Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
k8s-ingress
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
3
Merge Requests
3
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
uplex-varnish
k8s-ingress
Commits
68d97baf
Commit
68d97baf
authored
Apr 15, 2020
by
Geoff Simmons
Committed by
Tim Leers
Jul 06, 2020
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add docker build for haproxy.
parent
a60bd472
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
115 additions
and
1 deletion
+115
-1
Dockerfile.haproxy
container/Dockerfile.haproxy
+43
-0
Makefile
container/Makefile
+5
-1
buster-backports.list
container/buster-backports.list
+1
-0
haproxy.cfg
container/haproxy.cfg
+66
-0
No files found.
container/Dockerfile.haproxy
0 → 100644
View file @
68d97baf
ARG go_version=1.11.6
ARG debian_tag=10.2-slim
# Build http-faccess in the builder stage
FROM golang:${go_version} as builder
RUN go get -d -v github.com/slimhazard/gogitversion && \
cd /go/src/github.com/slimhazard/gogitversion && \
make install
RUN go get -d -v code.uplex.de/testing/http-faccess
ENV GO111MODULE=on
RUN cd /go/src/code.uplex.de/testing/http-faccess && make http-faccess
# Build haproxy
FROM debian:${debian_tag}
COPY buster-backports.list /etc/apt/sources.list.d/
ARG haproxy_version=2.0.13-1~bpo10+1
ARG dataplane_version=v1.2.4
RUN apt-get update -q && apt-get install -y -q curl && \
apt-get install -y -q haproxy=${haproxy_version} && \
curl -L http://github.com/haproxytech/dataplaneapi/releases/download/${dataplane_version}/dataplaneapi -o /usr/bin/dataplaneapi && \
/bin/chmod 755 /usr/bin/dataplaneapi && \
apt-get install -y -q procps && \
apt-get remove -y -q curl && apt-get autoremove -y -q && apt-get clean && \
apt-get autoremove -y -q && apt-get clean && \
rm -rf /var/lib/apt/lists/* && rm -rf /etc/haproxy/errors && \
rm -rf /usr/share/doc && rm -rf /usr/share/man
COPY --from=builder /go/src/code.uplex.de/testing/http-faccess/http-faccess /usr/bin/
COPY haproxy.cfg /etc/haproxy/
# GID 998 is the varnish group in the varnish container.
RUN /bin/mkdir /run/haproxy/ && \
/usr/sbin/groupadd -g 998 varnish && \
/usr/sbin/usermod -G varnish haproxy
ENV VARNISH_READY_PORT=8080
ENTRYPOINT ["/usr/sbin/haproxy", "-f", "/etc/haproxy/haproxy.cfg"]
container/Makefile
View file @
68d97baf
...
...
@@ -24,7 +24,7 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
all
:
controller varnish
all
:
controller varnish
haproxy
DOCKER_BUILD_OPTIONS
=
...
...
@@ -42,3 +42,7 @@ controller: Dockerfile.controller docker-minikube
varnish
:
Dockerfile.varnish docker-minikube
docker build
$(DOCKER_BUILD_OPTIONS)
-t
varnish-ingress/varnish
\
-f
Dockerfile.varnish .
haproxy
:
Dockerfile.haproxy docker-minikube
docker build
$(DOCKER_BUILD_OPTIONS)
-t
varnish-ingress/haproxy
\
-f
Dockerfile.haproxy .
container/buster-backports.list
0 → 100644
View file @
68d97baf
deb http://deb.debian.org/debian buster-backports main
container/haproxy.cfg
0 → 100644
View file @
68d97baf
global
log stdout format raw local0
chroot /run/offload
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group varnish
master-worker
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
tune.ssl.default-dh-param 2048
defaults
log global
mode tcp
option tcplog
option dontlognull
timeout connect 1000
timeout client 50000
timeout server 50000
userlist controller
user dataplaneapi insecure-password "${SECRET_DATAPLANEAPI}"
program api
command /usr/bin/dataplaneapi --host 0.0.0.0 --port 5555 --haproxy-bin /usr/sbin/haproxy --reload-cmd "/bin/kill -SIGUSR2 1" -i --log-to=stdout
no option start-on-reload
program faccess
command /usr/bin/http-faccess --address unix@/run/offload/faccess.sock --base /etc/ssl/private -gid 998 -mode 660
no option start-on-reload
frontend readiness
bind :8443
mode http
default_backend varnish_readiness
http-request set-path /ready
option httplog
backend varnish_readiness
server varnish_k8s localhost:${VARNISH_READY_PORT} check
mode http
frontend stats
bind :9443
mode http
stats uri /stats
http-request use-service prometheus-exporter if { path /metrics }
option httplog
frontend faccess
bind :5556
mode http
option httplog
default_backend faccess
backend faccess
server faccess unix@/faccess.sock check
mode http
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment