When using deny-list with a file, there is no no reaction to file content changes #681
Comments
|
Looking at this issue. |
|
Hello @oekarlsson , I was not able to reproduce this issue with 3.0.2. Here are my steps:
The only way I could have haproxy not reloading is by manually updating the pattern file in the Ingress Controller POD, but this is not supported. Could you confirm that those were your steps ? Thanks |
|
This was discussed on Slack and I forgot this issue. I should have closed it. Sorry. My scenario is that my blacklist is too large to be able to fit in a configmap (> 1MB). My patterns/ips come from a filesystem and not a mounted configmap. That is why reload does not work for me. I have solved it doing a exec to the haproxy pods and running "/bin/kill -HUP $(cat /var/run/haproxy.pid)" after the file in the filesystem is updated. It would of course be good if there were some kind of option to use regular files instead of configmaps and still have automatic reloads. |
|
hi @oekarlsson we will keep this in mind, I'll leave this open and labeled so we can notify you if we do some changes |
I'm using version 3.02 and have a global deny-list set in configmap to patterns/blacklist.ips
The config is created correctly and all IPs in the list is denied. But when the content in the deny-list file is changed, new IPs are not blocked. If an ingress is removed or added and the config must be rebuilt and haproxy reloaded the new IPs are denied as it should be.
I want to block new IPs as fast as possible, and as a user of this feature in the controller I expect new IPs in the list to be denied. It seems that a reload is needed for that to work.
The text was updated successfully, but these errors were encountered: