You can translate the question and the replies:

port usage and pod setup

While on 20230301 container version I have the deployment for Denodo set on 30299 port using TLS. This port is also exposed on cluster port 30299. Clients are able to connect to this POD using jdbc driver with connect string as "jdbc:vdb://denodo.k8cluster.domain.com:30299/admin". This would hit the cluster ingress 30299, which is routed on layer 4 to service port 8999, which is linked to pod port 30299. To avoid using custom ports and move from layer 4 to layer 7 routing I aim to add an alias on the TLS certificate as jdbc.denodo.aks-cluster-name. This allows me to add an ingress definition for the cluster (port 443) for this host (jdbc. * ), so that all traffic for host jdbc.denodo.aks-cluster-name is routed to the denodo port (remains at 30299). While this setup still works for the 30299 port as before and for VDP admin interface, connection attemps from clients using the aliased hostname and the 443 port fails wtih "Connection error: Check the hostname and port number are correct, and that client and server belong to the same Denodo major version." The connect string in this case would typically be "jdbc:vdb://**jdbc**.denodo.k8cluster.domain.com:**443**/admin". The traffic is routed by host-name (layer 7) to Service port 8999 (same port as before). The service is as before linked to pod port 30299. Hence we have two ways to access the same pod port, one routes based upon the port (which have a limited amount of ports that can be used), the other use a logical name which is easier to remember and make sense of and is near endlessly possible to vary /tweak. The VDP admin interface (local client and web-client) both work with the aliased setup, i.e. the VDP admin interfaces work with the jdbc prefix on port 443. The jdbc connection fails. Is it a requirement that the ingress port is the same as the deployment port for jdbc? If so, why - this defeats a bit of how the kubernetes virtualizes port usage. Is the same a requirement for odbc?
user
06-03-2023 06:13:19 -0500
code

1 Answer

Hi, [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/#what-is-ingress:~:text=Ingress%20exposes%20HTTP%20and%20HTTPS%20routes%20from%20outside%20the%20cluster%20to%20services%20within%20the%20cluster.) usually routes HTTP and HTTPS connections to the server inside the cluster. However, as it's described in the [Default Ports Used by the Denodo Platform Modules](https://community.denodo.com/docs/html/browse/latest/en/platform/installation/appendix/default_ports_used_by_the_denodo_platform_modules/default_ports_used_by_the_denodo_platform_modules#:~:text=The%20table%20below%20lists%20the%20TCP/IP%20ports%20that%20each%20module%20of%20the%20Denodo%20Platform%20listens%20for%20incoming%20connections.) documentation, Denodo uses TCP/IP ports to connect to different components. So you need to make sure that the Ingress you are using is compatible with TCP Routing. In [Deploying Denodo in Kubernetes](https://community.denodo.com/kb/en/view/document/Deploying%20Denodo%20in%20Kubernetes#:~:text=The%20service%20for,appropriate%20container%20options), you can find the ports that are mapped in the container. Ports 9997 and 9995 should be the same for Service as well as for the deployment. The reason for that is the internal configuration of the RMI connections. The other ports, such as ODBC, can differ between service and pod, it will not affect the process. If you have a valid support user, you may want to contact [Denodo Support](https://support.denodo.com/) which will be able to better assist you. Hope this helps!
Denodo Team
07-03-2023 08:13:50 -0500
code
You must sign in to add an answer. If you do not have an account, you can register here