Use the HAProxy Data Plane API to dynamically control the load balancer configuration using HTTP commands.
Designing for high availability almost always means having a high level proxy / load balancer. A proxy server provides basic services such as:
- detection and removal of faulty servers
- connection queue
- offloading TLS encryption
- compression
- caching
The challenge is to keep your configurations up to date, which is especially difficult as services move into containers and those containers become ephemeral. Available since HAProxy 2.0 you can use the new HAProxy Data Plane API (Translation: https://habr.com/en/post/508132/ ), which is a modern REST API.
The HAProxy Data Plane API complements the flexible HAProxy configuration language , which provides building blocks for defining simple and complex routing rules. It is also the perfect complement to the existing Runtime API , which allows you to start, stop, and skip server traffic, change server weight, and manage health checks.
The new Data Plane API gives you the ability to dynamically add and configure frontend, backend, and traffic routing logic. You can also use it to update logging endpoints and create SPOE filters. In fact, almost the entire load balancer can be configured using HTTP commands. In this article, you will learn how best to use it.
Configuration management
HAProxy /etc/haproxy/haproxy.cfg. . frontend , IP-, , backend , , . , , , , -, , ACL .
, , . , . , TLS. , , .
HTTP API . Data Plane API . HAProxy Data Plane API HAProxy . , API API , .
Data Plane API Go config-parser client-native HAProxy Runtime API . HAProxy.
HAProxy
Data Plane API . , backend frontend, . API.
, GET /v1/services/haproxy/configuration/backends, backend, :
$ curl --get --user admin:mypassword \
http://localhost:5555/v1/services/haproxy/configuration/backends backend, endpoint POST. — . , .
endpoint /v1/services/haproxy/transactions . URL, . , POST, PUT DELETE, , HAProxy. , API, . , , , , . .
$ curl -X POST --user admin:mypassword \
-H "Content-Type: application/json" \
http://localhost:5555/v1/services/haproxy/transactions?version=1JSON:
{"_version":5,"id":"9663c384-5052-4776-a968-abcef032aeef","status":"in_progress"}endpoint /v1/services/haproxy/configuration/backends, , URL:
$ curl -X POST --user admin:mypassword \
-H "Content-Type: application/json" \
-d '{"name": "test_backend", "mode":"http", "balance": {"algorithm":"roundrobin"}, "httpchk": {"method": "HEAD", "uri": "/", "version": "HTTP/1.1"}}' \
http://localhost:5555/v1/services/haproxy/configuration/backends?transaction_id=9663c384-5052-4776-a968-abcef032aeef endpoint /v1/services/haproxy/configuration/servers backend:
$ curl -X POST --user admin:mypassword \
-H "Content-Type: application/json" \
-d '{"name": "server1", "address": "127.0.0.1", "port": 8080, "check": "enabled", "maxconn": 30, "weight": 100}' \
"http://localhost:5555/v1/services/haproxy/configuration/servers?backend=test_backend&transaction_id=9663c384-5052-4776-a968-abcef032aeef"
frontend endpoint /v1/services/haproxy/configuration/frontends :
$ curl -X POST --user admin:mypassword \
-H "Content-Type: application/json" \
-d '{"name": "test_frontend", "mode": "http", "default_backend": "test_backend", "maxconn": 2000}' \
http://localhost:5555/v1/services/haproxy/configuration/frontends?transaction_id=9663c384-5052-4776-a968-abcef032aeef frontend bind . , endpoint /v1/services/haproxy/configuration/binds, :
$ curl -X POST --user admin:mypassword \
-H "Content-Type: application/json" \
-d '{"name": "http", "address": "*", "port": 80}' \
"http://localhost:5555/v1/services/haproxy/configuration/binds?frontend=test_frontend&transaction_id=9663c384-5052-4776-a968-abcef032aeef", , endpoint /v1/services/haproxy/transactions/[transaction ID] PUT, :
$ curl -X PUT --user admin:mypassword \
-H "Content-Type: application/json" \
http://localhost:5555/v1/services/haproxy/transactions/9663c384-5052-4776-a968-abcef032aeef:
frontend test_frontend
mode http
maxconn 2000
bind *:80 name http
default_backend test_backend
backend test_backend
mode http
balance roundrobin
option httpchk HEAD / HTTP/1.1
server server1 127.0.0.1:8080 check maxconn 30 weight 100.
. . URL transaction_id , .
HAProxy Data Plane API. HTTP- . . ACL, Host example.com. , use_backend example_servers. http-request deny, URL /admin.php, IP- 192.168.50.20/24.
endpoint /v1/services/haproxy/transactions :
$ curl -X POST --user admin:mypassword \
-H "Content-Type: application/json" \
http://localhost:5555/v1/services/haproxy/transactions?version=2
{"_version":2,"id":"7d0d6737-655e-4489-92eb-6d29cdd69827","status":"in_progress"} endpoint /v1/services/haproxy/configuration/backends , backend example_servers:
$ curl -X POST --user admin:mypassword \
-H "Content-Type: application/json" \
-d '{"name": "example_servers", "mode":"http", "balance": {"algorithm":"roundrobin"}}' \
http://localhost:5555/v1/services/haproxy/configuration/backends?transaction_id=7d0d6737-655e-4489-92eb-6d29cdd69827endpoint /v1/services/haproxy/configuration/servers server backend:
$ curl -X POST --user admin:mypassword \
-H "Content-Type: application/json" \
-d '{"name": "server1", "address": "127.0.0.1", "port": 8081, "check": "enabled", "maxconn": 30, "weight": 100}' \
"http://localhost:5555/v1/services/haproxy/configuration/servers?backend=example_servers&transaction_id=7d0d6737-655e-4489-92eb-6d29cdd69827"endpoint /v1/services/haproxy/configuration/acls, ACL is_example, , example.com:
$ curl -X POST --user admin:mypassword \
-H "Content-Type: application/json" \
-d '{"id": 0, "acl_name": "is_example", "criterion": "req.hdr(Host)", "value": "example.com"}' \
"http://localhost:5555/v1/services/haproxy/configuration/acls?parent_type=frontend&parent_name=test_frontend&transaction_id=7d0d6737-655e-4489-92eb-6d29cdd69827"/v1/services/haproxy/configuration/backend_switching_rules, use_backend, ACL is_example:
$ curl -X POST --user admin:mypassword \
-H "Content-Type: application/json" \
-d '{"id": 0, "cond": "if", "cond_test": "is_example", "name": "example_servers"}' \
"http://localhost:5555/v1/services/haproxy/configuration/backend_switching_rules?frontend=test_frontend&transaction_id=7d0d6737-655e-4489-92eb-6d29cdd69827"endpoint /v1/services/haproxy/configuration/http_request_rules, http-request deny, , /admin.php, IP- 192.168.50.20/24:
$ curl -X POST --user admin:mypassword \
-H "Content-Type: application/json" \
-d '{"id": 0, "cond": "if", "cond_test": "{ path /admin.php } !{ src 192.168.50.20/24 }", "type": "deny"}' \
"http://localhost:5555/v1/services/haproxy/configuration/http_request_rules?parent_type=frontend&parent_name=test_frontend&transaction_id=7d0d6737-655e-4489-92eb-6d29cdd69827", :
$ curl -X PUT --user admin:mypassword \
-H "Content-Type: application/json" \
http://localhost:5555/v1/services/haproxy/transactions/7d0d6737-655e-4489-92eb-6d29cdd69827HAProxy :
frontend test_frontend
mode http
maxconn 2000
bind *:80 name http
acl is_example req.hdr(Host) example.com
http-request deny deny_status 0 if { path /admin.php } !{ src 192.168.50.20/24 }
use_backend example_servers if is_example
default_backend test_backend
backend example_servers
mode http
balance roundrobin
server server1 127.0.0.1:8081 check maxconn 30 weight 100
backend test_backend
mode http
balance roundrobin
option httpchk HEAD / HTTP/1.1
server server1 127.0.0.1:8080 check maxconn 30 weight 100HAProxy Data Plane API, HAProxy REST API. (: https://habr.com/ru/post/508132/). , HAProxy API . Data Plane API , , HAProxy .
API . HAProxy .
If you liked this article and want to keep up with related topics, subscribe to this blog. You can also follow us on Twitter and join the conversation on Slack . HAProxy Enterprise makes it easy to get started with the Data Plane API, as it can be installed as a convenient system package. It also includes a reliable and advanced code base, a corporate set of add-ons, expert support and professional services. Want to know more? Contact us today and download a free trial.
PS Telegram chat HAproxy https://t.me/haproxy_ru