|
1 | 1 | # HAProxy Connect |
2 | 2 |
|
3 | | -[Consul Connect](https://www.consul.io/docs/connect/index.html) provides a simple way to setup service mesh between your services by offloading the load balancing logic to a sidecar process running alongside your application. It exposes a local port per service and takes care of forwarding the traffic to alives instances of the services your application wants to target. Additionnaly, the traffic is automatically encrypted using TLS, and can be restricted by using [intentions](https://www.consul.io/docs/connect/intentions.html) by selecting what services can or cannot call your application. |
4 | | -[HAProxy](https://www.haproxy.org) is a proven load balancer widely used in the industry for its high performance and reliability. |
5 | | -HAProxy Connect allows to use HAProxy as a load balancer for Consul Connect. |
| 3 | +...using HAproxy configuration template as a base. |
6 | 4 |
|
7 | | -## Architecture |
8 | | - |
9 | | -Three components are used : |
10 | | -* HAProxy, the load balancer |
11 | | -* Dataplane API, which provides a high level configuration interface for HAProxy |
12 | | -* HAProxy Connect, that configures HAProxy through the Dataplane API with information pulled from Consul. |
13 | | - |
14 | | -To handle intentions, HAProxy Connect, sets up a SPOE filter on the application public frontend. On each connection HAProxy checks with HAProxy Connect that the incomming connection is authorized. HAProxy Connect parses the request certificates and in turn calls the Consul agent to know wether it should tell HAProxy to allow or deny the connection. |
15 | | - |
16 | | - |
17 | | - |
18 | | -## Requirements |
19 | | - |
20 | | -* HAProxy >= v1.9 (http://www.haproxy.org/) |
21 | | -* DataplaneAPI >= v1.2 (https://www.haproxy.com/documentation/hapee/1-9r1/configuration/dataplaneapi/) |
22 | | - |
23 | | -## How to use |
24 | | - |
25 | | -``` |
26 | | -./haproxy-consul-connect --help |
27 | | -Usage of ./haproxy-consul-connect: |
28 | | - -dataplane string |
29 | | - Dataplane binary path (default "dataplane-api") |
30 | | - -enable-intentions |
31 | | - Enable Connect intentions |
32 | | - -haproxy string |
33 | | - Haproxy binary path (default "haproxy") |
34 | | - -haproxy-cfg-base-path string |
35 | | - Haproxy binary path (default "/tmp") |
36 | | - -http-addr string |
37 | | - Consul agent address (default "127.0.0.1:8500") |
38 | | - -log-level string |
39 | | - Log level (default "INFO") |
40 | | - -sidecar-for string |
41 | | - The consul service id to proxy |
42 | | - -sidecar-for-tag string |
43 | | - The consul service id to proxy |
44 | | - -stats-addr string |
45 | | - Listen addr for stats server |
46 | | - -stats-service-register |
47 | | - Register a consul service for connect stats |
48 | | - -token string |
49 | | - Consul ACL token./haproxy-consul-connect --help |
50 | | -``` |
51 | | - |
52 | | -## Minimal working example |
53 | | - |
54 | | -You will need 2 SEPARATE servers within the same network, one for the server and another for the client. |
55 | | -On both you need all 3 binaries - consul, dataplaneapi and haproxy-consul-connect. |
56 | | - |
57 | | -### The services |
58 | | - |
59 | | -#### Server |
60 | | - |
61 | | -Create this config file for consul: |
62 | | -``` |
63 | | -{ |
64 | | - "service": { |
65 | | - "name": "server", |
66 | | - "port": 8181, |
67 | | - "connect": { "sidecar_service": {} } |
68 | | - } |
69 | | -} |
70 | | -``` |
71 | | -Run consul: |
72 | | -``` |
73 | | -consul agent -dev -config-file client.cfg |
74 | | -``` |
75 | | -Run the test server: |
76 | | -``` |
77 | | -python -m SimpleHTTPServer 8181 |
78 | | -``` |
79 | | -Run haproxy-connect (assuming that `haproxy` and `dataplaneapi` are $PATH): |
80 | | -``` |
81 | | -haproxy-consul-connect -sidecar-for server |
82 | | -``` |
83 | | - |
84 | | -#### Client |
85 | | - |
86 | | -Create this config file for consul: |
87 | | -``` |
88 | | -{ |
89 | | - "service": { |
90 | | - "name": "client", |
91 | | - "port": 8080, |
92 | | - "connect": { |
93 | | - "sidecar_service": { |
94 | | - "proxy": { |
95 | | - "upstreams": [ |
96 | | - { |
97 | | - "destination_name": "server", |
98 | | - "local_bind_port": 9191 |
99 | | - } |
100 | | - ] |
101 | | - } |
102 | | - } |
103 | | - } |
104 | | - } |
105 | | -} |
106 | | -``` |
107 | | -Run consul: |
108 | | -``` |
109 | | -consul agent -dev -config-file server.cfg |
110 | | -``` |
111 | | -Run haproxy-connect (assuming that `haproxy` and `dataplaneapi` in $PATH) : |
112 | | -``` |
113 | | -haproxy-consul-connect -sidecar-for client -log-level debug |
114 | | -``` |
115 | | - |
116 | | -### Testing |
117 | | - |
118 | | -On the server: |
119 | | -``` |
120 | | -curl -v 127.0.0.1:9191/ |
121 | | -``` |
122 | | - |
123 | | -## Contributing |
124 | | - |
125 | | -For commit messages and general style please follow the haproxy project's [CONTRIBUTING guide](https://github.com/haproxy/haproxy/blob/master/CONTRIBUTING) and use that where applicable. |
| 5 | +Please see the [original project README](https://github.com/haproxytech) for information about this project and [this comment](https://github.com/haproxytech/haproxy-consul-connect/issues/60#issuecomment-645318551) for information about this fork. |
0 commit comments