gh issues 46 47 48

Makefile

@@ -1,4 +1,4 @@
-test: generate doc manifests golint helm-test unit-test
+test: generate manifests docs golint helm-test unit-test
 
 manifests: controller-gen
 	$(CONTROLLER_GEN) crd rbac:roleName=manager-role webhook paths="./.../..." output:crd:artifacts:config=config/crd/bases
@@ -7,7 +7,8 @@ manifests: controller-gen
 generate: controller-gen
 	$(CONTROLLER_GEN) object:headerFile="hack\\boilerplate.go.txt" paths="./.../..."
 
-doc:
+.PHONY: docs
+docs:
 	go run github.com/elastic/crd-ref-docs@v0.0.10 --config docs/config.yaml --renderer=markdown --output-path docs/api-reference.md
 
 golint: colanci-lint-bin

apis/config/v1alpha1/backend_types.go

@@ -42,6 +42,12 @@ type BackendSpec struct {
 	// Cookie enables cookie-based persistence in a backend.
 	// +optional
 	Cookie *Cookie `json:"cookie,omitempty"`
+	// HTTPChk Enables HTTP protocol to check on the servers health
+	// +optional
+	HTTPChk *HTTPChk `json:"httpchk,omitempty"`
+	// TCPCheck Perform health checks using tcp-check send/expect sequences
+	// +optional
+	TCPCheck *bool `json:"tcpCheck,omitempty"`
 }
 
 //+kubebuilder:object:root=true
@@ -91,6 +97,16 @@ func (b *Backend) Model() (models.Backend, error) {
 		}
 	}
 
+	if b.Spec.HTTPChk != nil {
+		model.AdvCheck = models.BackendAdvCheckHttpchk
+		model.HttpchkParams = &models.HttpchkParams{
+			URI:    b.Spec.HTTPChk.URI,
+			Method: b.Spec.HTTPChk.Method,
+		}
+	} else if b.Spec.TCPCheck != nil && *b.Spec.TCPCheck {
+		model.AdvCheck = models.BackendAdvCheckTCPDashCheck
+	}
+
 	if b.Spec.HTTPPretendKeepalive != nil && *b.Spec.HTTPPretendKeepalive {
 		model.HTTPPretendKeepalive = models.BackendHTTPPretendKeepaliveEnabled
 	}

apis/config/v1alpha1/backend_types_test.go

@@ -4,13 +4,12 @@ import (
 	"fmt"
 	"time"
 
-	"k8s.io/utils/ptr"
-
 	parser "github.com/haproxytech/config-parser/v5"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	configv1alpha1 "github.com/six-group/haproxy-operator/apis/config/v1alpha1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/utils/ptr"
 )
 
 var simpleBackend = `
@@ -121,6 +120,7 @@ var _ = Describe("Backend", Label("type"), func() {
 			backend := &configv1alpha1.Backend{
 				ObjectMeta: metav1.ObjectMeta{Name: "openshift_default"},
 				Spec: configv1alpha1.BackendSpec{
+					HTTPChk: &configv1alpha1.HTTPChk{URI: "a", Method: "PUT"},
 					BaseSpec: configv1alpha1.BaseSpec{
 						HTTPRequest: &configv1alpha1.HTTPRequestRules{
 							Deny: []configv1alpha1.Deny{
@@ -139,6 +139,7 @@ var _ = Describe("Backend", Label("type"), func() {
 			}
 			Ω(backend.AddToParser(p)).ShouldNot(HaveOccurred())
 			Ω(p.String()).Should(ContainSubstring("http-request deny deny_status 404 if { var(my-ip) -m ip 127.0.0.0/8 10.0.0.0/8 }\n"))
+			Ω(p.String()).Should(ContainSubstring("option httpchk PUT a\n"))
 		})
 		It("should set option http-request replace-path", func() {
 			backend := &configv1alpha1.Backend{

apis/config/v1alpha1/common_types.go

@@ -356,6 +356,9 @@ type ServerParams struct {
 	// SNI was used to connect to the server.
 	// +optional
 	VerifyHost string `json:"verifyHost,omitempty"`
+	// CheckSNI This option allows you to specify the SNI to be used when doing health checks over SSL
+	// +optional
+	CheckSNI string `json:"checkSNI,omitempty"`
 	// Cookie sets the cookie value assigned to the server.
 	// +optional
 	Cookie bool `json:"cookie,omitempty"`
@@ -506,6 +509,7 @@ func (s *Server) Model() (models.Server, error) {
 			Weight:     s.Weight,
 			InitAddr:   s.InitAddr,
 			Verifyhost: s.VerifyHost,
+			CheckSni:   s.CheckSNI,
 		},
 		Name:    s.Name,
 		Address: s.Address,
@@ -1154,3 +1158,13 @@ type ProxyProtocolV2Options struct {
 	// +optional
 	UniqueID bool `json:"uniqueID"`
 }
+
+type HTTPChk struct {
+	// URI
+	URI string `json:"uri,omitempty"`
+	// Method http method
+	// +optional
+	// Enum: [HEAD PUT POST GET TRACE PATCH DELETE CONNECT OPTIONS]
+	// +kubebuilder:validation:Enum=HEAD;PUT;POST;GET;TRACE;PATCH;DELETE;CONNECT;OPTIONS;
+	Method string `json:"method,omitempty"`
+}

apis/config/v1alpha1/listen_types.go

@@ -38,6 +38,12 @@ type ListenSpec struct {
 	// HostCertificate specifies a certificate for that host used in the crt-list of a frontend
 	// +optional
 	HostCertificate *CertificateListElement `json:"hostCertificate,omitempty"`
+	// HTTPCheck Enables HTTP protocol to check on the servers health
+	// +optional
+	HTTPCheck *HTTPChk `json:"httpCheck,omitempty"`
+	// TCPCheck Perform health checks using tcp-check send/expect sequences
+	// +optional
+	TCPCheck *bool `json:"tcpCheck,omitempty"`
 }
 
 //+kubebuilder:object:root=true
@@ -100,6 +106,8 @@ func (l *Listen) ToBackend() *Backend {
 			HashType:        l.Spec.HashType,
 			Cookie:          l.Spec.Cookie,
 			HostCertificate: l.Spec.HostCertificate,
+			HTTPChk:         l.Spec.HTTPCheck,
+			TCPCheck:        l.Spec.TCPCheck,
 		},
 	}
 

apis/proxy/v1alpha1/instance_types.go

@@ -57,6 +57,10 @@ type InstanceSpec struct {
 	// +nullable
 	// Labels additional labels for the ha-proxy pods
 	Labels map[string]string `json:"labels,omitempty"`
+	// +optional
+	// +nullable
+	// Env additional environment variables
+	Env map[string]string `json:"env,omitempty"`
 }
 
 type Placement struct {

controllers/instance/instance_controller_test.go

@@ -77,6 +77,7 @@ var _ = Describe("Reconcile", Label("controller"), func() {
 						},
 					},
 					Labels: labels,
+					Env:    labels,
 				},
 			}
 
@@ -420,6 +421,7 @@ var _ = Describe("Reconcile", Label("controller"), func() {
 			Ω(cli.Get(ctx, client.ObjectKey{Namespace: proxy.Namespace, Name: "bar-foo-haproxy"}, statefulSet)).ShouldNot(HaveOccurred())
 			Ω(statefulSet.Spec.Template.ObjectMeta.Labels["app.kubernetes.io/name"]).Should(Equal(proxy.Name + "-haproxy"))
 			Ω(statefulSet.Spec.Template.ObjectMeta.Labels["label-test"]).Should(Equal("ok"))
+			Ω(statefulSet.Spec.Template.Spec.Containers[0].Env).Should(HaveLen(2))
 		})
 
 		It("same resource names error", func() {

controllers/instance/statefulset.go

@@ -75,6 +75,11 @@ func (r *Reconciler) reconcileStatefulSet(ctx context.Context, instance *proxyv1
 			return err
 		}
 
+		envVars := []corev1.EnvVar{{Name: "HAPROXY_SOCKET", Value: "/var/lib/haproxy/run/haproxy.sock"}}
+		for k, v := range instance.Spec.Env {
+			envVars = append(envVars, corev1.EnvVar{Name: k, Value: v})
+		}
+
 		statefulset.Spec = appsv1.StatefulSetSpec{
 			Replicas: &instance.Spec.Replicas,
 			Selector: &metav1.LabelSelector{
@@ -93,9 +98,7 @@ func (r *Reconciler) reconcileStatefulSet(ctx context.Context, instance *proxyv1
 							Name:            "haproxy",
 							Image:           utils.StringOrDefault(instance.Spec.Image, "haproxy:latest"),
 							ImagePullPolicy: instance.Spec.ImagePullPolicy,
-							Env: []corev1.EnvVar{
-								{Name: "HAPROXY_SOCKET", Value: "/var/lib/haproxy/run/haproxy.sock"},
-							},
+							Env:             envVars,
 							VolumeMounts: []corev1.VolumeMount{
 								{
 									Name:      "haproxy-run",

helm/haproxy-operator/crds/config.haproxy.com_backends.yaml

@@ -866,6 +866,28 @@ spec:
                       type: object
                     type: array
                 type: object
+              httpchk:
+                description: HTTPChk Enables HTTP protocol to check on the servers
+                  health
+                properties:
+                  method:
+                    description: 'Method http method Enum: [HEAD PUT POST GET TRACE
+                      PATCH DELETE CONNECT OPTIONS]'
+                    enum:
+                    - HEAD
+                    - PUT
+                    - POST
+                    - GET
+                    - TRACE
+                    - PATCH
+                    - DELETE
+                    - CONNECT
+                    - OPTIONS
+                    type: string
+                  uri:
+                    description: URI
+                    type: string
+                type: object
               mode:
                 default: http
                 description: Mode can be either 'tcp' or 'http'. In TCP mode it is
@@ -976,6 +998,10 @@ spec:
                       required:
                       - enabled
                       type: object
+                    checkSNI:
+                      description: CheckSNI This option allows you to specify the
+                        SNI to be used when doing health checks over SSL
+                      type: string
                     cookie:
                       description: Cookie sets the cookie value assigned to the server.
                       type: boolean
@@ -1321,6 +1347,10 @@ spec:
                       required:
                       - enabled
                       type: object
+                    checkSNI:
+                      description: CheckSNI This option allows you to specify the
+                        SNI to be used when doing health checks over SSL
+                      type: string
                     cookie:
                       description: Cookie sets the cookie value assigned to the server.
                       type: boolean
@@ -1549,6 +1579,10 @@ spec:
                   - port
                   type: object
                 type: array
+              tcpCheck:
+                description: TCPCheck Perform health checks using tcp-check send/expect
+                  sequences
+                type: boolean
               tcpRequest:
                 description: TCPRequest rules perform an action on an incoming connection
                   depending on a layer 4 condition.

helm/haproxy-operator/crds/config.haproxy.com_listens.yaml

@@ -715,6 +715,28 @@ spec:
                 - certificate
                 - sniFilter
                 type: object
+              httpCheck:
+                description: HTTPCheck Enables HTTP protocol to check on the servers
+                  health
+                properties:
+                  method:
+                    description: 'Method http method Enum: [HEAD PUT POST GET TRACE
+                      PATCH DELETE CONNECT OPTIONS]'
+                    enum:
+                    - HEAD
+                    - PUT
+                    - POST
+                    - GET
+                    - TRACE
+                    - PATCH
+                    - DELETE
+                    - CONNECT
+                    - OPTIONS
+                    type: string
+                  uri:
+                    description: URI
+                    type: string
+                type: object
               httpPretendKeepalive:
                 description: HTTPPretendKeepalive will keep the connection alive.
                   It is recommended not to enable this option by default.
@@ -1334,6 +1356,10 @@ spec:
                       required:
                       - enabled
                       type: object
+                    checkSNI:
+                      description: CheckSNI This option allows you to specify the
+                        SNI to be used when doing health checks over SSL
+                      type: string
                     cookie:
                       description: Cookie sets the cookie value assigned to the server.
                       type: boolean
@@ -1679,6 +1705,10 @@ spec:
                       required:
                       - enabled
                       type: object
+                    checkSNI:
+                      description: CheckSNI This option allows you to specify the
+                        SNI to be used when doing health checks over SSL
+                      type: string
                     cookie:
                       description: Cookie sets the cookie value assigned to the server.
                       type: boolean
@@ -1907,6 +1937,10 @@ spec:
                   - port
                   type: object
                 type: array
+              tcpCheck:
+                description: TCPCheck Perform health checks using tcp-check send/expect
+                  sequences
+                type: boolean
               tcpRequest:
                 description: TCPRequest rules perform an action on an incoming connection
                   depending on a layer 4 condition.