0

Hi I was able to configure the haproxy ingress for a custom TCP port (RabbitMQ), using helm with custom values:

# ha-values.yaml
controller:
  ingressClass: haproxy
  config:
    whitelist-source-range: 251.161.180.161
    # use-proxy-protocol: "true"
  # TCP service key:value pairs
  # <port>: <namespace>/<servicename>:<portnumber>[:[<in-proxy>][:<out-proxy>]]
  # https://haproxy-ingress.github.io/docs/configuration/command-line/#tcp-services-configmap
  tcp:
    15672: "default/rabbitmq-bugs:15672"
    5672: "default/rabbitmq-bugs:5672"

Installed helm with

helm install haproxy-ingress haproxy-ingress/haproxy-ingress \
  --create-namespace --namespace=ingress-controller \
  --values yaml/ha-values.yaml

I published on Digital Ocean, so a LoadBalancer was started, and the port 15672 correctly forwaded to the internal rabbitmq kubernetes service.

I was not able to make the whitelist option works. The service was always reachable. I also try enabling proxy protocol on both load balancer and haproxy, but still the whitelist didn't take place.

Seems like the whitelist option doesn't work for TCP filtering. Has anyone succeded in make a custom TCP port whitelisting? Thanks.

StefanoV
  • 485
  • 1
  • 4
  • 9
  • 1
    whitelist is only applied to the backends generated via ingress resources. currently there is no way to customize a tcp backend, but you can however use [config-defaults](https://haproxy-ingress.github.io/docs/configuration/keys/#configuration-snippet) and add a manual `tcp-request` keyword there. the tcp backend will honor such configuration. EDIT note however this is a global config which will only make sense if you don't have other services that would be impacted behind this ingress. – Joao Morais Jan 15 '21 at 15:08
  • Thanks Morais, i consider your comment a valid answer. Just to talk: it would be nice to be able to inject a config snippet also in custom section of the haproxy config file. In this case I would be able to inject it in the 'backend rabbit' section to scope to it – StefanoV Jan 18 '21 at 06:40

0 Answers0