rkage/haproxy.cfg

## haproxy.cfg
global
  log       stdout format raw local0
  user      haproxy
  group     haproxy
  daemon
  stats socket /var/run/haproxy.sock

defaults
  log     global
  mode    http
  option  log-health-checks
  option  log-separate-errors
  option  dontlog-normal
  option  dontlognull
  option  httplog
  option  socket-stats
  retries 3
  option  redispatch
  maxconn 10000
  timeout connect     5s
  timeout client     50s
  timeout server    450s

listen stats
  bind *:8404
  stats enable
  stats uri     /stats
  stats refresh 5s

frontend k8s-api
  bind *:8443
  mode tcp
  option tcplog
  default_backend k8s-api

backend k8s-api
  mode tcp
  balance static-rr
  default-server inter 15s downinter 15s rise 2 fall 2 slowstart 60s maxconn 1000 maxqueue 256 weight 100
  option httpchk GET /healthz
  http-check expect status 200
  server mcf-k8s-node01 192.168.45.45:6443 check check-ssl verify none
  server mcf-k8s-node02 192.168.45.46:6443 check check-ssl verify none
  server mcf-k8s-node03 192.168.45.47:6443 check check-ssl verify none

## haproxy.yaml
---
apiVersion: v1
kind: Pod
metadata:
  name: haproxy
  namespace: kube-system
  creationTimestamp: null
  labels:
    component: haproxy
    tier: control-plane
  annotations:
    haproxy-cfg-checksum: "20210503-008"
spec:
  containers:
  - image: haproxy:2.3.10-alpine
    imagePullPolicy: IfNotPresent
    name: haproxy
    resources: {}
    livenessProbe:
      httpGet:
        path: /healthz
        port: 8443
        scheme: HTTPS
    readinessProbe:
      httpGet:
        path: /healthz
        port: 8443
        scheme: HTTPS
    volumeMounts:
    - mountPath: /usr/local/etc/haproxy/haproxy.cfg
      name: haproxyconf
      readOnly: true
  hostNetwork: true
  dnsPolicy: ClusterFirstWithHostNet
  priorityClassName: system-node-critical
  volumes:
  - hostPath:
      path: /etc/haproxy/haproxy.cfg
      type: FileOrCreate
    name: haproxyconf
status: {}

## keepalived.conf
! Configuration File for keepalived

global_defs {
   router_id router_id APIServerVIP-mcf-k8s-node01
   vrrp_skip_check_adv_addr
   vrrp_strict
   max_auto_priority 99
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 255
    advert_int 1
    virtual_ipaddress {
        192.168.45.40
    }
}

## keepalived.yaml
---
apiVersion: v1
kind: Pod
metadata:
  name: keepalived
  namespace: kube-system
  creationTimestamp: null
  labels:
    component: keepalived
    tier: control-plane
  annotations:
    haproxy-cfg-checksum: "20210504-001"
spec:
  containers:
  - image: mcfio/keepalived:2.2.0
    imagePullPolicy: IfNotPresent
    name: keepalived
    resources: {}
    securityContext:
      capabilities:
        add:
        - NET_ADMIN
        - NET_BROADCAST
        - NET_RAW
    volumeMounts:
    - mountPath: /config/keepalived.conf
      name: keepalivedconf
      readOnly: true
  hostNetwork: true
  dnsPolicy: ClusterFirstWithHostNet
  priorityClassName: system-node-critical
  volumes:
  - hostPath:
      path: /etc/keepalived/keepalived.conf
      type: FileOrCreate
    name: keepalivedconf
status: {}
	global
	log stdout format raw local0
	user haproxy
	group haproxy
	daemon
	stats socket /var/run/haproxy.sock

	defaults
	log global
	mode http
	option log-health-checks
	option log-separate-errors
	option dontlog-normal
	option dontlognull
	option httplog
	option socket-stats
	retries 3
	option redispatch
	maxconn 10000
	timeout connect 5s
	timeout client 50s
	timeout server 450s

	listen stats
	bind *:8404
	stats enable
	stats uri /stats
	stats refresh 5s

	frontend k8s-api
	bind *:8443
	mode tcp
	option tcplog
	default_backend k8s-api

	backend k8s-api
	mode tcp
	balance static-rr
	default-server inter 15s downinter 15s rise 2 fall 2 slowstart 60s maxconn 1000 maxqueue 256 weight 100
	option httpchk GET /healthz
	http-check expect status 200
	server mcf-k8s-node01 192.168.45.45:6443 check check-ssl verify none
	server mcf-k8s-node02 192.168.45.46:6443 check check-ssl verify none
	server mcf-k8s-node03 192.168.45.47:6443 check check-ssl verify none
	---
	apiVersion: v1
	kind: Pod
	metadata:
	name: haproxy
	namespace: kube-system
	creationTimestamp: null
	labels:
	component: haproxy
	tier: control-plane
	annotations:
	haproxy-cfg-checksum: "20210503-008"
	spec:
	containers:
	- image: haproxy:2.3.10-alpine
	imagePullPolicy: IfNotPresent
	name: haproxy
	resources: {}
	livenessProbe:
	httpGet:
	path: /healthz
	port: 8443
	scheme: HTTPS
	readinessProbe:
	httpGet:
	path: /healthz
	port: 8443
	scheme: HTTPS
	volumeMounts:
	- mountPath: /usr/local/etc/haproxy/haproxy.cfg
	name: haproxyconf
	readOnly: true
	hostNetwork: true
	dnsPolicy: ClusterFirstWithHostNet
	priorityClassName: system-node-critical
	volumes:
	- hostPath:
	path: /etc/haproxy/haproxy.cfg
	type: FileOrCreate
	name: haproxyconf
	status: {}
	! Configuration File for keepalived

	global_defs {
	router_id router_id APIServerVIP-mcf-k8s-node01
	vrrp_skip_check_adv_addr
	vrrp_strict
	max_auto_priority 99
	}

	vrrp_instance VI_1 {
	state MASTER
	interface eth0
	virtual_router_id 51
	priority 255
	advert_int 1
	virtual_ipaddress {
	192.168.45.40
	}
	}