Hello Percona Community,
I am experiencing a challenging issue with Percona XtraDB Cluster in a Kubernetes environment, where I’m using HAProxy as a load balancer. My goal is to enable client IP preservation for better security and logging. However, I’m facing connectivity problems when using SQL Workbench/J via port forwarding.
- Kubernetes Cluster 1.26
- Percona XtraDB Cluster 8.0.34-26.1
- HAProxy used as a SQL load balancer
- SQL Workbench/J for database management
- PXC and HAProxy set up via Helm Chart
- Enabled the proxy protocol in PXC with
proxy_protocol_networks = *.
- HAProxy is set up with the default configurations.
- Ingress is configured to route
url.com:3306to the HAProxy service on port
- When I connect using SQL Workbench/J through the Ingress (by accessing
url.com:3306), it works without issues. I presume this is because the Ingress correctly adds the proxy protocol header.
- The problem arises when I attempt to connect through a port-forwarded local port
33066to the HAProxy service on port
3306. In this case, SQL Workbench/J fails to connect via
- I’ve ensured that the proxy-protocol is working. Open connections are correctly displayed as their client IPs and not the IP of the HAProxy service.
- All network policies and firewall rules have been checked to ensure proper traffic flow.
proxy_protocol_networks = *the port-forwarding method works without problems.
- Why is there a difference in behavior between the Ingress and local port-forwarding methods, even though they both target the HAProxy service on the same port?
- Is there a way to configure HAProxy or Kubernetes port-forwarding to add the proxy protocol headers when using SQL Workbench/J?
- Are there any recommended practices for configuring HAProxy in a Kubernetes environment to handle both proxy protocol and non-proxy protocol connections simultaneously?
I would greatly appreciate any insights or suggestions from the community on how to resolve this connectivity issue.