Skip to content

Commit

Permalink
add support to an external haproxy sidecar
Browse files Browse the repository at this point in the history
  • Loading branch information
@jcmoraisjr
jcmoraisjr committed Nov 1, 2020
1 parent 2c0500a commit 876a3df
Show file tree
Hide file tree
Showing 4 changed files with 170 additions and 59 deletions.
6 changes: 6 additions & 0 deletions haproxy-ingress/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,12 @@ Parameter | Description | Default
`controller.template` | custom template for haproxy-ingress-controller | `{}`
`controller.defaultBackendService` | backend service to use if defaultBackend.enabled==false | `""`
`controller.ingressClass` | name of the ingress class to route through this controller | `haproxy`
`controller.haproxy.enabled` | set `true` to configure haproxy as a sidecar instead of use the embedded version | `false`
`controller.haproxy.image.repository` | haproxy container image repository, when enabled | `haproxy`
`controller.haproxy.image.tag` | haproxy container image tag | `2.2.4-alpine`
`controller.haproxy.image.pullPolicy` | haproxy container image pullPolicy | `IfNotPresent`
`controller.haproxy.extraArgs` | extra command line arguments for haproxy | `{}`
`controller.haproxy.resources` | haproxy container resource requests & limits | `{}`
`controller.healthzPort` | The haproxy health check (monitoring) port | `10253`
`controller.livenessProbe.path` | The liveness probe path | `/healthz`
`controller.livenessProbe.port` | The livneness probe port | `10253`
Expand Down
199 changes: 140 additions & 59 deletions haproxy-ingress/templates/_podtemplate.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,28 @@ spec:
{{- toYaml .Values.controller.podAffinity | nindent 4 }}
{{- end }}
serviceAccountName: {{ include "haproxy-ingress.serviceAccountName" . }}
{{- if .Values.controller.initContainers }}
{{- if or .Values.controller.haproxy.enabled .Values.controller.initContainers }}
initContainers:
{{- if .Values.controller.haproxy.enabled }}
- name: haproxy-ingress-init
image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}"
imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
args:
- --init
resources:
limits:
cpu: 10m
memory: 32Mi
requests:
cpu: 10m
memory: 32Mi
volumeMounts:
- mountPath: /etc/haproxy
name: etc
{{- end }}
{{- if .Values.controller.initContainers }}
{{- toYaml .Values.controller.initContainers | nindent 4 }}
{{- end }}
{{- end }}
containers:
- name: haproxy-ingress
Expand All @@ -29,6 +48,9 @@ spec:
args:
- --configmap={{ .Release.Namespace }}/{{ include "haproxy-ingress.fullname" . }}
- --ingress-class={{ .Values.controller.ingressClass }}
{{- if .Values.controller.haproxy.enabled }}
- --master-socket=/var/run/haproxy/master.sock
{{- end }}
- --sort-backends
{{- if .Values.controller.tcp }}
- --tcp-services-configmap={{ .Release.Namespace }}/{{ include "haproxy-ingress.fullname" . }}-tcp
Expand All @@ -43,63 +65,10 @@ spec:
- --{{ $key }}
{{- end }}
{{- end }}
ports:
{{- if .Values.controller.enableStaticPorts }}
- name: http
containerPort: 80
{{- if and (eq .Values.controller.kind "DaemonSet") .Values.controller.daemonset.useHostPort .Values.controller.daemonset.hostPorts.http }}
hostPort: {{ .Values.controller.daemonset.hostPorts.http }}
{{- end }}
- name: https
containerPort: 443
{{- if and (eq .Values.controller.kind "DaemonSet") .Values.controller.daemonset.useHostPort .Values.controller.daemonset.hostPorts.https }}
hostPort: {{ .Values.controller.daemonset.hostPorts.https }}
{{- end }}
{{- if not .Values.controller.haproxy.enabled }}
{{- include "haproxy-ingress.controller.ports" . | nindent 6 }}
{{- include "haproxy-ingress.controller.probes" . | nindent 6 }}
{{- end }}
{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.embedded }}
- name: metrics
containerPort: {{ .Values.controller.metrics.port }}
protocol: TCP
{{- end }}
{{- if .Values.controller.stats.enabled }}
- name: stats
containerPort: {{ .Values.controller.stats.port }}
protocol: TCP
{{- end }}
- name: healthz
containerPort: {{ .Values.controller.healthzPort }}
{{- range $key, $value := .Values.controller.tcp }}
- name: "{{ $key }}-tcp"
containerPort: {{ $key }}
protocol: TCP
{{- if and (eq $.Values.controller.kind "DaemonSet") $.Values.controller.daemonset.useHostPort }}
{{- range $p := $.Values.controller.daemonset.hostPorts.tcp }}
{{- if eq $key $p }}
hostPort: {{ $key }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
livenessProbe:
httpGet:
path: {{ .Values.controller.livenessProbe.path | quote }}
port: {{ .Values.controller.livenessProbe.port }}
scheme: HTTP
initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
readinessProbe:
httpGet:
path: {{ .Values.controller.readinessProbe.path | quote }}
port: {{ .Values.controller.readinessProbe.port }}
scheme: HTTP
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
env:
- name: POD_NAME
valueFrom:
Expand All @@ -112,13 +81,52 @@ spec:
{{- if .Values.controller.extraEnvs }}
{{- toYaml .Values.controller.extraEnvs | nindent 8 }}
{{- end }}
{{- if .Values.controller.template }}
{{- if or .Values.controller.haproxy.enabled .Values.controller.template }}
volumeMounts:
{{- if .Values.controller.haproxy.enabled }}
- mountPath: /etc/haproxy
name: etc
- mountPath: /var/lib/haproxy
name: lib
- mountPath: /var/run/haproxy
name: run
{{- end }}
{{- if .Values.controller.template }}
- name: haproxy-template
mountPath: /etc/templates/haproxy
{{- end }}
{{- end }}
resources:
{{- toYaml .Values.controller.resources | nindent 8 }}
{{- if .Values.controller.haproxy.enabled }}
- name: haproxy
image: "{{ .Values.controller.haproxy.image.repository }}:{{ .Values.controller.haproxy.image.tag }}"
imagePullPolicy: "{{ .Values.controller.haproxy.image.pullPolicy }}"
args:
- -W
- -S
- /var/run/haproxy/master.sock,mode,600
- -f
- /etc/haproxy
{{- range $key, $value := .Values.controller.haproxy.extraArgs }}
{{- if $value }}
- --{{ $key }}={{ $value }}
{{- else }}
- --{{ $key }}
{{- end }}
{{- end }}
{{- include "haproxy-ingress.controller.ports" . | nindent 6 }}
{{- include "haproxy-ingress.controller.probes" . | nindent 6 }}
resources:
{{- toYaml .Values.controller.haproxy.resources | nindent 8 }}
volumeMounts:
- mountPath: /etc/haproxy
name: etc
- mountPath: /var/lib/haproxy
name: lib
- mountPath: /var/run/haproxy
name: run
{{- end }}
{{- if .Values.controller.logs.enabled }}
- name: access-logs
image: "{{ .Values.controller.logs.image.repository }}:{{ .Values.controller.logs.image.tag }}"
Expand Down Expand Up @@ -159,11 +167,21 @@ spec:
imagePullSecrets:
{{- toYaml .Values.controller.imagePullSecrets | nindent 4 }}
{{- end }}
{{- if .Values.controller.template }}
{{- if or .Values.controller.haproxy.enabled .Values.controller.template }}
volumes:
{{- if .Values.controller.haproxy.enabled }}
- name: etc
emptyDir: {}
- name: lib
emptyDir: {}
- name: run
emptyDir: {}
{{- end }}
{{- if .Values.controller.template }}
- name: haproxy-template
configMap:
name: {{ include "haproxy-ingress.fullname" . }}-template
{{- end }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
dnsPolicy: {{ .Values.controller.dnsPolicy }}
Expand All @@ -188,3 +206,66 @@ spec:
{{- toYaml .Values.controller.securityContext | nindent 4 }}
{{- end }}
{{- end }}

{{- define "haproxy-ingress.controller.ports" -}}
ports:
{{- if .Values.controller.enableStaticPorts }}
- name: http
containerPort: 80
{{- if and (eq .Values.controller.kind "DaemonSet") .Values.controller.daemonset.useHostPort .Values.controller.daemonset.hostPorts.http }}
hostPort: {{ .Values.controller.daemonset.hostPorts.http }}
{{- end }}
- name: https
containerPort: 443
{{- if and (eq .Values.controller.kind "DaemonSet") .Values.controller.daemonset.useHostPort .Values.controller.daemonset.hostPorts.https }}
hostPort: {{ .Values.controller.daemonset.hostPorts.https }}
{{- end }}
{{- end }}
{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.embedded }}
- name: metrics
containerPort: {{ .Values.controller.metrics.port }}
protocol: TCP
{{- end }}
{{- if .Values.controller.stats.enabled }}
- name: stats
containerPort: {{ .Values.controller.stats.port }}
protocol: TCP
{{- end }}
- name: healthz
containerPort: {{ .Values.controller.healthzPort }}
{{- range $key, $value := .Values.controller.tcp }}
- name: "{{ $key }}-tcp"
containerPort: {{ $key }}
protocol: TCP
{{- if and (eq $.Values.controller.kind "DaemonSet") $.Values.controller.daemonset.useHostPort }}
{{- range $p := $.Values.controller.daemonset.hostPorts.tcp }}
{{- if eq $key $p }}
hostPort: {{ $key }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

{{- define "haproxy-ingress.controller.probes" -}}
livenessProbe:
httpGet:
path: {{ .Values.controller.livenessProbe.path | quote }}
port: {{ .Values.controller.livenessProbe.port }}
scheme: HTTP
initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
readinessProbe:
httpGet:
path: {{ .Values.controller.readinessProbe.path | quote }}
port: {{ .Values.controller.readinessProbe.port }}
scheme: HTTP
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
{{- end }}
3 changes: 3 additions & 0 deletions haproxy-ingress/templates/controller-configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,9 @@ data:
stats-port: {{ .Values.controller.stats.port | quote }}
{{- if .Values.controller.logs.enabled }}
syslog-endpoint: "localhost:514"
{{- else if and .Values.controller.haproxy.enabled (not (hasKey .Values.controller.config "syslog-endpoint")) }}
syslog-endpoint: "stdout"
syslog-format: "raw"
{{- end }}
{{- if .Values.controller.config }}
{{- toYaml .Values.controller.config | nindent 2 }}
Expand Down
21 changes: 21 additions & 0 deletions haproxy-ingress/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -222,6 +222,27 @@ controller:

type: LoadBalancer

## If controller.haproxy.enabled = true, an external haproxy instance
## is configured and managed as a sidecar container
haproxy:
enabled: false

image:
repository: haproxy
tag: "2.2.4-alpine"
pullPolicy: IfNotPresent

## Additional command line arguments to pass to haproxy
extraArgs: {}

resources: {}
# limits:
# cpu: 500m
# memory: 768Mi
# requests:
# cpu: 500m
# memory: 768Mi

stats:
enabled: false
port: 1936
Expand Down

0 comments on commit 876a3df

Please sign in to comment.