I cannot seem to connect to postgres through its domain name.
Let’s say I’ve created an A record postgres for my example.com domain. postgres.example.com points a cloud LoadBalancer’s IP. I have a zone-level WAF which only allows inbound traffic from a VPN server I have setup somewhere else.
Additionally, I have a Kubernetes cluster running postgres and traefik. There is a Traefik IngressRouteTCP which is configured as follows:
entryPoints:
- websecure
routes:
- match: HostSNI(`postgres.example.com`)
kind: Rule
services:
- name: my-postgres-service
port: 5432
Which uses a cert I retrieved from cloudflare as the tls cert. (I can provide full manifests if required).
Then, I connect to my VPN and try to connect to my postgres instance using a db client. I get the following error:
Connection terminated due to connection timeout
This same config works fine for HTTP/HTTPS traffic (changing only IngressRouteTCP to IngressRoute and HostSNI() to Host()).
This doesn’t strike me as a limitation of Cloudflare so much as a misconfiguration somewhere on my end, but I wanted to double check in this community about that. I would also welcome any troubleshooting tips.