Dissecting the HAProxy Kubernetes Ingress Controller
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kubectl apply -f https://raw.githubusercontent.com/haproxytech/kubernetes-ingress/master/deploy/haproxy-ingress.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: Namespace | |
metadata: | |
name: haproxy-controller | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: haproxy-ingress-service-account | |
namespace: haproxy-controller |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kind: ClusterRole | |
apiVersion: rbac.authorization.k8s.io/v1 | |
metadata: | |
name: haproxy-ingress-cluster-role | |
rules: | |
- apiGroups: | |
- "" | |
resources: | |
- configmaps | |
- endpoints | |
- nodes | |
- pods | |
- services | |
- namespaces | |
- events | |
- serviceaccounts | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- "extensions" | |
resources: | |
- ingresses | |
- ingresses/status | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
resources: | |
- secrets | |
verbs: | |
- get | |
- list | |
- watch | |
- create | |
- patch | |
- update | |
- apiGroups: | |
- extensions | |
resources: | |
- ingresses | |
verbs: | |
- get | |
- list | |
- watch | |
--- | |
kind: ClusterRoleBinding | |
apiVersion: rbac.authorization.k8s.io/v1 | |
metadata: | |
name: haproxy-ingress-cluster-role-binding | |
namespace: haproxy-controller | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: haproxy-ingress-cluster-role | |
subjects: | |
- kind: ServiceAccount | |
name: haproxy-ingress-service-account | |
namespace: haproxy-controller |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
labels: | |
run: ingress-default-backend | |
name: ingress-default-backend | |
namespace: haproxy-controller | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
run: ingress-default-backend | |
template: | |
metadata: | |
labels: | |
run: ingress-default-backend | |
spec: | |
containers: | |
- name: ingress-default-backend | |
image: gcr.io/google_containers/defaultbackend:1.0 | |
ports: | |
- containerPort: 8080 | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
labels: | |
run: ingress-default-backend | |
name: ingress-default-backend | |
namespace: haproxy-controller | |
spec: | |
selector: | |
run: ingress-default-backend | |
ports: | |
- name: port-1 | |
port: 8080 | |
protocol: TCP | |
targetPort: 8080 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: haproxy-configmap | |
namespace: default | |
data: | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
labels: | |
run: haproxy-ingress | |
name: haproxy-ingress | |
namespace: haproxy-controller | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
run: haproxy-ingress | |
template: | |
metadata: | |
labels: | |
run: haproxy-ingress | |
spec: | |
serviceAccountName: haproxy-ingress-service-account | |
containers: | |
- name: haproxy-ingress | |
image: haproxytech/kubernetes-ingress | |
Args: | |
- --default-backend-service=haproxy-controller/ingress-default-backend | |
- --default-ssl-certificate=default/tls-secret | |
- --configmap=default/haproxy-configmap | |
ports: | |
- name: http | |
containerPort: 80 | |
- name: https | |
containerPort: 443 | |
- name: stat | |
containerPort: 1024 | |
env: | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.name | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.namespace |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: Service | |
metadata: | |
labels: | |
run: haproxy-ingress | |
name: haproxy-ingress | |
namespace: haproxy-controller | |
spec: | |
selector: | |
run: haproxy-ingress | |
type: NodePort | |
ports: | |
- name: http | |
port: 80 | |
protocol: TCP | |
targetPort: 80 | |
- name: https | |
port: 443 | |
protocol: TCP | |
targetPort: 443 | |
- name: stat | |
port: 1024 | |
protocol: TCP | |
targetPort: 1024 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kubectl get svc --namespace=haproxy-controller | |
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE | |
haproxy-controller haproxy-ingress NodePort 10.96.15.205 <none> 80:30279/TCP,443:30775/TCP,1024:31912/TCP 84s |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ curl -I -H 'Host: foo.bar' 'http://192.168.99.100:30279' | |
HTTP/1.1 404 Not Found | |
date: Thu, 27 Jun 2019 21:45:20 GMT | |
content-length: 21 | |
content-type: text/plain; charset=utf-8 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
labels: | |
run: app | |
name: app | |
spec: | |
replicas: 2 | |
selector: | |
matchLabels: | |
run: app | |
template: | |
metadata: | |
labels: | |
run: app | |
spec: | |
containers: | |
- name: app | |
image: jmalloc/echo-server | |
ports: | |
- containerPort: 8080 | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
labels: | |
run: app | |
name: app | |
annotations: | |
haproxy.org/check: "enabled" | |
haproxy.org/forwarded-for: "enabled" | |
haproxy.org/load-balance: "roundrobin" | |
spec: | |
selector: | |
run: app | |
ports: | |
- name: port-1 | |
port: 80 | |
protocol: TCP | |
targetPort: 8080 | |
--- | |
apiVersion: networking.k8s.io/v1beta1 | |
kind: Ingress | |
metadata: | |
name: web-ingress | |
namespace: default | |
spec: | |
rules: | |
- host: foo.bar | |
http: | |
paths: | |
- path: / | |
backend: | |
serviceName: app | |
servicePort: 80 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ kubectl apply -f 1.ingress.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: haproxy-configmap | |
namespace: default | |
data: | |
servers-increment: "42" | |
ssl-redirect: "OFF" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ kubectl apply -f 2.configmap.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ curl -I -H 'Host: foo.bar' 'http://192.168.99.100:30279' | |
HTTP/1.1 200 OK | |
content-type: text/plain | |
date: Thu, 27 Jun 2019 21:46:30 GMT | |
content-length: 136 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment