Installation

Install on premises

On this page

This section shows you how to install the HAProxy Enterprise Kubernetes Ingress Controller into your Kubernetes cluster.

Pre-installation checklist Jump to heading

  • A running Kubernetes cluster
  • The helm command-line tool
  • The kubectl command-line tool

Choose one of the following installation methods:

Install with Helm Jump to heading

  1. Add the HAProxy Technologies Helm repository:

    bash
    helm repo add haproxytech https://haproxytech.github.io/helm-charts
    bash
    helm repo add haproxytech https://haproxytech.github.io/helm-charts

  2. Update your list of charts:

    bash
    helm repo update
    bash
    helm repo update

  3. Install the ingress controller, replacing [KEY] with your HAProxy Enterprise license key:

    bash
    helm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \
      --create-namespace \
      --namespace haproxy-controller \
      --set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \
      --set controller.imageCredentials.username=[KEY] \
      --set controller.imageCredentials.password=[KEY] \
      --set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \
      --set controller.image.tag=v1.9
    bash
    helm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \
      --create-namespace \
      --namespace haproxy-controller \
      --set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \
      --set controller.imageCredentials.username=[KEY] \
      --set controller.imageCredentials.password=[KEY] \
      --set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \
      --set controller.image.tag=v1.9

    By default, the Helm chart adds --ingress.class=haproxy to the ingress controller. That means that it will use Ingress resources only if they specify an annotation of kubernetes.io/ingress.class: haproxy. You can disable this by setting --set controller.ingressClass=null when calling helm install.

Install a Specific Version Jump to heading

  1. You can use curl to list all of the available version tags for the Docker image. Install the jq utility to format the outputted JSON in a human-readable format:

    bash
    curl -s --user <KEY>:<KEY> https://kubernetes-registry.haproxy.com/v2/hapee-ingress/tags/list | jq
    bash
    curl -s --user <KEY>:<KEY> https://kubernetes-registry.haproxy.com/v2/hapee-ingress/tags/list | jq
    output
    json
    {
    "name": "hapee-ingress",
    "tags": [
       "v1.0.0",
       "v1.4.5-ee1",
       ...
      ]
    }
    output
    json
    {
    "name": "hapee-ingress",
    "tags": [
       "v1.0.0",
       "v1.4.5-ee1",
       ...
      ]
    }

  2. Then, use a specific tag when you call helm install:

    bash
    helm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \
      --create-namespace \
      --namespace haproxy-controller \
      --set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \
      --set controller.imageCredentials.username=<KEY> \
      --set controller.imageCredentials.password=<KEY> \
      --set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \
      --set controller.image.tag=v1.4.5-ee1
    bash
    helm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \
      --create-namespace \
      --namespace haproxy-controller \
      --set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \
      --set controller.imageCredentials.username=<KEY> \
      --set controller.imageCredentials.password=<KEY> \
      --set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \
      --set controller.image.tag=v1.4.5-ee1

Install with preset NodePort values Jump to heading

By default, the ingress controller creates a Kubernetes service that assigns random NodePort ports. You can see this by calling kubectl get service kubernetes-service. In the example below, the ingress controller listens on port 30706 for HTTP traffic and 30675 for HTTPS traffic. Port 31441 publishes the HAProxy Stats page.

bash
kubectl get service haproxy-kubernetes-ingress --namespace haproxy-controller
bash
kubectl get service haproxy-kubernetes-ingress --namespace haproxy-controller
output
bash
NAME                         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                                     AGE
haproxy-kubernetes-ingress   NodePort    10.97.154.7      <none>        80:30706/TCP,443:30675/TCP,1024:31441/TCP   32s
output
bash
NAME                         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                                     AGE
haproxy-kubernetes-ingress   NodePort    10.97.154.7      <none>        80:30706/TCP,443:30675/TCP,1024:31441/TCP   32s

You can choose specific NodePort ports instead by setting the controller.service.nodePort.http, controller.service.nodePort.https, and controller.service.nodePort.stat Helm chart fields.

bash
helm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \
  --create-namespace \
  --namespace haproxy-controller \
  --set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \
  --set controller.imageCredentials.username=<KEY> \
  --set controller.imageCredentials.password=<KEY> \
  --set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \
  --set controller.image.tag=latest \
  --set controller.service.nodePorts.http=30000 \
  --set controller.service.nodePorts.https=30001 \
  --set controller.service.nodePorts.stat=30002
bash
helm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \
  --create-namespace \
  --namespace haproxy-controller \
  --set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \
  --set controller.imageCredentials.username=<KEY> \
  --set controller.imageCredentials.password=<KEY> \
  --set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \
  --set controller.image.tag=latest \
  --set controller.service.nodePorts.http=30000 \
  --set controller.service.nodePorts.https=30001 \
  --set controller.service.nodePorts.stat=30002

Run the ingress controller as a DaemonSet Jump to heading

By default, the ingress controller is installed using a Deployment resource. To use a DaemonSet instead, set the controller.kind field to DaemonSet and controller.daemonset.useHostPort to true.

bash
helm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \
  --create-namespace \
  --namespace haproxy-controller \
  --set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \
  --set controller.imageCredentials.username=<KEY> \
  --set controller.imageCredentials.password=<KEY> \
  --set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \
  --set controller.image.tag=latest \
  --set controller.kind=DaemonSet \
  --set controller.daemonset.useHostPort=true
bash
helm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \
  --create-namespace \
  --namespace haproxy-controller \
  --set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \
  --set controller.imageCredentials.username=<KEY> \
  --set controller.imageCredentials.password=<KEY> \
  --set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \
  --set controller.image.tag=latest \
  --set controller.kind=DaemonSet \
  --set controller.daemonset.useHostPort=true

Install with kubectl Jump to heading

  1. Use the kubectl apply command to deploy the controller:

    bash
    kubectl apply -f https://www.haproxy.com/documentation/kubernetes/1.8/haproxy-ingress.hapee.yaml
    bash
    kubectl apply -f https://www.haproxy.com/documentation/kubernetes/1.8/haproxy-ingress.hapee.yaml

    Customizing the YAML file

    You can also download the YAML file and modify it for your needs before you apply it (such as changing the namespace in which the controller runs and/or its exposed ports).

  2. Use kubectl create secret to store your credentials for the private HAProxy Docker registry, replacing KEY with your HAProxy Enterprise license key:

    bash
    kubectl create secret docker-registry regcred \
      --namespace=haproxy-controller \
      --docker-server=kubernetes-registry.haproxy.com \
      --docker-username=<KEY> --docker-password=<KEY>
    bash
    kubectl create secret docker-registry regcred \
      --namespace=haproxy-controller \
      --docker-server=kubernetes-registry.haproxy.com \
      --docker-username=<KEY> --docker-password=<KEY>
    output
    bash
    secret/regcred created
    output
    bash
    secret/regcred created

Check your installation Jump to heading

Verify that the controller is installed into your Kubernetes cluster by using the command kubectl get pods:

bash
kubectl get pods --namespace haproxy-controller
bash
kubectl get pods --namespace haproxy-controller
output
bash
NAME                                        READY   STATUS    RESTARTS   AGE
haproxy-kubernetes-ingress-7dd4cc4b-x5fkv   1/1     Running   0          1m
output
bash
NAME                                        READY   STATUS    RESTARTS   AGE
haproxy-kubernetes-ingress-7dd4cc4b-x5fkv   1/1     Running   0          1m

Call kubectl get services to see which ports were mapped. In this example, port 32063 forwards to port 80 on the ingress controller.

bash
kubectl get services --namespace haproxy-controller
bash
kubectl get services --namespace haproxy-controller
output
bash
NAME                         TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)                                     AGE
haproxy-kubernetes-ingress   NodePort   10.104.173.167   <none>        80:30264/TCP,443:31575/TCP,1024:31785/TCP   159m
output
bash
NAME                         TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)                                     AGE
haproxy-kubernetes-ingress   NodePort   10.104.173.167   <none>        80:30264/TCP,443:31575/TCP,1024:31785/TCP   159m

If this page was useful, please, Leave the feedback.

Previous page Install from the Marketplace Next page Install on Rancher
© 2023 HAProxy Technologies, LLC. All Rights Reserved
Manage Cookie Preferences