How to use haproxy 1.7 in openshift router (update)

Posted by

The current openshift router images uses the redhat rpm package of haproxy. This package is maintained by RedHat and uses haproxy 1.5 with some RedHat patches.

You can see what’s in the package on centos git repo

It’s not bad but haproxy have now released the version 1.7.3 and therefore there are several enhancements and bugfixes in 1.6 and 1.7.

Changelog 1.6 Changelog 1.7

To be able to use the haproxy 1.7 you will need to build your own router as in the old days when you want to change something in the haproxy config template file.

OSE 3.0 | Rebuilding Your Router

UPDATE: There is now a image on docker hub as described in How to use haproxy 1.7 in openshift router (part 2)

Now we have the possibility to change the haproxy config template via a configmap, thanks to the developer which have added this feature by default into the openshift router.

OSE 3.2 | Using a ConfigMap to Replace the Router Configuration Template

Due to the fact that the have no versioning I refer to the enterprise page.

First of all the processs for the Openshift Origin and Openshift Container Platform (OSCP)  are the same. The difference is the repository and the subscriptions.

Now let’s start.

Create a new project where this new routers are build and run.

oc new-project new-routers

Now create the images


oc new-app


oc new-app

and wait until the build and push to the registry is done.

You can follow the build logs via the following command.

oc logs -f bc/openshift-origin-router-hap17
# or
oc logs -f bc/openshift-oscp-router-hap17

You have now a router image with a new haproxy.

Here is the output of haproxy -vv

HA-Proxy version 1.7.3 2017/02/28
Copyright 2000-2017 Willy Tarreau <>

Build options :
  TARGET  = linux2628
  CPU     = generic
  CC      = gcc
  CFLAGS  = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement
            USE_PCRE=1 USE_PCRE_JIT=1 USE_TFO=1

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.7
Running on zlib version : 1.2.7
Compression algorithms supported : identity("identity"), deflate("deflate"), \
                                   raw-deflate("deflate"), gzip("gzip")
Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : yes
Built with Lua version : Lua 5.3.4
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT \

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available filters :
        [COMP] compression
        [TRACE] trace
        [SPOE] spoe

For the openshift origin please follow now this instructions to Rebuilding Your Router and for OSCP this one Rebuilding Your Router

Why should I use a newer haproxy?

Well first of all it’s a coolness factor 😉

The new version offers some features like TCP Fast Open, elliptic curve certificates, and many more.

You can also hire me for this or any other topics.

One comment

Kommentar verfassen

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:

Du kommentierst mit Deinem Abmelden / Ändern )


Du kommentierst mit Deinem Twitter-Konto. Abmelden / Ändern )


Du kommentierst mit Deinem Facebook-Konto. Abmelden / Ändern )

Google+ Foto

Du kommentierst mit Deinem Google+-Konto. Abmelden / Ändern )

Verbinde mit %s