/kube-haproxy

kube-proxy relpacement

Primary LanguageGo

kube-haproxy

中文

kube-haproxy is a kube-proxy replacement solition on Kubernetes.

It features:

  • High Availability HAProxy only on kubernetes in-cluster, support function failover.
  • Auto configure kubernetes service resouce
  • Developed in Golang, has no additional dependency (only haproxy).

Theory

kube-haproxy using haproxy replace IPVS/iptables mod on kubernetes service.

Notes

The project is a thought, can working in product envrioment, but the proxy backend can use other software substitution, For example, F5 proxy, envoy, nginx etc.

work mode

  • Local: similar kube-proxy, each node will deployment haproxy with node sidecar way. all traffic via haproxy 127.0.0.1 forward to Pod.
  • mesh: replacement kube-proxy, all traffic via haproxy to Pod, contain internal/external service.
  • only fetch: kube-haproxy is a only external ingress on kubernetes, if using service function on kubernetes, service traffic use naive kubernetes service, kube-haproxy service only provide a bypass internal service function.

Notes:

  • ingress and NodePort function not available in all modes.
  • if working in of mode, then kubernetes default service and kube-dns service will does not synchronize.
  • if working in local mode and mesh mode, need change your kube-apiserver's sevice controller.
  • haproxy unsupport udp procotol, so the local and mesh mode need a other proxy software. e.g. envoy, traefik.

Build

./hack/mod.sh {your kubernetes version without v }
# ./hack/mod.sh 1.19.10 correct
# ./hack/mod.sh v1.19.10 incorrect
make help
make build

run

  • local need running in kubernetes cluster-in mode
  • only fetch at will.
  • replacement kube-proxy need change kube-apiserver service controller.

usage

  • if your kubernetes cluster service frequent changes, then --min-sync-period set min number
  • support algorithm feture with haproxy, use --algorithm int attribute, the algorithm list see haproxy doc
  • support tcp/http protocol, kube-proxy onlytcp, extend.

TODO

  • more proxier
  • dataplaneapi replace with haproxy sdk, performance raise

argument

  • --interface string can specify special network interface name (only local mode).
  • --kube-api-burst int32 Burst to use while talking with kubernetes apiserver
  • --kube-api-content-type string Content type of requests sent to apiserver.
  • --kube-api-qps float32 QPS to use while talking with kubernetes apiserver
  • --kubeconfig string Path to kubeconfig file with authorization information (the master location is set by the master flag).
  • --min-sync-period duration The minimum interval of how often the haproxy rules can be refreshed as endpoin ts and services change (e.g. '5s', '1m', '2h22m').
  • --proxy-mode string Which proxy mode to use: 'onlyfetch' or 'local' (similar kube-proxy) or without proxy. If blank, default only fetch.
  • --config-sync-period duration How often configuration from the apiserver is refreshed. Must be greater than
  • --user string control access to frontend/backend/listen sections or to http stats by allowing only authenticated and authorized user.
  • --passwd string specify current user's password. Both secure (encrypted) and insecure (unencryp ted) passwords can be used.
  • --min-sync-period duration The minimum interval of how often the haproxy rules can be refreshed as endpoin ts and services change (e.g. '5s', '1m', '2h22m').
  • --backend-addr string specify haproxy address.