Install on Amazon EKS

Install HAProxy Enterprise Kubernetes Ingress Controller on AWS EKS using an HAProxy Enterprise license key

This section shows you how to install the HAProxy Enterprise Kubernetes Ingress Controller in Amazon Elastic Kubernetes Service using a license key acquired from HAProxy Technologies (not an Amazon Marketplace subscription).

The procedure should take approximately 15 minutes to complete.

Pre-installation checklist Jump to heading

Ensure you have met the following requirements before installing:

Connect to your EKS cluster Jump to heading

Follow these steps to connect to your EKS cluster:

  1. Register for your HAProxy Enterprise license key by requesting a free trial. You will use this to access the HAProxy Technologies container registry.

  2. If you do not already have an access key for your AWS account, create a new one:

    • From the AWS Console, expand your account menu, located in the upper right, and select Security credentials.
    • On the My security credentials page, go to the Access keys section and create a new access key. This will give you an Access Key ID and Secret Access key. Store these somewhere so that you have them later.
  3. On your local workstation, configure the AWS CLI to connect to your AWS account by creating a profile via the aws configure command. This will prompt you for your access key and secret access key.

    nix
    aws configure
    nix
    aws configure

    Learn more about profiles.

  4. Connect to your Kubernetes cluster using the AWS CLI. This will create a ~/.kube/config file:

    nix
    aws eks update-kubeconfig --region [Your region] --name [Your cluster name]
    nix
    aws eks update-kubeconfig --region [Your region] --name [Your cluster name]

    For example:

    nix
    aws eks update-kubeconfig --region us-east-1 --name example-cluster
    nix
    aws eks update-kubeconfig --region us-east-1 --name example-cluster
  5. Check that you can access the cluster by calling kubectl get pods:

    nix
    kubectl get pods
    nix
    kubectl get pods

    If your cluster is new it may not have any resources:

    output
    text
    No resources found in default namespace.
    output
    text
    No resources found in default namespace.

Install Jump to heading

Choose one of the following installation methods:

Install with Helm Jump to heading

Helm values file

The following example uses --set invocations to configure the ingress controller. When installing with Helm, you can instead use a Helm values file to provide your configuration values. Using a Helm values file can provide for better traceability of configuration changes and reduce the complexity of Helm installation commands.

  1. Add the HAProxy Technologies Helm repository:

    nix
    helm repo add haproxytech https://haproxytech.github.io/helm-charts
    nix
    helm repo add haproxytech https://haproxytech.github.io/helm-charts
  2. Update your list of charts:

    nix
    helm repo update
    nix
    helm repo update
  3. Install the v1.11 version of the ingress controller, replacing <KEY> with your HAProxy Enterprise license key:

    nix
    helm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \
    --create-namespace \
    --namespace haproxy-controller \
    --set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \
    --set controller.imageCredentials.username=<KEY> \
    --set controller.imageCredentials.password=<KEY> \
    --set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \
    --set controller.image.tag=v1.11 \
    --set controller.service.type=LoadBalancer
    nix
    helm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \
    --create-namespace \
    --namespace haproxy-controller \
    --set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \
    --set controller.imageCredentials.username=<KEY> \
    --set controller.imageCredentials.password=<KEY> \
    --set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \
    --set controller.image.tag=v1.11 \
    --set controller.service.type=LoadBalancer

    This will create an EC2 Classic Load Balancer that routes traffic to the ingress controller service. You can find its DNS name by going to the EC2 Dashboard and viewing Load Balancing > Load Balancers, then selecting the load balancer.

    By default, the Helm chart adds --ingress.class=haproxy to the ingress controller. That means that it will use Ingress resources only if they specify an annotation of kubernetes.io/ingress.class: haproxy. You can disable this by setting --set controller.ingressClass=null when calling helm install.

Install with kubectl Jump to heading

  1. Download the deployment YAML file (v1.11).

    Other versions
  2. Edit the haproxy-ingress Service object in the YAML file, setting its type field to LoadBalancer:

    haproxy-ingress.hapee.yaml
    yaml
    apiVersion: v1
    kind: Service
    metadata:
    labels:
    run: haproxy-ingress
    name: haproxy-ingress
    namespace: haproxy-controller
    spec:
    selector:
    run: haproxy-ingress
    type: LoadBalancer
    haproxy-ingress.hapee.yaml
    yaml
    apiVersion: v1
    kind: Service
    metadata:
    labels:
    run: haproxy-ingress
    name: haproxy-ingress
    namespace: haproxy-controller
    spec:
    selector:
    run: haproxy-ingress
    type: LoadBalancer
  3. Use the kubectl apply command to deploy the controller:

    nix
    kubectl apply -f haproxy-ingress.hapee.yaml
    nix
    kubectl apply -f haproxy-ingress.hapee.yaml

    This will create an EC2 Classic Load Balancer that routes traffic to the ingress controller service.

  4. Use kubectl create secret to store your credentials for the private HAProxy Docker registry, replacing KEY with your HAProxy Enterprise license key:

    nix
    kubectl create secret docker-registry regcred --namespace=haproxy-controller --docker-server=kubernetes-registry.haproxy.com --docker-username=<KEY> --docker-password=<KEY>
    nix
    kubectl create secret docker-registry regcred --namespace=haproxy-controller --docker-server=kubernetes-registry.haproxy.com --docker-username=<KEY> --docker-password=<KEY>
    output
    text
    secret/regcred created
    output
    text
    secret/regcred created

Check your installation Jump to heading

Verify that the controller is installed into your Kubernetes cluster by using the command kubectl get pods:

nix
kubectl get pods --namespace haproxy-controller
nix
kubectl get pods --namespace haproxy-controller
output
text
NAME READY STATUS RESTARTS AGE
haproxy-kubernetes-ingress-7dd4cc4b-x5fkv 1/1 Running 0 1m
output
text
NAME READY STATUS RESTARTS AGE
haproxy-kubernetes-ingress-7dd4cc4b-x5fkv 1/1 Running 0 1m

Get the External IP, which you can use to access your cluster:

nix
kubectl get services --namespace haproxy-controller
nix
kubectl get services --namespace haproxy-controller
output
text
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
haproxy-kubernetes-ingress LoadBalancer 10.104.173.167 a1234-5678-9012.us-east-2.elb.amazonaws.com 80:30264/TCP,443:31575/TCP,1024:31785/TCP 157m
output
text
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
haproxy-kubernetes-ingress LoadBalancer 10.104.173.167 a1234-5678-9012.us-east-2.elb.amazonaws.com 80:30264/TCP,443:31575/TCP,1024:31785/TCP 157m

Do you have any suggestions on how we can improve the content of this page?