I'm attempting to deploy a DNP3 server (an industrial protocol) within Kubernetes. DNP3 uses TCP communications but is a stateful protocol. I'm currently working on deploying the ingress controller configuration.
I realize that ingress controllers are intended for http/https traffic, but I'd like to use them if possible and take advantage of some of the inherent features (e.g. mutual TLS, whitelisting, etc.). Does the NGINX ingress controller require that incoming traffic be formatted as http traffic (e.g. having a header, etc.)? If it receives random TCP (non-http) traffic can it simply pass the traffic along to backend service?
The annotations I'm trying to work with include:
ingress.kubernetes.io/auth-tls-secret: default/client-secret
ingress.kubernetes.io/auth-tls-verify-depth: "3"
kubernetes.io/ingress.class: nginx-private
nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"
nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
nginx.org/lb-method: ip_hash
A few notes:
- I realize that the auth-tls-pass-certificate annotation would add a header. My hope is that I can read the cert information from the header and then strip the header/other https data from the message.
- I'm hoping ot use the ip_hash lb-method in order to allow for the application to be stateful (a client with a consistent IP address is always routed to the same backend server).
