I’m testing RedHats new version of their PaaS product OpenShift 3.0. I would like to find out, what capabilities are there for using different protocols than http and http+tls, because it was a missing feature in the 2.0 version. OpenShift 3.0 has the concept of routers to direct incoming traffic to the endpoints. Sad but true fact is, there are just two implementations of routers available (HA Proxy andF5 BIG-IP®) and they just support the protocols HTTP, HTTPS (with SNI), WebSockets and TLS with SNI. Nevertheless, there are some fancy HA Proxy configs for other protocols and I want to play with them. First of all I needed to get a custom HA Proxy running. Here is how:
- Of course you need a working OpenShift Origin installation (I used this Vagrant file)
- A running Docker registry service (already there in the Vagrant image)
Creating OpenShift custom HA Proxy router Docker image
- Create a working directory and cd into it.
- Retrieve the custom HA Proxy template like explained here with this command
Shell12docker run --rm --interactive=true --tty --entrypoint=cat \registry.access.redhat.com/openshift3/ose-haproxy-router:v220.127.116.11 haproxy-config.template
- Create a file named Dockerfile and paste this code into it:
Dockerfile of OpenShift custom HA Proxy router Docker imageShell12345678910111213141516FROM openshift/origin-haproxy-routerADD haproxy-config.template /var/lib/haproxy/conf/# or you can use a diff name for the template.# Note: For the custom errorfiles, make sure you add those files in at the appropriate location.# Example:# ADD custom/patrick/errors/400.http /etc/haproxy/errors/400.httpWORKDIR /var/lib/haproxy.confEXPOSE 80ENV TEMPLATE_FILE=/var/lib/haproxy/conf/haproxy-config.template# or use a custom name from above if needed.ENV RELOAD_SCRIPT=/var/lib/haproxy/reload-haproxyENTRYPOINT ["/usr/bin/openshift-router"]
- Optional: I created two error files to visibly test my custom router. Create two files error-page-503.html and error-page-502.html and paste this HTML code it
Then edit the downloaded haproxy-config.template to add the custom error pages to the default section of the config vi haproxy-config.template
12345678910defaults# maxconn 4096# Add x-forwarded-for header.timeout connect 5stimeout client 30stimeout server 30s# Long timeout for WebSocket connections.timeout tunnel 1herrorfile 502 /var/lib/haproxy/conf/error-page-502.htmlerrorfile 503 /var/lib/haproxy/conf/error-page-503.html
After this you need to add them to the docker image file system. Change the Docker file like this:
123456789101112131415161718FROM openshift/origin-haproxy-routerADD haproxy-config.template /var/lib/haproxy/conf/# or you can use a diff name for the template.# Note: For the custom errorfiles, make sure you add those files in at the appropriate location.# Example:# ADD custom/patrick/errors/400.http /etc/haproxy/errors/400.httpADD error-page-503.html /var/lib/haproxy/conf/ADD error-page-502.html /var/lib/haproxy/conf/WORKDIR /var/lib/haproxy.confEXPOSE 80ENV TEMPLATE_FILE=/var/lib/haproxy/conf/haproxy-config.template# or use a custom name from above if needed.ENV RELOAD_SCRIPT=/var/lib/haproxy/reload-haproxyENTRYPOINT ["/usr/bin/openshift-router"]
- Run command docker build -t localhost:5000/haproxy-custom . to build your docker file. (Should output something like this: “Successfully built 2976535451a7”).
- Run command docker push localhost:5000/haproxy-custom to push the docker image in the OpenShift Docker registry. (Should output something like this: “2976535451a7: Image successfully pushed”).
Deploying OpenShift custom HA Proxy router
- Removing the old router, if already in place
1234$> oc delete deploymentconfigs routerdeploymentconfig "router" deleted$> oc delete services routerservice "router" deleted
- Deploy the your custom HA Proxy router
1234$> oadm router --images=localhost:5000/haproxy-custom --credentials=/var/lib/origin/openshift.local.config/master/openshift-router.kubeconfig --service-account=routerpassword for stats user admin has been set to jIxdsf36h85DeploymentConfig "router" createdService "router" created
- Now you can test your OpenShift custom HA Proxy router. If you did Step 4, you can test it in your browser with the IP of your instance and a non-existing URL. Youe should get your custom error page:
Many thanks to Vaclav Rozsypalek and Ram Ranganathan for their help and support on the mailing list.