TCP CRD: Enable multiple backends on the same frontend port by allowing backend-only TCP objects #718
Description
This is more of a feature request than an issue. I would like the ability to create a backend using the TCP CRD without requiring a frontend. This would allow a scenario where one listener on a specific port can serve multiple backends.
Example
Consider a broker traffic serving the MQTTS port 8883
apiVersion: ingress.v1.haproxy.org/v1
kind: TCP
metadata:
name: broker01-service-tcp
annotations:
ingress.class: haproxy
spec:
- name: broker01-tcp
frontend:
name: broker01-frontend
tcplog: true
clitcpka: enabled
tcp_request_rule_list:
- type: inspect-delay
timeout: 5000
index: 0
- cond: if
cond_test: "{ req_ssl_hello_type 1 }"
action: accept
type: content
index: 1
backend_switching_rule_list:
- cond: if
cond_test: "{ req_ssl_sni -i broker01.example.com }"
index: 0
name: default_broker-mqtt_broker-mqtts-0
binds:
- name: mqtts
port: 8883
accept_proxy: true
service:
name: nginx-reject-all-service
port: 30000
services:
- name: broker-mqtt
port: 8883
This configuration generates the following HAProxy configuration:
frontend tcpcr_default_broker01-frontend
mode tcp
bind :8883 name mqtts accept-proxy
option tcplog
option clitcpka
tcp-request inspect-delay 5000
tcp-request content accept if { req_ssl_hello_type 1 }
use_backend default_broker-mqtt_broker-mqtts-0 if { req_ssl_sni -i broker01.example.com }
default_backend default_nginx-reject-all-service_broker-mqtts-0
backend default_broker-mqtt_broker-mqtts-0
mode tcp
balance roundrobin
option srvtcpka
option httpchk
http-check send meth GET uri /api/v1/health/readiness
default-server check port 9090
server SRV_1 100.64.100.72:8883 enabled
As noted, the frontend listens on port 8883. Therefore I cannot create any additional TCP objects that bind to the same port.
Is it possible to omit the frontend part of the CRD and only create the backend?
Is there a workaround to achieve this using the current CRD?