Last active
September 17, 2019 15:30
-
-
Save haproxytechblog/407e5343806dbe2cfb2847b628357d80 to your computer and use it in GitHub Desktop.
Dissecting the HAProxy Kubernetes Ingress Controller
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kubectl apply -f https://raw.githubusercontent.com/haproxytech/kubernetes-ingress/master/deploy/haproxy-ingress.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: haproxy-controller | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: haproxy-ingress-service-account | |
| namespace: haproxy-controller |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kind: ClusterRole | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: | |
| name: haproxy-ingress-cluster-role | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - configmaps | |
| - endpoints | |
| - nodes | |
| - pods | |
| - services | |
| - namespaces | |
| - events | |
| - serviceaccounts | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "extensions" | |
| resources: | |
| - ingresses | |
| - ingresses/status | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - secrets | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - patch | |
| - update | |
| - apiGroups: | |
| - extensions | |
| resources: | |
| - ingresses | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| --- | |
| kind: ClusterRoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: | |
| name: haproxy-ingress-cluster-role-binding | |
| namespace: haproxy-controller | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: haproxy-ingress-cluster-role | |
| subjects: | |
| - kind: ServiceAccount | |
| name: haproxy-ingress-service-account | |
| namespace: haproxy-controller |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| labels: | |
| run: ingress-default-backend | |
| name: ingress-default-backend | |
| namespace: haproxy-controller | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| run: ingress-default-backend | |
| template: | |
| metadata: | |
| labels: | |
| run: ingress-default-backend | |
| spec: | |
| containers: | |
| - name: ingress-default-backend | |
| image: gcr.io/google_containers/defaultbackend:1.0 | |
| ports: | |
| - containerPort: 8080 | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| labels: | |
| run: ingress-default-backend | |
| name: ingress-default-backend | |
| namespace: haproxy-controller | |
| spec: | |
| selector: | |
| run: ingress-default-backend | |
| ports: | |
| - name: port-1 | |
| port: 8080 | |
| protocol: TCP | |
| targetPort: 8080 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: haproxy-configmap | |
| namespace: default | |
| data: | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| labels: | |
| run: haproxy-ingress | |
| name: haproxy-ingress | |
| namespace: haproxy-controller | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| run: haproxy-ingress | |
| template: | |
| metadata: | |
| labels: | |
| run: haproxy-ingress | |
| spec: | |
| serviceAccountName: haproxy-ingress-service-account | |
| containers: | |
| - name: haproxy-ingress | |
| image: haproxytech/kubernetes-ingress | |
| Args: | |
| - --default-backend-service=haproxy-controller/ingress-default-backend | |
| - --default-ssl-certificate=default/tls-secret | |
| - --configmap=default/haproxy-configmap | |
| ports: | |
| - name: http | |
| containerPort: 80 | |
| - name: https | |
| containerPort: 443 | |
| - name: stat | |
| containerPort: 1024 | |
| env: | |
| - name: POD_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.name | |
| - name: POD_NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.namespace |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| labels: | |
| run: haproxy-ingress | |
| name: haproxy-ingress | |
| namespace: haproxy-controller | |
| spec: | |
| selector: | |
| run: haproxy-ingress | |
| type: NodePort | |
| ports: | |
| - name: http | |
| port: 80 | |
| protocol: TCP | |
| targetPort: 80 | |
| - name: https | |
| port: 443 | |
| protocol: TCP | |
| targetPort: 443 | |
| - name: stat | |
| port: 1024 | |
| protocol: TCP | |
| targetPort: 1024 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kubectl get svc --namespace=haproxy-controller | |
| NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE | |
| haproxy-controller haproxy-ingress NodePort 10.96.15.205 <none> 80:30279/TCP,443:30775/TCP,1024:31912/TCP 84s |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ curl -I -H 'Host: foo.bar' 'http://192.168.99.100:30279' | |
| HTTP/1.1 404 Not Found | |
| date: Thu, 27 Jun 2019 21:45:20 GMT | |
| content-length: 21 | |
| content-type: text/plain; charset=utf-8 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| labels: | |
| run: app | |
| name: app | |
| spec: | |
| replicas: 2 | |
| selector: | |
| matchLabels: | |
| run: app | |
| template: | |
| metadata: | |
| labels: | |
| run: app | |
| spec: | |
| containers: | |
| - name: app | |
| image: jmalloc/echo-server | |
| ports: | |
| - containerPort: 8080 | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| labels: | |
| run: app | |
| name: app | |
| annotations: | |
| haproxy.org/check: "enabled" | |
| haproxy.org/forwarded-for: "enabled" | |
| haproxy.org/load-balance: "roundrobin" | |
| spec: | |
| selector: | |
| run: app | |
| ports: | |
| - name: port-1 | |
| port: 80 | |
| protocol: TCP | |
| targetPort: 8080 | |
| --- | |
| apiVersion: networking.k8s.io/v1beta1 | |
| kind: Ingress | |
| metadata: | |
| name: web-ingress | |
| namespace: default | |
| spec: | |
| rules: | |
| - host: foo.bar | |
| http: | |
| paths: | |
| - path: / | |
| backend: | |
| serviceName: app | |
| servicePort: 80 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ kubectl apply -f 1.ingress.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: haproxy-configmap | |
| namespace: default | |
| data: | |
| servers-increment: "42" | |
| ssl-redirect: "OFF" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ kubectl apply -f 2.configmap.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ curl -I -H 'Host: foo.bar' 'http://192.168.99.100:30279' | |
| HTTP/1.1 200 OK | |
| content-type: text/plain | |
| date: Thu, 27 Jun 2019 21:46:30 GMT | |
| content-length: 136 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment