jetstack
WIP: Add HAProxy Ingress support
This is a starting version of an attempt to support HAProxy Ingress.
Some known missing pieces:
- Configuration docs
- I started decoupling nginx provider and kubelego package, if this is the way to go, perhaps the provider could be renamed to something like
generic
There is an image at quay.io/jcmoraisjr/kube-lego:1.6-dev with this PR. Need to declare LEGO_DEFAULT_INGRESS_CLASS=haproxy env var in order to use with HAProxy.
@munnerz @simonswine Any idea whether this will be reviewed anytime soon?
This will help quite a lot of people who want to use haproxy instead of nginx.
Thanks
This looks good to me, although I've not had a chance to properly test it myself. We do have e2e tests for the nginx implementation, although given how much of the codepath is shared I'm not sure we need it right now for HAProxy too.
If you could update the documentation and add some YAML examples, I'm happy to accept this 😄
All looks good to me - I need to stand up a test cluster and verify all is working, and if so I'm happy to merge!
@jcmoraisjr is it possible for the pull request be submitted against cert-manager too :).
Since @munnerz mentioned that this project will be deprecated at some point of time
@thekalinga cert-manager does not depend directly on any particular ingress controller implementation, so should already work with HAProxy. Again though, I've not tested, so I'd be very interested to hear your results!
Would it be possible to make it work without the DEFAULT_INGRESS_CLASS setting? I have a bunch of ingresses still on nginx, so I tried having the default still be that, but use SUPPORTED_INGRESS_CLASS (and PROVIDER) to include haproxy ("haproxy,nginx").
However the kube ingress gets setup with
kubernetes.io/ingress.class: nginx
kubernetes.io/ingress.provider: haproxy
which of course don't get picked up by haproxy then. If I change the default class to haproxy it works here, but not for nginx.
I'm using a build of kube-lego with this patch, IPv6 support and the "Cache-Control: no-cache" changes I put in another pull request. The image is available at quay.io/abh/kube-lego:20171026-haproxy
@munnerz what about this PR? I'm aware about cert-manager but we are still using the patched kube-lego on some clusters.
@munnerz re: https://github.com/jetstack/kube-lego/pull/228#issuecomment-326634712 I've just migrated from nginx ingress and kube-lego to cert-manager/haproxy-ingress and it works as expected right off the bat.
Thanks for your pull request. Before we can look at it, you'll need to add a 'DCO signoff' to your commits.
:memo: Please follow instructions in the contributing guide to update your commits with the DCO
Full details of the Developer Certificate of Origin can be found at developercertificate.org.
The list of commits missing DCO signoff:
- 3ad5acf Add HAProxy Ingress support
- ad7c8a6 Add HAProxy Ingress docs
- 17ab563 Add LEGO_WAIT_CHALLENGE_URL option
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.
[APPROVALNOTIFIER] This PR is NOT APPROVED
This pull-request has been approved by: To fully approve this pull request, please assign additional approvers. We suggest the following additional approvers:
If they are not already assigned, you can assign the PR to them by writing /assign in a comment when ready.
The full list of commands accepted by this bot can be found here.
The pull request process is described here
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment