Running MQTT broker in Kubernetes (nginx-ingress-controller) with TCP over SSL

Question

I'm currently trying to setup a MQTT broker (VerneMQ) on my kubernetes cluster (GKE). At the moment I'm using nginx-ingress-controller with a Google provided L4 load balancer. The VerneMQ deployment and service are running in the cluster and a sub-domain is pointing to the specific IP of the load-balancer. The specific config-map for TCP over nginx-ingress-controller was created. I'm able to connect with a MQTT client via the subdomain via MQTT/TCP but now I want this also run in a more secure way with MQTTS/TLS.

Is it possible to run TCP over SSL through nginx-ingress-controller with lets-encrypt certificates issued by cert-manager in order to connect with MQTTS to my broker ?

Are there any other ingress-controllers which offer these functionality ?

Thank you in advance.

Hello @hengel228, have you managed to perform what you were trying to do ? If yes, could you tell us how you did — Yassir S, Mar 16 '20 at 11:29
Did you try enabling [SSL Passthrough](https://kubernetes.github.io/ingress-nginx/user-guide/tls/#ssl-passthrough) on your nginx ingress controller ? — mario, Feb 01 '21 at 15:01

score 1 · Answer 1 · edited May 23 '20 at 11:59

It seems that haproxy-ingress supports this? I haven't tested it, but from the documentation this option may work:

...
data:
  "9900": "system-prod/admin:9900:PROXY::system-prod/tcp-9900"

9900 will proxy to admin service, port 9900, on the system-prod namespace. Clients should connect using the PROXY protocol v1 or v2. Upcoming connections should be encrypted, HAProxy will ssl-offload data using crt/key provided by system-prod/tcp-9900 secret.

Running MQTT broker in Kubernetes (nginx-ingress-controller) with TCP over SSL

1 Answers1