Trying to follow these indications:
https://github.com/kubernetes/kubeadm/blob/main/docs/ha-considerations.md#haproxy-configuration
and these indications:
HAProxy use urls in server config?
I'm trying to correctly and properly define haproxy.cfg
, but I'm getting errors
This is the content of /run/systemd/resolve/resolv.conf
:
root@k8s-eu-1-control-plane-node-1:~# sudo cat /run/systemd/resolve/resolv.conf
# This is /run/systemd/resolve/resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver kkk.kk.kkk.kk
nameserver qqq.qq.qqq.qq
search invalid
This is the port range:
root@k8s-eu-1-control-plane-node-1:~# cat /proc/sys/net/ipv4/ip_local_port_range
32768 60999
So, I tried to set haproxy.cfg
as follows:
/etc/haproxy/haproxy.cfg
# https://github.com/kubernetes/kubeadm/blob/main/docs/ha-considerations.md#haproxy-configuration
# /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
#log /dev/log local0
#log /dev/log local1 notice
#log /var/log local0
#log /var/log local1 notice
daemon
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 1
timeout http-request 10s
timeout queue 20s
timeout connect 5s
timeout client 20s
timeout server 20s
timeout http-keep-alive 10s
timeout check 10s
#---------------------------------------------------------------------
# apiserver frontend which proxys to the control plane nodes
#---------------------------------------------------------------------
# https://www.digitalocean.com/community/tutorials/haproxy-network-error-cannot-bind-socket
frontend apiserver
bind *:45000
mode tcp
option tcplog
default_backend apiserverbackend
resolvers mydns
nameserver dns1 161.97.189.51:53
nameserver dns2 161.97.189.52:53
parse-resolv-conf
resolve_retries 3
timeout resolve 1s
timeout retry 1s
hold other 30s
hold refused 30s
hold nx 30s
hold timeout 30s
hold valid 10s
hold obsolete 30s
#---------------------------------------------------------------------
# round robin balancing for apiserver
#---------------------------------------------------------------------
backend apiserverbackend
option httpchk GET /healthz
http-check expect status 200
mode tcp
option ssl-hello-chk
balance roundrobin
#server ${HOST1_ID} ${HOST1_ADDRESS}:${APISERVER_SRC_PORT} check
server k8s-eu-1-control-plane-node-1:6443 resolvers mydns resolve-prefer ipv4
But it returns the error unknown keyword 'mydns'
:
root@k8s-eu-1-control-plane-node-1:~# sudo haproxy -c -f /etc/haproxy/haproxy.cfg
[NOTICE] (39412) : haproxy version is 2.6.15-1ppa1~jammy
[NOTICE] (39412) : path to executable is /usr/sbin/haproxy
[ALERT] (39412) : config : [/etc/haproxy/haproxy.cfg:92] : 'server apiserverbackend/k8s-eu-1-control-plane-node-1:6443' : unknown keyword 'mydns'.
[ALERT] (39412) : config : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] (39412) : config : Fatal errors found in configuration.
Your
server
directive is missing the name. Hence, haproxy uses the address as name,resolvers
as the address and so on.Just add a name between
server
and the address.