Last week, HAProxy 2.0 was released with critical features of cloud-native and containerized environments. This is an LTS (Long-term support) release, which includes a powerful set of core features such as Layer 7 retries, Cloud-Native threading and logging, polyglot extensibility, gRPC support and more, and will improve the seamless support for integration into modern architectures.
In conjunction with this release, the HAProxy team has also introduced the HAProxy Kubernetes Ingress Controller and the HAProxy Data Plane API. The founder of HAProxy Technologies, Willy Tarreau, has said that these developments will come with HAProxy 2.1 version. The HAProxy project has also opened up issue submissions on its HAProxy GitHub account.
Some features of HAProxy 2.0
Cloud-Native Threading and Logging
HAProxy can now scale to accommodate any environment with less manual configuration. This will enable the number of worker threads to match the machine’s number of available CPU cores. The process setting is no longer required, thus simplifying the bind line.
Two new build parameters have been added: MAX_THREADS and MAX_PROCS, which avoids allocating huge structs. Logging has been made easier for containerized environments. Direct logging to stdout and stderr, or to a file descriptor is now possible.
Kubernetes Ingress Controller
The HAProxy Kubernetes Ingress Controller provides a high-performance ingress for the Kubernetes-hosted applications. It supports TLS offloading, Layer 7 routing, rate limiting, whitelisting. Ingresses can be configured through either ConfigMap resources or annotations. The Ingress Controller gives users the ability to :
- Use only one IP address and port and direct requests to the correct pod based on the Host header and request path
- Secure communication with built-in SSL termination
- Apply rate limits for clients while optionally whitelisting IP addresses
- Select from among any of HAProxy’s load-balancing algorithms
- Get superior Layer 7 observability with the HAProxy Stats page and Prometheus metrics
- Set maximum connection limits to backend servers to prevent overloading services
Layer 7 Retries
With HAProxy 2.0, it will be possible to retry from another server at Layer 7 for failed HTTP requests. The new configuration directive, retry-on, can be used in defaults, listen, or backend section. The number of attempts at retrying can be specified using the retries directive. The full list of retry-on options is given on the HAProxy blog.
HAProxy 2.0 also introduces a new http-request action called disable-l7-retry. It allows the user to disable any attempt to retry the request if it fails for any reason other than a connection failure. This can be useful to make sure that POST requests aren’t retried.
The Stream Processing Offload Engine (SPOE) and Stream Processing Offload Protocol (SPOP) were introduced in HAProxy 1.7. It aimed to create the extension points necessary to build upon HAProxy using any programming language. From HAProxy 2.0, the following libraries and examples will be available in the following languages and platforms:
HAProxy 2.0 delivers full support for the open-source RPC framework, gRPC. This allows bidirectional streaming of data, detection of gRPC messages, and logging gRPC traffic. Two new converters, protobuf and ungrpc, have been introduced, to extract the raw Protocol Buffer messages. Using Protocol Buffers, gRPC enables users to serialize messages into a binary format that’s compact and potentially more efficient than JSON. Users need to set up a standard end-to-end HTTP/2 configuration, to start using gRPC in HAProxy.
HTTP Representation (HTX)
The Native HTTP Representation (HTX) was introduced with HAProxy 1.9. Starting from 2.0, it will be enabled by default. HTX creates strongly typed, well-delineated header fields and allows for gaps and out-of-order fields. It also allows HAProxy to maintain consistent semantics from end-to-end and provides higher performance when translating HTTP/2 to HTTP/1.1 or vice versa.
LTS Support for 1.9 Features
HAProxy 2.0 bring LTS support for many features that were introduced or improved upon during the 1.9 release. Some are them are specified below:
- Small Object Cache with an increased caching size up to 2GB, set with the max-object-size directive. The total-max-size setting determines the total size of the cache and can be increased up to 4095MB.
- New fetches like date_us, cpu_calls and more have been included which will report either an internal state or from layer 4, 5, 6, and 7.
- New converters like strcmp, concat and more allow to transform data within HAProxy
- The resolvers section supports using resolv.conf by specifying parse-resolv-conf.
The HAProxy team has planned to build HAProxy 2.1 with features like UDP Support, OpenTracing and Dynamic SSL Certificate Updates. The HAProxy inaugural community conference, HAProxyConf is scheduled to take place in Amsterdam, Netherlands on November 12-13, 2019.
A user on Hacker News comments, “HAProxy is probably the best proxy server I had to deal with ever. It’s performance is exceptional, it does not interfere with L7 data unless you tell it to and it’s extremely straightforward to configure reading the manual.”
While some are busy comparing HAProxy with the nginx web server.
A user says that “In my previous company we used to use HAProxy, and it was a hassle. Yes, it is powerful. However, nginx is way easier to configure and set up, and performance wise is a contender for most usual applications people needed. nginx just fulfills most people’s requirements for reverse proxy and has solid HTTP/2 support (and other features) for way longer.”
Another user states that “Big difference is that haproxy did not used to support ssl without using something external like stunnel — nginx basically did it all out of the box and I haven’t had a need for haproxy in quite some time now.”
While others suggest that HAProxy is trying hard to stay equipped with the latest features in this release.
HAProxy is doing some smart work to stay relevant and perhaps avoid a complete Envoy takeover. Data plane API, process supervisor for polyglot processing sidecars in your sidecar, traffic shadowing, container-friendly logging with sampling… https://t.co/VtrFBh84ZW
— garthk (@garthk) June 16, 2019
A user on Hacker News agrees by saying that “These days I think HAProxy and nginx have grown a lot closer together on capabilities.”
Visit the HAProxy blog for more details about HAProxy 2.0.