Postgres replication from outside the cluster using ingress

Hi all,

I am running a postgresql cluster using Patroni on consul 1.8 and have added 2 services called pgwrite and pgread, one for read and the other for write requests, and it works just fine. Now I need to add a replica from outside the cluster and join it to the cluster using consul ingress. Here are my config file and the command that I run the ingress:

Kind = "ingress-gateway"
Name = "ingress-pgwrite"

Listeners = [
   Port = 5555
   Protocol = "tcp"
   Services = [
       Name = "pgwrite"

docker run --restart always -d --network host --name ingress-pgwrite consul-envoy:1.8.4 -gateway=ingress -proxy-id ingress-pgwrite -admin-bind localhost:19002 -address "****:5555" -token=**********

Now the service is registered and is also healthy. But when I want to request to the postgres service using the ingress, it gives me this error:

psycopg2.OperationalError: expected authentication request from server, but received H

and I have no clue what is it about. My guess is that the port is visible but when the client tries to connect to the server it encounters an unknown response.
I also set the intentions so the ingress-pgwrite can talk to pgwrite service but it really doesn’t make any difference.

Can anyone tell me where would the problem be?


Well, I made another ingress service linking to a web service, set the intensions and I also gave the bootstrap token to test how it works. In the UI it is shown as up and running. But when I make a request to the exposed api via curl -i, here is the result:

HTTP/1.1 404 Not Found
date: Sun, 25 Oct 2020 19:54:48 GMT
server: envoy
content-length: 0

I believe it’s the same problem as I mentioned above about the Postgres. Does anyone know what is the problem and how can I fix it?

I figured out what the problem was. It actually was a silly thing.
Back in the tutorial it setup the counting ingress service on 8080 port, but ran the envoy ingress on 8888.

I just didn’t run the envoy ingress on 8888 and the weird thing was it didn’t raise any kind of error about this port being in use. But it did on my friend’s machine.
The only difference was that I ran ingress proxy on docker and used the consul version 1.8.4, while he ran ingress using envoy binary and used the 1.8.5 version.