The team of the load-balancer HAProxy has released the current version 2.0 with long-term support . With improved multithreading and logging support, HAProxy is now better deployed in cloud native environments. The software also uses as many worker threads as it finds CPU cores on the machine. If such information is missing, HAProxy confines itself to a thread. In addition, the log information can now be routed via stdout , stderr or a file descriptor.
According to the announcement, the makers of the Load Balancer have also expanded HTX (Native HTTP Representation), which has been available since HAProxy 1.9. Among other things, the function lays the foundation for zero roundtrip time resumption (0-RTT), support for the RPC framework gRPC and end-to-end support for HTTP / 2 (with and without TLS) in HAProxy. Even future HTTP protocols can be integrated more easily thanks to HTX. In addition, HAProxy 2.0 supports Prometheus metrics and traffic shadowing. The extensibility to other programming languages is integrated as well as a server-side Socks4-Layer.
Various daemons as a sidecar
Thanks to the announced Data Plane APIs, admins can now dynamically add and remove frontends, backends and servers. It creates ACL rules, integrates HTTP routing instructions, sets IP and port bindings, and more. The API daemon runs as a so-called sidecar process and can also be atomically managed via the new “program” directive in the process manager.
The latter also applies to the stream processing offload agents (SPOAs), which can also run as sidecar. An example would be the Traffic Shadow Daemon. This takes care of the traffic shadowing mentioned above. Thanks to this, HAProxy forwards certain requests to another HAProxy environment (for tests, for example). The daemon uses a stream processing offload agent (SPOA) and runs as a sidecar.
The Kubernetes Ingress Controller handles the incoming data volumes for Kubernetes-based applications. He brings support for TLS Offloading, Layer 7 Routing, Bandwidth Control and Whitelisting. The controllers can be configured via Configmap or Annotations. There is also the ability to define secrets to manage the TLS certificates.
The developers have also created a unified build target for current Linux systems with an equally up-to-date version of Glibc. Previously, the targets were divided into different and sometimes very old Linux versions. Thanks to the new target, the team can easily assume and use the presence of certain Linux features. These include namespaces, TCP Fast Open and the system call getaddrinfo ().
More detailed details of the extensive innovations of HAProxy 2.0 provides the blog post for announcement. You can download the free community version of the free software on the website.