How to use haproxy 1.7 in openshift router (update)
The current openshift router images uses the Red Hat RPM package of haproxy. This package is maintained by Red Hat and uses haproxy 1.5 with some Red Hat patches.
You can see what’s in the package on centos git repo
It’s not bad but haproxy have now released the version 1.7.x, therefore there are several enhancements and bugfixes in the newer versions.
Changelog 1.6
Changelog 1.7
To be able to use the haproxy 1.7 you will need to build your own router as in the old days when you wanted to change something in the haproxy config template file.
OSE 3.0 | Rebuilding Your Router
UPDATE: There is now a image on docker hub as described in How to use haproxy 1.7 in openshift router (part 2)
Now we have the possibility to change the haproxy config template via a configmap, thanks to the developers which have added this feature by default into the openshift router.
OSE 3.2 | Using a ConfigMap to Replace the Router Configuration Template
First of all the processes for the Openshift Origin and Openshift Container Platform (OCP) are the same. The difference is the repository and the subscriptions.
Now let’s start.
Create a new project where this new routers are build and run.
Now create the images
- Origin
- OSCP
and wait until the build and push to the registry is done.
You can follow the build logs via the following command.
You have now a router image with a new haproxy.
Here is the output of haproxy -vv
HA-Proxy version 1.7.3 2017/02/28
Copyright 2000-2017 Willy Tarreau <willy@haproxy.org>
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement
OPTIONS = USE_LINUX_SPLICE=1 USE_ZLIB=1 USE_OPENSSL=1 USE_LUA=1 \
USE_PCRE=1 USE_PCRE_JIT=1 USE_TFO=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.7
Running on zlib version : 1.2.7
Compression algorithms supported : identity("identity"), deflate("deflate"), \
raw-deflate("deflate"), gzip("gzip")
Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : yes
Built with Lua version : Lua 5.3.4
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT \
IP_FREEBIND
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available filters :
[COMP] compression
[TRACE] trace
[SPOE] spoe
For the openshift origin please follow now this instructions to Rebuilding Your Router and for OSCP this one Rebuilding Your Router
Why should I use a newer haproxy?
Well first of all it’s a coolness factor ;-)
The new version offers some features like TCP Fast Open, elliptic curve certificates, and many more.