K8s service with internalTrafficPolicy: Local

balboah · June 11, 2024, 12:53pm

Hello,

First time using haproxy as an ingress for kubernetes.
Everything works great, except that it does not seem to respect internalTrafficPolicy: Local for services.

Looking at the haproxy.cfg, I realized it’s resolving the pod IPs instead of using the clusterIP, which explains why the k8s network policy will not work.

Is there a way to disable the resolving of pod IPs for the backend config so that k8s does the routing?
For example, when the ingress specifies backend service foobar, I want the haproxy.cfg to configure backend server <cluster-ip> instead of backend server <pod ip>.

Alternatively if there’s a way to resolve the correct (local node) pod ips

balboah · June 12, 2024, 12:14pm

For anyone interested, I worked around the issue like this for now.

apiVersion: v1
kind: Service
metadata:
  labels:
    app: foobar
  name: foobar-haproxy
spec:
  clusterIP: "None"
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: 80
---
apiVersion: v1
kind: Endpoints
metadata:
  name: foobar-haproxy
subsets:
  - addresses:
      - ip: <original service IP>
    ports:
      - port: 80
        protocol: TCP
        name: http

This way, the haproxy will configure its service to point to the original service IP instead of the pod IPs, now local traffic policy works.

Would be great if there was a native way to obey the internalTrafficPolicy though

Topic		Replies	Views
Route Subdomains Using Internal DNS Help!	0	13	November 14, 2024
Haproxy on AKS and SSL issue Help!	0	194	April 12, 2023
Cannot access kubernetes service with haproxy-ingress Help!	6	1086	January 24, 2023
Haproxy with ingress Help!	1	679	August 18, 2024
HAProxy kubernetes rewrite-targets not taking effect Help!	6	1145	February 7, 2023

K8s service with internalTrafficPolicy: Local

Related topics