K8s service with internalTrafficPolicy: Local

balboah · June 11, 2024, 12:53pm

Hello,

First time using haproxy as an ingress for kubernetes.
Everything works great, except that it does not seem to respect internalTrafficPolicy: Local for services.

Looking at the haproxy.cfg, I realized it’s resolving the pod IPs instead of using the clusterIP, which explains why the k8s network policy will not work.

Is there a way to disable the resolving of pod IPs for the backend config so that k8s does the routing?
For example, when the ingress specifies backend service foobar, I want the haproxy.cfg to configure backend server <cluster-ip> instead of backend server <pod ip>.

Alternatively if there’s a way to resolve the correct (local node) pod ips

balboah · June 12, 2024, 12:14pm

For anyone interested, I worked around the issue like this for now.

apiVersion: v1
kind: Service
metadata:
  labels:
    app: foobar
  name: foobar-haproxy
spec:
  clusterIP: "None"
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: 80
---
apiVersion: v1
kind: Endpoints
metadata:
  name: foobar-haproxy
subsets:
  - addresses:
      - ip: <original service IP>
    ports:
      - port: 80
        protocol: TCP
        name: http

This way, the haproxy will configure its service to point to the original service IP instead of the pod IPs, now local traffic policy works.

Would be great if there was a native way to obey the internalTrafficPolicy though

Topic		Replies	Views
HAProxy kubernetes rewrite-targets not taking effect Help!	6	950	February 7, 2023
Cannot access kubernetes service with haproxy-ingress Help!	6	940	January 24, 2023
Haproxy and Nginx or any other ingress controller Help!	0	168	April 16, 2024
Consistent hash and server-template via dns resolver Help!	3	1507	May 3, 2021
Need source client IP in Haproxy Help!	0	402	February 17, 2022

K8s service with internalTrafficPolicy: Local

Related Topics