haproxy 2.0 dataplaneapi docker 镜像
Posted rongfengliang
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了haproxy 2.0 dataplaneapi docker 镜像相关的知识,希望对你有一定的参考价值。
为了方便测试dataplaneapi 基于官方的docker镜像,制作了一个简单的包含dataplaneapi 的镜像
下载dataplaneapi
https://github.com/haproxytech/dataplaneapi/releases
Dockerfile
FROM haproxy:2.0.5
COPY dataplaneapi /usr/local/sbin/dataplaneapi
RUN chmod +x /usr/local/sbin/dataplaneapi
简单参考配置文件
通过processmanager 管理
#
# This is the ultimate HAProxy 2.0 "Getting Started" config
# It demonstrates many of the features available which are now available
# While you may not need all of these things, this can serve
# as a reference for your own configurations.
#
# Have questions? Check out our community Slack:
# https://slack.haproxy.org/
#
?
global
# master-worker required for `program` section
# enable here or start with -Ws
master-worker
mworker-max-reloads 3
# enable core dumps
set-dumpable
user root
group root
log stdout local0
?
defaults
mode http
log global
timeout client 5s
timeout server 5s
timeout connect 5s
option redispatch
option httplog
?
resolvers dns
parse-resolv-conf
resolve_retries 3
timeout resolve 1s
timeout retry 1s
hold other 30s
hold refused 30s
hold nx 30s
hold timeout 30s
hold valid 10s
hold obsolete 30s
program dataplane-api
command /usr/local/sbin/dataplaneapi --host 0.0.0.0 --port 5555 --haproxy-bin /usr/local/sbin/haproxy --config-file /usr/local/etc/haproxy/haproxy.cfg --reload-cmd "kill -SIGUSR2 1" --reload-delay 5 --userlist api
no option start-on-reload
userlist api
# user admin password $5$aVnIFECJ$2QYP64eTTXZ1grSjwwdoQxK/AP8kcOflEO1Q5fc.5aA
user admin insecure-password dalong
frontend stats
bind *:8404
# Enable Prometheus Exporter
http-request use-service prometheus-exporter if path /metrics
stats enable
stats uri /stats
stats refresh 10s
?
frontend fe_main
bind *:8080
# Enable log sampling
# One out of 10 requests would be logged to this source
log 127.0.0.1:10001 sample 1:10 local0
# For every 11 requests, log requests 2, 3, and 8-11
log 127.0.0.1:10002 sample 2-3,8-11:11 local0
?
# Log profiling data
log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %+Qr cpu_calls:%[cpu_calls] cpu_ns_tot:%[cpu_ns_tot] cpu_ns_avg:%[cpu_ns_avg] lat_ns_tot:%[lat_ns_tot] lat_ns_avg:%[lat_ns_avg]"
?
# gRPC path matching
acl is_grpc_codename path /CodenameCreator/KeepGettingCodenames
# Dynamic ‘do-resolve‘ trusted hosts
acl dynamic_hosts req.hdr(Host) api.local admin.local haproxy.com
?
# Activate Traffic Mirror
# Redirect if not SSL
# http-request redirect scheme https unless ssl_fc
?
# Enable src tracking
# http-request track-sc0 src table mypeers/src_tracking
?
# Enable rate limiting
# Return 429 Too Many Requests if client averages more than
# 10 requests in 10 seconds.
# (duration defined in stick table in peers section)
http-request deny deny_status 429 if sc_http_req_rate(0) gt 10
?
# Enable local resolving of Host if within dynamic_hosts ACL
# Allows connecting to dynamic IP address specified in Host header
# Useful for DNS split view or split horizon
http-request do-resolve(txn.dstip,dns) hdr(Host),lower if dynamic_hosts
http-request capture var(txn.dstip) len 40 if dynamic_hosts
?
# return 503 when dynamic_hosts matches but the variable
# txn.dstip is not set which mean DNS resolution error
# otherwise route to be_dynamic
use_backend be_503 if dynamic_hosts ! var(txn.dstip) -m found
use_backend be_dynamic if dynamic_hosts
?
# route to gRPC path
use_backend be_grpc if is_grpc_codename
?
default_backend be_main
?
backend be_main
# Enable Power of Two Random Choices Algorithm
balance random(2)
# Enable Layer 7 retries
retry-on all-retryable-errors
retries 3
# retrying POST requests can be dangerous
# make sure you understand the implications before removing
http-request disable-l7-retry if METH_POST
server server1 nginx1:80 check inter 3s
server server2 nginx2:80 check inter 3s
backend be_grpc
default-server ssl verify none alpn h2 check maxconn 50
server grpc1 10.1.0.11:3000
server grpc2 10.1.0.12:3000
?
backend be_dynamic
default-server ssl verify none check maxconn 50
?
# rule to prevent HAProxy from reconnecting to services
# on the local network (forged DNS name used to scan the network)
http-request deny if var(txn.dstip) -m ip 127.0.0.0/8 10.0.0.0/8
http-request set-dst var(txn.dstip)
server dynamic 0.0.0.0:0
?
backend spoe-traffic-mirror
mode tcp
balance roundrobin
timeout connect 5s
timeout server 1m
server spoa1 127.0.0.1:12345
server spoa2 10.1.0.20:12345
?
backend be_503
# dummy backend used to return 503.
# You can use the ‘errorfile‘ directive to send a nice
# 503 error page to end users.
errorfile 503 /usr/local/etc/haproxy/errors/503.http
一个测试效果
- docker-compose 文件
version: "3"
services:
grafana:
image: grafana/grafana
ports:
- "3000:3000"
prometheus:
image: prom/prometheus
volumes:
- "./prometheus.yml:/etc/prometheus/prometheus.yml"
ports:
- "9090:9090"
haproxy:
image: dalongrong/haproxy-dataplan:2.0.5
build: ./
volumes:
- "./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg"
ports:
- "80:80"
- "5555:5555"
- "8404:8404"
- "8080:8080"
- "9000:9000"
- "9001:9001"
- "9002:9002"
- "1000-1005:1000-1005"
- "10080:10080"
nginx1:
image: nginx
ports:
- "8090:80"
nginx2:
image: nginx
ports:
- "8091:80"
启动效果
- 启动
docker-compose up -d
- 效果
http://localhost:5555 用户密码 admin dalong
参考资料
https://www.haproxy.com/documentation/hapee/1-9r1/configuration/dataplaneapi/
https://github.com/haproxytech/dataplaneapi/releases
https://github.com/rongfengliang/haproxy2.0-prometheus
以上是关于haproxy 2.0 dataplaneapi docker 镜像的主要内容,如果未能解决你的问题,请参考以下文章
HAProxy Data Plane API 2.0 doker 镜像
linux12企业实战 -- 32haproxy2.0.12