We Keep Coding

Communication fail between Zabbix-Proxy and Server at port 10051 in a k8s cluster with HAProxy

I have a communication problem between Zabbix Proxy and Zabbix Server at port 10051. I’m using HAPROXY version 2.0.13. Look my Kubernetes scenario:
HAPROXY is working fine when I access my website zabbix.domain.com at port 80 and 443.
Zabbix-Proxy has a parameter “Server” that I set with ip address of worker-1 and the communication works fine, but this happen because the traffic don’t pass through HAPROXY server. When I try to set the Server parameter with my domain address zabbix.domain.com that go to my HAPROXY server, the communication dont work, give the impression that HAPROXY cant treat the request.
zabbix_proxy.conf: Work with Worker-1 ip addr, but dont work with domain name.
The domain name as I said, is pointing to HAPROXY server (10.0.0.110). I think the zabbix-proxy is trying to reach the port 10051 of HAPROXY server and the HAPROXY can’t deal with the requests to forward to my worker node.
This is my HAPROXY configuration, I test with frontend and backend, but now, I just rewrite with Listen parameter.
listen zabbix
mode tcp
bind :10051
option forwardfor
server worker-1 10.10.10.112:10051 check
server worker-1 10.10.10.113:10051 check
server worker-1 10.10.10.114:10051 check
Someone can help? There are some manner to point to my website zabbix.domain.com, the haproxy treat the request send to my worker-1 in port 10051? Please tell me If need more information.

Google load balancer redirect IP address to specific port?

I'm using google compute engine, and have set up a load balancer over an instance group. I have also reserved an ip address. Everything works just fine, if I access the specific port (8080), but if I just try to access the ip-address I get a '404 error'. I have also added a domain and have the same problem. domain.com:8080 works but just domain.com gives a '404 error'.
Is the same host and path as this (host: *, path: /*) guy enough? Or is there more configuration to be done. I can't seem to find this information in the docs.

setup the load balancer frontend to listen to port 80 instead of 8080 and/or 443 for HTTPS (requires SSL certificate...)

How can I get my services to register with a specific port in Eureka?

My Setup
I have some services that register with Eureka. This registration info is used by Zuul to route requests to my services. Most of these services run on a port like 9999 or 8080. Each service is on it's own EC2 instance, and I have Nginx routing requests from port 80 to the server's port, so that I can keep my Security Group rules simple.
My Problem
When my service registers with Eureka, it gets registered with ${server.port}, which ends up being 8080 or 9999, etc. When Zuul attempts to route to {ec2host}:8080, it gets blocked by my Security Group rules. Based on the documentation, it looks like I should be able to specify a host and port with eureka.instance.hostname and eureka.instance.nonSecurePort. Whether I use those properties or not, my service registers with it's specific port.
Is there a way to get the Eureka client to register my service with port 80, instead of the server's port?

marathon service port uniqueness

testing Marathon application/group deployment I have observed that if I try to deploy an application specifying a service port that has already been assigned to another app Marathon v2/apps endpoint rejects the request, as expected:
{"message”:"Requested service port 8306 conflicts with a service port in app /dbaas01/mysql"}
Yet, it seems that the service port uniqueness is not checked when submitting the deployment of an application group. I was able to deploy twice the same application group (changing the root group name) and using the same service ports for the applications.
Of course, this creates an issue with the haproxy-marathon-bridge: the load balancer configuration is modified so that the same port points to different services:
listen dbaas01_mysql-8306
bind 0.0.0.0:8306
mode tcp
option tcplog
balance leastconn
server dbaas01_mysql-1 172.30.15.84:31841 check
listen dbaas02_mysql-8306
bind 0.0.0.0:8306
mode tcp
option tcplog
balance leastconn
server dbaas02_mysql-1 172.30.15.85:31075 check
Is this the expected behavior? Why the check on the service port uniqueness is not performed on the application deployed using the /v2/groups endpoint?
Thank you in advance for feedbacks.
Best regards,
Marica

Which ports does Secure Gateway Client use?

I plan to set the Secure Gateway Client at DMZ at on-premise environment, so I need to open Outbound ports for SG Client to connect to SG on Bluemix. The following question is similar to my question, but the answer doesn't show the needed ports.
For the Bluemix Secure Gateway service, how does the data center's network need to be configured?
For the Bluemix Secure Gateway service, how does the data center's network need to be configured?
The following Bluemix Doc shows Outbound 443 is needed.
https://www.ng.bluemix.net/docs/troubleshoot/SecureGateway/ts_index-gentopic1.html#ts_sg_006
What are the best practices for running the Secure Gateway client?
Before you install the Docker client into your environment, ensure that both the internet and your on-premises assets are accessible and all host names are resolvable by a DNS. The client uses outbound port 443 to connect to the IBM Bluemix environment, normally this port is open since its secure. Ensure you check or modify additional firewall and IP Table rules that might apply.
But, the tcpdump, which I got when I executed "docker run -it ibmcom/secure-gateway-client XXXX", showed that SG Client used Outbound 443 and 9000. Is it collect that all ports SG Client uses are Outbound 443 and 9000 ?

Correct, if you are closing down both outbound and inbound ports using your firewall, then for outbound allow ports 443/9000. So your initial assertion is correct.