The current openshift router images uses the Red Hat RPM package of haproxy. This package is maintained by Red Hat and uses haproxy 1.5 with some Red Hat patches.
You can see what’s in the package on centos git repo
It’s not bad but haproxy have now released the version 1.7.x, therefore there are several enhancements and bugfixes in the newer versions.
To be able to use the haproxy 1.7 you will need to build your own router as in the old days when you wanted to change something in the haproxy config template file.
UPDATE: There is now a image on docker hub as described in How to use haproxy 1.7 in openshift router (part 2)
Now we have the possibility to change the haproxy config template via a configmap, thanks to the developers which have added this feature by default into the openshift router.
First of all the processes for the Openshift Origin and Openshift Container Platform (OCP) are the same. The difference is the repository and the subscriptions.
Now let’s start.
Create a new project where this new routers are build and run.
oc new-project new-routers
Now create the images
and wait until the build and push to the registry is done.
You can follow the build logs via the following command.
oc logs -f bc/openshift-origin-router-hap17 # or oc logs -f bc/openshift-oscp-router-hap17You have now a router image with a new haproxy.
Here is the output of haproxy -vv
HA-Proxy version 1.7.3 2017/02/28 Copyright 2000-2017 Willy Tarreau <email@example.com> Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement OPTIONS = USE_LINUX_SPLICE=1 USE_ZLIB=1 USE_OPENSSL=1 USE_LUA=1 \ USE_PCRE=1 USE_PCRE_JIT=1 USE_TFO=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Encrypted password support via crypt(3): yes Built with zlib version : 1.2.7 Running on zlib version : 1.2.7 Compression algorithms supported : identity("identity"), deflate("deflate"), \ raw-deflate("deflate"), gzip("gzip") Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013 Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built with PCRE version : 8.32 2012-11-30 Running on PCRE version : 8.32 2012-11-30 PCRE library supports JIT : yes Built with Lua version : Lua 5.3.4 Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT \ IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Available filters : [COMP] compression [TRACE] trace [SPOE] spoe
Why should I use a newer haproxy?
Well first of all it’s a coolness factor ;-)