Installation
Install on premises
This section shows you how to install the HAProxy Enterprise Kubernetes Ingress Controller into your Kubernetes cluster.
Pre-installation checklist Jump to heading
Choose one of the following installation methods:
Install with Helm Jump to heading
-
Add the HAProxy Technologies Helm repository:
nixhelm repo add haproxytech https://haproxytech.github.io/helm-chartsnixhelm repo add haproxytech https://haproxytech.github.io/helm-charts -
Update your list of charts:
nixhelm repo updatenixhelm repo update -
Install the ingress controller, replacing
[KEY]
with your HAProxy Enterprise license key:nixhelm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \--create-namespace \--namespace haproxy-controller \--set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \--set controller.imageCredentials.username=[KEY] \--set controller.imageCredentials.password=[KEY] \--set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \--set controller.image.tag=v1.11nixhelm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \--create-namespace \--namespace haproxy-controller \--set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \--set controller.imageCredentials.username=[KEY] \--set controller.imageCredentials.password=[KEY] \--set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \--set controller.image.tag=v1.11By default, the Helm chart adds
--ingress.class=haproxy
to the ingress controller. That means that it will useIngress
resources only if they specify an annotation ofkubernetes.io/ingress.class: haproxy
. You can disable this by setting--set controller.ingressClass=null
when callinghelm install
.
Install a Specific Version Jump to heading
-
You can use
curl
to list all of the available version tags for the Docker image. Install thejq
utility to format the outputted JSON in a human-readable format:nixcurl -s --user <KEY>:<KEY> https://kubernetes-registry.haproxy.com/v2/hapee-ingress/tags/list | jqnixcurl -s --user <KEY>:<KEY> https://kubernetes-registry.haproxy.com/v2/hapee-ingress/tags/list | jqoutputjson{"name": "hapee-ingress","tags": ["v1.0.0","v1.4.5-ee1",...]}outputjson{"name": "hapee-ingress","tags": ["v1.0.0","v1.4.5-ee1",...]} -
Then, use a specific tag when you call
helm install
:nixhelm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \--create-namespace \--namespace haproxy-controller \--set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \--set controller.imageCredentials.username=<KEY> \--set controller.imageCredentials.password=<KEY> \--set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \--set controller.image.tag=v1.4.5-ee1nixhelm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \--create-namespace \--namespace haproxy-controller \--set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \--set controller.imageCredentials.username=<KEY> \--set controller.imageCredentials.password=<KEY> \--set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \--set controller.image.tag=v1.4.5-ee1
Install with preset NodePort values Jump to heading
By default, the ingress controller creates a Kubernetes service that assigns random NodePort ports. You can see this by calling kubectl get service kubernetes-service
. In the example below, the ingress controller listens on port 30706 for HTTP traffic and 30675 for HTTPS traffic. Port 31441 publishes the HAProxy Stats page.
nix
kubectl get service haproxy-kubernetes-ingress --namespace haproxy-controller
nix
kubectl get service haproxy-kubernetes-ingress --namespace haproxy-controller
outputtext
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEhaproxy-kubernetes-ingress NodePort 10.97.154.7 <none> 80:30706/TCP,443:30675/TCP,1024:31441/TCP 32s
outputtext
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEhaproxy-kubernetes-ingress NodePort 10.97.154.7 <none> 80:30706/TCP,443:30675/TCP,1024:31441/TCP 32s
You can choose specific NodePort ports instead by setting the controller.service.nodePort.http
, controller.service.nodePort.https
, and controller.service.nodePort.stat
Helm chart fields.
nix
helm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \--create-namespace \--namespace haproxy-controller \--set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \--set controller.imageCredentials.username=<KEY> \--set controller.imageCredentials.password=<KEY> \--set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \--set controller.image.tag=latest \--set controller.service.nodePorts.http=30000 \--set controller.service.nodePorts.https=30001 \--set controller.service.nodePorts.stat=30002
nix
helm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \--create-namespace \--namespace haproxy-controller \--set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \--set controller.imageCredentials.username=<KEY> \--set controller.imageCredentials.password=<KEY> \--set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \--set controller.image.tag=latest \--set controller.service.nodePorts.http=30000 \--set controller.service.nodePorts.https=30001 \--set controller.service.nodePorts.stat=30002
Run the ingress controller as a DaemonSet Jump to heading
By default, the ingress controller is installed using a Deployment resource. To use a DaemonSet instead, set the controller.kind
field to DaemonSet and controller.daemonset.useHostPort
to true.
nix
helm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \--create-namespace \--namespace haproxy-controller \--set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \--set controller.imageCredentials.username=<KEY> \--set controller.imageCredentials.password=<KEY> \--set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \--set controller.image.tag=latest \--set controller.kind=DaemonSet \--set controller.daemonset.useHostPort=true
nix
helm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \--create-namespace \--namespace haproxy-controller \--set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \--set controller.imageCredentials.username=<KEY> \--set controller.imageCredentials.password=<KEY> \--set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \--set controller.image.tag=latest \--set controller.kind=DaemonSet \--set controller.daemonset.useHostPort=true
Install with kubectl Jump to heading
-
Download the deployment YAML file (v1.11).
-
Use the
kubectl apply
command to deploy the controller:nixkubectl apply -f haproxy-ingress.hapee.yamlnixkubectl apply -f haproxy-ingress.hapee.yaml -
Use
kubectl create secret
to store your credentials for the private HAProxy Docker registry, replacing KEY with your HAProxy Enterprise license key:nixkubectl create secret docker-registry regcred \--namespace=haproxy-controller \--docker-server=kubernetes-registry.haproxy.com \--docker-username=<KEY> --docker-password=<KEY>nixkubectl create secret docker-registry regcred \--namespace=haproxy-controller \--docker-server=kubernetes-registry.haproxy.com \--docker-username=<KEY> --docker-password=<KEY>outputtextsecret/regcred createdoutputtextsecret/regcred created
Check your installation Jump to heading
Verify that the controller is installed into your Kubernetes cluster by using the command kubectl get pods
:
nix
kubectl get pods --namespace haproxy-controller
nix
kubectl get pods --namespace haproxy-controller
outputtext
NAME READY STATUS RESTARTS AGEhaproxy-kubernetes-ingress-7dd4cc4b-x5fkv 1/1 Running 0 1m
outputtext
NAME READY STATUS RESTARTS AGEhaproxy-kubernetes-ingress-7dd4cc4b-x5fkv 1/1 Running 0 1m
Call kubectl get services
to see which ports were mapped. In this example, port 32063 forwards to port 80 on the ingress controller.
nix
kubectl get services --namespace haproxy-controller
nix
kubectl get services --namespace haproxy-controller
outputtext
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEhaproxy-kubernetes-ingress NodePort 10.104.173.167 <none> 80:30264/TCP,443:31575/TCP,1024:31785/TCP 159m
outputtext
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEhaproxy-kubernetes-ingress NodePort 10.104.173.167 <none> 80:30264/TCP,443:31575/TCP,1024:31785/TCP 159m
Do you have any suggestions on how we can improve the content of this page?