Installation

Install on premises

This section shows you how to install the HAProxy Enterprise Kubernetes Ingress Controller into your Kubernetes cluster.

Pre-installation checklist Jump to heading

  • A running Kubernetes cluster
  • The helm command-line tool
  • The kubectl command-line tool

Choose one of the following installation methods:

Install with Helm Jump to heading

Helm values file

The following examples use --set invocations to configure the ingress controller. When installing with Helm, you can instead use a Helm values file to provide your configuration values. Using a Helm values file can provide for better traceability of configuration changes and reduce the complexity of Helm installation commands.

  1. Add the HAProxy Technologies Helm repository:

    nix
    helm repo add haproxytech https://haproxytech.github.io/helm-charts
    nix
    helm repo add haproxytech https://haproxytech.github.io/helm-charts
  2. Update your list of charts:

    nix
    helm repo update
    nix
    helm repo update
  3. Install the ingress controller, replacing [KEY] with your HAProxy Enterprise license key:

    nix
    helm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \
    --create-namespace \
    --namespace haproxy-controller \
    --set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \
    --set controller.imageCredentials.username=[KEY] \
    --set controller.imageCredentials.password=[KEY] \
    --set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \
    --set controller.image.tag=v1.11
    nix
    helm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \
    --create-namespace \
    --namespace haproxy-controller \
    --set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \
    --set controller.imageCredentials.username=[KEY] \
    --set controller.imageCredentials.password=[KEY] \
    --set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \
    --set controller.image.tag=v1.11

    By default, the Helm chart adds --ingress.class=haproxy to the ingress controller. That means that it will use Ingress resources only if they specify an annotation of kubernetes.io/ingress.class: haproxy. You can disable this by setting --set controller.ingressClass=null when calling helm install.

Install a Specific Version Jump to heading

  1. You can use curl to list all of the available version tags for the Docker image. Install the jq utility to format the outputted JSON in a human-readable format:

    nix
    curl -s --user <KEY>:<KEY> https://kubernetes-registry.haproxy.com/v2/hapee-ingress/tags/list | jq
    nix
    curl -s --user <KEY>:<KEY> https://kubernetes-registry.haproxy.com/v2/hapee-ingress/tags/list | jq
    output
    json
    {
    "name": "hapee-ingress",
    "tags": [
    "v1.0.0",
    "v1.4.5-ee1",
    ...
    ]
    }
    output
    json
    {
    "name": "hapee-ingress",
    "tags": [
    "v1.0.0",
    "v1.4.5-ee1",
    ...
    ]
    }
  2. Then, use a specific tag when you call helm install:

    nix
    helm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \
    --create-namespace \
    --namespace haproxy-controller \
    --set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \
    --set controller.imageCredentials.username=<KEY> \
    --set controller.imageCredentials.password=<KEY> \
    --set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \
    --set controller.image.tag=v1.4.5-ee1
    nix
    helm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \
    --create-namespace \
    --namespace haproxy-controller \
    --set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \
    --set controller.imageCredentials.username=<KEY> \
    --set controller.imageCredentials.password=<KEY> \
    --set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \
    --set controller.image.tag=v1.4.5-ee1

Install with preset NodePort values Jump to heading

By default, the ingress controller creates a Kubernetes service that assigns random NodePort ports. In the example below, the ingress controller listens on port 30706 for HTTP traffic and 30675 for HTTPS traffic. Port 31441 publishes the HAProxy Stats page.

nix
kubectl get service haproxy-kubernetes-ingress --namespace haproxy-controller
nix
kubectl get service haproxy-kubernetes-ingress --namespace haproxy-controller
output
text
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
haproxy-kubernetes-ingress NodePort 10.97.154.7 <none> 80:30706/TCP,443:30675/TCP,1024:31441/TCP 32s
output
text
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
haproxy-kubernetes-ingress NodePort 10.97.154.7 <none> 80:30706/TCP,443:30675/TCP,1024:31441/TCP 32s

You can choose specific NodePort ports instead by setting the controller.service.nodePort.http, controller.service.nodePort.https, and controller.service.nodePort.stat Helm chart fields.

nix
helm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \
--create-namespace \
--namespace haproxy-controller \
--set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \
--set controller.imageCredentials.username=<KEY> \
--set controller.imageCredentials.password=<KEY> \
--set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \
--set controller.image.tag=latest \
--set controller.service.nodePorts.http=30000 \
--set controller.service.nodePorts.https=30001 \
--set controller.service.nodePorts.stat=30002
nix
helm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \
--create-namespace \
--namespace haproxy-controller \
--set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \
--set controller.imageCredentials.username=<KEY> \
--set controller.imageCredentials.password=<KEY> \
--set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \
--set controller.image.tag=latest \
--set controller.service.nodePorts.http=30000 \
--set controller.service.nodePorts.https=30001 \
--set controller.service.nodePorts.stat=30002

Run the ingress controller as a DaemonSet Jump to heading

By default, the ingress controller is installed using a Deployment resource. To use a DaemonSet instead, set the controller.kind field to DaemonSet and controller.daemonset.useHostPort to true.

nix
helm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \
--create-namespace \
--namespace haproxy-controller \
--set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \
--set controller.imageCredentials.username=<KEY> \
--set controller.imageCredentials.password=<KEY> \
--set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \
--set controller.image.tag=latest \
--set controller.kind=DaemonSet \
--set controller.daemonset.useHostPort=true
nix
helm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \
--create-namespace \
--namespace haproxy-controller \
--set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \
--set controller.imageCredentials.username=<KEY> \
--set controller.imageCredentials.password=<KEY> \
--set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \
--set controller.image.tag=latest \
--set controller.kind=DaemonSet \
--set controller.daemonset.useHostPort=true

Install with kubectl Jump to heading

  1. Download the deployment YAML file (v1.11).

    Other versions
  2. Use the kubectl apply command to deploy the controller:

    nix
    kubectl apply -f haproxy-ingress.hapee.yaml
    nix
    kubectl apply -f haproxy-ingress.hapee.yaml
  3. Use kubectl create secret to store your credentials for the private HAProxy Docker registry, replacing KEY with your HAProxy Enterprise license key:

    nix
    kubectl create secret docker-registry regcred --namespace=haproxy-controller --docker-server=kubernetes-registry.haproxy.com --docker-username=<KEY> --docker-password=<KEY>
    nix
    kubectl create secret docker-registry regcred --namespace=haproxy-controller --docker-server=kubernetes-registry.haproxy.com --docker-username=<KEY> --docker-password=<KEY>
    output
    text
    secret/regcred created
    output
    text
    secret/regcred created

Check your installation Jump to heading

Verify that the controller is installed into your Kubernetes cluster by using the command kubectl get pods:

nix
kubectl get pods --namespace haproxy-controller
nix
kubectl get pods --namespace haproxy-controller
output
text
NAME READY STATUS RESTARTS AGE
haproxy-kubernetes-ingress-7dd4cc4b-x5fkv 1/1 Running 0 1m
output
text
NAME READY STATUS RESTARTS AGE
haproxy-kubernetes-ingress-7dd4cc4b-x5fkv 1/1 Running 0 1m

Call kubectl get services to see which ports were mapped. In this example, port 32063 forwards to port 80 on the ingress controller.

nix
kubectl get services --namespace haproxy-controller
nix
kubectl get services --namespace haproxy-controller
output
text
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
haproxy-kubernetes-ingress NodePort 10.104.173.167 <none> 80:30264/TCP,443:31575/TCP,1024:31785/TCP 159m
output
text
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
haproxy-kubernetes-ingress NodePort 10.104.173.167 <none> 80:30264/TCP,443:31575/TCP,1024:31785/TCP 159m

Do you have any suggestions on how we can improve the content of this page?