feature: version 1.0.0 of working haproxy as static pod

Dockerfile

@@ -1,3 +1,23 @@
-FROM haproxy:2.5.0-alpine3.15
+FROM haproxy:2.8.0-alpine3.18
 
-COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
+LABEL architecture="$TARGETPLATFORM" \
+    license="beerware" \
+    name="haproxy" \
+    summary="Alpine based haproxy container" \
+    mantainer="antoinroux@hotmail.fr"
+
+USER root
+RUN apk add --no-cache gettext
+
+COPY --chown=haproxy:haproxy haproxy.template.cfg /etc/haproxy/haproxy.template.cfg
+COPY --chmod=750 --chown=haproxy:haproxy init.sh /
+
+EXPOSE 6443 9000
+ENV ADMIN_PASSWORD ""
+ENV PEER_0 192.168.2.3:6443
+ENV PEER_1 192.168.2.25:6443
+ENV PEER_2 192.168.2.19:6443
+
+# extract from https://github.com/docker-library/haproxy/blob/master/Dockerfile.template#L166
+ENTRYPOINT ["/init.sh", "docker-entrypoint.sh"]
+CMD ["haproxy", "-f", "/etc/haproxy/haproxy.cfg"]

Makefile

@@ -12,7 +12,8 @@ VERBOSITY=debug
 ## build
 
 imageHaproxy:
-	$(shell docker-multi-arch-builder build -n haproxy-k8s --platforms $(PLATFORM) -v $(VERBOSITY))
+	docker manifest rm $(REGISTRY_IP):5000/haproxy-k8s || true
+	docker-multi-arch-builder build -n haproxy-k8s --platforms $(PLATFORM) -v $(VERBOSITY)
 
 ## management
 

haproxy.cfg

@@ -1,38 +0,0 @@
-global
-  user         haproxy
-  group        haproxy
-  log /dev/log local0
-  log /dev/log local1 notice
-  daemon
-  
-defaults
-  mode                    http
-  log                     global
-  option                  httplog
-  option                  dontlognull
-  option http-server-close
-  option forwardfor       except 127.0.0.0/8
-  option                  redispatch
-  retries                 1
-  timeout http-request    10s
-  timeout queue           20s
-  timeout connect         5s
-  timeout client          20s
-  timeout server          20s
-  timeout http-keep-alive 10s
-  timeout check           10s
-  
-frontend apiserver
-  bind *:6443
-  mode tcp
-  option tcplog
-  default_backend apiserver
-  
-backend apiserver
-  option httpchk GET /healthz
-  http-check expect status 200
-  mode tcp
-  option ssl-hello-chk
-  balance roundrobin
-    server worker-4 100.105.163.73:6442 check
-    server worker-3 172.28.0.19:6442 check

haproxy.template.cfg

@@ -0,0 +1,44 @@
+global
+    log         stdout local0
+    user        haproxy
+    group       haproxy
+    chroot      /var/lib/haproxy
+    pidfile     /var/run/haproxy.pid
+    # https://stackoverflow.com/a/74536649
+    maxconn 1000
+
+defaults
+    timeout     client 10s
+    timeout     connect 5s
+    timeout     server 10s
+    timeout     http-request 10s
+    log global
+    mode http
+    option httplog
+
+listen stats
+  bind    *:9000
+  mode    http
+  stats   enable
+  stats   hide-version
+  stats   uri       /stats
+  stats   refresh   30s
+  stats   realm     Haproxy\ Statistics
+  stats   auth      admin:$ADMIN_PASSWORD
+
+ frontend k8s-https
+     bind *:6442
+     mode tcp
+     option tcplog
+     tcp-request inspect-delay 5s
+     tcp-request content accept if { req.ssl_hello_type 1 }
+     default_backend k8s-https
+
+ backend k8s-https
+     balance roundrobin
+     mode tcp
+     option tcp-check
+     default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
+     server peer-0 $PEER_0 check
+     server peer-1 $PEER_1 check
+     server peer-2 $PEER_2 check

init.sh

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+envsubst < /etc/haproxy/haproxy.template.cfg > /etc/haproxy/haproxy.cfg
+
+exec "$@"