Hi! I’m having difficulty in understand how to properly configure haproxy
root@k8s-eu-1-control-plane-node-1:~# sudo systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
Loaded: loaded (/lib/systemd/system/haproxy.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2023-12-01 10:12:16 CET; 5s ago
Docs: man:haproxy(1)
file:/usr/share/doc/haproxy/configuration.txt.gz
Main PID: 33265 (haproxy)
Tasks: 11 (limit: 72235)
Memory: 41.0M
CPU: 249ms
CGroup: /system.slice/haproxy.service
├─33265 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -S /run/haproxy-master.sock
└─33268 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -S /run/haproxy-master.sock
Dec 01 10:12:16 k8s-eu-1-control-plane-node-1 haproxy[33265]: [NOTICE] (33265) : haproxy version is 2.6.15-1ppa1~jammy
Dec 01 10:12:16 k8s-eu-1-control-plane-node-1 haproxy[33265]: [NOTICE] (33265) : path to executable is /usr/sbin/haproxy
Dec 01 10:12:16 k8s-eu-1-control-plane-node-1 haproxy[33265]: [WARNING] (33265) : config : 'option forwardfor' ignored for frontend 'apiserver' as it requires HTTP mode.
Dec 01 10:12:16 k8s-eu-1-control-plane-node-1 haproxy[33265]: [WARNING] (33265) : config : 'option forwardfor' ignored for backend 'apiserverbackend' as it requires HTTP mode.
Dec 01 10:12:16 k8s-eu-1-control-plane-node-1 haproxy[33265]: [NOTICE] (33265) : New worker (33268) forked
Dec 01 10:12:16 k8s-eu-1-control-plane-node-1 haproxy[33265]: [NOTICE] (33265) : Loading success.
Dec 01 10:12:16 k8s-eu-1-control-plane-node-1 systemd[1]: Started HAProxy Load Balancer.
Dec 01 10:12:16 k8s-eu-1-control-plane-node-1 haproxy[33268]: [WARNING] (33268) : Server apiserverbackend/k8s-eu-1-control-plane-node-1 is DOWN, reason: Layer4 connection problem, info: "Connection refused", check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remain>
Dec 01 10:12:16 k8s-eu-1-control-plane-node-1 haproxy[33268]: [ALERT] (33268) : sendmsg()/writev() failed in logger #1: Connection refused (errno=111)
Dec 01 10:12:16 k8s-eu-1-control-plane-node-1 haproxy[33268]: [ALERT] (33268) : backend 'apiserverbackend' has no server available!
This is /etc/haproxy/haproxy.cfg
:
# https://github.com/kubernetes/kubeadm/blob/main/docs/ha-considerations.md#haproxy-configuration
# /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
#log /dev/log local0
#log /dev/log local1 notice
log /var/log local0
log /var/log local1 notice
daemon
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 1
timeout http-request 10s
timeout queue 20s
timeout connect 5s
timeout client 20s
timeout server 20s
timeout http-keep-alive 10s
timeout check 10s
#---------------------------------------------------------------------
# apiserver frontend which proxys to the control plane nodes
#---------------------------------------------------------------------
# https://www.digitalocean.com/community/tutorials/haproxy-network-error-cannot-bind-socket
frontend apiserver
#bind *:6445
bind *:45000
mode tcp
option tcplog
default_backend apiserverbackend
#---------------------------------------------------------------------
# round robin balancing for apiserver
#---------------------------------------------------------------------
backend apiserverbackend
option httpchk GET /healthz
http-check expect status 200
mode tcp
option ssl-hello-chk
balance roundrobin
#server ${HOST1_ID} ${HOST1_ADDRESS}:${APISERVER_SRC_PORT} check
server k8s-eu-1-control-plane-node-1 aa.aaa.aaa.aa:46000 check
This is the output of sudo ip -4 -c address show
:
root@k8s-eu-1-control-plane-node-1:~# sudo ip -4 -c address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
altname enp0s18
altname ens18
inet aa.aaa.aaa.aa/19 brd hh.hhh.hhh.hhh scope global eth0
valid_lft forever preferred_lft forever
inet 10.0.0.30/32 scope global eth0
valid_lft forever preferred_lft forever
Port Range :
root@k8s-eu-1-control-plane-node-1:~# cat /proc/sys/net/ipv4/ip_local_port_range
32768 60999
How to correctly configure haproxy?