diff --git a/nixos/telperion/configuration.nix b/nixos/telperion/configuration.nix index f08a8b5..37c1f43 100644 --- a/nixos/telperion/configuration.nix +++ b/nixos/telperion/configuration.nix @@ -113,6 +113,66 @@ }; }; + # haproxy for load balancing talos and kubernetes api. + services.haproxy = { + enable = true; + config = '' + global + log /dev/log local0 + log /dev/log local1 notice + daemon + + defaults + mode http + log global + option httplog + option dontlognull + option http-server-close + option forwardfor except 127.0.0.0/8 + option redispatch + retries 3 + timeout http-request 10s + timeout queue 20s + timeout connect 10s + timeout client 1h + timeout server 1h + timeout http-keep-alive 10s + timeout check 10s + + frontend k8s_apiserver + bind *:6443 + mode tcp + option tcplog + default_backend k8s_controlplane + + frontend talos_apiserver + bind *:50000 + mode tcp + option tcplog + default_backend talos_controlplane + + backend k8s_controlplane + option httpchk GET /healthz + http-check expect status 200 + mode tcp + option ssl-hello-chk + balance roundrobin + server worker1 10.1.1.61:6443 check + server worker2 10.1.1.62:6443 check + server worker3 10.1.1.63:6443 check + + backend talos_controlplane + option httpchk GET /healthz + http-check expect status 200 + mode tcp + option ssl-hello-chk + balance roundrobin + server worker1 10.1.1.61:50000 check + server worker2 10.1.1.62:50000 check + server worker3 10.1.1.63:50000 check + ''; + }; + # Some programs need SUID wrappers, can be configured further or are # started in user sessions. programs.mtr.enable = true;