I’m testing RedHats new version of their PaaS product OpenShift 3.0. I would like to find out, what capabilities are there for using different protocols than http and http+tls, because it was a missing feature in the 2.0 version. OpenShift 3.0 has the concept of routers to direct incoming traffic to the endpoints. Sad but true fact is, there are just two implementations of routers available (HA Proxy andF5 BIG-IP®) and they just support the protocols HTTP, HTTPS (with SNI), WebSockets and TLS with SNI. Nevertheless, there are some fancy HA Proxy configs for other protocols and I want to play with them. First of all I needed to get a custom HA Proxy running. Here is how:
- Of course you need a working OpenShift Origin installation (I used this Vagrant file)
- A running Docker registry service (already there in the Vagrant image)
Creating OpenShift custom HA Proxy router Docker image
- Create a working directory and cd into it.
- Retrieve the custom HA Proxy template like explained here with this command
docker run --rm --interactive=true --tty --entrypoint=cat \ registry.access.redhat.com/openshift3/ose-haproxy-router:v126.96.36.199 haproxy-config.template
- Create a file named Dockerfile and paste this code into it:
FROM openshift/origin-haproxy-router ADD haproxy-config.template /var/lib/haproxy/conf/ # or you can use a diff name for the template. # Note: For the custom errorfiles, make sure you add those files in at the appropriate location. # Example: # ADD custom/patrick/errors/400.http /etc/haproxy/errors/400.http WORKDIR /var/lib/haproxy.conf EXPOSE 80 ENV TEMPLATE_FILE=/var/lib/haproxy/conf/haproxy-config.template # or use a custom name from above if needed. ENV RELOAD_SCRIPT=/var/lib/haproxy/reload-haproxy ENTRYPOINT ["/usr/bin/openshift-router"]
- Optional: I created two error files to visibly test my custom router. Create two files error-page-503.html and error-page-502.html and paste this HTML code it
<html> <head> <title>503 Error</title> </head> <body> <h1>Fail!</h1> </body> </html>
Then edit the downloaded haproxy-config.template to add the custom error pages to the default section of the config vi haproxy-config.template
defaults # maxconn 4096 # Add x-forwarded-for header. timeout connect 5s timeout client 30s timeout server 30s # Long timeout for WebSocket connections. timeout tunnel 1h errorfile 502 /var/lib/haproxy/conf/error-page-502.html errorfile 503 /var/lib/haproxy/conf/error-page-503.html
After this you need to add them to the docker image file system. Change the Docker file like this:
FROM openshift/origin-haproxy-router ADD haproxy-config.template /var/lib/haproxy/conf/ # or you can use a diff name for the template. # Note: For the custom errorfiles, make sure you add those files in at the appropriate location. # Example: # ADD custom/patrick/errors/400.http /etc/haproxy/errors/400.http ADD error-page-503.html /var/lib/haproxy/conf/ ADD error-page-502.html /var/lib/haproxy/conf/ WORKDIR /var/lib/haproxy.conf EXPOSE 80 ENV TEMPLATE_FILE=/var/lib/haproxy/conf/haproxy-config.template # or use a custom name from above if needed. ENV RELOAD_SCRIPT=/var/lib/haproxy/reload-haproxy ENTRYPOINT ["/usr/bin/openshift-router"]
- Run command docker build -t localhost:5000/haproxy-custom . to build your docker file. (Should output something like this: “Successfully built 2976535451a7”).
- Run command docker push localhost:5000/haproxy-custom to push the docker image in the OpenShift Docker registry. (Should output something like this: “2976535451a7: Image successfully pushed”).
Deploying OpenShift custom HA Proxy router
- Removing the old router, if already in place
$> oc delete deploymentconfigs router deploymentconfig "router" deleted $> oc delete services router service "router" deleted
- Deploy the your custom HA Proxy router
$> oadm router --images=localhost:5000/haproxy-custom --credentials=/var/lib/origin/openshift.local.config/master/openshift-router.kubeconfig --service-account=router password for stats user admin has been set to jIxdsf36h85 DeploymentConfig "router" created Service "router" created
- Now you can test your OpenShift custom HA Proxy router. If you did Step 4, you can test it in your browser with the IP of your instance and a non-existing URL. Youe should get your custom error page:
Many thanks to Vaclav Rozsypalek and Ram Ranganathan for their help and support on the mailing list.