How can I stop TCP connections on my pod via Loadbalancer?

Question

How can I stop TCP connections on my pod via Loadbalancer?

Ritika Laddha 170

Hello
I am receiving continuous TCP connection on 5432 port request on my Pod, because of load balancer. I have tried making this service type ClusterIP, after that I was not getting this logs. But I want to use load balancer for external connectivity. So, Is there any way to stop this, or divert it some other port?

I even exposed one more port, but I am still getting TCP connection on 5432

  ports:
    - name: database
      protocol: TCP
      port: 5432
      targetPort: 5432
      nodePort: 31217
    - name: http
      protocol: TCP
      port: 8080
      targetPort: 8080
      nodePort: 30232

pod logs:
Actually my application prints this log for every TCP connection made by user on 5432 port, but why loadBalancer is sending this connection request? Please help me stop this.

2024-08-01 13:06:20,071 INFO  [com.roc.pos.pga.TcpServer] (vert.x-eventloop-thread-0) New connection request
2024-08-01 13:06:20,278 INFO  [com.roc.pos.pga.TcpServer] (vert.x-eventloop-thread-0) New connection request
2024-08-01 13:06:20,468 INFO  [com.roc.pos.pga.TcpServer] (vert.x-eventloop-thread-0) New connection request
2024-08-01 13:06:20,719 INFO  [com.roc.pos.pga.TcpServer] (vert.x-eventloop-thread-0) New connection request
2024-08-01 13:06:20,944 INFO  [com.roc.pos.pga.TcpServer] (vert.x-eventloop-thread-0) New connection request

Below is my load balancer configuration.

kind: Service
apiVersion: v1
metadata:
  name: server
  annotations:
    service.beta.kubernetes.io/azure-load-balancer-internal: 'true'
  finalizers:
    - service.kubernetes.io/load-balancer-cleanup
spec:
  ports:
    - name: database
      protocol: TCP
      port: 5432
      targetPort: 5432
      nodePort: 30277
  selector:
    app.kubernetes.io/instance: server
    app.kubernetes.io/name: server
  type: LoadBalancer
  sessionAffinity: None
  externalTrafficPolicy: Cluster
  ipFamilies:
    - IPv4
  ipFamilyPolicy: SingleStack
  allocateLoadBalancerNodePorts: true
  internalTrafficPolicy: Cluster
status:
  loadBalancer:
    ingress:
      - ip:

Prrudram-MSFT 28,281 Reputation points Microsoft Employee Moderator

2024-08-02T13:26:32.6233333+00:00
Hi @Ritika Laddha

Thank you for reaching out to the Microsoft Q&A platform.

If I understand correctly are receiving continuous TCP connection requests on port 5432 because of the load balancer. You have tried making the service type ClusterIP, but you want to use the load balancer for external connectivity. You have also exposed one more port, but you are still getting TCP connection requests on port 5432.

Based on the information you have provided, it seems like the load balancer is sending these connection requests. However, it is not clear why the load balancer is sending these requests. One possible solution is to change the port used by the load balancer to connect to your application. You can try changing the targetPort in your service configuration to a different port, such as 8080, which is the port you have exposed for HTTP traffic. This should stop the load balancer from sending connection requests to port 5432.

Here is an example configuration for your service:

kind: Service apiVersion: v1 metadata: name: server annotations: service.beta.kubernetes.io/azure-load-balancer-internal: 'true' finalizers: - service.kubernetes.io/load-balancer-cleanup spec: ports: - name: database protocol: TCP port: 5432 targetPort: 8080 nodePort: 30277 - name: http protocol: TCP port: 8080 targetPort: 8080 nodePort: 30232 selector: app.kubernetes.io/instance: server app.kubernetes.io/name: server type: LoadBalancer sessionAffinity: None externalTrafficPolicy: Cluster ipFamilies: - IPv4 ipFamilyPolicy: SingleStack allocateLoadBalancerNodePorts: true internalTrafficPolicy: Cluster

This configuration exposes both port 5432 and port 8080, but it maps port 5432 to port 8080 for incoming traffic from the load balancer. This should stop the load balancer from sending connection requests to port 5432.

I hope this helps! Let me know if you have any further questions.
Ritika Laddha 170 Reputation points

2024-08-02T13:40:58.77+00:00

Hi
Thanks for replying
that won't work because my application works on TCP connection on 5432 port

But why is load balancer sending connection requests, it should only send those requests when a real user tries to connect?
Prrudram-MSFT 28,281 Reputation points Microsoft Employee Moderator

2024-08-02T13:49:28.14+00:00

@Ritika Laddha
This needs a deeper investigation, I would recommend connecting with the azure technical support over a support case for further help. If you don't have the ability to open a technical support ticket, please let me know and I can help you further with this.
Ritika Laddha 170 Reputation points

2024-08-02T13:51:46.2166667+00:00

yes, please
That would be great, if you could help.
Abiola Akinbade 29,490 Reputation points Volunteer Moderator

2024-08-04T22:35:31.6566667+00:00

Ritika Laddha you could create a technical ticket here: https://azure.microsoft.com/en-us/support/create-ticket
Ritika Laddha 170 Reputation points

2024-08-06T05:34:32.8466667+00:00
adding below annotation in service, worked for me

service.beta.kubernetes.io/port_5432_no_probe_rule: 'true'
Ritika Laddha 170 Reputation points

2024-08-06T05:35:20.7533333+00:00
adding below annotation in service, worked for me

service.beta.kubernetes.io/port_5432_no_probe_rule: 'true'

Accepted answer

0 additional answers

Your answer

Prrudram-MSFT 28,281 Reputation points Microsoft Employee Moderator

2024-08-02T13:26:32.6233333+00:00

Hi @Ritika Laddha

Thank you for reaching out to the Microsoft Q&A platform.

If I understand correctly are receiving continuous TCP connection requests on port 5432 because of the load balancer. You have tried making the service type ClusterIP, but you want to use the load balancer for external connectivity. You have also exposed one more port, but you are still getting TCP connection requests on port 5432.

Based on the information you have provided, it seems like the load balancer is sending these connection requests. However, it is not clear why the load balancer is sending these requests. One possible solution is to change the port used by the load balancer to connect to your application. You can try changing the targetPort in your service configuration to a different port, such as 8080, which is the port you have exposed for HTTP traffic. This should stop the load balancer from sending connection requests to port 5432.

Here is an example configuration for your service:

kind: Service apiVersion: v1 metadata: name: server annotations: service.beta.kubernetes.io/azure-load-balancer-internal: 'true' finalizers: - service.kubernetes.io/load-balancer-cleanup spec: ports: - name: database protocol: TCP port: 5432 targetPort: 8080 nodePort: 30277 - name: http protocol: TCP port: 8080 targetPort: 8080 nodePort: 30232 selector: app.kubernetes.io/instance: server app.kubernetes.io/name: server type: LoadBalancer sessionAffinity: None externalTrafficPolicy: Cluster ipFamilies: - IPv4 ipFamilyPolicy: SingleStack allocateLoadBalancerNodePorts: true internalTrafficPolicy: Cluster

This configuration exposes both port 5432 and port 8080, but it maps port 5432 to port 8080 for incoming traffic from the load balancer. This should stop the load balancer from sending connection requests to port 5432.

I hope this helps! Let me know if you have any further questions.
Ritika Laddha 170 Reputation points

2024-08-02T13:40:58.77+00:00

Hi
Thanks for replying
that won't work because my application works on TCP connection on 5432 port

But why is load balancer sending connection requests, it should only send those requests when a real user tries to connect?
Prrudram-MSFT 28,281 Reputation points Microsoft Employee Moderator

2024-08-02T13:49:28.14+00:00

@Ritika Laddha
This needs a deeper investigation, I would recommend connecting with the azure technical support over a support case for further help. If you don't have the ability to open a technical support ticket, please let me know and I can help you further with this.
Ritika Laddha 170 Reputation points

2024-08-02T13:51:46.2166667+00:00

yes, please
That would be great, if you could help.
Abiola Akinbade 29,490 Reputation points Volunteer Moderator

2024-08-04T22:35:31.6566667+00:00

Ritika Laddha you could create a technical ticket here: https://azure.microsoft.com/en-us/support/create-ticket
Ritika Laddha 170 Reputation points

2024-08-06T05:34:32.8466667+00:00

adding below annotation in service, worked for me

service.beta.kubernetes.io/port_5432_no_probe_rule: 'true'
Ritika Laddha 170 Reputation points

2024-08-06T05:35:20.7533333+00:00

adding below annotation in service, worked for me

service.beta.kubernetes.io/port_5432_no_probe_rule: 'true'

Answer 1

Hi @Ritika Laddha
I am glad to know the issue has been fixed. I am reposting this as answer to the issue for the benefit of the community users. Please accept it as answer so that this can be beneficial to other community members for remediation for similar issues.

Issue: How can I stop TCP connections on my pod via Loadbalancer?
Resolution:
The original poster Ritika Laddha confirmed that adding below annotation in service, worked for me

service.beta.kubernetes.io/port_5432_no_probe_rule: 'true'

https://github.com/kubernetes/cloud-provider-aws/issues/168

Please Accept Answer and hit Yes for "was this answer helpful"

Share via

How can I stop TCP connections on my pod via Loadbalancer?

0 additional answers

Your answer