Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
8 changed files
with
194 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
Voyager can connect to a tls enabled backend server with or without ssl verification. | ||
|
||
Available Options | ||
ssl: | ||
Creates a TLS/SSL socket when connecting to this server in order to cipher/decipher the traffic | ||
|
||
if verify not set the following error may occurred | ||
[/etc/haproxy/haproxy.cfg:49] verify is enabled by default but no CA file specified. | ||
If you're running on a LAN where you're certain to trust the server's certificate, | ||
please set an explicit 'verify none' statement on the 'server' line, or use | ||
'ssl-server-verify none' in the global section to disable server-side verifications by default. | ||
|
||
verify (none|required): | ||
Sets HAProxy鈥榮 behavior regarding the certificated presented by the server: | ||
none : | ||
doesn鈥檛 verify the certificate of the server | ||
|
||
required (default value) : | ||
TLS handshake is aborted if the validation of the certificate presented by the server returns an error. | ||
|
||
veryfyhost <hostname>: | ||
Sets a <hostname> to look for in the Subject and SubjectAlternateNames fields provided in the | ||
certificate sent by the server. If <hostname> can鈥檛 be found, then the TLS handshake is aborted. | ||
ie. | ||
ingress.appscode.com/backend-tls: "ssl verify none" | ||
|
||
If this annotation is not set HAProxy will connect to backend as http, | ||
This value should not be set if the backend do not support https resolution. | ||
|
||
Example | ||
``` | ||
kind: Service | ||
apiVersion: v1 | ||
metadata: | ||
name: my-service | ||
annotations: | ||
ingress.appscode.com/backend-tls: ssl verify none | ||
spec: | ||
selector: | ||
app: MyApp | ||
ports: | ||
- protocol: TCP | ||
port: 80 | ||
targetPort: 9376 | ||
``` | ||
|
||
``` | ||
apiVersion: voyager.appscode.com/v1beta1 | ||
kind: Ingress | ||
metadata: | ||
name: test-ingress | ||
namespace: default | ||
spec: | ||
backend: | ||
serviceName: test-server | ||
servicePort: '80' | ||
rules: | ||
- host: appscode.example.com | ||
http: | ||
paths: | ||
- backend: | ||
serviceName: my-service | ||
servicePort: '80' | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
Voyager Supports all valid options for defaults section of HAProxy config | ||
https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4.2-option%20abortonclose | ||
from the list from here | ||
expects a json encoded map | ||
ie: "ingress.appscode.com/default-option": {"http-keep-alive": "true", "dontlognull": "true", "clitcpka": "false"} | ||
This will be appended in the defaults section of HAProxy as | ||
``` | ||
option http-keep-alive | ||
option dontlognull | ||
no option clitcpka | ||
``` | ||
Ingress Example: | ||
```yaml | ||
apiVersion: voyager.appscode.com/v1beta1 | ||
kind: Ingress | ||
metadata: | ||
name: test-ingress | ||
namespace: default | ||
annotations: | ||
ingress.appscode.com/default-options: '{"http-keep-alive": "true", "dontlognull": "true", "clitcpka": "false"}' | ||
spec: | ||
backend: | ||
serviceName: test-server | ||
servicePort: '80' | ||
rules: | ||
- host: appscode.example.com | ||
http: | ||
paths: | ||
- backend: | ||
serviceName: test-service | ||
servicePort: '80' | ||
``` | ||
|
||
This ingress will generate a HAProxy template with provided timeouts. like | ||
```console | ||
defaults | ||
log global | ||
|
||
option http-keep-alive | ||
option dontlognull | ||
no option clitcpka | ||
|
||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
### Custom HTTP Port | ||
Voyager 3.2+ supports opening http port in any non custom port. | ||
|
||
```yaml | ||
apiVersion: voyager.appscode.com/v1beta1 | ||
kind: Ingress | ||
metadata: | ||
name: test-ingress | ||
namespace: default | ||
spec: | ||
rules: | ||
- host: appscode.example.com | ||
http: | ||
port: '8989' | ||
paths: | ||
- backend: | ||
serviceName: test-service | ||
servicePort: '80' | ||
- host: appscode.example.com | ||
http: | ||
port: '4343' | ||
paths: | ||
- backend: | ||
serviceName: test-service | ||
servicePort: '80' | ||
|
||
``` | ||
|
||
For this configuration, the loadbalancer will listen to `8989` and `4343` port for incoming HTTP connections, and will | ||
pass any request coming to it to the desired backend. | ||
|
||
> For one Ingress Type you cannot have multiple rules listening to same port, even if they do not have | ||
same `host`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
### Setup NodePort | ||
Voyager 3.2+ supports defining NodePort. | ||
|
||
```yaml | ||
apiVersion: voyager.appscode.com/v1beta1 | ||
kind: Ingress | ||
metadata: | ||
name: test-ingress | ||
namespace: default | ||
spec: | ||
rules: | ||
- host: appscode.example.com | ||
http: | ||
port: '8989' | ||
nodePort: '32666' | ||
paths: | ||
- backend: | ||
serviceName: test-service | ||
servicePort: '80' | ||
- host: appscode.example.com | ||
tcp: | ||
port: '4343' | ||
nodePort: '35666' | ||
paths: | ||
- backend: | ||
serviceName: test-service | ||
servicePort: '80' | ||
|
||
``` | ||
|
||
For this configuration, the loadbalancer will listen to `8989` and `4343` port for incoming HTTP | ||
connections and these port will map to specified nodeports, and will pass any request coming to it to the desired backend. | ||
|
||
> For one Ingress Type you cannot have multiple rules listening to same port or same node port, even if they do not have | ||
same `host`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters