haproxytechblog/blog20210503-01.yaml

## blog20210503-01.yaml
backend-config-snippet: |
  http-request deny if !{ src 127.0.0.1 10.0.0.0/8 1.2.3.4/24 }

## blog20210503-02.yaml
backend-config-snippet: |
  http-request set-header Exp-Date 1619481600 if !{ hdr(Key) Katotosh6Rae }
  http-request set-header Exp-Date 1619568000 if !{ hdr(Key) laeP2oweu0ri }
  http-request set-header Exp-Date 1619654400 if !{ hdr(Key) Xaib0ovao3ae }

## blog20210503-03.sh
$ cat /tmp/ips.acl

127.0.0.1
10.0.0.0/8
1.2.3.4/24

$ cat /tmp/keys.map

Katotosh6Rae 1619481600
laeP2oweu0ri 1619568000
Xaib0ovao3ae 1619654400

$ kubectl create -n default configmap staging-patterns \
  --from-file=/tmp/ips.acl \
  --from-file=/tmp/keys.map

configmap/staging-patterns created

## blog20210503-04.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: staging-patterns
  namespace: default
data:
  ips.acl: |
    127.0.0.1
    10.0.0.0/8
    1.2.3.4/24
  keys.map: |
    Katotosh6Rae 1619481600
    laeP2oweu0ri 1619568000
    Xaib0ovao3ae 1619654400

## blog20210503-05.sh
$ helm install kubernetes-ingress haproxytech/kubernetes-ingress \
   --set-string "controller.extraArgs={--configmap-patternfiles=default/staging-patterns}"

## blog20210503-06.yaml

backend-config-snippet: |
  http-request deny if !{ src -f patterns/ips.acl }

backend-config-snippet: |
  http-request set-header Exp-Date hdr(key),map(patterns/keys.map)


## blog20210503-07.cfg
resolvers mydns
  nameserver local 127.0.0.1:53
  nameserver google 8.8.8.8:53

## blog20210503-08.sh
$ kubectl create configmap haproxy-aux-cfg \
  --from-file ./haproxy-aux.cfg

configmap/haproxy-aux-cfg created

## blog20210503-09.yaml
containers:
  - name: haproxy-ingress
    image: haproxytech/kubernetes-ingress:latest
    volumeMounts:
      - name: haproxy-cfg-vol
          mountPath: /etc/haproxy/haproxy-aux.cfg
  volumes:
    - name: haproxy-cfg-vol
        configMap:
          name: haproxy-aux-cfg

## blog20210503-10.yaml
backend-config-snippet: default-server init-addr none resolvers mydns

## blog20210503-11.yaml
request-set-header:  client-cn %[ssl_c_s_dn(CN)]
	backend-config-snippet: \|
	http-request deny if !{ src 127.0.0.1 10.0.0.0/8 1.2.3.4/24 }
	backend-config-snippet: \|
	http-request set-header Exp-Date 1619481600 if !{ hdr(Key) Katotosh6Rae }
	http-request set-header Exp-Date 1619568000 if !{ hdr(Key) laeP2oweu0ri }
	http-request set-header Exp-Date 1619654400 if !{ hdr(Key) Xaib0ovao3ae }
	$ cat /tmp/ips.acl

	127.0.0.1
	10.0.0.0/8
	1.2.3.4/24

	$ cat /tmp/keys.map

	Katotosh6Rae 1619481600
	laeP2oweu0ri 1619568000
	Xaib0ovao3ae 1619654400

	$ kubectl create -n default configmap staging-patterns \
	--from-file=/tmp/ips.acl \
	--from-file=/tmp/keys.map

	configmap/staging-patterns created
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: staging-patterns
	namespace: default
	data:
	ips.acl: \|
	127.0.0.1
	10.0.0.0/8
	1.2.3.4/24
	keys.map: \|
	Katotosh6Rae 1619481600
	laeP2oweu0ri 1619568000
	Xaib0ovao3ae 1619654400
	$ helm install kubernetes-ingress haproxytech/kubernetes-ingress \
	--set-string "controller.extraArgs={--configmap-patternfiles=default/staging-patterns}"

	backend-config-snippet: \|
	http-request deny if !{ src -f patterns/ips.acl }

	backend-config-snippet: \|
	http-request set-header Exp-Date hdr(key),map(patterns/keys.map)
	resolvers mydns
	nameserver local 127.0.0.1:53
	nameserver google 8.8.8.8:53
	$ kubectl create configmap haproxy-aux-cfg \
	--from-file ./haproxy-aux.cfg

	configmap/haproxy-aux-cfg created
	containers:
	- name: haproxy-ingress
	image: haproxytech/kubernetes-ingress:latest
	volumeMounts:
	- name: haproxy-cfg-vol
	mountPath: /etc/haproxy/haproxy-aux.cfg
	volumes:
	- name: haproxy-cfg-vol
	configMap:
	name: haproxy-aux-cfg