How to map incoming traffic (TCP on DNS-Zone) to different port within Azure?

%3CLINGO-SUB%20id%3D%22lingo-sub-2104961%22%20slang%3D%22en-US%22%3EHow%20to%20map%20incoming%20traffic%20(TCP%20on%20DNS-Zone)%20to%20different%20port%20within%20Azure%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2104961%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20incoming%20TCP%20Traffic%20(not%20http%20or%20https)%20from%20a%20bunch%20of%20devices%20at%20a%20subdomain%20in%20our%20Azure%20DNS-Zone.%20The%20Traffic%20arrives%20(for%20what%20ever%20reason)%20at%20port%20443%20and%20is%20linked%20to%20the%20IP%20of%20our%20legacy%20System%20(a%20single%20Azure%20VM).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%20we%20would%20like%20to%20send%20this%20traffic%20to%20our%20aks%20kubernetes%20cluster%20(this%20one%20should%20replace%20the%20single%20VM)%2C%20using%20Nginx%20within%20the%20cluster%2C%20into%20a%20pod%20in%20kubernetes.%20Easily%20I%20can%20enter%20the%20public%20IP%20of%20the%20cluster%20as%20a%20target%20of%20the%20subdomain%20in%20the%20DNS-Zone%20but%20in%20the%20same%20time%2C%20we%20need%20to%20change%20the%20port%20to%20which%20the%20traffice%20will%20be%20directed.%20That%20does%20not%20seems%20to%20be%20possible%20in%20the%20DNS-Zone.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20Ingress%20within%20the%20kubernetes%20seems%20to%20use%20443%20per%20default%20just%20for%20http.%20We%20already%20have%20configured%20the%20Ingress%20to%20even%20handle%20TCP-Traffice%20beside%20of%20that%20from%20http%2C%20but%20we%20did%20not%20manage%20to%20handle%20TPC-Traffic%20at%20port%20443%20within%20the%20kubernetes%2C%20as%20this%20somehow%20seems%20to%20be%20reserved%20for%20http(s).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EReconfigure%20the%20port%20in%20the%20server%20settings%20of%20the%20devices%20is%20not%20an%20option%3A%20Needs%20too%20much%20time%20and%20we%20would%20loose%20the%20legacy-system%20as%20a%20fallback%20option.%20Reconfiguring%20the%20legacy-System%20to%20any%20other%20port%20to%20listen%20to%20is%20even%20not%20possible.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EA%20new%20loadbalancer%20does%20not%20help%2C%20as%20I%20just%20can%20connect%20it%20with%20a%20VM%2C%20not%20with%20the%20public%20endpoint%20of%20the%20aks%20kubernetes-service.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%2C%20is%20there%20an%20option%2C%20to%20just%20change%20the%20Port%20between%20DNS-Zone%20and%20aks%3F%20After%20the%20traffic%20hits%20the%20DNS%20but%20before%20it%20will%20be%20managed%20by%20the%20Nginx%20%2F%20Ingress%3F%20So%20we%20are%20looking%20for%20a%20TCP-gateway%20that%20includes%20Port-Manipulation%2C%20in%20best%20case%2C%20something%20that%20runs%20as%20a%20service%20on%20a%20managed%20system%20%2F%20cluster.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

We have incoming TCP Traffic (not http or https) from a bunch of devices at a subdomain in our Azure DNS-Zone. The Traffic arrives (for what ever reason) at port 443 and is linked to the IP of our legacy System (a single Azure VM).

 

Now we would like to send this traffic to our aks kubernetes cluster (this one should replace the single VM), using Nginx within the cluster, into a pod in kubernetes. Easily I can enter the public IP of the cluster as a target of the subdomain in the DNS-Zone but in the same time, we need to change the port to which the traffice will be directed. That does not seems to be possible in the DNS-Zone.

 

The Ingress within the kubernetes seems to use 443 per default just for http. We already have configured the Ingress to even handle TCP-Traffice beside of that from http, but we did not manage to handle TPC-Traffic at port 443 within the kubernetes, as this somehow seems to be reserved for http(s).

 

Reconfigure the port in the server settings of the devices is not an option: Needs too much time and we would loose the legacy-system as a fallback option. Reconfiguring the legacy-System to any other port to listen to is even not possible.

 

A new loadbalancer does not help, as I just can connect it with a VM, not with the public endpoint of the aks kubernetes-service.

 

So, is there an option, to just change the Port between DNS-Zone and aks? After the traffic hits the DNS but before it will be managed by the Nginx / Ingress? So we are looking for a TCP-gateway that includes Port-Manipulation, in best case, something that runs as a service on a managed system / cluster.

0 Replies