If you don't have a Kubernetes cluster, please refer to Setup cluster for instructions on how to create a new one.
If you have another Ingress controller deployed, you will need to make sure your
Ingress resources target exactly one Ingress controller by specifying the
ingress.class annotation as
haproxy.
This document has also the following prerequisites:
- Create a TLS secret named
tls-secretto be used as default TLS certificate - Optional: deploy a web app for testing
Creating the TLS secret:
$ openssl req \
-x509 -newkey rsa:2048 -nodes -days 365 \
-keyout tls.key -out tls.crt -subj '/CN=localhost'
$ kubectl create secret tls tls-secret --cert=tls.crt --key=tls.key
$ rm -v tls.crt tls.keyCreate the ingress-controller namespace:
kubectl create ns ingress-controllerThe optional web app can be created as follow:
$ kubectl run http-svc \
--namespace=ingress-controller \
--image=gcr.io/google_containers/echoserver:1.3 \
--port=8080 \
--replicas=1 \
--exposeDeploy a default backend used to serve 404 Not Found pages:
$ kubectl run ingress-default-backend \
--namespace=ingress-controller \
--image=gcr.io/google_containers/defaultbackend:1.0 \
--port=8080 \
--limits=cpu=10m,memory=20Mi \
--exposeCheck if the default backend is up and running:
$ kubectl --namespace=ingress-controller get pod
NAME READY STATUS RESTARTS AGE
ingress-default-backend-1110790216-gqr61 1/1 Running 0 10sCreate a configmap named haproxy-ingress:
$ kubectl --namespace=ingress-controller create configmap haproxy-ingress
configmap "haproxy-ingress" createdA configmap is used to provide global or default configuration like timeouts, SSL/TLS settings, a syslog service endpoint and so on. The configmap can be edited or replaced later in order to apply new configuration on a running ingress controller. All supported options are here.
Check the RBAC sample if deploying on a cluster with RBAC authorization.
Deploy HAProxy Ingress:
$ kubectl --namespace=ingress-controller create -f haproxy-ingress.yamlCheck if the controller was successfully deployed:
$ kubectl --namespace=ingress-controller get pod -w
NAME READY STATUS RESTARTS AGE
haproxy-ingress-2556761959-tv20k 1/1 Running 0 12s
ingress-default-backend-1110790216-gqr61 1/1 Running 0 3m
^CFrom now the optional web app should be deployed. Deploy an ingress resource to expose this app:
$ kubectl --namespace=ingress-controller create -f - <<EOF
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: app
spec:
rules:
- host: foo.bar
http:
paths:
- path: /
backend:
serviceName: http-svc
servicePort: 8080
EOFExpose the Ingress controller as a type=NodePort service:
$ kubectl --namespace=ingress-controller expose deploy/haproxy-ingress --type=NodePort
$ kubectl --namespace=ingress-controller get svc/haproxy-ingress -oyamlLook for nodePort field next to port: 80.
Change below 172.17.4.99 to the host's IP and 30876 to the nodePort:
$ curl -i 172.17.4.99:30876
HTTP/1.1 404 Not Found
Date: Mon, 05 Feb 2017 22:59:36 GMT
Content-Length: 21
Content-Type: text/plain; charset=utf-8
default backend - 404Using default backend because host was not found.
Now try to send a header:
$ curl -i 172.17.4.99:30876 -H 'Host: foo.bar'
HTTP/1.1 200 OK
Server: nginx/1.9.11
Date: Mon, 05 Feb 2017 23:00:33 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
CLIENT VALUES:
client_address=10.2.18.5
command=GET
real path=/
query=nil
request_version=1.1
request_uri=http://foo.bar:8080/
...If you have any problem, check logs and events of HAProxy Ingress POD:
$ kubectl --namespace=ingress-controller get pod -l run=haproxy-ingress
NAME READY STATUS RESTARTS AGE
haproxy-ingress-2556761959-tv20k 1/1 Running 0 9m
...
$ kubectl --namespace=ingress-controller logs -l run=haproxy-ingress
$ kubectl --namespace=ingress-controller describe pod -l run=haproxy-ingress