summaryrefslogtreecommitdiffstats
path: root/kubernetes/vvp/charts/vvp-ext-haproxy/resources
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/vvp/charts/vvp-ext-haproxy/resources')
-rw-r--r--kubernetes/vvp/charts/vvp-ext-haproxy/resources/config/ext-haproxy-cfg/file79
1 files changed, 79 insertions, 0 deletions
diff --git a/kubernetes/vvp/charts/vvp-ext-haproxy/resources/config/ext-haproxy-cfg/file b/kubernetes/vvp/charts/vvp-ext-haproxy/resources/config/ext-haproxy-cfg/file
new file mode 100644
index 0000000000..ca7b40a7bc
--- /dev/null
+++ b/kubernetes/vvp/charts/vvp-ext-haproxy/resources/config/ext-haproxy-cfg/file
@@ -0,0 +1,79 @@
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resolvers dns
+ nameserver pod_dns "10.3.0.10:53"
+ resolve_retries 3
+ timeout retry 1s
+ hold valid 30s
+
+defaults
+ mode http
+ timeout connect 5000ms
+ timeout client 50000ms
+ timeout server 50000ms
+ option httpclose
+ option redispatch
+ option abortonclose
+ option httplog
+ option dontlognull
+ default-server init-addr last,libc,none
+
+backend gitlab_ssh
+ mode tcp
+ option tcplog
+ timeout server 2h
+ server gitlabssh vvp-gitlab:22 resolvers dns
+
+frontend gitlab_ssh_frontend
+ mode tcp
+ option tcplog
+ timeout client 2h
+ bind 0.0.0.0:22
+ acl is_ssh dst_port 22
+ use_backend gitlab_ssh if is_ssh
+
+backend portal_backend
+ mode http
+ server ice_portal vvp:8181 resolvers dns
+
+backend api
+ mode http
+ server engagement_manager vvp-em-uwsgi:80 resolvers dns
+
+backend s3
+ mode http
+ balance roundrobin
+ option httpchk HEAD /
+ server ceph-01 10.252.0.21:8080 check inter 10000ms
+
+frontend portal
+ mode http
+ acl is_api_call path_beg -i /vvp
+ acl is_s3 hdr_beg(host) s3. staging-s3. dev-s3.
+ use_backend api if is_api_call
+ use_backend s3 if is_s3
+ bind 0.0.0.0:80
+ bind 0.0.0.0:443 ssl crt /etc/haproxy/site.pem force-tlsv12
+ default_backend portal_backend
+
+listen stats
+ bind 0.0.0.0:9001
+ mode http
+ stats enable # Enable stats page
+ stats realm Haproxy\ Statistics
+ stats uri /haproxy_stats
+ stats auth "${HAPROXY_USER}:${HAPROXY_PASS}"
+ acl network_allowed src 10.252.0.0/16 127.0.0.1/32 10.2.0.0/16
+ http-request deny if !network_allowed