haproxytech/haproxy-consul-connect-docker

Docker repository for HAProxy Connect, service mesh with Consul Connect and HAProxy

Supported tags and respective Dockerfile links

• latest

Quick reference

• Where to get help:
  HAProxy mailing list, HAProxy Community Slack or #haproxy on FreeNode

• Where to file issues:
  https://github.com/haproxytech/haproxy-consul-connect-docker/issues

• Maintained by: HAProxy Technologies and Criteo

• Supported architectures: (more info)
  amd64

• Image updates:
  commits to haproxytech/haproxy-consul-connect-docker, top level haproxytech/haproxy-consul-connect-docker image folder

• Source of this description:
  README.md

What is HAProxy Connect

Consul Connect provides a simple way to setup service mesh between your services by offloading the load balancing logic to a sidecar process running alongside your application. It exposes a local port per service and takes care of forwarding the traffic to alives instances of the services your application wants to target. Additionnaly, the traffic is automatically encrypted using TLS, and can be restricted by using intentions by selecting what services can or cannot call your application. HAProxy is a proven load balancer widely used in the industry for its high performance and reliability. HAProxy Connect allows to use HAProxy as a load balancer for Consul Connect.

Architecture

Three components are used:

• HAProxy, the load balancer

• Dataplane API, which provides a high level configuration interface for HAProxy

• HAProxy Connect, that configures HAProxy through the Dataplane API with information pulled from Consul.

To handle intentions, HAProxy Connect, sets up a SPOE filter on the application public frontend. On each connection HAProxy checks with HAProxy Connect that the incomming connection is authorized. HAProxy Connect parses the request certificates and in turn calls the Consul agent to know wether it should tell HAProxy to allow or deny the connection.

Requirements

• HAProxy >= v1.9
• DataplaneAPI >= v1.2
• Consul >= 1.2

How to use

./haproxy-consul-connect --help
Usage of ./haproxy-consul-connect:
  -dataplane string
    	Dataplane binary path (default "dataplane-api")
  -enable-intentions
    	Enable Connect intentions
  -haproxy string
    	Haproxy binary path (default "haproxy")
  -haproxy-cfg-base-path string
    	Haproxy binary path (default "/tmp")
  -http-addr string
    	Consul agent address (default "127.0.0.1:8500")
  -log-level string
    	Log level (default "INFO")
  -sidecar-for string
    	The consul service id to proxy
  -sidecar-for-tag string
    	The consul service id to proxy
  -stats-addr string
    	Listen addr for stats server
  -stats-service-register
    	Register a consul service for connect stats
  -token string
    	Consul ACL token./haproxy-consul-connect --help

How to use this image

Minimal working example for Docker Compose is in example folder, showing how to set up Consul Connect without mTLS, with a simple client, consul server and echo server.

License

View license information for the software contained in this image.

As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).