跳到主要内容

HAProxy Ingress

haproxytech ingress

  • 前缀: ingress.kubernetes.io, haproxy.org, haproxy.com
  • 配置继承关系: default <- Configmap <- Ingress <- Service
  • annotation
  • logging
annotationdefaultnote
ssl-passthroughfalse透传 SSL
ssl-redirectfalseHTTP -> HTTPS
server-sslfalse后端 HTTPS
forwarded-fortrue
backend-config-snippet
path-rewrite
send-proxy-protocolproxy,proxy-v1,proxy-v2,proxy-v2-ssl,proxy-v2-ssl-cn
whitelist
# 等同于 nginx-ingress backend-protocol HTTPS
# 等同于 nginx proxy_ssl_verify off;
# HAProxy ssl verify none
haproxy.org/server-ssl: 'true'
configmapdefaultnote
scale-server-slots42生成的 server 个数
global-config-snippet
frontend-config-snippet
stats-config-snippet
proxy-protocolIPs or CIDRs
syslog-server
  • proxy-protocol
    • 接受的 PROXY 客户端来源
    • 0.0.0.0/0 允许所有
controllerdefault
--default-backend-servicee.g. nginx-ingress
--default-ssl-certificate

Trouableshooting

cat /etc/haproxy/haproxy.cfg | grep -v disabled

ls /etc/haproxy/maps
# host.map path-exact.map path-prefix.map sni.map