Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ACL in haproxy not created correctly when an ingress has a single host rule #807

drf opened this issue Jan 12, 2018 · 2 comments


None yet
3 participants
Copy link

commented Jan 12, 2018

Version 5.0.0.rc11

Create an ingress like this one:

kind: Ingress
  name: api-ingress
  annotations: NodePort "true"
    # Configure depending on the load '1' /
    # HSTS "true" "true" "true" 100 '{"forwardfor": "true", "dontlognull": "true"}'
  - hosts:
      kind: Certificate
      name: examplecert
  - host:
      - path: /
          serviceName: monitoring-grafana.kube-system
          servicePort: '80'

No default backend, only one host rule. The generated frontend for HTTP looks like this:

frontend http-0_0_0_0-80
	bind *:80 
	mode http
	option httplog
	option forwardfor
	acl is_proxy_https hdr(X-Forwarded-Proto) https
	acl url_acl_test1.example.com__ path_beg /
	redirect scheme https code 301 if ! is_proxy_https url_acl_test1.example.com__

And of course the pod fails like this:

daemon.err: Jan 12 10:56:01 reloader: [ALERT] 011/105601 (51) : parsing [/etc/haproxy/haproxy.cfg:36] : error detected in frontend 'http-0_0_0_0-80' while parsing redirect rule : error in condition: no such ACL : ''.
daemon.err: Jan 12 10:56:01 reloader: [ALERT] 011/105601 (51) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
daemon.err: Jan 12 10:56:01 reloader: [ALERT] 011/105601 (51) : Fatal errors found in configuration.

The HTTPS frontend, instead, has the acl as it should be. Creating more than one host rules triggers the creation of the missing ACL for all HTTP frontends.

The bug is indeed when having only one host rule and no default backend.

@tamalsaha tamalsaha self-assigned this Jan 12, 2018


This comment has been minimized.

Copy link

commented Feb 7, 2018

This was fixed in #786 , as part of other fixes.

We also tried with the master branch and the host_acl was working correctly.

@tamalsaha tamalsaha closed this Feb 7, 2018


This comment has been minimized.

Copy link
Collaborator Author

commented Feb 7, 2018

Yes, that was my impression as well. Good job!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.