Add OpenShift example and Document health upstream

Author: git001

CHANGELOG.md

@@ -5,8 +5,15 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## v1.0.1 - 2024-06-27
+## [Unrelesed]
+
+### Added
 
+* Add maxclients in example
+* Document Health upstream
+* Add OpenShift deployment examples
+
+## v1.0.1 - 2024-06-27
 
 ### Added
 
@@ -30,11 +37,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Previous versions from layer4-proxy
 
-[0.1.7]: https://code.kiers.eu/jjkiers/layer4-proxy/compare/v0.1.1...v0.1.7
-
-
+0.1.7: [diff](https://code.kiers.eu/jjkiers/layer4-proxy/compare/v0.1.1...v0.1.7)
 
-Types of changes:
+## Types of changes:
 
 * `Added` for new features.
 * `Changed` for changes in existing functionality.

README.md

@@ -75,21 +75,25 @@ servers:
     listen:
       - "127.0.0.1:8081"
     default: remote
+    maxclients: 3
     via:
       *viaanchor
   health-server:
     listen: [ "127.0.0.1:8081" ]
     default: health
+    maxclients: 2
     via:
       *viaanchor
 
 upstream:
   remote: "tcp://www.remote.example.com:8082" # proxy to remote address
 ```
 
-There are two upstreams built in:
+There are several upstreams built in:
 * Ban, which terminates the connection immediately
 * Echo, which reflects back with the input
+* Health, a simple HTTP/1.1 health check
+* Proxy, the proxy upstream
 
 For detailed configuration, check [this example](./config.yaml.example).
 

openshift/01-imagestream.yaml

@@ -0,0 +1,19 @@
+apiVersion: image.openshift.io/v1
+kind: ImageStream
+metadata:
+  labels:
+    app: upstream-connector
+    app.kubernetes.io/component: upstream-connector
+    app.kubernetes.io/instance: upstream-connector
+  name: upstream-connector
+spec:
+  lookupPolicy:
+    local: false
+  tags:
+  - from:
+      kind: DockerImage
+      name: me2digital/tls-proxy-tunnel:2.0
+    generation: null
+    importPolicy:
+      importMode: Legacy
+    name: "2.0"

openshift/01-tpt-k8-config.yaml

@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: tpt-config
+data:
+  config.yaml: |
+    version: 1
+    log: info
+    
+    via: &viaanchor
+      target: target.fqdn.com:443
+      headers:
+        Proxy-Authorization: Basic ${ENCODED_PW}
+        Host: target.fqdn.com:443
+    
+    servers:
+      first_server:
+        listen:
+          - "0.0.0.0:8080"
+        tls: true # Enable TLS features like SNI filtering
+        sni:
+          target.fqdn.com: proxy-via
+          SNI1.domain.com: proxy-via
+          SNI2.domain.com: proxy-via
+        default: echo
+        maxclients: 5
+        via:
+          *viaanchor
+    
+      health-server:
+        listen: [ "0.0.0.0:8081" ]
+        default: health
+        maxclients: 2
+        via:
+          *viaanchor
+    
+    upstream:
+      proxy-via: "tcp://proxy.internal.fqdn:3128"

openshift/02-service-k8.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  creationTimestamp: null
+  labels:
+    app: up-connector
+  name: up-connector
+spec:
+  ports:
+  - name: up-connector
+    port: 8080
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app: up-connector
+  type: ClusterIP
+status:
+  loadBalancer: {}

openshift/03-deployment-k8.yaml

@@ -0,0 +1,91 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    image.openshift.io/triggers: '[{"from":{"kind":"ImageStreamTag","name":"upstream-connector:1.0"},"fieldPath":"spec.template.spec.containers[?(@.name==\"upstream-connector\")].image"}]'
+    openshift.io/generated-by: OpenShiftNewApp
+  creationTimestamp: null
+  labels:
+    app: up-connector
+    app.kubernetes.io/component: up-connector
+    app.kubernetes.io/instance: up-connector
+  name: up-connector
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      deployment: up-connector
+  strategy: {}
+  template:
+    metadata:
+      annotations:
+        openshift.io/generated-by: OpenShiftNewApp
+      creationTimestamp: null
+      labels:
+        deployment: up-connector
+    spec:
+      containers:
+      - image: 'me2digital/tls-proxy-tunnel:2.0'
+        name: up-connector
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: ENCODED_PW
+          value: base64-encode-username_and_pw
+        - name: RUST_LOG
+          value: info
+        ports:
+        - name: up-connector
+          containerPort: 8080
+          protocol: TCP
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+            scheme: HTTP
+          initialDelaySeconds: 1
+          timeoutSeconds: 1
+          periodSeconds: 10
+          successThreshold: 1
+          failureThreshold: 3
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+            scheme: HTTP
+          initialDelaySeconds: 1
+          timeoutSeconds: 1
+          periodSeconds: 10
+          successThreshold: 1
+          failureThreshold: 3
+        startupProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+            scheme: HTTP
+          initialDelaySeconds: 1
+          timeoutSeconds: 1
+          periodSeconds: 10
+          successThreshold: 1
+          failureThreshold: 3
+        resources:
+          limits:
+            cpu: 500m
+            memory: 500Mi
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        volumeMounts:
+          - name: tpt-config
+            mountPath: /etc/tpt/config.yaml
+            subPath: config.yaml
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - name: tpt-config
+          configMap:
+            name: tpt-config
+            defaultMode: 420
+status: {}

openshift/04-route-k8s-dev-passthrough.yaml

@@ -0,0 +1,16 @@
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: k8s-dev-con
+spec:
+  host: k8s-dev.INTERNAL.DOMAIN
+  port:
+    targetPort: up-connector
+  tls:
+    termination: passthrough
+    insecureEdgeTerminationPolicy: None
+  to:
+    kind: Service
+    name: up-k8-connector
+    weight: 100
+status: {}