K
Q

HAProxy in kubernetes to connect galera cluster

8/26/2021

I want to connect Galera cluster from haproxy pod deployed in kubernetes.

Docker file for the image.

FROM haproxy:2.3
COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg

haproxy.cfg File

defaults
    log global
    mode tcp
    retries 10
    timeout client 10000
    timeout connect 100500
    timeout server 10000
frontend mysql-router-service
    bind *:6446
    mode tcp
    option tcplog
    default_backend galera_cluster_backend
# MySQL Cluster BE configuration
backend galera_cluster_backend
    mode tcp
    #option mysql-check user haproxy
    option tcp-check 
    balance source
    server mysql_cluster_01 192.168.1.2:3306  check weight 1
    server mysql_cluster_02 192.168.1.3:3306  check weight 1
    server mysql_cluster_03 192.168.1.4:3306  check weight 1

Here mysql-router-service may mislead, but we used it as it was the earlier db connectivity service.

Kubernetes deployment manifest

apiVersion: apps/v1
kind: Deployment
metadata:
  name: ha-proxy
  namespace: mysql-router
spec:
  replicas: 1 
  selector:
    matchLabels:
      app: ha-proxy
  template:
    metadata:
      labels:
        app: ha-proxy
        version: v1
    spec:
      imagePullSecrets:
      - name: dreg
      containers:
      - name: ha-proxy
        image: our-registry:5000/haproxy:v14
        imagePullPolicy: Always
        ports:
        - containerPort: 6446

Kubernetes service manifest :

apiVersion: v1
kind: Service
metadata:
  name: mysql-router-service
  namespace: mysql-router
  labels:
    app: ha-proxy
spec:
  selector:
    app: ha-proxy
    version: v1
  ports:
  - name: ha-proxy
    port: 6446
    protocol: TCP
    targetPort: 6446
  type: LoadBalancer
  loadBalancerIP: 192.168.1.101

Followings were seen in ha-proxy pod logs

[WARNING] 237/114804 (1) : config : log format ignored for frontend 'mysql-router-service' since it has no log address.
[NOTICE] 237/114804 (1) : New worker #1 (8) forked

If we use option mysql-check user haproxy in config file, Galera logs /var/log/mysql/error.log has

[Warning] Access denied for user 'haproxy'@'192.168.1.10' (using password NO)

Here 192.168.1.10 is one of k8 worker.

In galera cluster we have following users

+---------------+-------------+
| Host          | User        |
+---------------+-------------+    
| 192.168.1.%   | haproxy     |  
| localhost     | mariadb.sys |
| localhost     | mysql       |
| localhost     | root        |
+---------------+-------------+

All nodes are running Ubuntu 18-04, ufw is disabled.

We can telnet to galera nodes from k8 workers. (telnet 192.168.1.2 3306)

What we had missed here?

-- Sachith Muhandiram
docker
galera
haproxy
kubernetes
mysql

Similar Questions

Unable to mount local PersistentVolume in k8s 1.13
kubernetes API object created by a deployement creation
Blocked Thread on Ignite Cluster
Not able to access cassandra from ISTIO deployed in GKE
service external ip pending kubernetes

1 Answer

8/30/2021

Depends on :

[Warning] Access denied for user 'haproxy'@'192.168.1.10' (using password NO)

I think you have to set password for user : haproxy.

-- Thanh Nguyen Van
Source: StackOverflow