April 28, 2016

external Services with Openshift v3 and HAProxy


Openshift V3 offers a simple solution to call external services.

Integrating External Services

This solution lacks some possibilities like use DNS names or use more then one destination.

The here described solution offers you the flexibility of haproxy with logs for this service.

Here the picture for the solution.

Solution Overview:



  • Openshift v3
  • Your own git repository
  • HAProxy 1.6
  • socklog / syslog
  • destination address(s)
  • patienceūüėČ

Openshift v3 and git repository

You need access to a openshift (oc …/ webconsole) and a read / write access to a git repository


You can use the official image on Docker Hub HAProxy, but I would suggest to use the alpine image. I also used it for a small http-https redirector which you can find here. An example with log settings you may find here

socklog / syslog

Due to the fact that there is no official Docker Hub entry for socklog you can use my repo

destination address

You¬īll have to chose the service you want to connect


Now you should take a look into the excellence documentation of HAProxy.

Start of Implementation

Create a new Project

oc new-project external-service001

otherwise, if you are admin and want to run this pods on dedicated nodes you can also use

oadm new-project external-service001 --node-selector='your-dmz=external-router'

Create socklog/syslog

oc new-app -e TZ=Europe/Vienna --dry-run -o yaml 
> 01_build_socklog.yaml
oc create -f 01_build_socklog.yaml


imagestream "alpine" created
imagestream "alpine-socklog" created
buildconfig "alpine-socklog" created
deploymentconfig "alpine-socklog" created
service "alpine-socklog" created

Q: Why do I create a file instead of a direct output?
A: For reproduction and debugging. It‚Äôs easier do run an¬†oc delete -f 01_build_socklog.yamlūüėČ

Finally a alpine-socklog service with exposed port 8514/udp is created

oc get svc
alpine-socklog <none> 8514/UDP 3m

also a listening daemon which writes the requests out to stdout

oc logs -f alpine-socklog-1-mldc6
listening on, starting.


Don’t use the user/uid and group/gid on Openshift!

Dont’t use daemon option in Openshift!

Create Git

Due to the fact that you have to change the HAProxy config, you¬īll need a Git repository.

I use mineūüėČ

git clone

Now you ¬īll have to edit the containerfiles/etc/haproxy/haproxy.cfg and add the log option.

Create HAProxy

Commit it to your repo and create the app

oc new-app -e TZ=Europe/Vienna --dry-run 
-o yaml > metadata/01_build_haproxy.yaml
oc create -f metadata/01_build_haproxy.yaml


imagestream "http-https-redirector" created
buildconfig "http-https-redirector" created
deploymentconfig "http-https-redirector" created
service "http-https-redirector" created
Error from server: imageStream "alpine" already exists

Within a few minutes the pods are up and running

oc get po
NAME                            READY     STATUS      RESTARTS   AGE
alpine-socklog-1-build          0/1       Completed   0          10h
alpine-socklog-1-mldc6          1/1       Running     0          10h
http-https-redirector-1-build   0/1       Completed   0          4m
http-https-redirector-2-build   0/1       Completed   0          1m
http-https-redirector-2-k56kr   1/1       Running     0          35s

in the log of alpine-socklog-1-mldc6 pod you can find the log-entries of HAProxy.

[al@localhost openshift-external-services]$ oc logs -f alpine-socklog-1-mldc6
listening on, starting. local0.notice: Apr 27 18:29:18 haproxy[1]: Proxy entry-point started. local0.notice: Apr 27 18:29:18 haproxy[1]: Proxy google started.

Add route

Finally we should add a route to use this service.

oc expose svc http-https-redirector

If everything works as expect you should see something like this. local0.notice: Apr 27 19:56:25 haproxy[1]: Proxy entry-point started. local0.notice: Apr 27 19:56:25 haproxy[1]: Proxy be_google started. Apr 27 19:56:55 haproxy[1]: [27/Apr/2016:19:56:55.189] 
entry-point be_google/srv_google/ 0/0/111/18/129 404 1686 - - ---- 
1/1/0/1/0 0/0 "GET / HTTP/1.1" Apr 27 19:57:21 haproxy[1]: [27/Apr/2016:19:57:21.555] 
entry-point be_google/srv_google/ 0/0/42/18/60 404 1686 - - ---- 
1/1/0/1/0 0/0 "GET / HTTP/1.1"

After all these steps, you have to use the documentation of HAProxy and alpine to fix the time and the ip issue unless you don‚Äôt need to know which client have requested your serviceūüėČ

You may also get in touch with us (Cloudwerkstatt) to fix it for you.

Your Name (required)

Your Email (required)


Your Message