为了方便测试dataplaneapi 基于官方的docker镜像，制作了一个简单的包含dataplaneapi 的镜像

下载dataplaneapi

https://github.com/haproxytech/dataplaneapi/releases

Dockerfile

FROM haproxy:2.0.5

COPY dataplaneapi /usr/local/sbin/dataplaneapi

RUN chmod +x /usr/local/sbin/dataplaneapi

简单参考配置文件

通过processmanager 管理

#

# This is the ultimate HAProxy 2.0 "Getting Started" config

# It demonstrates many of the features available which are now available 

# While you may not need all of these things, this can serve

# as a reference for your own configurations.

#

# Have questions? Check out our community Slack:

# https://slack.haproxy.org/

#

?

global

 # master-worker required for `program` section

 # enable here or start with -Ws

 master-worker

 mworker-max-reloads 3

 # enable core dumps

 set-dumpable

 user root

 group root

 log stdout local0

?

defaults

 mode http

 log global

 timeout client 5s

 timeout server 5s

 timeout connect 5s

 option redispatch

 option httplog

?

resolvers dns

 parse-resolv-conf

 resolve_retries 3

 timeout resolve 1s

 timeout retry 1s

 hold other 30s

 hold refused 30s

 hold nx 30s

 hold timeout 30s

 hold valid 10s

 hold obsolete 30s

program dataplane-api

 command /usr/local/sbin/dataplaneapi --host 0.0.0.0 --port 5555 --haproxy-bin /usr/local/sbin/haproxy --config-file /usr/local/etc/haproxy/haproxy.cfg --reload-cmd "kill -SIGUSR2 1" --reload-delay 5 --userlist api

 no option start-on-reload

userlist api 

 # user admin password $5$aVnIFECJ$2QYP64eTTXZ1grSjwwdoQxK/AP8kcOflEO1Q5fc.5aA

 user admin insecure-password dalong

frontend stats

 bind *:8404

 # Enable Prometheus Exporter

 http-request use-service prometheus-exporter if { path /metrics }

 stats enable

 stats uri /stats

 stats refresh 10s

?

frontend fe_main

 bind *:8080

 # Enable log sampling

 # One out of 10 requests would be logged to this source

 log 127.0.0.1:10001 sample 1:10 local0

 # For every 11 requests, log requests 2, 3, and 8-11

 log 127.0.0.1:10002 sample 2-3,8-11:11 local0

?

 # Log profiling data

 log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r cpu_calls:%[cpu_calls] cpu_ns_tot:%[cpu_ns_tot] cpu_ns_avg:%[cpu_ns_avg] lat_ns_tot:%[lat_ns_tot] lat_ns_avg:%[lat_ns_avg]"

?

 # gRPC path matching

 acl is_grpc_codename path /CodenameCreator/KeepGettingCodenames 

 # Dynamic ‘do-resolve‘ trusted hosts

 acl dynamic_hosts req.hdr(Host) api.local admin.local haproxy.com

?

 # Activate Traffic Mirror

 # Redirect if not SSL

 # http-request redirect scheme https unless { ssl_fc }

?

 # Enable src tracking

 # http-request track-sc0 src table mypeers/src_tracking

?

 # Enable rate limiting

 # Return 429 Too Many Requests if client averages more than

 # 10 requests in 10 seconds.

 # (duration defined in stick table in peers section)

 http-request deny deny_status 429 if { sc_http_req_rate(0) gt 10 }

?

 # Enable local resolving of Host if within dynamic_hosts ACL

 # Allows connecting to dynamic IP address specified in Host header

 # Useful for DNS split view or split horizon

 http-request do-resolve(txn.dstip,dns) hdr(Host),lower if dynamic_hosts

 http-request capture var(txn.dstip) len 40 if dynamic_hosts

?

 # return 503 when dynamic_hosts matches but the variable 

 # txn.dstip is not set which mean DNS resolution error

 # otherwise route to be_dynamic

 use_backend be_503 if dynamic_hosts !{ var(txn.dstip) -m found }

 use_backend be_dynamic if dynamic_hosts

?

 # route to gRPC path

 use_backend be_grpc if is_grpc_codename 

?

 default_backend be_main

?

backend be_main

 # Enable Power of Two Random Choices Algorithm

 balance random(2)

 # Enable Layer 7 retries

 retry-on all-retryable-errors

 retries 3 

 # retrying POST requests can be dangerous

 # make sure you understand the implications before removing

 http-request disable-l7-retry if METH_POST

 server server1 nginx1:80 check inter 3s

 server server2 nginx2:80 check inter 3s

backend be_grpc

 default-server ssl verify none alpn h2 check maxconn 50

 server grpc1 10.1.0.11:3000 

 server grpc2 10.1.0.12:3000 

?

backend be_dynamic

 default-server ssl verify none check maxconn 50

?

 # rule to prevent HAProxy from reconnecting to services

 # on the local network (forged DNS name used to scan the network)

 http-request deny if { var(txn.dstip) -m ip 127.0.0.0/8 10.0.0.0/8 }

 http-request set-dst var(txn.dstip)

 server dynamic 0.0.0.0:0

?

backend spoe-traffic-mirror

 mode tcp

 balance roundrobin

 timeout connect 5s

 timeout server 1m

 server spoa1 127.0.0.1:12345

 server spoa2 10.1.0.20:12345

?

backend be_503

 # dummy backend used to return 503.

 # You can use the ‘errorfile‘ directive to send a nice

 # 503 error page to end users.

 errorfile 503 /usr/local/etc/haproxy/errors/503.http 

一个测试效果

• docker-compose 文件

version: "3"

services:

 grafana:

 image: grafana/grafana

 ports:

 - "3000:3000"

 prometheus:

 image: prom/prometheus

 volumes:

 - "./prometheus.yml:/etc/prometheus/prometheus.yml"

 ports:

 - "9090:9090"

 haproxy:

 image: dalongrong/haproxy-dataplan:2.0.5

 build: ./

 volumes:

 - "./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg"

 ports:

 - "80:80"

 - "5555:5555"

 - "8404:8404"

 - "8080:8080"

 - "9000:9000"

 - "9001:9001"

 - "9002:9002"

 - "1000-1005:1000-1005"

 - "10080:10080"

 nginx1:

 image: nginx

 ports:

 - "8090:80"

 nginx2:

 image: nginx

 ports:

 - "8091:80"

启动效果

• 启动

docker-compose up -d

• 效果

http://localhost:5555 用户密码 admin dalong

参考资料

https://www.haproxy.com/documentation/hapee/1-9r1/configuration/dataplaneapi/
https://github.com/haproxytech/dataplaneapi/releases
https://github.com/rongfengliang/haproxy2.0-prometheus