kubernetes-ingress icon indicating copy to clipboard operation
kubernetes-ingress copied to clipboard

Published 20 hours ago verified publisher icon haproxytech

Not able to add `send-proxy` option to a TCP service

Open Raj-prateek opened this issue 1 year ago • 6 comments

Here is my TCP service configmap:

apiVersion: v1
kind: ConfigMap
metadata:
  name: smtp-config
  namespace: ingress-haproxy
  annotations:
    argocd.argoproj.io/sync-wave: "-1"
data:
  587:                    # Port where the frontend is going to listen to.
    my-namespace/my-service:587    # Kubernetes service in the format NS/ServiceName:ServicePort
  465:
    my-namespace/my-service:465:ssl # ssl option will enable ssl offloading for target service.
  2525:
    my-namespace/my-service:2525
  log-format-tcp: '{"client_ip":"%ci","client_port":"%cp","frontend_port":"%fp","date_time":"%t","backend_name":"%b","server_name":"%s","Tt":"%Tt","Tc":"%Tc","Tw":"%Tw","bytes_read":"%B"}'

I tried global config as well, it didn't work.

apiVersion: v1
kind: ConfigMap
metadata:
  name: ingress-haproxy-kubernetes-ingress
  namespace: ingress-haproxy
data:
   syslog-server: 'address:stdout, format: raw, facility:daemon'

Values.yaml

controller:
  image:
    tag: nightly
  allowPrivilegeEscalation: true
  logging:
    level: debug
  extraArgs:
    - --configmap=ingress-haproxy/ingress-haproxy-kubernetes-ingress
    - --configmap-tcp-services=ingress-haproxy/smtp-config
    - --default-ssl-certificate=ingress-haproxy/xyz-com-tls-secret
    - --watch-namespace my-namespace
    - --disable-ipv6
  autoscaling:
    enabled: true
    minReplicas: 5
    maxReplicas: 10
    targetCPUUtilizationPercentage: 80
  service:
    type: LoadBalancer
    loadBalancerIP: 127.0.0.1
    tcpPorts:
      - name: smtp-587
        port: 587
        targetPort: 587
      - name: smtp-465
        port: 465
        targetPort: 465
      - name: smtp-2525
        port: 2525
        targetPort: 2525

Can you please suggest a good way to setup send-proxy option in tcp service?

Raj-prateek avatar Jan 02 '24 09:01 Raj-prateek

Problem

In the current configuration of HAProxy Ingress, it seems that it's not possible to add the "send-proxy" option to the TCP service. The "send-proxy" option is typically used to forward client's information to the server. However, due to some constraints or limitations in the current setup of HAProxy Ingress, this particular feature is not being added successfully to the TCP service.

Raj-prateek avatar Jan 09 '24 14:01 Raj-prateek

hi @Raj-prateek send-proxy is currently not supported for TCP services, I've added enhancement label to include it to the list

oktalz avatar Feb 01 '24 10:02 oktalz

Hi @oktalz Do you have any update about the above request. Is it delivered?

Raj-prateek avatar Apr 16 '24 05:04 Raj-prateek

Hello @oktalz, Also something that I need in my side. Do you a plan to share on this?

clement0210 avatar Apr 19 '24 09:04 clement0210

it not delivered yet, plan is to release it with next controller version (~May, most likely June).

oktalz avatar Apr 19 '24 10:04 oktalz

Hi @oktalz I hope you are doing good. Just wanted to check, do you have any news around it? Thanks

mukul-brevo avatar Jun 06 '24 06:06 mukul-brevo