HAProxy Kubernetes Ingress Controller Documentation 1.10

Use TCPRoute

The Gateway API defines specialized resources for routing different types of network traffic. You would use a TCPRoute resource to route TCP traffic.

To add routing for TCP traffic:

  1. Deploy a Gateway object that includes TCPRoute in its allowedRoutes.kinds section. This advertises that this Gateway, and by extension the ingress controller, watches for routes of this kind.

    default-namespace-gateway.yaml

    apiVersion: gateway.networking.k8s.io/v1alpha2
    kind: Gateway
    metadata:
      name: default-namespace-gateway
      namespace: default
    spec:
      gatewayClassName: haproxy-ingress-gatewayclass
      listeners:
        - allowedRoutes:
            kinds:
              - group: gateway.networking.k8s.io
                kind: TCPRoute
            namespaces:
              from: Same
          name: listener1
          port: 8000
          protocol: TCP

    Apply the changes with kubectl:

    $ kubectl apply -f default-namespace-gateway.yaml
  2. Optional: If you will be creating TCPRoute objects that are in a namespace different from the namespace of the target service, you must define a ReferenceGrant object that allows cross-namespace communication.

    Below, the ReferenceGrant allows a route in the default namespace to reference a service in the foo namespace. Note that the to section does not need a namespace because a ReferenceGrant can refer only to resources defined in its own namespace.

    foo-referencegrant.yaml

    apiVersion: gateway.networking.k8s.io/v1alpha2
    kind: ReferenceGrant
    metadata:
      name: refgrantns1
      namespace: foo
    spec:
      from:
        - group: "gateway.networking.k8s.io"
          kind: "TCPRoute"
          namespace: default
      to:
        - group: ""
          kind: "Service"

    Apply the changes with kubectl:

    $ kubectl apply -f foo-referencegrant.yaml
  3. Define a TCPRoute resource to route TCP traffic to a Kubernetes service.

    example-route.yaml

    apiVersion: gateway.networking.k8s.io/v1alpha2
    kind: TCPRoute
    metadata:
      name: example-route
      namespace: default
    spec:
      parentRefs:
        - group: gateway.networking.k8s.io
          kind: Gateway
          name: default-namespace-gateway
          namespace: default
      rules:
        - backendRefs:
            - group: ''
              kind: Service
              name: example-service
              port: 80
              weight: 10

    From this snippet:

    • The parentRefs section references the gateways to which a route wants to attach. This TCPRoute will attach to listeners defined in the Gateway whose allowedRoutes have matching kind and namespace rules.

    • The backendRefs section refers to services where connections should be sent. Each item's port attribute is the service's listening port. The weight attribute sets the proportion of connections that should go to the service, which is calculated by weight/(sum of all weights in this backendRefs list).

    Apply the changes with kubectl:

    $ kubectl apply -f example-route.yaml

Next up

View metrics