Haproxy refactor

[sk4zuzu]

No description provided.

[sk4zuzu]

This PR is already getting too big, so the epicli upgrade part will be handled in another PR. So far only the eplici apply part has been implemented.

Features included:

• docker based haproxy https://hub.docker.com/_/haproxy ✔️
• lightweight docker image extraction tool (replaces docker export command) ✔️
• runc / systemd managed reusable haproxy container (not using docker) ✔️
• reimplementation of kubernetes load balancer service ✔️
• reimplementation of the "load_balancer" feature ✔️
• identical code for all linux distros we support ✔️
• offline package ✔️
• fully working logging (kibana) and monitoring (grafana) code for the "load_balancer" feature ✔️

Sugestions for testing:

• offline / online modes for each distro Ubuntu/RHEL/CentOS (epicli apply)
• verify if epicli apply is idempotent and restarts / reloads systemd service in reaction to config changes
• deploy with monitoring and logging enabled and verify if metrics and logs are read
• backup / recovery scenarios for each distro Ubuntu/RHEL/CentOS (epicli backup, eplicli recovery)

Example config for "any" provider:

kind: epiphany-cluster
title: "Epiphany cluster Config"
name: any4
specification:
  name: any4
  admin_user:
    name: centos
    key_path: /workspaces/epiphany/core/src/epicli/clusters/id_rsa
  components:
    kubernetes_master:
      count: 1
      machines:
        - default-k8s-master1
    kubernetes_node:
      count: 1
      machines:
        - default-k8s-node1
    load_balancer:
      count: 1
      machines:
        - default-k8s-master3
    logging:
      count: 1
      machines:
        - default-k8s-node2
    monitoring:
      count: 1
      machines:
        - default-k8s-node3
provider: any
---
kind: configuration/shared-config
title: Shared configuration that will be visible to all roles
name: default
specification:
  use_ha_control_plane: true
  promote_to_ha: false
provider: any
---
kind: configuration/haproxy
title: "HAProxy"
name: default
specification:
  logs_max_days: 60
  self_signed_certificate_name: self-signed-fullchain.pem
  self_signed_private_key_name: self-signed-privkey.pem
  self_signed_concatenated_cert_name: self-signed-test.tld.pem
  haproxy_log_path: "/var/log/haproxy.log"
  stats:
    enable: true
    bind_address: 127.0.0.1:9000
    uri: "/haproxy?stats"
    user: operations
    password: your-haproxy-stats-pwd
  frontend:
    - name: https_front
      port: 443
      https: true
      backend:
      - http_back1
  backend: # example backend config below
    - name: http_back1
      server_groups:
      - kubernetes_node
      # servers: # Definition for server to that hosts the application.
      # - name: "node1"
      #   address: "epiphany-vm1.domain.com"
      port: 30104
provider: any
---
kind: infrastructure/machine
provider: any
name: default-k8s-master1
specification:
  hostname: z1a1
  ip: 10.40.2.10
---
kind: infrastructure/machine
provider: any
name: default-k8s-master2
specification:
  hostname: z1a2
  ip: 10.40.2.11
---
kind: infrastructure/machine
provider: any
name: default-k8s-master3
specification:
  hostname: z1a3
  ip: 10.40.2.12
---
kind: infrastructure/machine
provider: any
name: default-k8s-node1
specification:
  hostname: z1b1
  ip: 10.40.2.20
---
kind: infrastructure/machine
provider: any
name: default-k8s-node2
specification:
  hostname: z1b2
  ip: 10.40.2.21
---
kind: infrastructure/machine
provider: any
name: default-k8s-node3
specification:
  hostname: z1b3
  ip: 10.40.2.22

[przemyslavic]

/azp run

[mkyc]

Why are you extracting haproxy from docker image instead of building it from sources?

[sk4zuzu]

Why are you extracting haproxy from docker image instead of building it from sources?

IMO taking into account that we support oflfine mode it's acutally less harm if we use docker images (alpine based) than add another set of packages (needed for the build) to already existing 14GiB of stuff.

It's not just the extraction, I use runc a much lighter container which works ok with systemd services.

[mkyc]

Cool