external Services with openshift v3 and haproxy

Posted on Updated on

Introduction

Openshift V3 offers a simple solution to call external services.

Integrating External Services

This solution lacks some possibilities like use DNS names or use more then one destination.

The here described solution offers you the flexibility of haproxy with logs for this service.

Here the picture for the solution.

OpenShift_External_Services_haproxy

Pre-Requirements

  • openshift v3
  • own git repository
  • haproxy 1.6
  • socklog / syslog
  • destination address(s)
  • patience 😉

openshift v3 and git repo

I expect that you have access to a openshift (oc …/ webconsole) and a read / write access to a git

Haproxy

You can use the official image on docker hub of haproxy I suggest to use the alpine one.
I have used this repo for a proxy to Google.

socklog / syslog

Due to the fact that there is no official docker hub entry for socklog you can use my repo

destination address(s) or dns name

Well to which service do you want to connect is your decision 😉

patience

Now you should take a look into the excellence documentation of haproxy.

Start of Implementation

Create a new Project

oc new-project externel-service001

or when you admin and want to be able to run this pods on dedicated nodes you can use

oadm new-project externel-service001 --node-selector='your-dmz=external-router'

Create socklog/syslog

oc new-app https://gitlab.com/aleks001/rhel7-socklog \
    -e TZ=Europe/Vienna --dry-run -o yaml > 01_build_socklog.yaml
oc create -f 01_build_socklog.yaml

Q: Why do I use a file for  the creation not directly?

A: For reproduction and debugging. It’s easier do make a

oc delete -f 01_build_socklog.yaml

then to search for all components ;-).

Now we have a rhel7-socklog service with  exposed port 8514/udp

oc get svc
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
rhel7-socklog 172.30.189.182 <none> 8514/UDP 3m

and a listening daemon which writes the requests out to stdout

oc logs -f <THE_SOCKLOG_POD>
listening on 0.0.0.0:8514, starting.

haproxy

Don’t use the user/uid and group/gid on openshift!

Dont’t use daemon option in openshift!

Create haproxy

Commit it to your repo and create the app

oc new-app https://gitlab.com/aleks001/haproxy \
    -e TZ=Europe/Vienna --dry-run -o yaml > metadata/01_build_haproxy.yaml
oc create -f metadata/01_build_haproxy.yaml

After some times you will see the pods up and running and in the log of socklog pod you will see the log-entries of haproxy.

[al@localhost openshift-external-services]$ oc logs -f <THE_SOCKLOG_POD>
listening on 0.0.0.0:8514, starting.
10.1.3.1: local0.notice: Apr 27 18:29:18 haproxy[1]: Proxy entry-point started.
10.1.3.1: local0.notice: Apr 27 18:29:18 haproxy[1]: Proxy google started.

You can use configmaps to change the config of haproxy. The mount path is

/usr/local/etc/haproxy

and a sample template can be found here

Add route

To be able to use this service now add a route.

oc expose svc haproxy

When everything works as expect you should see something like this.

10.1.5.1: local0.notice: Apr 27 19:56:25 haproxy[1]: Proxy entry-point started.
10.1.5.1: local0.notice: Apr 27 19:56:25 haproxy[1]: Proxy be_google started.
10.1.5.1: local0.info: Apr 27 19:56:55 haproxy[1]: 10.1.2.1:41173 [27/Apr/2016:19:56:55.189] entry-point be_google/srv_google/216.58.212.132 0/0/111/18/129 404 1686 - - ---- 1/1/0/1/0 0/0 "GET / HTTP/1.1"
10.1.5.1: local0.info: Apr 27 19:57:21 haproxy[1]: 10.1.2.1:41427 [27/Apr/2016:19:57:21.555] entry-point be_google/srv_google/216.58.212.132 0/0/42/18/60 404 1686 - - ---- 1/1/0/1/0 0/0 "GET / HTTP/1.1"

You can hire me to create that for you.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s