WIP: Add HAProxy Ingress support #228
Conversation
|
Any comment here? |
|
@munnerz @simonswine Any idea whether this will be reviewed anytime soon? This will help quite a lot of people who want to use haproxy instead of nginx. Thanks |
|
This looks good to me, although I've not had a chance to properly test it myself. We do have e2e tests for the nginx implementation, although given how much of the codepath is shared I'm not sure we need it right now for HAProxy too. If you could update the documentation and add some YAML examples, I'm happy to accept this 😄 |
|
PR updated with some docs. |
| spec: | ||
| containers: | ||
| - name: kube-lego | ||
| image: jetstack/kube-lego:0.1.6 |
There was a problem hiding this comment.
For now I think we should replace 0.1.6 with canary, and perhaps add a comment explaining that HAProxy support isn't in a cut release yet.
Before we actually cut a release, we usually like to see success/become familiar with bug reports from users of the :canary tag using the new feature. After a few weeks I'll then cut a 0.1.6 release 😄
There was a problem hiding this comment.
For now I think we should replace 0.1.6 with canary, and perhaps add a comment explaining that HAProxy support isn't in a cut release yet.
Makes sense. Just changed the tag.
|
All looks good to me - I need to stand up a test cluster and verify all is working, and if so I'm happy to merge! |
jcmoraisjr
force-pushed
the
jm-haproxy-lego
branch
from
02f22d1 to
3505aff
Compare
|
@jcmoraisjr is it possible for the pull request be submitted against cert-manager too :). Since @munnerz mentioned that this project will be deprecated at some point of time |
|
@jcmoraisjr I've raised a separate ticket here instead |
|
@thekalinga cert-manager does not depend directly on any particular ingress controller implementation, so should already work with HAProxy. Again though, I've not tested, so I'd be very interested to hear your results! |
jcmoraisjr
force-pushed
the
jm-haproxy-lego
branch
from
3505aff to
ad7c8a6
Compare
|
Would it be possible to make it work without the DEFAULT_INGRESS_CLASS setting? I have a bunch of ingresses still on nginx, so I tried having the default still be that, but use SUPPORTED_INGRESS_CLASS (and PROVIDER) to include haproxy ("haproxy,nginx"). However the kube ingress gets setup with which of course don't get picked up by haproxy then. If I change the default class to haproxy it works here, but not for nginx. I'm using a build of kube-lego with this patch, IPv6 support and the "Cache-Control: no-cache" changes I put in another pull request. The image is available at |
|
@munnerz what about this PR? I'm aware about cert-manager but we are still using the patched kube-lego on some clusters. |
|
@munnerz re: #228 (comment) |
Use LEGO_WAIT_CHALLENGE_URL to wait a new /.well… url to be applied if for any reason the url itself cannot be reached by kube-lego.
|
Thanks for your pull request. Before we can look at it, you'll need to add a 'DCO signoff' to your commits. 📝 Please follow instructions in the contributing guide to update your commits with the DCO Full details of the Developer Certificate of Origin can be found at developercertificate.org. The list of commits missing DCO signoff:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: If they are not already assigned, you can assign the PR to them by writing The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This is a starting version of an attempt to support HAProxy Ingress.
Some known missing pieces:
genericThere is an image at
quay.io/jcmoraisjr/kube-lego:1.6-devwith this PR. Need to declareLEGO_DEFAULT_INGRESS_CLASS=haproxyenv var in order to use with HAProxy.