Install HAProxy Enterprise Kubernetes Ingress Controller on AWS EKS using an HAProxy Enterprise license key

This section shows you how to install the HAProxy Enterprise Kubernetes Ingress Controller in Amazon Elastic Kubernetes Service using a license key acquired from HAProxy Technologies (not an Amazon Marketplace subscription).

The procedure should take approximately 15 minutes to complete.

Pre-installation checklist

Ensure you have met the following requirements before installing:

• A running EKS Kubernetes cluster with a configured node group
• The AWS CLI
• The helm command-line tool
• The kubectl command-line tool

Connect to your EKS cluster

Follow these steps to connect to your EKS cluster:

1. Register for your HAProxy Enterprise license key by requesting a free trial. You will use this to access the HAProxy Technologies container registry.

2. If you do not already have an access key for your AWS account, create a new one:

   • From the AWS Console, expand your account menu, located in the upper right, and select Security credentials.
   • On the My security credentials page, go to the Access keys section and create a new access key. This will give you an Access Key ID and Secret Access key. Store these somewhere so that you have them later.

3. On your local workstation, configure the AWS CLI to connect to your AWS account by creating a profile via the aws configure command. This will prompt you for your access key and secret access key.

   $ aws configure

   Learn more about profiles.

4. Connect to your Kubernetes cluster using the AWS CLI. This will create a ~/.kube/config file:

   $ aws eks update-kubeconfig --region [Your region] --name [Your cluster name]

   For example:

   $ aws eks update-kubeconfig --region us-east-1 --name example-cluster

5. Check that you can access the cluster by calling kubectl get pods:

   $ kubectl get pods

   output

   No resources found in default namespace.
   

Install

Choose one of the following installation methods:

Install with Helm

1. Add the HAProxy Technologies Helm repository:

   $ helm repo add haproxytech https://haproxytech.github.io/helm-charts

2. Update your list of charts:

   $ helm repo update

3. Install the v1.7 version of the ingress controller, replacing <KEY> with your HAProxy Enterprise license key:

   $ helm install haproxy-kubernetes-ingress haproxytech/kubernetes-ingress \
       --create-namespace \
       --namespace haproxy-controller \
       --set controller.imageCredentials.registry=kubernetes-registry.haproxy.com \
       --set controller.imageCredentials.username=<KEY> \
       --set controller.imageCredentials.password=<KEY> \
       --set controller.image.repository=kubernetes-registry.haproxy.com/hapee-ingress \
       --set controller.image.tag=v1.7 \
       --set controller.service.type=LoadBalancer

   This will create an EC2 Classic Load Balancer that routes traffic to the ingress controller service. You can find its DNS name by going to the EC2 Dashboard and viewing Load Balancing > Load Balancers, then selecting the load balancer.

   By default, the Helm chart adds --ingress.class=haproxy to the ingress controller. That means that it will use Ingress resources only if they specify an annotation of kubernetes.io/ingress.class: haproxy. You can disable this by setting --set controller.ingressClass=null when calling helm install.

Install with kubectl

1. Download the deployment YAML file.

2. Edit the haproxy-ingress Service object in the YAML file, setting its type field to LoadBalancer:

   apiVersion: v1
   kind: Service
   metadata:
     labels:
       run: haproxy-ingress
     name: haproxy-ingress
     namespace: haproxy-controller
   spec:
     selector:
       run: haproxy-ingress
     type: LoadBalancer
     ports:
     - name: http
       port: 80
       protocol: TCP
       targetPort: 80
     - name: https
       port: 443
       protocol: TCP
       targetPort: 443
     - name: stat
       port: 1024
       protocol: TCP
       targetPort: 1024

3. Use the kubectl apply command to deploy the controller:

   $ kubectl apply -f haproxy-ingress.hapee.yaml

   This will create an EC2 Classic Load Balancer that routes traffic to the ingress controller service.

Check your installation

Verify that the controller is installed into your Kubernetes cluster by using the command kubectl get pods:

$ kubectl get pods --namespace haproxy-controller

output

NAME                                       READY   STATUS    RESTARTS   AGE
haproxy-kubernetes-ingress-7dd4cc4b-x5fkv  1/1     Running   0          1m

Get the External IP, which you can use to access your cluster:

$ kubectl get services --namespace haproxy-controller

output

NAME                         TYPE           CLUSTER-IP       EXTERNAL-IP                                   PORT(S)                                     AGE
haproxy-kubernetes-ingress   LoadBalancer   10.104.173.167   a1234-5678-9012.us-east-2.elb.amazonaws.com   80:30264/TCP,443:31575/TCP,1024:31785/TCP   157m

Next up