Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Frontend único para todo el tráfico TLS entrante (Rancher y K3s)
- frontend https-frontend
- bind *:443
- mode tcp
- option tcplog
- tcp-request inspect-delay 5s
- tcp-request content accept if { req_ssl_hello_type 1 }
- # ACLs por nombre de host (SNI)
- acl host_k3s req_ssl_sni -f /etc/haproxy/maps/k8s-ingress-hosts.map
- acl host_rancher req_ssl_sni -i rancher.titan.com.pa
- use_backend ingress-worker-backend if host_k3s
- use_backend rancher-backend if host_rancher
- default_backend rancher-backend
- # Backend para Rancher
- backend rancher-backend
- mode tcp
- balance roundrobin
- option tcp-check
- server rancher-manager-1 10.170.20.252:443 check port 6443 inter 2000 fall 3 rise 2
- server rancher-manager-2 10.170.20.253:443 check port 6443 inter 2000 fall 3 rise 2
- server rancher-manager-3 10.170.20.254:443 check port 6443 inter 2000 fall 3 rise 2
- # Backend para Ingress NGINX (K3s Workers)
- backend ingress-worker-backend
- mode tcp
- balance roundrobin
- option tcp-check
- timeout connect 5s
- timeout server 30s
- server k3s-worker-1 10.170.20.249:30460 check inter 5s rise 3 slowstart 30s
- server k3s-worker-2 10.170.20.250:30460 check inter 5s rise 3 slowstart 30s
- server k3s-worker-3 10.170.20.251:30460 check inter 5s rise 3 slowstart 30s
- # API de Kubernetes (opcional)
- frontend k3s-frontend
- bind *:6443
- mode tcp
- option tcplog
- default_backend k3s-backend
- backend k3s-backend
- mode tcp
- option tcp-check
- balance roundrobin
- default-server inter 10s downinter 5s
- server k3s-master-1 10.170.20.246:6443 check
- server k3s-master-2 10.170.20.247:6443 check
- server k3s-master-3 10.170.20.248:6443 check
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
