|
| 1 | +# Secondary HAProxy config file |
| 2 | + |
| 3 | +The ingress controller supports loading a secondary HAProxy configuration file where you can define additional sections such as resolvers, cache, etc |
| 4 | + |
| 5 | +The main configuration file, haproxy.cfg, which is generated by the ingress controller, reflects the state of services and ingress resources within your Kubernetes cluster. The secondary configuration file is loaded alongside it, but remains completely under your control. |
| 6 | + |
| 7 | +There are two main reasons to use the secondary configuration file: |
| 8 | +- Configure anything not supported by Ingress Controller annotations |
| 9 | +- Provide a stepping stone for migrating a legacy HAProxy config into one compatible with the HAProxy Kubernetes Ingress Controller. |
| 10 | + |
| 11 | +The secondary HAProxy config is expected to be mounted in `/etc/haproxy/haproxy-aux.cfg` and Ingress Controller will monitor this file and reload haproxy when the file is updated. |
| 12 | + |
| 13 | +## Example: DNS runtime resolution |
| 14 | + |
| 15 | +In the following example, we define a secondary config file in order to configure runtime DNS resolution in HAProxy by creating a [resolvers section](https://www.haproxy.com/documentation/hapee/2-3r1/onepage/#5.3.2) named *mydns*. |
| 16 | +DNS resolution at Runtime can be useful to handle kubernetes services of type [ExternalName](https://kubernetes.io/docs/concepts/services-networking/service/#externalname) or any other context where you want to target services by their DNS name. |
| 17 | + |
| 18 | +### Loading config file |
| 19 | +First, create a file named */tmp/haproxy-aux.cfg* in your local system and add a resolvers section to it, as shown in the following example configuration: |
| 20 | +``` |
| 21 | +resolvers mydns |
| 22 | + nameserver local 127.0.0.1:53 |
| 23 | + nameserver google 8.8.8.8:53 |
| 24 | +``` |
| 25 | + |
| 26 | +Next, load the file into a ConfigMap: |
| 27 | +```bash |
| 28 | +$ kubectl create configmap haproxy-aux-cfg --from-file /tmp/haproxy-aux.cfg |
| 29 | + |
| 30 | +configmap/haproxy-aux-cfg created |
| 31 | +``` |
| 32 | + |
| 33 | +Then mount the ConfigMap as a volume in the ingress controller pod by editing the pod YAML installation manifest to add **volumeMounts** and **volumes**. |
| 34 | +The target mount location should be **/etc/haproxy/haproxy-aux.cfg** : |
| 35 | +``` |
| 36 | +containers: |
| 37 | + - name: haproxy-ingress |
| 38 | + image: haproxytech/kubernetes-ingress:latest |
| 39 | + volumeMounts: |
| 40 | + - name: haproxy-cfg-vol |
| 41 | + mountPath: /etc/haproxy/haproxy-aux.cfg |
| 42 | + volumes: |
| 43 | + - name: haproxy-cfg-vol |
| 44 | + configMap: |
| 45 | + name: haproxy-aux-cfg |
| 46 | +``` |
| 47 | + |
| 48 | +The resolvers section can then be referenced for example in the haproxy [default-server](https://www.haproxy.com/documentation/hapee/2-3r1/onepage/#5) directive via a [backend-config-snippet](./README.md#backend-config-snippet): |
| 49 | +``` |
| 50 | +backend-config-snippet: default-server init-addr none resolvers mydns |
| 51 | +``` |
| 52 | +This sets the default DNS resolution behavior for resolving the IP addresses of backend services: |
| 53 | +- They should start in a down state without any valid IP. |
| 54 | +- They should use resolvers from the mydns section. |
| 55 | + |
| 56 | +### Updating config file |
| 57 | +If you want to update the secondary config you will need to: |
| 58 | +1. Edit the config file |
| 59 | +2. Replace the ConfigMap: |
| 60 | +```bash |
| 61 | +$ kubectl create configmap haproxy-aux-cfg --from-file /tmp/haproxy-aux.cfg -o yaml --dry-run | kubectl replace -f - |
| 62 | +configmap/haproxy-aux-cfg replaced |
| 63 | +``` |
| 64 | +After few seconds kubernetes will notice the updated ConfigMap and updates the mounted volume accordingly which will make Ingress Controller reload haproxy to take into account the new config file. |
| 65 | + |
0 commit comments