Closed dani-CO-CN closed 2 years ago
stale[bot]
commented
2 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
oktalz
commented
2 years ago @dani-CO-CN in what manner ?
there already is an option to use secondary-config file and you can put basically anything in there.
or do you mean just to add additional services as backends, but they are dynamic (IC adds and removes backend servers / pods) ?
stale[bot]
commented
2 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
mecampbellsoup
commented
1 year ago there already is an option to use secondary-config file and you can put basically anything in there.
i'm curious how one would do this in a k8s context. we are working on a SPOA as well for something similar (authN/authZ) and i'm curious how e.g. the pod IPs for the new SPOA deployment can be dynamically generated into our haproxy.cfg file...
We are currently using haproxy ingress controller in combination with cloudflare zero-trust. Cloudflare Zero trust handles the access control for you and the traffic for authorized users gets forwards to an ip address of choice. To verify the integrity of the request cloudflare adds a jwt in the header, which we need to verify. We decided on using the haproxy spoa feature to do the verification process, but to implement that we need an additional backend for the verification service.
We found a dirty hack to achieve our goal by creating a tcp-service, a tcp-service creates a frontend and a backend and we rely on the name of the created backend to be repurposed as spoa backend. I think it would make sense to add the option for additional backends.