Adding curl or wget to container image for external-check

[yboaron]

Haproxy supports defining external health check for the servers. The curl or wget are very useful tools for implementing external servers health check. I think it could be very useful to include curl or wget in the container image.

Thanks Yossi

[tianon]

I would recommend keeping the external health check external to the container.

For example, Kubernetes and Consul can hit a URL directly for a health check which is going to be much more efficient than invoking curl inside a container (and is going to be a better test of health than hitting HAProxy from localhost inside its own container).

[yboaron]

@tianon , thanks a lot for a prompt response. I'm new to haproxy, so not sure that I 100% understood your point. Do you mean to implement the external-check outside of the container and mount this path? I tried this approach and got strange errors.

[tianon]

See https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#define-a-liveness-http-request for an example of what I mean.

[yboaron]

Yep, that's a good point. For platforms like Kubernetes, it makes sense to run the health check by kubelet.

I think that for other cases, where you don't have a platform that can provide members health check/lifecycle, having curl or wget could be useful.

In my case, for example, I need ha-proxy to load balance K8S-API traffic between k8s masters. I configured ha-proxy to run external-checks to verify masters nodes health, I used a customize docker image (offcial-haproxy+wget) for that purpose.

So, I thought it could be a good idea to include wget or curl in haproxy official image.

[tianon]

Is there a feature of HAProxy itself that invokes curl or wget directly? That would be a much more compelling argument IMO (right now, the argument amounts to essentially "it would be useful" which is a Pandora's box of sorts that we try to keep closed because it's so subjective and we'd rather have something objective like explicit functionality or recommendation from upstream for a standard install).

[TimWolla]

Is there a feature of HAProxy itself that invokes curl or wget directly?

Not directly. @yboaron is taking about the “external check” feature of HAProxy: https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#external-check%20command. This feature makes HAProxy spawn an executable, using its exit code as the result of the health check. It goes without saying that this feature is prohibitively expensive on the system resources (at least if you want to run health checks somewhat regularly).

I don't see a benefit in including either curl or wget (or any other software) by default. HAProxy health checks HTTP just fine (making curl / wget even more questionable) and if one wants to build some elaborate mechanism they simply can create their own derived Docker image (because they'd need to install some kind of bash script anyway). Or even better: One builds some kind of sidecar process that performs the health checks and exposes an HTTP API to HAProxy to not waste resources spawning processes every 3 seconds.

[tianon]

Closing given the better alternatives discussed above. :+1: