I have HA proxy ingress installed on Kubernetes AKS. I installed it using:
helm install ingress haproxy-ingress/haproxy-ingress
My ingress is this:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ravendb
namespace: default
labels:
app: ravendb
annotations:
ingress.kubernetes.io/ssl-passthrough: "true"
spec:
rules:
- host: a.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-0
servicePort: 443
path: /
- host: tcp-a.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-0
servicePort: 38888
path: /
- host: b.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-1
servicePort: 443
path: /
- host: tcp-b.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-1
servicePort: 38888
path: /
- host: c.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-2
servicePort: 443
path: /
- host: tcp-c.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-2
servicePort: 38888
path: /
However when I point my browser to https://a.raven.aedas-prev.inercya.com I get the default backend. HA proxy doesn't reverse proxy the request to ravendb-0 service.
What I'm doing wrong? What can I do to make the ingress work?
Pods are running:
haproxy-ingress-8548ff5ff4-9wmxv 1/1 Running 0 137m
ingress-default-backend-b6f678779-9d88r 1/1 Running 0 137m
ravendb-0 1/1 Running 0 137m
ravendb-1 1/1 Running 0 139m
ravendb-2 1/1 Running 0 141m
And services are configured:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
haproxy-ingress LoadBalancer 10.0.166.252 xx.xx.xx.xx 443:30526/TCP,1936:32388/TCP 139m
ingress-default-backend ClusterIP 10.0.102.165 <none> 8080/TCP 139m
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 412d
ravendb ClusterIP None <none> 443/TCP,38888/TCP,161/TCP 411d
ravendb-0 ClusterIP 10.0.193.14 <none> 443/TCP,38888/TCP,161/TCP 411d
ravendb-1 ClusterIP 10.0.156.73 <none> 443/TCP,38888/TCP,161/TCP 411d
ravendb-2 ClusterIP 10.0.53.227 <none> 443/TCP,38888/TCP,161/TCP 411d
I finally figured out what I was missing. I added kubernetes.io/ingress.class: haproxy annotation and problem solved:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ravendb
namespace: default
labels:
app: ravendb
annotations:
ingress.kubernetes.io/ssl-passthrough: "true"
kubernetes.io/ingress.class: haproxy
spec:
rules:
- host: a.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-0
servicePort: 443
path: /
- host: tcp-a.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-0
servicePort: 38888
path: /
- host: b.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-1
servicePort: 443
path: /
- host: tcp-b.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-1
servicePort: 38888
path: /
- host: c.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-2
servicePort: 443
path: /
- host: tcp-c.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-2
servicePort: 38888
path: /
Now HAproxy ingress works as expected, reverse proxying external traffic to internal services.