From 43815726c3cf6259004c7a6343f710f049c348ee Mon Sep 17 00:00:00 2001
From: leila <leila.nishimwe@bell.ca>
Date: Wed, 16 Nov 2022 19:42:09 -0500
Subject: [AAI] AAI HAProxy image update

Update AAI haproxy name and version to 1.9.6
Make AAI init container resources configurable
Implementing stick tables to avoid concurrency issues raised by using
janugraph against eventually consistent storage backend(cassandra)

Issue-ID: AAI-3602
Signed-off-by: leila <leila.nishimwe@bell.ca>
Change-Id: I6b1c7bf3a378c410df0a9bb01d304e56e979c3b5
---
 .../aai/resources/config/haproxy/haproxy.cfg       | 35 ++++++++++++++++------
 1 file changed, 26 insertions(+), 9 deletions(-)

(limited to 'kubernetes/aai/resources/config/haproxy/haproxy.cfg')

diff --git a/kubernetes/aai/resources/config/haproxy/haproxy.cfg b/kubernetes/aai/resources/config/haproxy/haproxy.cfg
index 1accff9935..fe1715b734 100644
--- a/kubernetes/aai/resources/config/haproxy/haproxy.cfg
+++ b/kubernetes/aai/resources/config/haproxy/haproxy.cfg
@@ -17,6 +17,10 @@ global
         log /dev/log    local0
         stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin
         stats timeout 30s
+        # it is required else pod will not come up
+        maxconn 50000
+        user root
+        group root
         daemon
         #################################
         # Default SSL material locations#
@@ -38,7 +42,8 @@ defaults
 {{- if ( include "common.needTLS" .) }}
         option  ssl-hello-chk
 {{- end }}
-        option  httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ QUFJOkFBSQ==
+        option  httpchk
+        http-check send meth GET uri /aai/util/echo ver HTTP/1.1 hdr Host aai hdr X-TransactionId  haproxy-0111 hdr X-FromAppId haproxy hdr Accept application/json hdr Authorization 'Basic QUFJOkFBSQ=='
         default-server init-addr none
 #       option  dontlognull
 #       errorfile 400 /etc/haproxy/errors/400.http
@@ -59,6 +64,12 @@ defaults
         timeout server  480000
         timeout http-keep-alive 30000
 
+frontend stats
+       bind *:8448
+       http-request use-service prometheus-exporter if { path /metrics }
+       stats enable
+       stats uri /stats
+       stats refresh 10s
 
 frontend IST_8080
         mode http
@@ -73,8 +84,8 @@ frontend IST_8080
         option log-separate-errors
         option forwardfor
         http-request set-header X-Forwarded-Proto http
-        reqadd X-Forwarded-Proto:\ http
-        reqadd X-Forwarded-Port:\ 8080
+        http-request set-header X-Forwarded-Proto http
+        http-request add-header X-Forwarded-Port 8080
 
 #######################
 #ACLS FOR PORT 8446####
@@ -104,6 +115,10 @@ frontend IST_8443
         capture response header Host len 100
         option log-separate-errors
         option forwardfor
+
+        http-request set-header X-Forwarded-Proto https
+        http-request add-header X-Forwarded-Port 8443
+
         http-request set-header X-Forwarded-Proto https if { ssl_fc }
         http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used }
         http-request set-header X-AAI-SSL                       %[ssl_fc]
@@ -128,8 +143,6 @@ frontend IST_8443
         {{- end }}
         {{- end }}
 
-        reqadd X-Forwarded-Proto:\ https
-        reqadd X-Forwarded-Port:\ 8443
 {{- end }}
 
 #######################
@@ -152,12 +165,14 @@ frontend IST_8443
 
 backend IST_Default_8447
         balance roundrobin
+        stick-table type string len 100 size 200k expire 2m
+        stick on path
         http-request set-header X-Forwarded-Port %[src_port]
         http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
 {{- if ( include "common.needTLS" .) }}
-        server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
+        server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
 {{- else }}
-        server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check port 8447
+        server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check port 8447
 {{- end }}
 
 #######################
@@ -166,10 +181,12 @@ backend IST_Default_8447
 
 backend IST_AAI_8446
         balance roundrobin
+        stick-table type string len 100 size 200k expire 2m
+        stick on path
         http-request set-header X-Forwarded-Port %[src_port]
         http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
 {{- if ( include "common.needTLS" .) }}
-        server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
+        server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
 {{- else }}
-        server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check port 8446
+        server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check port 8446
 {{- end }}
-- 
cgit 1.2.3-korg