Merge pull request #494 from appuio/haproxy/http_checks

Adding https checks for HAproxy and Galera
appuio · Oct 2, 2023 · b7e0eae · b7e0eae
2 parents bab51ec + be46192
commit b7e0eae
Show file tree

Hide file tree

Showing 10 changed files with 105 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -19,7 +19,7 @@ helm repo add appuio https://charts.appuio.ch
 | [![chart downloads](https://img.shields.io/github/downloads/appuio/charts/data-cube-curation-0.3.1/total)](https://github.com/appuio/charts/releases/tag/data-cube-curation-0.3.1) | [data-cube-curation](appuio/data-cube-curation/README.md) |
 | [![chart downloads](https://img.shields.io/github/downloads/appuio/charts/exoip-1.0.4/total)](https://github.com/appuio/charts/releases/tag/exoip-1.0.4) | [exoip](appuio/exoip/README.md) |
 | [![chart downloads](https://img.shields.io/github/downloads/appuio/charts/generic-0.1.2/total)](https://github.com/appuio/charts/releases/tag/generic-0.1.2) | [generic](appuio/generic/README.md) |
-| [![chart downloads](https://img.shields.io/github/downloads/appuio/charts/haproxy-2.3.1/total)](https://github.com/appuio/charts/releases/tag/haproxy-2.3.1) | [haproxy](appuio/haproxy/README.md) |
+| [![chart downloads](https://img.shields.io/github/downloads/appuio/charts/haproxy-2.4.0/total)](https://github.com/appuio/charts/releases/tag/haproxy-2.4.0) | [haproxy](appuio/haproxy/README.md) |
 | [![chart downloads](https://img.shields.io/github/downloads/appuio/charts/mariadb-galera-1.2.4/total)](https://github.com/appuio/charts/releases/tag/mariadb-galera-1.2.4) | [mariadb-galera](appuio/mariadb-galera/README.md) |
 | [![chart downloads](https://img.shields.io/github/downloads/appuio/charts/maxscale-2.0.1/total)](https://github.com/appuio/charts/releases/tag/maxscale-2.0.1) | [maxscale](appuio/maxscale/README.md) |
 | [![chart downloads](https://img.shields.io/github/downloads/appuio/charts/metrics-server-2.12.1/total)](https://github.com/appuio/charts/releases/tag/metrics-server-2.12.1) | [metrics-server](appuio/metrics-server/README.md) |

diff --git a/appuio/haproxy/Chart.yaml b/appuio/haproxy/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: 2.7.3
 description: A Helm chart for HAProxy which can be customized by a config map.
 name: haproxy
-version: 2.3.1
+version: 2.4.0
 maintainers:
   - name: APPUiO Team
     email: [email protected]
diff --git a/appuio/haproxy/Dockerfile b/appuio/haproxy/Dockerfile
@@ -0,0 +1,7 @@
+from haproxytech/haproxy-debian:2.8.3
+
+RUN curl -o mysql.deb https://dev.mysql.com/get/mysql-apt-config_0.8.26-1_all.deb || exit 1 \
+    dpkg -i mysql.deb || exit 1 ; \
+    apt-get update || exit 1 ; \
+    apt-get install -y default-mysql-client || exit 1 ; \
+    rm -rf /var/lib/apt/lists/* mysql.deb ;
diff --git a/appuio/haproxy/README.md b/appuio/haproxy/README.md
@@ -1,6 +1,6 @@
 # haproxy
 
-![Version: 2.3.1](https://img.shields.io/badge/Version-2.3.1-informational?style=flat-square) ![AppVersion: 2.7.3](https://img.shields.io/badge/AppVersion-2.7.3-informational?style=flat-square)
+![Version: 2.4.0](https://img.shields.io/badge/Version-2.4.0-informational?style=flat-square) ![AppVersion: 2.7.3](https://img.shields.io/badge/AppVersion-2.7.3-informational?style=flat-square)
 
 A Helm chart for HAProxy which can be customized by a config map.
 

diff --git a/appuio/haproxy/files/galera-check.sh b/appuio/haproxy/files/galera-check.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+
+#====================================================================================================
+### This script is used to check the status of the Galera cluster by HAProxy
+### Maintainer: https://github.com/wejdross 
+### It's sh/dash compatible, because it's used in a haproxy container and bash shell has serious issues to spawn 
+### logic is simple, it takes 4 parameters and check if they are equal to the expected value
+### parameters are returned always in the same manner thanks to ORDER BY, if any of the parameters is not equal to the expected value, script will exit with 1
+#====================================================================================================
+export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+pass=$(/bin/cat /secrets/mariadb-root-password)
+
+if [ -z "$pass" ]; then
+  echo "Error: password is empty, please check mount and permission declared in haproxy deployment"
+  exit 1
+fi
+
+# sample return -> "WSREP_CLUSTER_STATUS Primary WSREP_CONNECTED ON WSREP_LOCAL_STATE 4 WSREP_READY ON"
+return_val=$(/usr/bin/mysql -h $3 -u root -p"$pass" -e "SELECT VARIABLE_NAME, VARIABLE_VALUE FROM information_schema.global_status WHERE VARIABLE_NAME IN ('wsrep_cluster_status','wsrep_ready','wsrep_local_state','wsrep_connected') ORDER BY VARIABLE_NAME ASC;" -Ns)
+if [ $? -ne 0 ]; then
+  exit 1
+else
+  to_check=$(echo $return_val | cut -d' ' -f2)
+
+  if [ $to_check != "Primary" ]; then
+    echo "Error: WSREP_CLUSTER_STATUS is not 'Primary' it's: $to_check"
+    exit 1
+  fi
+
+  to_check=$(echo $return_val | cut -d' ' -f4)
+
+  if [ $to_check != "ON" ]; then
+    echo "Error: WSREP_CONNECTED is not 'ON' it's: $to_check"
+    exit 1
+  fi
+
+  to_check=$(echo $return_val | cut -d' ' -f6)
+
+  if [ $to_check != 4 ]; then
+    echo "Error: WSREP_LOCAL_STATE is not '4' it's: $to_check"
+    exit 1
+  fi
+
+  to_check=$(echo $return_val | cut -d' ' -f8)
+  if [ $to_check != "ON" ]; then
+    echo "Error: WSREP_READY is not 'ON' it's: $to_check"
+    exit 1
+  fi
+fi
+exit 0 
diff --git a/appuio/haproxy/templates/configmap-galera-checkscript.yaml b/appuio/haproxy/templates/configmap-galera-checkscript.yaml
@@ -0,0 +1,17 @@
+{{- if or (eq .Values.haproxy.config "galera") (eq .Values.haproxy.config "galerak8s") }}
+
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ include "haproxy.name" . }}
+    helm.sh/chart: {{ include "haproxy.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  name: haproxy-script
+data:
+  script.sh: |-
+    {{ range .Files.Lines "files/galera-check.sh" }}
+    {{ . | indent 2 }}
+    {{- end}}
+{{- end}}
diff --git a/appuio/haproxy/templates/configmap-galera.yaml b/appuio/haproxy/templates/configmap-galera.yaml
@@ -12,6 +12,8 @@ metadata:
 data:
   haproxy.cfg: |
     global
+      external-check # required for mysql-check
+      insecure-fork-wanted # required for mysql-check
       log stdout format raw local0
     {{- include "haproxy.resolversConfig" . | nindent 4 }}
 
@@ -37,6 +39,8 @@ data:
     backend galera-nodes
       mode tcp
       option srvtcpka
+      option external-check
+      external-check command /var/lib/haproxy/script.sh
       balance {{ $galera.balance }}
       {{ if and $galera.check.enabled $galera.check.mysql.enabled }}option mysql-check user {{ $galera.check.mysql.user }}{{ end }}
       default-server init-addr none {{ if $galera.check.enabled }}check {{ end }}resolvers mydns

diff --git a/appuio/haproxy/templates/configmap-galerak8s.yaml b/appuio/haproxy/templates/configmap-galerak8s.yaml
@@ -13,6 +13,8 @@ data:
   haproxy.cfg: |
     global
       log stdout format raw local0
+      external-check # required for mysql-check
+      insecure-fork-wanted # required for mysql-check
     {{- include "haproxy.resolversConfig" . | nindent 4 }}
 
     defaults
@@ -37,6 +39,8 @@ data:
     backend galera-nodes
       mode tcp
       option srvtcpka
+      option external-check
+      external-check command /var/lib/haproxy/script.sh
       balance {{ $galera.balance }}
 
       {{ if and $galera.check.enabled $galera.check.mysql.enabled }}option mysql-check user {{ $galera.check.mysql.user }}{{ end }}

diff --git a/appuio/haproxy/templates/deployment.yaml b/appuio/haproxy/templates/deployment.yaml
@@ -71,13 +71,30 @@ spec:
           volumeMounts:
             - name: haproxy-config
               mountPath: /etc/haproxy/
+            {{- if or (eq .Values.haproxy.config "galera") (eq .Values.haproxy.config "galerak8s") }}
+            - mountPath: /var/lib/haproxy
+              name: haproxy-script
+            - mountPath: /secrets
+              name: mariadb-creds
+            {{ end }}
       {{- if .Values.sidecarContainers }}
 {{ tpl (toYaml .Values.sidecarContainers) . | indent 8 }}
       {{- end }}
       volumes:
         - name: haproxy-config
           configMap:
             name: "{{ include "haproxy.fullname" . }}-{{ .Values.haproxy.config }}"
+       {{- if or (eq .Values.haproxy.config "galera") (eq .Values.haproxy.config "galerak8s") }}
+        - name: haproxy-script
+          configMap:
+            # it's 0555 read+execute permissions
+            defaultMode: 365
+            name: haproxy-script
+        - name: mariadb-creds
+          secret:
+            secretName: mariadb
+            defaultMode: 420
+        {{ end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

diff --git a/appuio/haproxy/values.yaml b/appuio/haproxy/values.yaml
@@ -1,9 +1,9 @@
 replicaCount: 1
 
 image:
-  registry: docker.io
-  repository: haproxytech/haproxy-debian
-  tag: 2.7.3
+  registry: ghcr.io
+  repository: vshn/haproxy-with-mysql
+  tag: 1.0.0
   pullPolicy: IfNotPresent
 
 ingress: