-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathhaproxy.cfg
80 lines (67 loc) · 2.81 KB
/
haproxy.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
global
daemon
maxconn 20480
defaults
mode tcp
timeout connect 5s
timeout client 50s
timeout server 50s
listen stats
bind *:1936
mode http
log global
maxconn 10
timeout client 100s
timeout server 100s
timeout connect 100s
timeout queue 100s
stats enable
stats uri /stats
stats hide-version
stats refresh 30s
stats show-node
stats auth admin:password
frontend control-plane
mode tcp
bind *:6443 alpn h2,http/1.1
default_backend masters
backend masters
option httpchk GET /healthz
balance roundrobin
# for backend configuration see https://www.haproxy.com/documentation/hapee/latest/configuration/config-sections/backend/
# server <server id> <hostname or ip>:<port> <options>
server master1.example.com 192.168.1.181:6443 maxconn 256 check check-ssl ca-file /etc/ssl/certs/kubernetes.crt
server master2.example.com 192.168.1.182:6443 maxconn 256 check check-ssl ca-file /etc/ssl/certs/kubernetes.crt
server master3.example.com 192.168.1.183:6443 maxconn 256 check check-ssl ca-file /etc/ssl/certs/kubernetes.crt
frontend ingress-nginx-http
mode tcp
bind *:80 alpn h2,http/1.1
acl internal hdr_end(host) -i .internal.example.com
use_backend ingress-nginx-internal-http if internal
default_backend ingress-nginx-http
backend ingress-nginx-internal-http
option httpchk GET /healthz
server worker-1.example.com 192.168.1.184:32080 maxconn 256 check
server worker-2.example.com 192.168.1.185:32080 maxconn 256 check
server worker-3.example.com 192.168.1.186:32080 maxconn 256 check
backend ingress-nginx-http
option httpchk GET /healthz
server worker-1.example.com 192.168.1.184:31080 maxconn 256 check
server worker-2.example.com 192.168.1.185:31080 maxconn 256 check
server worker-3.example.com 192.168.1.186:31080 maxconn 256 check
frontend ingress-nginx-https
mode tcp
bind *:443 alpn h2,http/1.1
acl internal-tls req.ssl_sni -m end internal.example.com
use_backend ingress-nginx-internal-https if internal-tls
default_backend ingress-nginx-https
backend ingress-nginx-internal-https
option httpchk GET /healthz
server worker-1.example.com 192.168.1.184:32443 maxconn 256 check check-ssl verify none
server worker-2.example.com 192.168.1.185:32443 maxconn 256 check check-ssl verify none
server worker-3.example.com 192.168.1.186:32443 maxconn 256 check check-ssl verify none
backend ingress-nginx-https
option httpchk GET /healthz
server worker-1.example.com 192.168.1.184:31443 maxconn 256 check check-ssl verify none
server worker-2.example.com 192.168.1.185:31443 maxconn 256 check check-ssl verify none
server worker-3.example.com 192.168.1.186:31443 maxconn 256 check check-ssl verify none