[AAI] AAI HAProxy image update

Update AAI haproxy name and version to 1.9.5
Make AAI init container resources configurable
Implementing stick tables to avoid concurrency issues raised by using
janugraph against eventually consistent storage backend(cassandra)

Issue-ID: AAI-3602
Signed-off-by: leila <leila.nishimwe@bell.ca>
Change-Id: I6b1c7bf3a378c410df0a9bb01d304e56e979c3b5
diff --git a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
index 6e7acef..1266d4e 100644
--- a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
+++ b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
@@ -17,6 +17,8 @@
         log /dev/log    local0
         stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin
         stats timeout 30s
+        # it is required else pod will not come up
+        maxconn 50000
         user root
         group root
         daemon
@@ -38,7 +40,8 @@
         mode    http
         option  httplog
         option  ssl-hello-chk
-        option  httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==
+        option  httpchk
+        http-check send meth GET uri /aai/util/echo ver HTTP/1.1 hdr Host aai hdr X-TransactionId  haproxy-0111 hdr X-FromAppId haproxy hdr Accept application/json hdr Authorization 'Basic QUFJOkFBSQ=='
         default-server init-addr none
 #       option  dontlognull
 #       errorfile 400 /etc/haproxy/errors/400.http
@@ -59,6 +62,12 @@
         timeout server  480000
         timeout http-keep-alive 30000
 
+frontend stats
+       bind *:8448
+       http-request use-service prometheus-exporter if { path /metrics }
+       stats enable
+       stats uri /stats
+       stats refresh 10s
 
 frontend IST_8443
         mode http
@@ -73,6 +82,10 @@
         capture response header Host len 100
         option log-separate-errors
         option forwardfor
+
+        http-request set-header X-Forwarded-Proto https
+        http-request add-header X-Forwarded-Port 8443
+
         http-request set-header X-Forwarded-Proto https if { ssl_fc }
         http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used }
         http-request set-header X-AAI-SSL                       %[ssl_fc]
@@ -97,9 +110,6 @@
         {{- end }}
         {{- end }}
 
-        reqadd X-Forwarded-Proto:\ https
-        reqadd X-Forwarded-Port:\ 8443
-
 #######################
 #ACLS FOR PORT 8446####
 #######################
@@ -107,9 +117,10 @@
         acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$
         acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$
         acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$
+        acl is_dsl path_reg -i ^/aai/v[0-9]+/dsl$
         acl is_named-query path_beg -i /aai/search/named-query
         acl is_search-model path_beg -i /aai/search/model
-        use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model
+        use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model or is_dsl
 
         default_backend IST_Default_8447
 
@@ -120,9 +131,11 @@
 
 backend IST_Default_8447
         balance roundrobin
+        stick-table type string len 100 size 200k expire 2m
+        stick on path
         http-request set-header X-Forwarded-Port %[src_port]
         http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
-        server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
+        server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
 
 
 #######################
@@ -131,9 +144,11 @@
 
 backend IST_AAI_8446
         balance roundrobin
+        stick-table type string len 100 size 200k expire 2m
+        stick on path
         http-request set-header X-Forwarded-Port %[src_port]
         http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
-        server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
+        server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
 
 listen IST_AAI_STATS
         mode http
diff --git a/kubernetes/aai/resources/config/haproxy/haproxy.cfg b/kubernetes/aai/resources/config/haproxy/haproxy.cfg
index 1accff9..fe1715b 100644
--- a/kubernetes/aai/resources/config/haproxy/haproxy.cfg
+++ b/kubernetes/aai/resources/config/haproxy/haproxy.cfg
@@ -17,6 +17,10 @@
         log /dev/log    local0
         stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin
         stats timeout 30s
+        # it is required else pod will not come up
+        maxconn 50000
+        user root
+        group root
         daemon
         #################################
         # Default SSL material locations#
@@ -38,7 +42,8 @@
 {{- if ( include "common.needTLS" .) }}
         option  ssl-hello-chk
 {{- end }}
-        option  httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ QUFJOkFBSQ==
+        option  httpchk
+        http-check send meth GET uri /aai/util/echo ver HTTP/1.1 hdr Host aai hdr X-TransactionId  haproxy-0111 hdr X-FromAppId haproxy hdr Accept application/json hdr Authorization 'Basic QUFJOkFBSQ=='
         default-server init-addr none
 #       option  dontlognull
 #       errorfile 400 /etc/haproxy/errors/400.http
@@ -59,6 +64,12 @@
         timeout server  480000
         timeout http-keep-alive 30000
 
+frontend stats
+       bind *:8448
+       http-request use-service prometheus-exporter if { path /metrics }
+       stats enable
+       stats uri /stats
+       stats refresh 10s
 
 frontend IST_8080
         mode http
@@ -73,8 +84,8 @@
         option log-separate-errors
         option forwardfor
         http-request set-header X-Forwarded-Proto http
-        reqadd X-Forwarded-Proto:\ http
-        reqadd X-Forwarded-Port:\ 8080
+        http-request set-header X-Forwarded-Proto http
+        http-request add-header X-Forwarded-Port 8080
 
 #######################
 #ACLS FOR PORT 8446####
@@ -104,6 +115,10 @@
         capture response header Host len 100
         option log-separate-errors
         option forwardfor
+
+        http-request set-header X-Forwarded-Proto https
+        http-request add-header X-Forwarded-Port 8443
+
         http-request set-header X-Forwarded-Proto https if { ssl_fc }
         http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used }
         http-request set-header X-AAI-SSL                       %[ssl_fc]
@@ -128,8 +143,6 @@
         {{- end }}
         {{- end }}
 
-        reqadd X-Forwarded-Proto:\ https
-        reqadd X-Forwarded-Port:\ 8443
 {{- end }}
 
 #######################
@@ -152,12 +165,14 @@
 
 backend IST_Default_8447
         balance roundrobin
+        stick-table type string len 100 size 200k expire 2m
+        stick on path
         http-request set-header X-Forwarded-Port %[src_port]
         http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
 {{- if ( include "common.needTLS" .) }}
-        server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
+        server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
 {{- else }}
-        server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check port 8447
+        server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check port 8447
 {{- end }}
 
 #######################
@@ -166,10 +181,12 @@
 
 backend IST_AAI_8446
         balance roundrobin
+        stick-table type string len 100 size 200k expire 2m
+        stick on path
         http-request set-header X-Forwarded-Port %[src_port]
         http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
 {{- if ( include "common.needTLS" .) }}
-        server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
+        server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
 {{- else }}
-        server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check port 8446
+        server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check port 8446
 {{- end }}