|
4 | 4 | to facilitate a first-class Kubernetes cluster by integrating and/or implementing features that generally do not come |
5 | 5 | with bare-metal installation(s). |
6 | 6 |
|
7 | | -This is generally achieved using the standard Kubernetes API along with the xmlrpc API for pfSense. Speaking generally |
8 | | -the Kubernetes API is `watch`ed and then updates to the pfSense `config.xml` are sent via xmlrpc calls along with |
9 | | -appropriate reload/restart/update/sync methods to apply changes. |
| 7 | +This is generally achieved using the standard Kubernetes API along with the xmlrpc API for pfSense. Speaking broadly |
| 8 | +the Kubernetes API is `watch`ed and appropriate updates are sent to pfSense (`config.xml`) via xmlrpc calls along with |
| 9 | +appropriate reload/restart/update/sync actions to apply changes. |
10 | 10 |
|
11 | 11 | Disclaimer: this is new software bound to have bugs. Please make a backup before using it as it may eat your |
12 | 12 | configuration. Having said that, all known code paths appear to be solid and working without issue. If you find a bug, |
@@ -56,8 +56,16 @@ based on cluster nodes. See [declarative-example.yaml](examples/declarative-exa |
56 | 56 | running on pfSense. If you run pfSense on the network edge with non-cluster services already running, you now can |
57 | 57 | dynamically inject new rules to route traffic into your cluster while simultaneously running non-cluster services. |
58 | 58 |
|
| 59 | +To achieve this goal, new 'shared' HAProxy frontends are created and attached to an **existing** HAProxy frontend. Each |
| 60 | +created frontend should also set an existing backend. Note that existing frontend(s)/backend(s) can be created manually |
| 61 | +or using the `haproxy-declarative` plugin. |
| 62 | + |
59 | 63 | Combined with `haproxy-declarative` you can create a dynamic backend service (ie: your ingress controller) and |
60 | | -subsequently dynamic frontend services based off of cluster ingresses. |
| 64 | +subsequently dynamic frontend services based off of cluster ingresses. This is generally helpful when you cannot or do |
| 65 | +not for whatever reason create wildcard frontend(s) to handle incoming traffic in HAProxy on pfSense. |
| 66 | + |
| 67 | +Optionally, on the ingress resources you can set the following annotations: `haproxy-ingress-proxy.pfsense.org/frontend` |
| 68 | +and `haproxy-ingress-proxy.pfsense.org/backend` to respectively set the frontend and backend to override the defaults. |
61 | 69 |
|
62 | 70 | ```yaml |
63 | 71 | haproxy-ingress-proxy: |
|
0 commit comments