0

I need to scrape a Prometheus exporter running in a pod. It runs on port 9098, the exporter is working fine and i can manually scrape it from the host it is running on. The issue is with the ingress. I am trying to get the ingress to allow outside scraping on port 9098 (it is http and TCP). Here is my ingress yaml.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    ingress.kubernetes.io/balance-algorithm: roundrobin
    ingress.kubernetes.io/maxconn-server: "10"
    ingress.kubernetes.io/ssl-redirect: "false"
  name: ingress-ecobee-exporter
  namespace: monitoring
spec:
  rules:
  - host: mysupercool.domain.name
    http:
      paths:
      - path: /
        backend:
          serviceName: ecobee-exporter-service
          servicePort: 9098

I have specified port 9098 to work in the containers/ports section of my haproxy-ingress.yaml. And i can see the "load balancer" in the haproxy stats page, but the hosts never listen on port 9098 to redirect the traffic.

Thanks, Sean

DisappointedByUnaccountableMod
  • 6,656
  • 4
  • 18
  • 22
Sean Iffland
  • 29
  • 6
  • 1
    you mean the haproxy itself listening 9098? you should use [tcp-service](https://haproxy-ingress.github.io/docs/configuration/command-line/#tcp-services-configmap) instead. Otherwise you can use `mysupercool.domain.name:80/443` which haproxy is listening and know how to send the requests to your backend. – Joao Morais Jun 16 '20 at 14:36
  • I added it to my tcp-services (I already had it in place for memcached). I just assumed TCP services was for non http/https services. So I didn't need an ingress file and it is forwarded directly to the service. – Sean Iffland Jun 17 '20 at 16:43
  • 1
    `tcp` in the haproxy perspective and listening on an arbitrary port. Since http work over tcp, you can use it to expose http services as well. – Joao Morais Jun 17 '20 at 17:14

1 Answers1

1

HAProxy Ingress uses ingress objects to exposes http services in the bind configured port; doc here. The configured servicePort has the port name or number of the internal service, which does not reflect in the haproxy's listening ports. TLS's sni extension is used here to choose a certificate to start the handshake if using https. The http Host header is used to choose an ingress' hostname. That said, you should probably connect to the exporter using http://mysupercool.domain.name - provided that this domains resolves to your ingress and this is the only path matching / in this domain.

tcp-service on the other hand exposes any tcp based services, http/s included, on any arbitrary port number. There is no sni or Host header reading - this is a plain L4 TCP proxy. Special care should be taken here: haproxy won't complain if a port number is reused. In this case the kernel will load balance new requests between every conflicting port.

Joao Morais
  • 1,885
  • 13
  • 20
  • I missed the bind configured port in the docs, after the explanation and link I understand this completely. I have been using haproxy for many years, I just have to adjust to a little different way of thinking. – Sean Iffland Jun 17 '20 at 20:10