haproxy-okd.sh (4610B)
1 #!/usr/bin/env bash 2 3 set -o errexit 4 set -o nounset 5 set -o xtrace 6 7 # install haproxy 8 echo 'debian' | sudo -S apt-get install -y haproxy socat rsyslog 9 10 CHROOT=/var/lib/haproxy 11 12 # haproxy log to syslog for haproxy < v1.9 13 # https://www.haproxy.com/blog/introduction-to-haproxy-logging 14 sudo mkdir -p "$CHROOT/dev/" 15 sudo touch "$CHROOT/dev/log" 16 sudo mount --bind /dev/log "$CHROOT/dev/log" 17 echo "/dev/log /var/lib/haproxy/dev/log none bind" | sudo -S tee -a /etc/fstab 18 19 sudo tee /etc/rsyslog.d/49-haproxy.conf <<'EOF' 20 # Create an additional socket in haproxy's chroot in order to allow logging via 21 # /dev/log to chroot'ed HAProxy processes 22 $AddUnixListenSocket /var/lib/haproxy/dev/log 23 EOF 24 25 sudo tee /etc/haproxy/haproxy.cfg <<EOF 26 global 27 # # log to rsyslog udp 28 # log 127.0.0.1 local0 29 # # log to stdout/stderr (in effect, journald) for haproxy >= v1.9 30 # # https://www.haproxy.com/blog/introduction-to-haproxy-logging 31 # log stderr format short local0 debug 32 log /dev/log local0 33 maxconn 20000 34 user haproxy 35 chroot /var/lib/haproxy 36 pidfile /run/haproxy.pid 37 stats socket /run/haproxy/admin.sock mode 660 38 daemon # Makes the process fork into background. 39 # This option is ignored in systemd mode. 40 41 defaults 42 log global 43 maxconn 8000 44 # close backend server connections, 45 # but keep-alive client connections 46 option http-server-close 47 # don't try longer than 5s to connect to backend servers 48 timeout connect 5s 49 # wait 5s for the backend servers to respond, 50 # for instance, until they send headers 51 timeout server 5s 52 # wait 5s for the client to respond 53 timeout client 5s 54 # timeout to use with websockets 55 # overrides, server and client timeout 56 timeout tunnel 2h 57 # remove clients not acknowledging 58 # a server-initiated close after 30s 59 timeout client-fin 30s 60 61 listen stats 62 bind :9000 63 mode http 64 stats enable 65 stats uri / 66 67 frontend kubernetes_api 68 bind :6443 69 default_backend kubernetes_api_backend 70 mode tcp 71 option tcplog 72 backend kubernetes_api_backend 73 balance source 74 mode tcp 75 server bootstrap okd-bootstrap:6443 check check-ssl verify none 76 server master-01 okd-master-01:6443 check check-ssl verify none 77 server master-02 okd-master-02:6443 check check-ssl verify none 78 server master-03 okd-master-03:6443 check check-ssl verify none 79 80 frontend machine_config_server 81 bind :22623 82 default_backend machine_config_server_backend 83 mode tcp 84 option tcplog 85 backend machine_config_server_backend 86 balance source 87 mode tcp 88 server bootstrap okd-bootstrap:22623 check check-ssl verify none 89 server master-01 okd-master-01:22623 check check-ssl verify none 90 server master-02 okd-master-02:22623 check check-ssl verify none 91 server master-03 okd-master-03:22623 check check-ssl verify none 92 93 frontend http_ingress 94 bind :80 95 default_backend http_ingress_backend 96 mode tcp 97 option tcplog 98 backend http_ingress_backend 99 balance source 100 mode tcp 101 # use worker/compute nodes, if you have any 102 server master-01 okd-master-01:80 check 103 server master-02 okd-master-02:80 check 104 server master-03 okd-master-03:80 check 105 106 frontend https_ingress 107 bind :443 108 default_backend http_ingress_backend 109 mode tcp 110 option tcplog 111 backend https_ingress_backend 112 balance source 113 mode tcp 114 # use worker/compute nodes, if you have any 115 server master-01 okd-master-01:443 check check-ssl verify none 116 server master-02 okd-master-02:443 check check-ssl verify none 117 server master-03 okd-master-03:443 check check-ssl verify none 118 EOF