Compare commits
1 commit
56126baab4
...
49d6ed1a1e
Author | SHA1 | Date | |
---|---|---|---|
|
49d6ed1a1e |
7 changed files with 81 additions and 9 deletions
|
@ -4,7 +4,7 @@
|
|||
set container network containers prefix '10.5.0.0/24'
|
||||
|
||||
# haproxy-k8s-api
|
||||
set container name haproxy-k8s-api image 'docker.io/library/haproxy:2.9.2'
|
||||
set container name haproxy-k8s-api image 'docker.io/library/haproxy:2.9.1'
|
||||
set container name haproxy-k8s-api memory '0'
|
||||
set container name haproxy-k8s-api network containers address '10.5.0.2'
|
||||
set container name haproxy-k8s-api restart 'on-failure'
|
||||
|
@ -14,7 +14,7 @@ set container name haproxy-k8s-api volume config destination '/usr/local/etc/hap
|
|||
set container name haproxy-k8s-api volume config mode 'ro'
|
||||
|
||||
# haproxy-k3s-api
|
||||
set container name haproxy-k3s-api image 'docker.io/library/haproxy:2.9.2'
|
||||
set container name haproxy-k3s-api image 'docker.io/library/haproxy:2.9.1'
|
||||
set container name haproxy-k3s-api memory '0'
|
||||
set container name haproxy-k3s-api network containers address '10.5.0.3'
|
||||
set container name haproxy-k3s-api restart 'on-failure'
|
||||
|
|
|
@ -413,10 +413,6 @@ set firewall ipv4 name containers-lan rule 999 log
|
|||
set firewall ipv4 name containers-local default-action 'drop'
|
||||
set firewall ipv4 name containers-local description 'From CONTAINERS to LOCAL'
|
||||
set firewall ipv4 name containers-local default-log
|
||||
set firewall ipv4 name containers-local rule 40 action 'accept'
|
||||
set firewall ipv4 name containers-local rule 40 description 'Rule: accept_dns'
|
||||
set firewall ipv4 name containers-local rule 40 destination port 'domain,domain-s'
|
||||
set firewall ipv4 name containers-local rule 40 protocol 'tcp_udp'
|
||||
set firewall ipv4 name containers-local rule 50 action 'accept'
|
||||
set firewall ipv4 name containers-local rule 50 description 'Rule: accept_dhcp'
|
||||
set firewall ipv4 name containers-local rule 50 destination port '67,68'
|
||||
|
|
|
@ -45,7 +45,7 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-ma
|
|||
|
||||
# k8s prod workers
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya ip-address '10.1.1.41'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya mac-address '00:a0:98:1a:5e:ed'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya mac-address 'c8:1f:66:10:4d:b9'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya ip-address '10.1.1.42'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya mac-address 'c8:1f:66:10:51:d9'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gollum ip-address '10.1.1.43'
|
||||
|
@ -65,6 +65,8 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-ma
|
|||
# VMs
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping tulkas ip-address '10.1.1.53'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping tulkas mac-address '26:82:2F:16:7A:36'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping qbee ip-address '10.1.1.55'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping qbee mac-address '00:a0:98:00:a6:72'
|
||||
|
||||
|
||||
# k8s prod masters
|
||||
|
|
1
containers/.gitignore
vendored
1
containers/.gitignore
vendored
|
@ -7,5 +7,6 @@
|
|||
!/bind/
|
||||
!/dnsdist/
|
||||
!/haproxy/
|
||||
!/haproxy-k3s/
|
||||
!/unifi/
|
||||
!/vector-agent/
|
||||
|
|
9
containers/haproxy-k3s/.gitignore
vendored
Normal file
9
containers/haproxy-k3s/.gitignore
vendored
Normal file
|
@ -0,0 +1,9 @@
|
|||
# Ignore everything
|
||||
/*
|
||||
|
||||
# Track certain files and directories
|
||||
!.gitignore
|
||||
|
||||
!/config/
|
||||
/config/*
|
||||
!/config/haproxy.cfg
|
48
containers/haproxy-k3s/config/haproxy.cfg
Normal file
48
containers/haproxy-k3s/config/haproxy.cfg
Normal file
|
@ -0,0 +1,48 @@
|
|||
#---------------------------------------------------------------------
|
||||
# Global settings
|
||||
#---------------------------------------------------------------------
|
||||
global
|
||||
log /dev/log local0
|
||||
log /dev/log local1 notice
|
||||
daemon
|
||||
|
||||
#---------------------------------------------------------------------
|
||||
# common defaults that all the 'listen' and 'backend' sections will
|
||||
# use if not designated in their block
|
||||
#---------------------------------------------------------------------
|
||||
defaults
|
||||
mode http
|
||||
log global
|
||||
option httplog
|
||||
option dontlognull
|
||||
option http-server-close
|
||||
option forwardfor except 127.0.0.0/8
|
||||
option redispatch
|
||||
retries 3
|
||||
timeout http-request 10s
|
||||
timeout queue 20s
|
||||
timeout connect 10s
|
||||
timeout client 1h
|
||||
timeout server 1h
|
||||
timeout http-keep-alive 10s
|
||||
timeout check 10s
|
||||
|
||||
#---------------------------------------------------------------------
|
||||
# apiserver frontend which proxys to the control plane nodes
|
||||
#---------------------------------------------------------------------
|
||||
frontend k8s_apiserver
|
||||
bind *:6443
|
||||
mode tcp
|
||||
option tcplog
|
||||
default_backend k8s_controlplane
|
||||
|
||||
#---------------------------------------------------------------------
|
||||
# round robin balancing for apiserver
|
||||
#---------------------------------------------------------------------
|
||||
backend k8s_controlplane
|
||||
option httpchk GET /healthz
|
||||
http-check expect status 200
|
||||
mode tcp
|
||||
option ssl-hello-chk
|
||||
balance roundrobin
|
||||
server worker2 10.1.1.55:6443 check
|
|
@ -34,7 +34,13 @@ frontend k8s_apiserver
|
|||
bind *:6443
|
||||
mode tcp
|
||||
option tcplog
|
||||
default_backend k8s_controlplane
|
||||
default_backend k8s_controlplane
|
||||
|
||||
frontend talos_apiserver
|
||||
bind *:50000
|
||||
mode tcp
|
||||
option tcplog
|
||||
default_backend talos_controlplane
|
||||
|
||||
#---------------------------------------------------------------------
|
||||
# round robin balancing for apiserver
|
||||
|
@ -47,4 +53,14 @@ backend k8s_controlplane
|
|||
balance roundrobin
|
||||
server worker1 10.1.1.61:6443 check
|
||||
server worker2 10.1.1.62:6443 check
|
||||
server worker3 10.1.1.63:6443 check
|
||||
server worker3 10.1.1.63:6443 check
|
||||
|
||||
backend talos_controlplane
|
||||
option httpchk GET /healthz
|
||||
http-check expect status 200
|
||||
mode tcp
|
||||
option ssl-hello-chk
|
||||
balance roundrobin
|
||||
server worker1 10.1.1.61:50000 check
|
||||
server worker2 10.1.1.62:50000 check
|
||||
server worker3 10.1.1.63:50000 check
|
||||
|
|
Reference in a new issue