Navigation :

TCP gateway

Use the local rate limiting settings on the TCP gateway resource to limit the number of incoming TCP requests. The local rate limiting filter is applied before the TLS handshake between the client and server is started. If no tokens are available in the TCP gateway, the connection is dropped immediately.

To learn more about what local rate limiting is and the differences between local and global rate limiting, see About local rate limiting.

Deploy the TCP echo pod and service in your cluster.

kubectl apply -f- <<EOF
apiVersion: v1
kind: Pod
metadata:
  labels:
    gloo: tcp-echo
  name: tcp-echo
spec:
  containers:
  - image: soloio/tcp-echo:latest
    imagePullPolicy: IfNotPresent
    name: tcp-echo
  restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: gloo
  name: tcp-echo
spec:
  ports:
  - name: http
    port: 1025
    protocol: TCP
    targetPort: 1025
  selector:
    gloo: tcp-echo
EOF

Example output:

pod/tcp-echo created
service/tcp-echo created

Verify that an upstream was automatically created for the echo service.
```
kubectl get upstreams default-tcp-echo-1025 -n gloo-system
```

Create a TCP gateway with local rate limiting settings. The following gateway configures the token bucket with 1 token that is refilled every 100 seconds.

kubectl apply -n gloo-system -f - <<EOF
apiVersion: gateway.solo.io/v1
kind: Gateway
metadata:
  name: tcp
  namespace: gloo-system
spec:
  bindAddress: '::'
  bindPort: 8000
  tcpGateway:
    options: 
      localRatelimit: 
        maxTokens: 1
        tokensPerFill: 1
        fillInterval: 100s
    tcpHosts:
    - name: one
      destination:
        single:
          upstream:
            name: default-tcp-echo-1025
            namespace: gloo-system
  useProxyProto: false  
EOF

Open a TCP port on the gateway-proxy service in your cluster and bind it to port 8000.

Edit the gateway-proxy service.

kubectl edit service gateway-proxy -n gloo-system

In the spec.ports section, add the TCP port.

...
- name: tcp
  nodePort: 30197
  port: 8000
  protocol: TCP
  targetPort: 8000

Your spec.ports section looks similar to the following:

ports:
- name: http
  nodePort: 32653
  port: 80
  protocol: TCP
  targetPort: 8080
- name: https
  nodePort: 30550
  port: 443
  protocol: TCP
  targetPort: 8443
- name: tcp
  nodePort: 30197
  port: 8000
  protocol: TCP
  targetPort: 8000

Get the public IP address of your gateway proxy. Note that the following command returns the IP address and the default port.
```
glooctl proxy address
```

Open a telnet session to the public IP address of the gateway and port 8000.

telnet <public-gateway-IP> 8000

Example output:

Connected to 113.21.184.35.bc.googleusercontent.com.
Escape character is '^]'.

Enter any string and verify that the echo service returns the same string. For example, you can enter hello.
```
hello
```
Example output:
```
hello
hello
```
Open another terminal window and try to establish another connection to the gateway on port 8000. Because the gateway is configured with a maximum number of 1 token, the new connection is terminated immediately as no tokens are available that can be assigned to the connection.
```
telnet <public-gateway-IP> 8000
```
Example output:
```
Connected to 113.21.184.35.bc.googleusercontent.com.
Escape character is '^]'.
Connection closed by foreign host.
```

Cleanup

You can optionally clean up the resources that you created as part of this guide.

Remove the TCP gateway.

kubectl delete gateway tcp -n gloo-system

Remove the echo pod and service.

kubectl delete service tcp-echo
kubectl delete pod tcp-echo

Edit the gateway-proxy service and remove the TCP port settings.
```
kubectl edit service gateway-proxy -n gloo-system
```