haproxytech
Increase options for tcp services. Add accept-proxy to the list of available parameters with backward compat.
At $dayjob we use haproxy on TCP services and we rely on the proxy protocol to transport the remote endpoint ip address to the backends.
Very often we chain several proxies one in front of the other. We noticed that the ingress controller doesn't handle the accept-proxy option, while it is supported for HTTP(s) connections through other settings.
This patch reuses the third parameter of the tcp services list, previously optional and supporting only ssl as value and transforms it into a comma separated list of options; It also adds the accept-proxy option support.
When the tcp service will contain accept-proxy in the options, it will be added to the bind line in the configuration file.
This should also address several requests and issues, like #318 and should enable more features to be added to the tcp services keeping the backward compatibility.
Hi @ctrix , Thanks for your contribution. We'll look at it and give any feedback if necessary.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
hi @ctrix
currently we plan to expand capabilities for TCP services with gateway API. because of that we need to put this on hold for a while to determine what is missing there. in any case expanding options here would bring a bit of confusion
since gateway api is still in alpha/beta and it is uncertain when it will be finalized form k8s team, a better option would be to create a CRD for TCP services that would replace a bit awkward structure that we can have with configmaps.
Because of that I will put this on hold for now until situation is a bit more clear
@ShadowJonathan yes, tomorrow we will release v1.11 and next release after that one contains TCP CRD in roadmap.
structure and options in it will probably be added gradually (over development time) and I'll notify here when changes are done so we can align with expected options
@ctrix, @Raj-prateek, @ShadowJonathan definitions are here, and usage is explained here documentation/custom-resource-tcp.md
please take a look and see if this approach will be something you can use, please note that options for tcp CRD will expand in future
example in doc shows how you can use this for accept-proxy option
in general we opted for full option set of configuration options, its very similar to what you have in dataplaneapi for example, in fact we use same scheme (here its just merged in k8s way)
due to some changes in behavior of IC (accepting more options), tcp crd will be available only in new version 3.0 (to align version with underlying HAProxy version) and new version is planned withing next two weeks (possibly even this week)
