Why ingress rules are not followed? default backend is reached instead

Question

I have HA proxy ingress installed on Kubernetes AKS. I installed it using:

helm install ingress haproxy-ingress/haproxy-ingress

My ingress is this:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress  
metadata:
  name: ravendb
  namespace: default
  labels:
    app: ravendb
  annotations:
    ingress.kubernetes.io/ssl-passthrough: "true"
spec:
  rules:
  - host: a.raven.aedas-prev.inercya.com
    http:
      paths:
      - backend:
          serviceName: ravendb-0
          servicePort: 443
        path: /
  - host: tcp-a.raven.aedas-prev.inercya.com
    http:
      paths:
      - backend:
          serviceName: ravendb-0
          servicePort: 38888
        path: /
  - host: b.raven.aedas-prev.inercya.com
    http:
      paths:
      - backend:
          serviceName: ravendb-1
          servicePort: 443
        path: /
  - host: tcp-b.raven.aedas-prev.inercya.com
    http:
      paths:
      - backend:
          serviceName: ravendb-1
          servicePort: 38888
        path: /
  - host: c.raven.aedas-prev.inercya.com
    http:
      paths:
      - backend:
          serviceName: ravendb-2
          servicePort: 443
        path: /
  - host: tcp-c.raven.aedas-prev.inercya.com
    http:
      paths:
      - backend:
          serviceName: ravendb-2
          servicePort: 38888
        path: /

However when I point my browser to https://a.raven.aedas-prev.inercya.com I get the default backend. HA proxy doesn't reverse proxy the request to ravendb-0 service.

What I'm doing wrong? What can I do to make the ingress work?

Pods are running:

haproxy-ingress-8548ff5ff4-9wmxv            1/1     Running            0          137m
ingress-default-backend-b6f678779-9d88r     1/1     Running            0          137m
ravendb-0                                   1/1     Running            0          137m
ravendb-1                                   1/1     Running            0          139m
ravendb-2                                   1/1     Running            0          141m

And services are configured:

NAME                       TYPE           CLUSTER-IP     EXTERNAL-IP      PORT(S)                        AGE
haproxy-ingress            LoadBalancer   10.0.166.252   xx.xx.xx.xx    443:30526/TCP,1936:32388/TCP   139m
ingress-default-backend    ClusterIP      10.0.102.165   <none>           8080/TCP                       139m
kubernetes                 ClusterIP      10.0.0.1       <none>           443/TCP                        412d
ravendb                    ClusterIP      None           <none>           443/TCP,38888/TCP,161/TCP      411d
ravendb-0                  ClusterIP      10.0.193.14    <none>           443/TCP,38888/TCP,161/TCP      411d
ravendb-1                  ClusterIP      10.0.156.73    <none>           443/TCP,38888/TCP,161/TCP      411d
ravendb-2                  ClusterIP      10.0.53.227    <none>           443/TCP,38888/TCP,161/TCP      411d

score 2 · Accepted Answer · answered Mar 08 '21 at 12:32

I finally figured out what I was missing. I added kubernetes.io/ingress.class: haproxy annotation and problem solved:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress  
metadata:
  name: ravendb
  namespace: default
  labels:
    app: ravendb
  annotations:
    ingress.kubernetes.io/ssl-passthrough: "true"
    kubernetes.io/ingress.class: haproxy
spec:
  rules:
  - host: a.raven.aedas-prev.inercya.com
    http:
      paths:
      - backend:
          serviceName: ravendb-0
          servicePort: 443
        path: /
  - host: tcp-a.raven.aedas-prev.inercya.com
    http:
      paths:
      - backend:
          serviceName: ravendb-0
          servicePort: 38888
        path: /
  - host: b.raven.aedas-prev.inercya.com
    http:
      paths:
      - backend:
          serviceName: ravendb-1
          servicePort: 443
        path: /
  - host: tcp-b.raven.aedas-prev.inercya.com
    http:
      paths:
      - backend:
          serviceName: ravendb-1
          servicePort: 38888
        path: /
  - host: c.raven.aedas-prev.inercya.com
    http:
      paths:
      - backend:
          serviceName: ravendb-2
          servicePort: 443
        path: /
  - host: tcp-c.raven.aedas-prev.inercya.com
    http:
      paths:
      - backend:
          serviceName: ravendb-2
          servicePort: 38888
        path: /

Now HAproxy ingress works as expected, reverse proxying external traffic to internal services.

This is a breaking change in v0.12 which makes haproxy ingress in compliance with ingress spec v1. you can also add `--watch-ingress-without-class` to your command-line options, complete doc [here](https://haproxy-ingress.github.io/docs/configuration/command-line/#ingress-class) — Joao Morais, Mar 08 '21 at 14:22
@JoaoMorais good to know. Thank you for your invaluable support. — Jesús López, Mar 08 '21 at 16:17

Why ingress rules are not followed? default backend is reached instead

1 Answers1