diff options
| author |   leila <leila.nishimwe@bell.ca> | 2022-11-16 19:42:09 -0500 |
|---|---|---|
| committer |   Andreas Geissler <andreas-geissler@telekom.de> | 2022-11-24 10:32:31 +0000 |
| commit | 43815726c3cf6259004c7a6343f710f049c348ee (patch) | |
| tree | be3c76db256ed3a49cba489f6e832eb9e302b734 /kubernetes/aai/resources/config/haproxy/haproxy.cfg | |
| parent | 7e1f3b9272e4bcc3efaf7f323806f56a28e9a532 (diff) | |
[AAI] AAI HAProxy image update
Update AAI haproxy name and version to 1.9.6
Make AAI init container resources configurable
Implementing stick tables to avoid concurrency issues raised by using
janugraph against eventually consistent storage backend(cassandra)
Issue-ID: AAI-3602
Signed-off-by: leila <leila.nishimwe@bell.ca>
Change-Id: I6b1c7bf3a378c410df0a9bb01d304e56e979c3b5
Diffstat (limited to 'kubernetes/aai/resources/config/haproxy/haproxy.cfg')
| -rw-r--r-- | kubernetes/aai/resources/config/haproxy/haproxy.cfg | 35 |
1 files changed, 26 insertions, 9 deletions
diff --git a/kubernetes/aai/resources/config/haproxy/haproxy.cfg b/kubernetes/aai/resources/config/haproxy/haproxy.cfg index 1accff9935..fe1715b734 100644 --- a/kubernetes/aai/resources/config/haproxy/haproxy.cfg +++ b/kubernetes/aai/resources/config/haproxy/haproxy.cfg @@ -17,6 +17,10 @@ global log /dev/log local0 stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin stats timeout 30s + # it is required else pod will not come up + maxconn 50000 + user root + group root daemon ################################# # Default SSL material locations# @@ -38,7 +42,8 @@ defaults {{- if ( include "common.needTLS" .) }} option ssl-hello-chk {{- end }} - option httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ QUFJOkFBSQ== + option httpchk + http-check send meth GET uri /aai/util/echo ver HTTP/1.1 hdr Host aai hdr X-TransactionId haproxy-0111 hdr X-FromAppId haproxy hdr Accept application/json hdr Authorization 'Basic QUFJOkFBSQ==' default-server init-addr none # option dontlognull # errorfile 400 /etc/haproxy/errors/400.http @@ -59,6 +64,12 @@ defaults timeout server 480000 timeout http-keep-alive 30000 +frontend stats + bind *:8448 + http-request use-service prometheus-exporter if { path /metrics } + stats enable + stats uri /stats + stats refresh 10s frontend IST_8080 mode http @@ -73,8 +84,8 @@ frontend IST_8080 option log-separate-errors option forwardfor http-request set-header X-Forwarded-Proto http - reqadd X-Forwarded-Proto:\ http - reqadd X-Forwarded-Port:\ 8080 + http-request set-header X-Forwarded-Proto http + http-request add-header X-Forwarded-Port 8080 ####################### #ACLS FOR PORT 8446#### @@ -104,6 +115,10 @@ frontend IST_8443 capture response header Host len 100 option log-separate-errors option forwardfor + + http-request set-header X-Forwarded-Proto https + http-request add-header X-Forwarded-Port 8443 + http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used } http-request set-header X-AAI-SSL %[ssl_fc] @@ -128,8 +143,6 @@ frontend IST_8443 {{- end }} {{- end }} - reqadd X-Forwarded-Proto:\ https - reqadd X-Forwarded-Port:\ 8443 {{- end }} ####################### @@ -152,12 +165,14 @@ frontend IST_8443 backend IST_Default_8447 balance roundrobin + stick-table type string len 100 size 200k expire 2m + stick on path http-request set-header X-Forwarded-Port %[src_port] http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; {{- if ( include "common.needTLS" .) }} - server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none + server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none {{- else }} - server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check port 8447 + server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check port 8447 {{- end }} ####################### @@ -166,10 +181,12 @@ backend IST_Default_8447 backend IST_AAI_8446 balance roundrobin + stick-table type string len 100 size 200k expire 2m + stick on path http-request set-header X-Forwarded-Port %[src_port] http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; {{- if ( include "common.needTLS" .) }} - server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none + server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none {{- else }} - server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check port 8446 + server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check port 8446 {{- end }} |