Ejabberd in GCP Kubernetes: Service not accessible in ingress.

[NavinVinayagam]

Hi All, I deployed the ejabberd/ecs dokcer image in GCP with service type as node port and tried to access it using the ingress, but it is not working and I am not able to access the service using ingress. I added another service for the same deployment with service type as Load Balancer and now I able to access the ejabberd server directly from the service. I don't what is right way to add an ingress for the ejabberd service.

Below are my yaml files: Deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: ejabberd-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ejabberd-deployment
  template:
    metadata:
      labels:
        app: ejabberd-deployment
    spec:
      containers:
        - name: ejabberd-container
          image: ejabberd/ecs
          ports:
            - containerPort: 5222
            - containerPort: 5443
            - containerPort: 4369 

Service.yaml

apiVersion: v1
kind: Service
metadata:
  name: ejabberd-service
  namespace: development
  annotations:
    # cloud.google.com/backend-config: '{"ports": {"5443":"ejabberd-backend-config"}}'
    cloud.google.com/backend-config: '{"default":"ejabberd-backend-config"}'
spec:
  ports:
  - port: 80
    targetPort: 5222
    protocol: TCP
    name: xmpp
  - port: 443
    targetPort: 5443
    protocol: TCP
    name: https
  selector:
    app: ejabberd-deployment
  type: NodePort

Backendconfig.yaml

apiVersion: cloud.google.com/v1
kind: BackendConfig
metadata:
  name: ejabberd-backend-config
spec:
  healthCheck:
    checkIntervalSec: 15
    port: 5443
    type: HTTPS
    requestPath: /ws
    healthyThreshold: 1
    unhealthyThreshold: 3
    timeoutSec: 15

Ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ejabberd-ingress
  annotations:
    kubernetes.io/ingress.class: "gce"
spec:
  tls:
    - hosts:
        - dev-chat.mydomain.com
      secretName: ssl-secretname
  defaultBackend:
    service:
      name: ejabberd-service
      port:
        number: 443
  rules:
    - host: dev-chat.mydomain.com
      http:
        paths:
          - path: /* 
            pathType: ImplementationSpecific
            backend:
              service:
                name: ejabberd-service
                port:
                  number: 443

Above are my yaml files. I want to access the ejabberd service from the ingress URL. Kindly assist me with the issues here and suggest any alternatives if available.

Ingress UI:

[sando38]

I added another service for the same deployment with service type as Load Balancer and now I able to access the ejabberd server directly from the service. I don't what is right way to add an ingress for the ejabberd service

Usually NodePort opens a port in a range of 30000 - 33000 or similar. This port is mapped to ejabberd's service port 80 in your case. Did you try to connect to that nodeport when connecting to ejabberd? E.g. with gajim you would use custom network settings:

• Hostname: your server
• Port: the port opened with NodePort (something in that mentioned range) -> 3xxxx
• Starttls or no tls

[NavinVinayagam]

I tried connecting using the node port number, but the ingress itself thrown the below error:

Translation failed: invalid ingress spec: could not find port "&ServiceBackendPort{Name:,Number:30007,}" in service "development/ejabberd-service"; could not find port "&ServiceBackendPort{Name:,Number:30007,}" in service "development/ejabberd-service"

When I tried to connect with 443 port(using the config I shared earlier) , I got the below 502 error page, when I try to hit the ingress end points

[sando38]

I tried connecting using the node port number, but the ingress itself thrown the below error:

Translation failed: invalid ingress spec: could not find port "&ServiceBackendPort{Name:,Number:30007,}" in service "development/ejabberd-service"; could not find port "&ServiceBackendPort{Name:,Number:30007,}" in service "development/ejabberd-service"

apiVersion: v1
kind: Service
metadata:
  name: ejabberd-service
  namespace: development
  annotations:
    # cloud.google.com/backend-config: '{"ports": {"5443":"ejabberd-backend-config"}}'
    cloud.google.com/backend-config: '{"default":"ejabberd-backend-config"}'
spec:
  ports:
  - port: 80
    targetPort: 5222
    nodePort: 30522
    protocol: TCP
    name: xmpp
  - port: 443
    targetPort: 5443
    nodePort: 30443
    protocol: TCP
    name: https
  selector:
    app: ejabberd-deployment
  type: NodePort

If you use that service, can you connect with dev-chat.mydomain.com:30443?

[NavinVinayagam]

I already tried exactly the above and it failed

[sando38]

Also using https in the browser?

[NavinVinayagam]

Yes, I connected using HTTPS in the browser, but it failed.

[sando38]

Well, sorry, I do not use GCP, however that service definition works for me. As well as on bare-metal and on DigitalOcean.

Here is a DO example which works:

apiVersion: v1
kind: Service
metadata:
  name: c2s-ejabberd
  namespace: xmpp
  annotations:
    kubernetes.digitalocean.com/firewall-managed: "true"
    external-dns.alpha.kubernetes.io/hostname: "xmpp.example.com"
    external-dns.alpha.kubernetes.io/access: "public"
spec:
  type: NodePort
  externalTrafficPolicy: Local
  ports:
  - name: c2s
    nodePort: 30522
    port: 5222
    protocol: TCP
    targetPort: 5222
  selector:
    app: ejabberd
---
apiVersion: v1
kind: Service
metadata:
  name: c2s-tls-ejabberd
  namespace: xmpp
  annotations:
    kubernetes.digitalocean.com/firewall-managed: "true"
    external-dns.alpha.kubernetes.io/hostname: "xmpp-tls.example.com"
    external-dns.alpha.kubernetes.io/access: "public"
spec:
  type: NodePort
  externalTrafficPolicy: Local
  ports:
  - name: c2s-ssl
    nodePort: 30523
    port: 5223
    protocol: TCP
    targetPort: 5223
  selector:
    app: ejabberd

[sando38]

Hi, I did create a helm-chart for ejabberd: https://github.com/sando38/helm-ejabberd

This is still in development, but you may give it a try.