Skip to content

Instantly share code, notes, and snippets.

@jyaworski
Created January 14, 2019 13:30
Show Gist options
  • Save jyaworski/29d0b2bfc69d18b80acddcf5fa1fac00 to your computer and use it in GitHub Desktop.
Save jyaworski/29d0b2bfc69d18b80acddcf5fa1fac00 to your computer and use it in GitHub Desktop.
[debug] Created tunnel using local port: '51628'
[debug] SERVER: "127.0.0.1:51628"
Release "haproxy-ingress" does not exist. Installing it now.
[debug] CHART PATH: /Users/josephyaworski/r1s/k8s/deployment-manifests/helm/charts/haproxy/haproxy-ingress
NAME: haproxy-ingress
REVISION: 1
RELEASED: Mon Jan 14 08:25:08 2019
CHART: haproxy-ingress-0.0.5
USER-SUPPLIED VALUES:
{}
COMPUTED VALUES:
apiVersion: extensions/v1beta1
controller:
accessLogsSidecar: true
affinity: {}
autoscaling:
customMetrics: []
enabled: false
config:
drain-support: "true"
dynamic-scaling: "true"
hsts: "true"
hsts-include-subdomains: "true"
hsts-max-age: "15768000"
hsts-preload: "true"
modsecurity-endpoints: localhost:12345
daemonset:
hostPorts:
http: 80
https: 443
tcp: []
useHostPort: false
defaultBackendService: r1s/nginx-ingress-controller
dnsPolicy: ClusterFirst
extraArgs: {}
extraEnvs: []
healthzPort: 10253
hostNetwork: false
image:
pullPolicy: IfNotPresent
repository: quay.io/jcmoraisjr/haproxy-ingress
tag: v0.7-beta.5
ingressClass: haproxy
kind: DaemonSet
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 10
path: /healthz
periodSeconds: 10
port: 10253
successThreshold: 1
timeoutSeconds: 1
metrics:
enabled: true
image:
pullPolicy: IfNotPresent
repository: quay.io/prometheus/haproxy-exporter
tag: v0.9.0
service:
annotations: {}
clusterIP: ""
externalIPs: []
loadBalancerIP: ""
loadBalancerSourceRanges: []
servicePort: 9101
type: ClusterIP
minAvailable: 1
minReadySeconds: 0
name: controller
nodeSelector: {}
podAnnotations:
ingress.kubernetes.io/waf: modsecurity
podLabels: {}
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 10
path: /healthz
periodSeconds: 10
port: 10253
successThreshold: 1
timeoutSeconds: 1
replicaCount: 1
resources: {}
securityContext: {}
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
clusterIP: ""
externalIPs: []
externalTrafficPolicy: ""
healthCheckNodePort: 0
httpPorts:
- port: 80
httpsPorts:
- port: 443
labels: {}
loadBalancerIP: ""
loadBalancerSourceRanges:
- 10.0.0.0/8
- 240.0.0.0/8
type: LoadBalancer
stats:
enabled: true
port: 1936
service:
annotations: {}
clusterIP: ""
externalIPs: []
loadBalancerIP: ""
loadBalancerSourceRanges: []
servicePort: 1936
type: ClusterIP
tcp: {}
template: ""
tolerations: []
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
defaultBackend:
affinity: {}
enabled: false
image:
pullPolicy: IfNotPresent
repository: gcr.io/google_containers/defaultbackend
tag: "1.0"
minAvailable: 1
name: default-backend
nodeSelector: {}
podAnnotations: {}
podLabels: {}
replicaCount: 1
resources:
limits:
cpu: 10m
memory: 20Mi
service:
annotations:
ingress.kubernetes.io/waf: modsecurity
clusterIP: ""
externalIPs: []
loadBalancerIP: ""
loadBalancerSourceRanges: []
name: ingress-default-backend
servicePort: 8080
type: ClusterIP
tolerations: []
kind: Ingress
metadata:
name: haproxy-ingress
namespace: haproxy
rbac:
create: true
serviceAccount:
create: true
name: null
HOOKS:
MANIFEST:
---
# Source: haproxy-ingress/templates/controller-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: haproxy-ingress
chart: haproxy-ingress-0.0.5
component: "controller"
release: haproxy-ingress
heritage: Tiller
name: haproxy-ingress-controller
data:
healthz-port: "10253"
stats-port: "1936"
syslog-endpoint: "localhost:514"
drain-support: "true"
dynamic-scaling: "true"
hsts: "true"
hsts-include-subdomains: "true"
hsts-max-age: "15768000"
hsts-preload: "true"
modsecurity-endpoints: localhost:12345
---
# Source: haproxy-ingress/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: haproxy-ingress
chart: haproxy-ingress-0.0.5
release: haproxy-ingress
heritage: Tiller
name: haproxy-ingress
---
# Source: haproxy-ingress/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
app: haproxy-ingress
chart: haproxy-ingress-0.0.5
release: haproxy-ingress
heritage: Tiller
name: haproxy-ingress
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
---
# Source: haproxy-ingress/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
app: haproxy-ingress
chart: haproxy-ingress-0.0.5
release: haproxy-ingress
heritage: Tiller
name: haproxy-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: haproxy-ingress
subjects:
- kind: ServiceAccount
name: haproxy-ingress
namespace: haproxy
- apiGroup: rbac.authorization.k8s.io
kind: User
name: haproxy-ingress
---
# Source: haproxy-ingress/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
labels:
app: haproxy-ingress
chart: haproxy-ingress-0.0.5
release: haproxy-ingress
heritage: Tiller
name: haproxy-ingress
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- create
- update
---
# Source: haproxy-ingress/templates/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
labels:
app: haproxy-ingress
chart: haproxy-ingress-0.0.5
release: haproxy-ingress
heritage: Tiller
name: haproxy-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: haproxy-ingress
subjects:
- kind: ServiceAccount
name: haproxy-ingress
namespace: haproxy
- apiGroup: rbac.authorization.k8s.io
kind: User
name: haproxy-ingress
---
# Source: haproxy-ingress/templates/controller-metrics-service.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: haproxy-ingress
chart: haproxy-ingress-0.0.5
component: "controller"
heritage: Tiller
release: haproxy-ingress
name: haproxy-ingress-controller-metrics
spec:
clusterIP: ""
ports:
- name: metrics
port: 9101
targetPort: metrics
selector:
app: haproxy-ingress
component: "controller"
release: haproxy-ingress
type: "ClusterIP"
---
# Source: haproxy-ingress/templates/controller-service.yaml
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
labels:
app: haproxy-ingress
chart: haproxy-ingress-0.0.5
component: "controller"
release: haproxy-ingress
heritage: Tiller
name: haproxy-ingress-controller
namespace: haproxy
spec:
loadBalancerSourceRanges:
- 10.0.0.0/8
- 240.0.0.0/8
ports:
- name: "80-http"
port: 80
protocol: TCP
targetPort: http
- name: "443-https"
port: 443
protocol: TCP
targetPort: https
selector:
app: haproxy-ingress
component: "controller"
release: haproxy-ingress
type: "LoadBalancer"
---
# Source: haproxy-ingress/templates/controller-stats-service.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: haproxy-ingress
chart: haproxy-ingress-0.0.5
component: "controller"
heritage: Tiller
release: haproxy-ingress
name: haproxy-ingress-controller-stats
spec:
clusterIP: ""
ports:
- name: stats
port: 1936
targetPort: stats
selector:
app: haproxy-ingress
component: "controller"
release: haproxy-ingress
type: "ClusterIP"
---
# Source: haproxy-ingress/templates/controller-daemonset.yaml
apiVersion: apps/v1beta2
kind: DaemonSet
metadata:
labels:
app: haproxy-ingress
chart: haproxy-ingress-0.0.5
component: "controller"
release: haproxy-ingress
heritage: Tiller
name: haproxy-ingress-controller
spec:
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
minReadySeconds: 0
selector:
matchLabels:
app: haproxy-ingress
release: haproxy-ingress
template:
metadata:
annotations:
ingress.kubernetes.io/waf: modsecurity
labels:
app: haproxy-ingress
component: "controller"
release: haproxy-ingress
spec:
serviceAccountName: haproxy-ingress
containers:
- name: modsecurity-spoa
image: quay.io/jcmoraisjr/modsecurity-spoa
args:
- -n
- "1"
ports:
- containerPort: 12345
name: spop
protocol: TCP
- name: haproxy-ingress
image: "quay.io/jcmoraisjr/haproxy-ingress:v0.7-beta.5"
imagePullPolicy: "IfNotPresent"
args:
- --configmap=haproxy/haproxy-ingress-controller
- --ingress-class=haproxy
- --sort-backends
- --default-backend-service=r1s/nginx-ingress-controller
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- name: stats
containerPort: 1936
protocol: TCP
- name: healthz
containerPort: 10253
livenessProbe:
httpGet:
path: "/healthz"
port: 10253
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: "/healthz"
port: 10253
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
resources:
{}
- name: access-logs
image: whereisaaron/kube-syslog-sidecar
ports:
- name: udp
containerPort: 514
protocol: UDP
resources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
- name: prometheus-exporter
image: "quay.io/prometheus/haproxy-exporter:v0.9.0"
imagePullPolicy: "IfNotPresent"
args:
- '--haproxy.scrape-uri=http://localhost:1936/haproxy?stats;csv'
ports:
- name: metrics
containerPort: 9101
protocol: TCP
readinessProbe:
httpGet:
path: /
port: 9101
resources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
terminationGracePeriodSeconds: 60
dnsPolicy: ClusterFirst
hostNetwork: false
---
# Source: haproxy-ingress/templates/controller-poddisruptionbudget.yaml
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
labels:
app: haproxy-ingress
chart: haproxy-ingress-0.0.5
component: "controller"
release: haproxy-ingress
heritage: Tiller
name: haproxy-ingress-controller
spec:
selector:
matchLabels:
app: haproxy-ingress
release: haproxy-ingress
component: "controller"
minAvailable: 1
---
# Source: haproxy-ingress/templates/default-backend-poddisruptionbudget.yaml
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
labels:
app: haproxy-ingress
chart: haproxy-ingress-0.0.5
component: "default-backend"
release: haproxy-ingress
heritage: Tiller
name: haproxy-ingress-default-backend
spec:
selector:
matchLabels:
app: haproxy-ingress
release: haproxy-ingress
component: "default-backend"
minAvailable: 1
LAST DEPLOYED: Mon Jan 14 08:25:08 2019
NAMESPACE: haproxy
STATUS: DEPLOYED
RESOURCES:
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
haproxy-ingress-controller-6k7fw 0/4 ContainerCreating 0 1s
haproxy-ingress-controller-j5zbs 0/4 ContainerCreating 0 1s
haproxy-ingress-controller-k2lq6 0/4 ContainerCreating 0 1s
haproxy-ingress-controller-rfn4x 0/4 ContainerCreating 0 1s
haproxy-ingress-controller-rpz74 0/4 ContainerCreating 0 1s
haproxy-ingress-controller-x4bzq 0/4 ContainerCreating 0 1s
==> v1/ServiceAccount
NAME SECRETS AGE
haproxy-ingress 1 1s
==> v1beta1/ClusterRole
NAME AGE
haproxy-ingress 1s
==> v1beta1/ClusterRoleBinding
NAME AGE
haproxy-ingress 1s
==> v1beta1/Role
NAME AGE
haproxy-ingress 1s
==> v1beta1/RoleBinding
NAME AGE
haproxy-ingress 1s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
haproxy-ingress-controller-metrics ClusterIP 172.20.232.228 <none> 9101/TCP 1s
haproxy-ingress-controller LoadBalancer 172.20.34.74 <pending> 80:30149/TCP,443:32250/TCP 1s
haproxy-ingress-controller-stats ClusterIP 172.20.174.206 <none> 1936/TCP 1s
==> v1beta1/PodDisruptionBudget
NAME MIN AVAILABLE MAX UNAVAILABLE ALLOWED DISRUPTIONS AGE
haproxy-ingress-controller 1 N/A 0 1s
haproxy-ingress-default-backend 1 N/A 0 1s
==> v1/ConfigMap
NAME DATA AGE
haproxy-ingress-controller 10 1s
==> v1beta2/DaemonSet
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
haproxy-ingress-controller 6 6 0 6 0 <none> 1s
NOTES:
The haproxy-ingress controller has been installed.
It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl --namespace haproxy get services -o wide -w haproxy-ingress'
An example Ingress that makes use of the controller:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example
namespace: foo
spec:
rules:
- host: www.example.com
http:
paths:
- backend:
serviceName: exampleService
servicePort: 80
path: /
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment