Created
February 11, 2026 15:13
-
-
Save rlnorthcutt/b406cd38168b477f12ecf9e45933529c to your computer and use it in GitHub Desktop.
HAProxy shift and shield config (ingress nginx migration step)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #------------ Global and defaults ------------# | |
| # Set performance tuning and security logging | |
| # [Placeholder: Global/defaults for buffer sizes, timeouts] | |
| #----- Frontend: accept and route traffic -----# | |
| frontend main_ingress | |
| bind :443 ssl crt /etc/haproxy/certs/ | |
| mode http | |
| # Apply security policies at the edge | |
| # [Placeholder: ACLs for WAF/bot protection] | |
| # Migration routing logic | |
| # Send updated services to new HAProxy Ingress Controller | |
| use_backend new_haproxy_ingress if { hdr(host) -i new-app.example.com } | |
| # Everything else goes to legacy Ingress NGINX | |
| default_backend legacy_nginx_ingress | |
| #----------- Backends: old and new -----------# | |
| backend legacy_nginx_ingress | |
| mode http | |
| # Points to existing Ingress NGINX LoadBalancer IP or Service | |
| server nginx_lb 192.168.1.50:80 check | |
| backend new_haproxy_ingress | |
| mode http | |
| # Points to new HAProxy Kubernetes Ingress Controller | |
| server haproxy_kic 192.168.1.51:80 check |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment