:80`. Both this as well as the above MeshService should be pointing to same dataplane proxies, is it not?

kumahq / kuma

Is there a way to avoid using the port 80 when calling the mesh services? #10741

What happened?

Note that the "normal" k8s service is still existing and hence pgadmin is still able to connect via jp-pg-svc_db-ns_svc_5432.mesh:80. Both this as well as the above MeshService should be pointing to same dataplane proxies, is it not?

Note that the "normal" k8s service is still existing and hence pgadmin is still able to connect via `jp-pg-svc_db-ns_svc_5432.mesh:80`. Both this as well as the above MeshService should be pointing to same dataplane proxies, is it not?