Commit 2e457cc3 authored by Geoff Simmons's avatar Geoff Simmons

Add docker build for haproxy.

parent 13a6c047
ARG go_version=1.11.6
ARG debian_tag=10.2-slim
# Build http-faccess in the builder stage
FROM golang:${go_version} as builder
RUN go get -d -v github.com/slimhazard/gogitversion && \
cd /go/src/github.com/slimhazard/gogitversion && \
make install
RUN go get -d -v code.uplex.de/testing/http-faccess
ENV GO111MODULE=on
RUN cd /go/src/code.uplex.de/testing/http-faccess && make http-faccess
# Build haproxy
FROM debian:${debian_tag}
COPY buster-backports.list /etc/apt/sources.list.d/
ARG haproxy_version=2.0.13-1~bpo10+1
ARG dataplane_version=v1.2.4
RUN apt-get update -q && apt-get install -y -q curl && \
apt-get install -y -q haproxy=${haproxy_version} && \
curl -L http://github.com/haproxytech/dataplaneapi/releases/download/${dataplane_version}/dataplaneapi -o /usr/bin/dataplaneapi && \
/bin/chmod 755 /usr/bin/dataplaneapi && \
apt-get install -y -q procps && \
apt-get remove -y -q curl && apt-get autoremove -y -q && apt-get clean && \
apt-get autoremove -y -q && apt-get clean && \
rm -rf /var/lib/apt/lists/* && rm -rf /etc/haproxy/errors && \
rm -rf /usr/share/doc && rm -rf /usr/share/man
COPY --from=builder /go/src/code.uplex.de/testing/http-faccess/http-faccess /usr/bin/
COPY haproxy.cfg /etc/haproxy/
# GID 998 is the varnish group in the varnish container.
RUN /bin/mkdir /run/haproxy/ && \
/usr/sbin/groupadd -g 998 varnish && \
/usr/sbin/usermod -G varnish haproxy
ENV VARNISH_READY_PORT=8080
ENTRYPOINT ["/usr/sbin/haproxy", "-f", "/etc/haproxy/haproxy.cfg"]
......@@ -24,7 +24,7 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
all: controller varnish
all: controller varnish haproxy
DOCKER_BUILD_OPTIONS =
......@@ -42,3 +42,7 @@ controller: Dockerfile.controller docker-minikube
varnish: Dockerfile.varnish docker-minikube
docker build $(DOCKER_BUILD_OPTIONS) -t varnish-ingress/varnish \
-f Dockerfile.varnish .
haproxy: Dockerfile.haproxy docker-minikube
docker build $(DOCKER_BUILD_OPTIONS) -t varnish-ingress/haproxy \
-f Dockerfile.haproxy .
deb http://deb.debian.org/debian buster-backports main
global
log stdout format raw local0
chroot /run/offload
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group varnish
master-worker
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
tune.ssl.default-dh-param 2048
defaults
log global
mode tcp
option tcplog
option dontlognull
timeout connect 1000
timeout client 50000
timeout server 50000
userlist controller
user dataplaneapi insecure-password "${SECRET_DATAPLANEAPI}"
program api
command /usr/bin/dataplaneapi --host 0.0.0.0 --port 5555 --haproxy-bin /usr/sbin/haproxy --reload-cmd "/bin/kill -SIGUSR2 1" -i --log-to=stdout
no option start-on-reload
program faccess
command /usr/bin/http-faccess --address unix@/run/offload/faccess.sock --base /etc/ssl/private -gid 998 -mode 660
no option start-on-reload
frontend readiness
bind :8443
mode http
default_backend varnish_readiness
http-request set-path /ready
option httplog
backend varnish_readiness
server varnish_k8s localhost:${VARNISH_READY_PORT} check
mode http
frontend stats
bind :9443
mode http
stats uri /stats
http-request use-service prometheus-exporter if { path /metrics }
option httplog
frontend faccess
bind :5556
mode http
option httplog
default_backend faccess
backend faccess
server faccess unix@/faccess.sock check
mode http
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment