HAProxy usage with kubernetes

Question

I am trying to setup a kubernetes cluster using HAProxy. Right now there are only two nodes. The loadbalancer is on the master node. But i see from the logs that the connection is tried on a virtual ip that is not present. Here are the endpoints for kubernetes cluster.

NAME                       ENDPOINTS                                                     AGE
activemq-svc               10.0.86.2:1883,10.0.86.2:8161,10.0.86.2:8161 + 1 more...      2h
admin-svc                  10.0.86.7:8080,10.0.86.7:9840,10.0.86.7:9841                  2h
kube-dns                   10.0.54.2:53,10.0.54.2:4001,10.0.54.2:53                      2h
kubernetes                 172.31.16.18:6443                                             4h
mysql-admin-svc            10.0.86.6:3306                                                2h
mysql-edu-svc              10.0.86.4:10050,10.0.86.4:3306                                2h
mysql-stat-svc             10.0.54.4:3306                                                2h
platform-riak-cs-service   10.0.54.3:8087,10.0.54.3:8080,10.0.54.3:8098                  2h
redis-svc                  10.0.86.3:6379                                                2h
server-svc                 10.0.86.10:8080,10.0.86.10:9840,10.0.86.10:9841 + 1 more...   2h
statistics-svc             10.0.86.8:8080,10.0.86.8:9840,10.0.86.8:9841                  2h

But in logs I see that my ip address tries to connect on an address that is not present in endpoint list. There is no rule in HAProxy.cfg also for ..86.5. Can someone please tell me whats happening?

servicelb [INFO] Connect from 118.102.239.85:39812 to **10.0.86.5:443** (httpsfrontend/HTTP)
servicelb [INFO] Connect from 118.102.239.85:40418 to 10.0.86.5:443 (httpsfrontend/HTTP)
servicelb [INFO] Connect from 118.102.239.85:41057 to 10.0.86.5:443 (httpsfrontend/HTTP)
servicelb [INFO] Connect from 118.102.239.85:41100 to 10.0.86.5:443 (httpsfrontend/HTTP)
servicelb [INFO] Connect from 118.102.239.85:41143 to 10.0.86.5:443 (httpsfrontend/HTTP)
servicelb [INFO] Connect from 10.0.86.1:49589 to 10.0.86.5:80 (httpfrontend/HTTP)
servicelb [INFO] Connect from 10.0.86.1:49611 to 10.0.86.5:80 (httpfrontend/HTTP)
servicelb [INFO] Connect from 10.0.86.10:53882 to 10.0.86.5:80 (httpfrontend/HTTP)
servicelb [INFO] 10.0.86.10:55668 [21/Dec/2015:11:45:15.526] httpsfrontend/1: SSL handshake failure

score 0 · Answer 1 · answered Feb 09 '16 at 19:53

0

The kube-proxy endpoint does TCP end-to-end proxying by default so IP addresses are lost.

If you activate the IP tables based proxy instead:

https://github.com/kubernetes/contrib/tree/master/scale-demo#activate-iptables-proxying

answered Feb 09 '16 at 19:53

brendan

116

c4f4t0r · Answer 2 · 2019-01-23T11:46:52.823

0

That is normal, when you create a service, kube-proxy create in every node an iptables rule to redirect the traffic to endpoints, so using a cloud provider you will have the following scheme.

{external load balancer ip:port}->{NodePort(iptables PREROUTING RULE by kubeproxy)}->{pod internal ip address}

So you don't need to have the internal cluster service ip configured.

edited Jan 23 '19 at 11:46

answered Mar 17 '16 at 11:01

c4f4t0r

5,149
3
28
41

HAProxy usage with kubernetes

2 Answers2