The HAProxy Enterprise Kubernetes Ingress Controller is available on Rancher, an open-source multi-cluster orchestration platform. This section shows you how to install the HAProxy Enterprise Kubernetes Ingress Controller on Rancher.
Add a TLS certificate
You’ll need to configure a TLS certificate in Rancher if you plan to use HTTPS. You can add TLS certificates to your Kubernetes cluster by storing them in a special type of resource called a TLS Secret. Rancher provides a convenient way to add these using its Certificates management window.
- Locate your PEM-formatted certificate and private key files to import them into Rancher.
- Choose a project within one of your clusters, such as the Default project.
- Go to Resources > Secrets > Certificates.
- Click Add Certificate.
- In this this window, give the certificate a name.
- Paste the values for the public certificate and private key into the corresponding boxes.
Launch the ingress controller
The HAProxy Kubernetes Ingress Controller is available as a Rancher Catalog app.
- From either the ‘Global’ or ‘Project’ scope, go to Apps and click Launch.
Select the haproxy listing:
On the app’s Configuration Options screen, configure HAProxy using the options described in the table below.
Some options appear only when you launch the application in either the 'Global' or 'Project' scope.
- Change the Docker image tag. Set Use Default Image to ‘False’.
- Use the
curl command from a terminal window to get a list of available Docker image tags from the HAProxy Docker registry.
Set the command’s
--user argument to your HAProxy Enterprise license key:
$ curl --user <LICENSE_KEY>:<LICENSE_KEY> https://kubernetes-registry.haproxy.com/v2/hapee-ingress/tags/list
- Set the HAProxy Ingress Controller Tag box to the latest tag version, such as ‘v1.4.3-ee2’.
- Set the Enable HAProxy Enterprise box to ‘True’.
- Set both Username and Password to your HAProxy Enterprise license key.
- After you configure your options, click Launch, and wait for the application to finish installing.
||The name that appears under Apps, e.g. haproxy-ingress
||The version of the HAProxy Helm chart to deploy
|Namespace (Project scope only)
||The namespace where to deploy the application
|Target Projects (Global scope only)
||The projects within your cluster(s) where you intend to use the Ingress, e.g. Default
||Whether to wait for resources to become ready before marking the application as active
||Seconds to wait for the Kubernetes commands to complete
|Upgrade Strategy (Global Scope only)
||When a new version of the HAProxy Ingress Controller becomes available, whether to update all instances at once or to use a rolling update.
||Upgrade all apps simultaneously
||Select either Project or Cluster scope, depending on whether you want the Ingress Controller to manage resources in the target projects only or across the entire cluster. You must choose ‘Cluster’
|Use Default Image
||Whether to use the latest tag for the HAProxy Ingress Controller Docker image or to specify a different tag
||How you want the Ingress Controller to deploy, either Deployment or DaemonSet
||How to expose ports on the Ingress Controller, either L4 Balancer or NodePort. Use L4 Balancer when your cluster is hosted on a compatible cloud provider
||A name that uniquely identifies this ingress controller, so that Ingress objects may target it by its class name. If you plan to keep the default Ingress Controller enabled in Rancher, we recommended that you set a value here so that you can target either the default controller or the HAProxy Ingress controller on a case-by-case basis.
|TLS Certificate Secret
||The name of a TLS secret that contains a private key and public certificate to use for TLS encryption. If not set, a self-signed certificate generates automatically. You must add the certificate to Rancher first, and then specify the name you used here. You must prefix the name with the namespace, such as default/my-cert
||Whether to use the HAProxy Enterprise Ingress Controller
||The registry for HAProxy Enterprise Docker images
||The Docker repository for the HAProxy Enterprise Ingress Controller
||Your HAProxy Enterprise username. This is your HAProxy Enterprise license key
||Your HAProxy Enterprise password. This is your HAProxy Enterprise license key
Optional: Disable the default NGINX ingress controller
When you launch the HAProxy Kubernetes Ingress Controller into your Rancher cluster, it watches for Ingress objects and creates routes for ingress traffic.
However, the default NGINX Ingress Controller is also running and doing the same job. You can disable this default ingress controller as follows:
- Select your cluster to display the cluster dashboard.
- Click the options icon in the upper right corner, then choose Edit.
- Under Advanced Options, set Nginx Ingress to Disabled. Click Save.
Add an Ingress to publish a workload
After you deploy a container workload, you add an Ingress as follows:
- Under your project, go to Resources > Workloads, and select the Load Balancing tab.
- Click Add Ingress.
- Set a name for your Ingress and its target namespace.
Under Rules, specify the following:
- the workload you want to target
- the port it listens on
- optionally, a path for the client to use to access your application
If you set an Ingress Class on the HAProxy Kubernetes Ingress Controller, you can specify it here. This is the case if you are running multiple ingress controllers, such as the default NGINX ingress controller and the HAProxy Ingress Controller, and you want to target one by name.
- Click Save.
- By default, the controller listens on a NodePort. From the Apps window, you can see the assigned NodePort.