haproxytechblog/blog20211007-01.yml

## blog20211007-01.yml
apiVersion: v1
kind: Service
metadata:
  labels:
    run: web
  name: web
  annotations:
    haproxy.org/check: "true"
    haproxy.org/check-http: "/health"

## blog20211007-02.sh
$ kubectl apply -f https://raw.githubusercontent.com/haproxytech/kubernetes-ingress/8161347cbcb400c09b51c4e161ca5d64a9989d03/crs/definition/defaults.yaml
$ kubectl apply -f https://raw.githubusercontent.com/haproxytech/kubernetes-ingress/8161347cbcb400c09b51c4e161ca5d64a9989d03/crs/definition/global.yaml
$ kubectl apply -f https://raw.githubusercontent.com/haproxytech/kubernetes-ingress/ab56e15cbd28eb8958527e4b7a0fb8910be2b0a4/crs/definition/backend.yaml

## blog20211007-03.sh
$ kubectl get crd

NAME                       CREATED AT
defaults.core.haproxy.org  xxxxxxxxxxx
globals.core.haproxy.org   xxxxxxxxxxx

## blog20211007-04.yml
apiVersion: "core.haproxy.org/v1alpha1"
kind: Global
metadata:
  name: myglobal
  namespace: default
spec:
  config:
    maxconn: 1000
    stats_timeout: 36000
    tune_ssl_default_dh_param: 2048
    ssl_default_bind_options: "no-sslv3 no-tls-tickets no-tlsv10"
    ssl_default_bind_ciphers:  ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
    hard_stop_after: 30000
    server_state_base: /tmp/haproxy-ingress/state
    runtime_apis:
      - address: "0.0.0.0:31024"

## blog20211007-05.sh
$ kubectl apply -f myglobal.yaml

## blog20211007-06.yml
apiVersion: v1
kind: ConfigMap
metadata:
  name: kubernetes-ingress
  namespace: default
data:
  cr-global: default/myglobal

## blog20211007-07.cfg
global
  daemon
  localpeer local
  master-worker
  maxconn 1000
  pidfile /tmp/haproxy-ingress/run/haproxy.pid
  stats socket 0.0.0.0:31024
  stats socket /tmp/haproxy-ingress/run/haproxy-runtime-api.sock expose-fd listeners level admin
  stats timeout 36000
  tune.ssl.default-dh-param 2048
  ssl-default-bind-options no-sslv3 no-tls-tickets no-tlsv10
  ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
  hard-stop-after 30000
  server-state-file global
  server-state-base /tmp/haproxy-ingress/state

## blog20211007-08.yml
apiVersion: "core.haproxy.org/v1alpha1"
kind: Defaults
metadata:
  name: mydefaults
  namespace: default
spec:
  config:
    log_format: "'%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs \"%HM %[var(txn.base)] %HV\"'"
    redispatch:
      enabled: enabled
      interval: 0
    dontlognull: enabled
    http_connection_mode: http-keep-alive
    http_request_timeout: 5000
    connect_timeout: 5000
    client_timeout: 50000
    queue_timeout: 5000
    server_timeout: 50000
    tunnel_timeout: 3600000
    http_keep_alive_timeout: 60000

## blog20211007-09.sh
$ kubectl apply -f mydefaults.yml

## blog20211007-10.yml
apiVersion: v1
kind: ConfigMap
metadata:
  name: kubernetes-ingress
  namespace: default
data:
  cr-global: default/myglobal
  cr-defaults: default/mydefaults

## blog20211007-11.cfg
defaults
  log global
  log-format '%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs "%HM %[var(txn.base)] %HV"'
  option redispatch 0
  option dontlognull
  option http-keep-alive
  timeout http-request 5000
  timeout connect 5000
  timeout client 50000
  timeout queue 5000
  timeout server 50000
  timeout tunnel 3600000
  timeout http-keep-alive 60000
  load-server-state-from-file global

## blog20211007-12.yml
apiVersion: "core.haproxy.org/v1alpha1"
kind: Backend
metadata:
  name: kubernetes-ingress-default-backend
  namespace: default
spec:
  config:
    balance:
      algorithm: "leastconn"

## blog20211007-13.sh
$ kubectl apply -f mydefaultbackend.yaml

## blog20211007-14.yml
apiVersion: v1
kind: ConfigMap
metadata:
  name: kubernetes-ingress
  namespace: default
data:
  cr-global: default/myglobal
  cr-defaults: default/mydefaults
  cr-backend: default/defaultbackend

## blog20211007-15.cfg
backend default-kubernetes-ingress-default-backend-http
  mode http
  balance leastconn
  option forwardfor
  server SRV_1 172.17.0.3:8080 check weight 128
  server SRV_2 172.17.0.5:8080 check weight 128
  server SRV_3 127.0.0.1:8080 disabled check weight 128

## blog20211007-16.sh
$ docker pull haproxytech/kubernetes-ingress:<tag>

## blog20211007-17.sh
$ docker pull haproxytech/kubernetes-ingress:nightly
	apiVersion: v1
	kind: Service
	metadata:
	labels:
	run: web
	name: web
	annotations:
	haproxy.org/check: "true"
	haproxy.org/check-http: "/health"
	$ kubectl apply -f https://raw.githubusercontent.com/haproxytech/kubernetes-ingress/8161347cbcb400c09b51c4e161ca5d64a9989d03/crs/definition/defaults.yaml
	$ kubectl apply -f https://raw.githubusercontent.com/haproxytech/kubernetes-ingress/8161347cbcb400c09b51c4e161ca5d64a9989d03/crs/definition/global.yaml
	$ kubectl apply -f https://raw.githubusercontent.com/haproxytech/kubernetes-ingress/ab56e15cbd28eb8958527e4b7a0fb8910be2b0a4/crs/definition/backend.yaml
	$ kubectl get crd

	NAME CREATED AT
	defaults.core.haproxy.org xxxxxxxxxxx
	globals.core.haproxy.org xxxxxxxxxxx
	apiVersion: "core.haproxy.org/v1alpha1"
	kind: Global
	metadata:
	name: myglobal
	namespace: default
	spec:
	config:
	maxconn: 1000
	stats_timeout: 36000
	tune_ssl_default_dh_param: 2048
	ssl_default_bind_options: "no-sslv3 no-tls-tickets no-tlsv10"
	ssl_default_bind_ciphers: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
	hard_stop_after: 30000
	server_state_base: /tmp/haproxy-ingress/state
	runtime_apis:
	- address: "0.0.0.0:31024"
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: kubernetes-ingress
	namespace: default
	data:
	cr-global: default/myglobal
	global
	daemon
	localpeer local
	master-worker
	maxconn 1000
	pidfile /tmp/haproxy-ingress/run/haproxy.pid
	stats socket 0.0.0.0:31024
	stats socket /tmp/haproxy-ingress/run/haproxy-runtime-api.sock expose-fd listeners level admin
	stats timeout 36000
	tune.ssl.default-dh-param 2048
	ssl-default-bind-options no-sslv3 no-tls-tickets no-tlsv10
	ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
	hard-stop-after 30000
	server-state-file global
	server-state-base /tmp/haproxy-ingress/state
	apiVersion: "core.haproxy.org/v1alpha1"
	kind: Defaults
	metadata:
	name: mydefaults
	namespace: default
	spec:
	config:
	log_format: "'%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs \"%HM %[var(txn.base)] %HV\"'"
	redispatch:
	enabled: enabled
	interval: 0
	dontlognull: enabled
	http_connection_mode: http-keep-alive
	http_request_timeout: 5000
	connect_timeout: 5000
	client_timeout: 50000
	queue_timeout: 5000
	server_timeout: 50000
	tunnel_timeout: 3600000
	http_keep_alive_timeout: 60000
	defaults
	log global
	log-format '%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs "%HM %[var(txn.base)] %HV"'
	option redispatch 0
	option dontlognull
	option http-keep-alive
	timeout http-request 5000
	timeout connect 5000
	timeout client 50000
	timeout queue 5000
	timeout server 50000
	timeout tunnel 3600000
	timeout http-keep-alive 60000
	load-server-state-from-file global
	apiVersion: "core.haproxy.org/v1alpha1"
	kind: Backend
	metadata:
	name: kubernetes-ingress-default-backend
	namespace: default
	spec:
	config:
	balance:
	algorithm: "leastconn"
	backend default-kubernetes-ingress-default-backend-http
	mode http
	balance leastconn
	option forwardfor
	server SRV_1 172.17.0.3:8080 check weight 128
	server SRV_2 172.17.0.5:8080 check weight 128
	server SRV_3 127.0.0.1:8080 disabled check weight 128