HAProxyConf 2019 Keynote Part II
Director of Product, HAProxy Technologies
Hello, everyone. It’s great to see everyone here. Many of us have been communicating for many years over the mailing list, Discourse, IRC, and most recently Slack. We’re really proud to be part of such a great and amazing vibrant community.
At HAProxy Technologies, we truly do love open source and we try to participate with the community in a variety of ways, not only through standard methods such as releasing new open source projects, contributing code to existing projects, publishing high-quality informative blog content, and helping community users over IRC, Slack, and the mailing list as well.
Many of you may wonder how we choose to dedicate engineering resources. We make these decisions after long careful analysis of the application delivery landscape. We gather feedback directly from the community, our customers, our product council, and social media. We continuously track trends and discuss internally which features will benefit the community the most. Sometimes we don’t agree on which features we should implement or which projects we should open source, and for that we’ve implemented a decision support system internally that allows us to come together and make these decisions as a group and not directly within a silo. We also frequently will put out polls to the community asking for your opinion on what features you think we should implement next, or which protocols we should support next.
So we’re always looking to gather feedback and make these decisions for the product. We’re also very interested in hosting meet-ups and attending meet-ups. We think that it’s a great place to bring the community together to talk about our experiences with HAProxy and just in general share our architecture information which each other. Would you like to be a host of a meet-up for HAProxy? Feel free to contact us, hit me up directly if you see me here, and we’ll be more than happy to work with you on arranging that.
Do you love open source as much as we do at HAProxy Technologies? Well, if so, we’re hiring in just about every department within the company. So if you’re interested, again, feel free to reach out from somebody from HAProxy Technologies and we’ll be sure to put you in contact with the right people.
So I’m going to give a brief overview of the last year and recap. In the last year we’ve seen some really exciting changes happen within HAProxy and I understand that Willy has touched on a lot of this, but I’m going to do my best to not repeat. HAProxy 2.0 was released in June of this year and it continued down the path that was started in 1.8, which was the continued goal of supporting the rapidly changing modern architecture.
With the rise of cloud and container platforms, we wanted to make sure that HAProxy could operate within these environments and require minimal configuration to get the best performance. We also began to see a growing need to offer alternative log output options to satisfy container based environments and, for this, we introduced both cloud native threading and cloud native logging.
With the rise of micro services and containers, infrastructures have become more elastic. It’s quite possible that a backend server, quite possibly a Kubernetes pod, disappears while it’s receiving a request, and so for this reason we saw the need to add layer seven retries which will allow HAProxy to either retry that same server or to try a different server if you’re using option re-dispatch. With the release of the Data Plane API, along with the new traffic shadowing or mirroring stream processing offload agent, or SPOA, as well as the community effort to bring polyglot extensibility to HAProxy through SPOE, there was a need to simplify the management of these external components and so a process manager was introduced.
With the new native Prometheus exporter, it now makes it easier to integrate HAProxy into your Kubernetes environment without the reliance on third party daemons or tools and much more. There are so many exciting things in 2.0 and we’re extremely proud of this release and we’re glad it’s been so well received by you, the community.
HAProxy Data Plane API was released. The 1.0 was released in June 2019 in conjunction with the HAProxy 2.0 release. It supports a modern REST API which allows you to dynamically configure and manage HAProxy. It also supports versions and transactions, allowing you to commit either a simple change or several changes at once which must be activated simultaneously. The HAProxy Data Plane API will write to the HAProxy configuration file and also use the Runtime API when possible, which prevents unnecessary reloads. The V2 of the API is coming very soon, so please be on the lookout for that. We have some exciting things planned.
The HAProxy Kubernetes ingress controller was also released in conjunction with the 2.0 release. It was created after a growing need from the community and our customer base to create an ingress controller that HAProxy Technologies could be authoritative on and easily integrate with our HAProxy Enterprise product. It supports TLS offloading, layer seven routing, rate limiting and whitelisting. It also… sorry.
Throughout the last year we’ve also released several other open source tools and components. A major component released is our config native parser which is a Golang SDK which allows you to directly integrate, interact directly with the HAProxy config. Both the Data Plane API and the Kubernetes ingress controller were built using this. Another tool we open sourced was the traffic mirror or traffic shadowing stream processing offload agent, or SPOA. This allows you to copy traffic from your production cluster to another cluster for testing.
Finally, we also released two new Lua scripts in conjunction with some of our blog content. Lua-CORS helps you to easily configure and respond with cross origin access control headers. Lua-JWT allows you to add JWT authorisation and verification to your HAProxy install. We also provided a sample application for integrating with AWS X-ray which is AWS’ version of tracing.
So what does it take to deliver a modern application? Traditionally, most sites start in a setup similar to this with an appliance load balancer sitting in front of a cluster of web or application servers. One of the historical advantages to deploying an appliance based load balancer is that they traditionally have purpose-built ASICs for application acceleration, including SSL termination.
HAProxy One is an industry first end-to-end application delivery platform designed to simplify the complexity of modern application environments. HAProxy One unifies the product portfolio which consists of two existing products: HAProxy Enterprise, a high performance software load balancer powered by the legendary HAProxy; HAProxy ALOHA, a hardware and physical appliance and virtual appliance with patented DDoS mitigation technology, Package Shield; and it introduces three new ones. HAProxy Edge which is a new globally distributed application delivery network, or ADN, that provides a wide range of turnkey application delivery services, and HAProxy Enterprise Kubernetes Ingress Controller which is a high performance Kubernetes ingress. It also introduces the HAProxy Fusion Control Plane which will provide a unified control plane. Our Enterprise ingress controller also ships with a web application firewall and we’re the authoritative experts on it as well.
With HAProxy at the heart of all of these products, it means you only need to become proficient at one piece of software and apply decades of HAProxy knowledge and experience towards new use cases rather than being forced to integrate diverse vendors and technologies that might reduce performance, reliability, or flexibility. It will also allow you to deal directly with the authoritative experts at HAProxy Technologies. It will feature multi cluster and multi environment support and support role based access control; and it will feature service mesh capabilities in the future.
HAProxy Enterprise Kubernetes ingress controller is now available and supports the ModSecurity WAF. It features rate limiting, IP whitelisting, zero downtime config updates, and a built-in stats dashboard.
HAProxy Enterprise 2.0 R1 was just released recently. It contains several backports, such as support for FastCGI, SSL memory enhancements, ring buffer logging, several new fetches and converters, and much more. It also features a hardened ModSecurity implementation which protects ModSecurity from DoS attacks against itself.
HAProxy ALOHA 11.0 was released with HAProxy Enterprise 1.9 in April, around April 2019. It is expected for the ALOHA 11.5 to be released near the end of Q4, and we also expect to release a new ALOHA 5300 hardware appliance near the end of Q4 or Q1 2020, sorry.
Booz Allen Hamilton recently implemented a next-generation microservices architecture for recreation.gov as part of the White House’s IT modernisation effort and they provided us with a quote as they’ve been working with us as we built out this HAProxy One platform.
Thank you so much.