Last active
February 19, 2022 04:36
-
-
Save kudaliar032/0a3ebcbc694ea4d7118969d0b5a02c87 to your computer and use it in GitHub Desktop.
creating-high-available-kubernetes-cluster-with-kubeadm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| backend k8s_servers | |
| balance roundrobin | |
| server k8s-cp1 172.31.6.219:6443 check # add other node later | |
| server k8s-cp2 172.31.4.168:6443 check | |
| server k8s-cp3 172.31.8.252:6443 check | |
| ... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| defaults | |
| log global | |
| mode tcp # change to tcp | |
| option tcplog # change to tcplog | |
| option dontlognull | |
| timeout connect 5000 | |
| timeout client 50000 | |
| timeout server 50000 | |
| .... | |
| # add this configuration | |
| frontend k8scp | |
| bind *:6443 | |
| default_backend k8s_servers | |
| backend k8s_servers | |
| balance roundrobin | |
| server k8s-cp1 172.31.6.219:6443 check # add other node later | |
| listen stats | |
| bind *:9999 | |
| mode http | |
| stats enable | |
| stats hide-version | |
| stats uri /stats |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global | |
| log /dev/log local0 | |
| log /dev/log local1 notice | |
| chroot /var/lib/haproxy | |
| stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners | |
| stats timeout 30s | |
| user haproxy | |
| group haproxy | |
| daemon | |
| # Default SSL material locations | |
| ca-base /etc/ssl/certs | |
| crt-base /etc/ssl/private | |
| # Default ciphers to use on SSL-enabled listening sockets. | |
| # For more information, see ciphers(1SSL). This list is from: | |
| # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ | |
| # An alternative list with additional directives can be obtained from | |
| # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy | |
| ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS | |
| ssl-default-bind-options no-sslv3 | |
| defaults | |
| log global | |
| mode http | |
| option httplog | |
| option dontlognull | |
| timeout connect 5000 | |
| timeout client 50000 | |
| timeout server 50000 | |
| errorfile 400 /etc/haproxy/errors/400.http | |
| errorfile 403 /etc/haproxy/errors/403.http | |
| errorfile 408 /etc/haproxy/errors/408.http | |
| errorfile 500 /etc/haproxy/errors/500.http | |
| errorfile 502 /etc/haproxy/errors/502.http | |
| errorfile 503 /etc/haproxy/errors/503.http | |
| errorfile 504 /etc/haproxy/errors/504.http |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 127.0.0.1 localhost | |
| # The following lines are desirable for IPv6 capable hosts | |
| ::1 ip6-localhost ip6-loopback | |
| fe00::0 ip6-localnet | |
| ff00::0 ip6-mcastprefix | |
| ff02::1 ip6-allnodes | |
| ff02::2 ip6-allrouters | |
| ff02::3 ip6-allhosts | |
| 172.31.6.219 k8scp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 127.0.0.1 localhost | |
| # The following lines are desirable for IPv6 capable hosts | |
| ::1 ip6-localhost ip6-loopback | |
| fe00::0 ip6-localnet | |
| ff00::0 ip6-mcastprefix | |
| ff02::1 ip6-allnodes | |
| ff02::2 ip6-allrouters | |
| ff02::3 ip6-allhosts | |
| 172.31.14.218 k8scp |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment