OpenShift-Lab-Setup/haproxy.cfg at main · path4cloud2024/OpenShift-Lab-Setup · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

    # utilize system-wide crypto-policies
    ssl-default-bind-ciphers PROFILE=SYSTEM
    ssl-default-server-ciphers PROFILE=SYSTEM

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

# ---------------------------------------------------------------------
# Exposing HAProxy Statistic Page
# ---------------------------------------------------------------------
listen stats
    bind :32700
    stats enable
    stats uri /
    stats hide-version
    stats auth admin:RedH@999
# BEGIN ANSIBLE MANAGED HAPROXY CONFIG for ocp4.example.com
#---------------------------------------------------------------------
# round robin balancing for OCP4 Kubernetes API Server
#---------------------------------------------------------------------
frontend k8s_api_ocp4
  bind 192.168.50.254:6443
  mode tcp
  default_backend k8s_api_backend_ocp4
backend k8s_api_backend_ocp4
  balance roundrobin
  mode tcp
  # example:
  # server bootstrap 192.168.50.9:6443 check
  server master01 192.168.50.10:6443 check

# ---------------------------------------------------------------------
# round robin balancing for OCP4 Machine Config Server
# ---------------------------------------------------------------------
frontend machine_config_ocp4
  bind 192.168.50.254:22623
  mode tcp
  default_backend machine_config_backend_ocp4
backend machine_config_backend_ocp4
  balance roundrobin
  mode tcp
  # example:
  # server bootstrap 192.168.50.9:22623 check
  server master01 192.168.50.10:22623 check

# ---------------------------------------------------------------------
# round robin balancing for OCP4 Ingress Insecure Port
# ---------------------------------------------------------------------
frontend ingress_insecure_ocp4
  bind 192.168.50.254:80
  mode tcp
  default_backend ingress_insecure_backend_ocp4
backend ingress_insecure_backend_ocp4
  balance roundrobin
  mode tcp
  # example:
  # server master01 192.168.50.10:80 check
  server master01 192.168.50.10:80 check

# ---------------------------------------------------------------------
# round robin balancing for OCP4 Ingress Secure Port
# ---------------------------------------------------------------------
frontend ingress_secure_ocp4
  bind 192.168.50.254:443
  mode tcp
  default_backend ingress_secure_backend_ocp4
backend ingress_secure_backend_ocp4
  balance roundrobin
  mode tcp
  # example:
  # server master01 192.168.50.10:443 check
  server master01 192.168.50.10:443 check


# END ANSIBLE MANAGED HAPROXY CONFIG for ocp4.example.com