Added talos to haproxy.

This commit is contained in:
Joseph Hanson 2024-05-04 12:23:26 -05:00
parent 2570711ed4
commit e1f3e6ec8d
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o

View file

@ -113,6 +113,66 @@
}; };
}; };
# haproxy for load balancing talos and kubernetes api.
services.haproxy = {
enable = true;
config = ''
global
log /dev/log local0
log /dev/log local1 notice
daemon
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 20s
timeout connect 10s
timeout client 1h
timeout server 1h
timeout http-keep-alive 10s
timeout check 10s
frontend k8s_apiserver
bind *:6443
mode tcp
option tcplog
default_backend k8s_controlplane
frontend talos_apiserver
bind *:50000
mode tcp
option tcplog
default_backend talos_controlplane
backend k8s_controlplane
option httpchk GET /healthz
http-check expect status 200
mode tcp
option ssl-hello-chk
balance roundrobin
server worker1 10.1.1.61:6443 check
server worker2 10.1.1.62:6443 check
server worker3 10.1.1.63:6443 check
backend talos_controlplane
option httpchk GET /healthz
http-check expect status 200
mode tcp
option ssl-hello-chk
balance roundrobin
server worker1 10.1.1.61:50000 check
server worker2 10.1.1.62:50000 check
server worker3 10.1.1.63:50000 check
'';
};
# Some programs need SUID wrappers, can be configured further or are # Some programs need SUID wrappers, can be configured further or are
# started in user sessions. # started in user sessions.
programs.mtr.enable = true; programs.mtr.enable = true;