Skip to content

cloudfoundry/haproxy-boshrelease

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

6dc3b8d · Jan 9, 2025
Dec 9, 2024
Dec 6, 2024
Dec 11, 2024
Nov 29, 2024
Nov 12, 2024
May 6, 2024
Jul 12, 2022
Jan 9, 2025
Dec 9, 2024
Nov 12, 2024
Dec 9, 2024
Jan 9, 2025
Oct 3, 2019
Jan 26, 2017
Sep 28, 2022
Sep 23, 2017
May 26, 2021
Oct 19, 2021
Mar 11, 2024
Aug 23, 2017
Aug 22, 2024
Oct 29, 2024
May 26, 2021
May 20, 2015
Apr 10, 2017
Dec 21, 2023
May 26, 2021
Jun 17, 2015

Repository files navigation

BOSH Release for haproxy

Questions? Pop in our slack channel!

This BOSH release is an attempt to get a more customizable/secure haproxy release than what is provided in cf-release. It allows users to blacklist internal-only domains, preventing potential Host header spoofing from allowing unauthorized access of internal APIs. It also allows for better control over haproxy's timeouts, for greater resiliency under heavy load.

Usage

To deploy this BOSH release:

git clone https://github.com/cloudfoundry-community/haproxy-boshrelease.git
cd haproxy-boshrelease

export BOSH_ENVIRONMENT=<alias>
export BOSH_DEPLOYMENT=haproxy
bosh2 deploy manifests/haproxy.yml \
  -v haproxy-backend-port=80 \
  -v "haproxy-backend-servers=[10.10.10.10,10.10.10.11]"

To make alterations to the deployment you can use the bosh2 deploy [-o operator-file.yml] flag to provide operations files.

Alternately you can build a manifest using templates/make_manifest

You can either use the templates + examples provided to merge this in with an existing CloudFoundry deployment, or create a new deployment using this command:

make_manifest <aws-ec2|warden> <comma-separated-list-of-router-servers> <additional_templates>

NOTE: make_manifest requires spruce v1.8.9 or newer.

# Example for bare bones bosh-lite haproxy release on warden
templates/make_manifest warden 10.244.0.22
bosh deploy

# Example for using keepalive with haproxy on warden:
KEEPALIVED_VIP=10.244.50.2 templates/make_manifest warden 10.244.0.22

Development

Feel free to contribute back to this via a pull request on a feature branch! Once merged, we'll cut a new final release for you.

Unit Tests and Linting

PR Validation

PRs will be automatically tested by https://concourse.cfi.sapcloud.io/teams/main/pipelines/haproxy-boshrelease once a maintainer has labelled the PR with the run-ci label

Local Test Execution

Unit/rspec Tests and linters can be run locally to verify correct functionality before pushing to the CI system. If you change any erb logic in the jobs directory please add a corresponding test to spec.

# install the necessary dependencies, once
bundle package
# run the rspec / unit tests for the configuration generation
cd haproxy_boshrelease
bundle install
bundle exec rake spec
# run the linter (rubocop) to identify any issues
cd haproxy_boshrelease
bundle install
bundle exec rake lint
# watch the tests while developing
cd haproxy_boshrelease
bundle install
bundle exec guard

Test Debugging

Unit/rspec Tests can also be debugged/stepped through when needed. See for example the VSCode rdbg Ruby Debugger extension. You can follow the "Launch without configuration" instructions for the extension, just set the "Debug command line" input to bundle exec rspec <filepath>.

Acceptance tests

See acceptance-tests README.

Certificate reloads during runtime

See external_certs README