Why ingress-nginx controller tcp-services not working?

Question

I'm trying to expose a RabbitMQ ssl port via ingress-nginx tcp-services like so:

$ cat rabbit-expose-amqps.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: tcp-services
  namespace: ingress-nginx
data:
  5671: "dev/rabbitmq-rabbitmq-ha:5671"

(the RabbitMQ service already listens on this port) but and any attempt to perform openssl s_client -connect my-external-host:5671 times out, and, of course, any attempt to connect to amqps://my-extrenal-host:5671 using amqplib times out as well. The management UI does work, though, so I know the external IP is correct.

It seems that nginx.conf in my ingress-nginx pod gets updated, but something is strange (I think): it DOES configure a listener on port 5671, but the upstream still says "placeholder" with 0.0.0.1:1234 address. I even recycled the pod, just in case, still the same conf file:

stream {
    upstream upstream_balancer {
            server 0.0.0.1:1234; # placeholder

            balancer_by_lua_block {
                    tcp_udp_balancer.balance()
            }
    }
    ...
    # TCP services
    server {
        preread_by_lua_block {
            ngx.var.proxy_upstream_name="tcp-dev-rabbitmq-rabbitmq-ha-5671";
        }
        listen                  5671;
        proxy_timeout           600s;
        proxy_pass              upstream_balancer;

    }
}

How do I get the tcp-services applied correctly?

Answer 1

Found the solution: nginx-ingress was installed using their "mandatory.yaml" file - not via Helm. Looking at nginx-ingress helm chart, it appears that in order to expose the tcp service ports, there are more resources to config. If I use the helm chart instead of the yaml directly, the ports get exposed correctly.

Answer 2

For others looking for why it's not working, there's a PR for some updated documentation (not yet released) here. It's what eventually solved the problem for me, and it wasn't particularly intuitive. Good luck!