Manager which health-checks given endpoints and generates a iptables DNAT/SNAT loadbalancer from active endpoints
Find a file
Knut Ahlers 6db776a9b0
Update dependencies
Signed-off-by: Knut Ahlers <knut@ahlers.me>
2024-03-11 22:21:03 +01:00
pkg Fix: Add a way to differentiate between bind and local address 2023-11-14 15:55:32 +01:00
.gitignore Initial version 2023-11-14 00:40:07 +01:00
cli_checkhelp.go Add settings help for healthchecks 2023-11-14 15:02:00 +01:00
go.mod Update dependencies 2024-03-11 22:21:03 +01:00
go.sum Update dependencies 2024-03-11 22:21:03 +01:00
LICENSE Add README and LICENSE 2023-11-14 14:59:03 +01:00
main.go Add settings help for healthchecks 2023-11-14 15:02:00 +01:00
README.md Fix: Add a way to differentiate between bind and local address 2023-11-14 15:55:32 +01:00

This repository contains a manager which health-checks given endpoints and generates a iptables DNAT/SNAT loadbalancer from active endpoints.

Configuration

# ipt-loadbalancer --help
Usage of ipt-loadbalancer:
  -c, --config string          Configuration file to load (default "config.yaml")
  -e, --enable-managed-chain   Modify PREROUTING / POSTROUTING chain to contain a jump to managed chain
      --log-level string       Log level (debug, info, warn, error, fatal) (default "info")
      --version                Prints current version and exits

# ipt-loadbalancer help
Supported sub-commands are:
  checkhelp <checkType>  Display available settings for a check

# ipt-loadbalancer checkhelp http
Setting        Default      Description
code           200          HTTP Status-Code to expect from the request
...

Main Configuration File

---

# Table prefix to manage (should not collide with existing tables in
# the system). Created tables in this case are named IPTLB_DNAT,
# IPTLB_SNAT and IPTLB_SERVICENAME_DNAT / IPTLB_SERVICENAME_SNAT.
managedChain: IPTLB

# Collection of services to expose on the host the ipt-loadbalancer
# runs on. Each service exposes one local port and forwards to N
# remote ports using DNAT/SNAT.
services:
  - name: ... # See below for the service definition

...

Service Configuration

# The name should consist only of [a-z0-9_] character set and must be
# unique for the prefix given in the main configuration file
name: https

# The healthcheck defines how to verify the targets are up to include
# them into the loadbalancing
healthCheck:
  # Type is required, currently supported: http, smtp, tcp
  type: http
  # Interval defines how often to check for the targets to be alive:
  # 2s means from the start of the LB the targets are checked every 2s
  # in parallel
  interval: 2s
  # Settings defines parameters for the given health-check and are
  # individual to the type. See the `checkhelp <type>` subcommand for
  # all supported settings and their default values.
  settings:
    insecureTLS: true
    path: /healthz
    tls: true

# Bind Address and Port describes the IP and Port to bind the service
# to.
bindAddr: 203.0.113.1
bindPort: 443

# Proto describes which protocol should be routed (defaults to tcp)
proto: tcp

# Targets is a list of routing targets which are checked for their
# liveness status and if they are live, they are included in the NAT
# rulesets.
# Each target consists of two Addresses, a Port and a Weight. The weight
# is defined as an integer and increases / decreases the percentage
# of the traffic that specific target will receive. (For example
# setting all weights to 1 will distribute the traffic equally between
# them, setting one to 2 will double the traffic to that target.)
# The localAddr is used for the SNAT to map the source IP.
targets:
  - addr: 10.1.2.4
    localAddr: 10.1.2.1
    port: 443
    weight: 1
  - addr: 10.1.2.5
    localAddr: 10.1.2.1
    port: 443
    weight: 1
  - addr: 10.1.2.6
    localAddr: 10.1.2.1
    port: 443
    weight: 1