diff --git a/Dockerfile b/Dockerfile index 4cf9a5f..be34553 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,23 @@ -FROM haproxy:2.5.0-alpine3.15 +FROM haproxy:2.8.0-alpine3.18 -COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg +LABEL architecture="$TARGETPLATFORM" \ + license="beerware" \ + name="haproxy" \ + summary="Alpine based haproxy container" \ + mantainer="antoinroux@hotmail.fr" + +USER root +RUN apk add --no-cache gettext + +COPY --chown=haproxy:haproxy haproxy.template.cfg /etc/haproxy/haproxy.template.cfg +COPY --chmod=750 --chown=haproxy:haproxy init.sh / + +EXPOSE 6443 9000 +ENV ADMIN_PASSWORD "" +ENV PEER_0 192.168.2.3:6443 +ENV PEER_1 192.168.2.25:6443 +ENV PEER_2 192.168.2.19:6443 + +# extract from https://github.com/docker-library/haproxy/blob/master/Dockerfile.template#L166 +ENTRYPOINT ["/init.sh", "docker-entrypoint.sh"] +CMD ["haproxy", "-f", "/etc/haproxy/haproxy.cfg"] \ No newline at end of file diff --git a/Makefile b/Makefile index 37a129d..e20de16 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,8 @@ VERBOSITY=debug ## build imageHaproxy: - $(shell docker-multi-arch-builder build -n haproxy-k8s --platforms $(PLATFORM) -v $(VERBOSITY)) + docker manifest rm $(REGISTRY_IP):5000/haproxy-k8s || true + docker-multi-arch-builder build -n haproxy-k8s --platforms $(PLATFORM) -v $(VERBOSITY) ## management diff --git a/haproxy.cfg b/haproxy.cfg deleted file mode 100644 index 94e3573..0000000 --- a/haproxy.cfg +++ /dev/null @@ -1,38 +0,0 @@ -global - user haproxy - group haproxy - log /dev/log local0 - log /dev/log local1 notice - daemon - -defaults - mode http - log global - option httplog - option dontlognull - option http-server-close - option forwardfor except 127.0.0.0/8 - option redispatch - retries 1 - timeout http-request 10s - timeout queue 20s - timeout connect 5s - timeout client 20s - timeout server 20s - timeout http-keep-alive 10s - timeout check 10s - -frontend apiserver - bind *:6443 - mode tcp - option tcplog - default_backend apiserver - -backend apiserver - option httpchk GET /healthz - http-check expect status 200 - mode tcp - option ssl-hello-chk - balance roundrobin - server worker-4 100.105.163.73:6442 check - server worker-3 172.28.0.19:6442 check diff --git a/haproxy.template.cfg b/haproxy.template.cfg new file mode 100644 index 0000000..08b91c9 --- /dev/null +++ b/haproxy.template.cfg @@ -0,0 +1,44 @@ +global + log stdout local0 + user haproxy + group haproxy + chroot /var/lib/haproxy + pidfile /var/run/haproxy.pid + # https://stackoverflow.com/a/74536649 + maxconn 1000 + +defaults + timeout client 10s + timeout connect 5s + timeout server 10s + timeout http-request 10s + log global + mode http + option httplog + +listen stats + bind *:9000 + mode http + stats enable + stats hide-version + stats uri /stats + stats refresh 30s + stats realm Haproxy\ Statistics + stats auth admin:$ADMIN_PASSWORD + + frontend k8s-https + bind *:6442 + mode tcp + option tcplog + tcp-request inspect-delay 5s + tcp-request content accept if { req.ssl_hello_type 1 } + default_backend k8s-https + + backend k8s-https + balance roundrobin + mode tcp + option tcp-check + default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100 + server peer-0 $PEER_0 check + server peer-1 $PEER_1 check + server peer-2 $PEER_2 check diff --git a/init.sh b/init.sh new file mode 100644 index 0000000..6afe4a8 --- /dev/null +++ b/init.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +envsubst < /etc/haproxy/haproxy.template.cfg > /etc/haproxy/haproxy.cfg + +exec "$@"