Search code examples
kuberneteshaproxy-ingress

Haproxy ingress controller

I have installed ingress controller via helm as a daemonset. I have configured the ingress as follows:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: webapp-ingress
  namespace: rcc
  annotations:
    haproxy.org/check: 'true'
    haproxy.org/check-http: /serviceCheck
    haproxy.org/check-interval: 5s
    haproxy.org/cookie-persistence: SERVERID
    haproxy.org/forwarded-for: 'true'
    haproxy.org/load-balance: leastconn
    kubernetes.io/ingress.class: haproxy
spec:
  rules:
    - host: example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: webapp-frontend
                port:
                  number: 8080

kubectl get ingress -n rcc
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
NAME            CLASS    HOSTS                    ADDRESS          PORTS   AGE
webapp-ingress   <none>   example.com   10.110.186.170   80      11h

The type chosen was loadbalancer. I can ping from any node the ip address of the ingress on port 80 also can curl it just fine. I can also browse any of the ingress pods ip address from the node just fine. But when I browse the node ip o port 80 I get connection refused. Anything that I am missing here?

Solution

  • I installed last haproxy ingress which is 0.13.4 version using helm.

    By default it's installed with LoadBalancer service type:

    $ kubectl get svc -n ingress-haproxy

NAME              TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
haproxy-ingress   LoadBalancer   10.102.166.149   <pending>     80:30312/TCP,443:32524/TCP   3m45s

    Since I have the same kubeadm cluster, EXTERNAL-IP will be pending. And as you correctly mentioned in question, CLUSTER-IP is accessible on the nodes when cluster is set up using kubeadm.

    There are two options how to access your ingress:

    1. Using NodePort:

    From output above there's a NodePort 30312 for internally exposed port 80. Therefore from outside the cluster it should be accessed by Node_IP:NodePort:

    curl NODE_IP:30312 -IH "Host: example.com"
HTTP/1.1 200 OK
    1. Set up metallb:

    Follow installation guide and second step is to configure metallb. I use layer 2. Be careful to assign not used ip range!

    After I installed and set up the metallb, my haproxy has EXTERNAL-IP now:

    $ kubectl get svc -n ingress-haproxy

NAME              TYPE           CLUSTER-IP       EXTERNAL-IP    PORT(S)                      AGE
haproxy-ingress   LoadBalancer   10.102.166.149   172.16.1.241   80:30312/TCP,443:32524/TCP   10m

    And now I can access ingress by EXTERNAL-IP on port 80:

    curl 172.16.1.241 -IH "Host: example.com"
HTTP/1.1 200 OK

    Useful to read: