From 9dff54a75f8228b40f038e4f127beb9f3762f6a4 Mon Sep 17 00:00:00 2001
From: Simon Cornet <simon@simoncor.net>
Date: Fri, 17 Apr 2026 14:04:23 +0200
Subject: [PATCH] feat: add k3s like configs

---
 defaults/main.yaml        |   1 +
 examples/k3s-example.yaml | 101 +++++++++++++++++++++++++++++++++++
 readme.md                 | 107 ++++++++++++++++++++++++++++++++++++++
 templates/haproxy.cfg.j2  |   3 ++
 4 files changed, 212 insertions(+)
 create mode 100644 examples/k3s-example.yaml

diff --git a/defaults/main.yaml b/defaults/main.yaml
index 3e2d9f4..d017f45 100644
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@@ -11,6 +11,7 @@ haproxy_global:
   group: "haproxy"
   daemon: true
   stats_socket: "/var/lib/haproxy/stats user haproxy group haproxy mode 660 level admin"
+  stats_timeout: ""  # optional, e.g., "30s"
 
 # default settings
 haproxy_defaults:
diff --git a/examples/k3s-example.yaml b/examples/k3s-example.yaml
new file mode 100644
index 0000000..8713845
--- /dev/null
+++ b/examples/k3s-example.yaml
@@ -0,0 +1,101 @@
+---
+# Example playbook for K3s HAProxy configuration
+
+- name: "Deploy HAProxy for K3s Cluster"
+  hosts: "haproxy_servers"
+  become: true
+
+  vars:
+
+    # global settings
+    haproxy_global:
+      log:
+        - "/dev/log local0"
+        - "/dev/log local1 notice"
+      chroot: "/var/lib/haproxy"
+      stats_socket: "/run/haproxy-admin.sock mode 660 level admin"
+      stats_timeout: "30s"
+      user: "haproxy"
+      group: "haproxy"
+      daemon: true
+
+    # defaults settings
+    haproxy_defaults:
+      log: "global"
+      mode: "tcp"
+      options:
+        - "tcplog"
+        - "dontlognull"
+      timeout_connect: "5000"
+      timeout_client: "50000"
+      timeout_server: "50000"
+
+    # frontends
+    haproxy_frontends:
+      - name: "fe-k3s-http"
+        bind: "192.168.10.17:80"
+        default_backend: "be-k3s-http"
+
+      - name: "fe-k3s-https"
+        bind: "192.168.10.17:443"
+        default_backend: "be-k3s-https"
+
+      - name: "fe-k3s-api"
+        bind: "192.168.10.17:6443"
+        default_backend: "be-k3s-nodes"
+
+    # backends
+    haproxy_backends:
+      - name: "be-k3s-http"
+        balance: "roundrobin"
+        stick_table: "type ip size 200k expire 30m"
+        stick:
+          - "on src"
+        options:
+          - "option tcp-check"
+        servers:
+          - name: "k3s-node01"
+            address: "192.168.10.21:80"
+            check: true
+          - name: "k3s-node02"
+            address: "192.168.10.22:80"
+            check: true
+          - name: "k3s-node03"
+            address: "192.168.10.23:80"
+            check: true
+
+      - name: "be-k3s-https"
+        balance: "roundrobin"
+        stick_table: "type ip size 200k expire 30m"
+        stick:
+          - "on src"
+        options:
+          - "option tcp-check"
+        servers:
+          - name: "k3s-node01"
+            address: "192.168.10.21:443"
+            check: true
+          - name: "k3s-node02"
+            address: "192.168.10.22:443"
+            check: true
+          - name: "k3s-node03"
+            address: "192.168.10.23:443"
+            check: true
+
+      - name: "be-k3s-nodes"
+        balance: "roundrobin"
+        options:
+          - "option tcp-check"
+        servers:
+          - name: "k3s-node01"
+            address: "192.168.10.21:6443"
+            check: true
+          - name: "k3s-node02"
+            address: "192.168.10.22:6443"
+            check: true
+          - name: "k3s-node03"
+            address: "192.168.10.23:6443"
+            check: true
+
+  roles:
+    - "role-haproxy"
diff --git a/readme.md b/readme.md
index 4faf4a0..056d157 100644
--- a/readme.md
+++ b/readme.md
@@ -10,6 +10,7 @@ Install and configure HAProxy load balancer with flexible frontends, backends, a
 |----------|----------|---------|-------------|
 | `haproxy_global.log` | No | List with `/dev/log local2` | Log target (string or list) |
 | `haproxy_global.stats_socket` | No | See defaults | Stats socket configuration |
+| `haproxy_global.stats_timeout` | No | Empty | Stats timeout (optional, e.g., "30s") |
 | `haproxy_global.chroot` | No | `/var/lib/haproxy` | Chroot directory |
 | `haproxy_global.user` | No | `haproxy` | User to run as |
 | `haproxy_global.group` | No | `haproxy` | Group to run as |
@@ -168,6 +169,112 @@ Configuration for Teleport with SSL session persistence and advanced health chec
     - "role-haproxy"
 ```
 
+### K3s Cluster Example
+
+Configuration for K3s cluster with IP-based session persistence:
+
+```yaml
+---
+- name: "Deploy HAProxy for K3s Cluster"
+  hosts: "haproxy_servers"
+  become: true
+
+  vars:
+
+    # global settings
+    haproxy_global:
+      log:
+        - "/dev/log local0"
+        - "/dev/log local1 notice"
+      chroot: "/var/lib/haproxy"
+      stats_socket: "/run/haproxy-admin.sock mode 660 level admin"
+      stats_timeout: "30s"
+      user: "haproxy"
+      group: "haproxy"
+      daemon: true
+
+    # defaults settings
+    haproxy_defaults:
+      log: "global"
+      mode: "tcp"
+      options:
+        - "tcplog"
+        - "dontlognull"
+      timeout_connect: "5000"
+      timeout_client: "50000"
+      timeout_server: "50000"
+
+    # frontends
+    haproxy_frontends:
+      - name: "fe-k3s-http"
+        bind: "192.168.10.17:80"
+        default_backend: "be-k3s-http"
+
+      - name: "fe-k3s-https"
+        bind: "192.168.10.17:443"
+        default_backend: "be-k3s-https"
+
+      - name: "fe-k3s-api"
+        bind: "192.168.10.17:6443"
+        default_backend: "be-k3s-nodes"
+
+    # backends with IP-based sticky sessions
+    haproxy_backends:
+      - name: "be-k3s-http"
+        balance: "roundrobin"
+        stick_table: "type ip size 200k expire 30m"
+        stick:
+          - "on src"
+        options:
+          - "option tcp-check"
+        servers:
+          - name: "k3s-node01"
+            address: "192.168.10.21:80"
+            check: true
+          - name: "k3s-node02"
+            address: "192.168.10.22:80"
+            check: true
+          - name: "k3s-node03"
+            address: "192.168.10.23:80"
+            check: true
+
+      - name: "be-k3s-https"
+        balance: "roundrobin"
+        stick_table: "type ip size 200k expire 30m"
+        stick:
+          - "on src"
+        options:
+          - "option tcp-check"
+        servers:
+          - name: "k3s-node01"
+            address: "192.168.10.21:443"
+            check: true
+          - name: "k3s-node02"
+            address: "192.168.10.22:443"
+            check: true
+          - name: "k3s-node03"
+            address: "192.168.10.23:443"
+            check: true
+
+      - name: "be-k3s-nodes"
+        balance: "roundrobin"
+        options:
+          - "option tcp-check"
+        servers:
+          - name: "k3s-node01"
+            address: "192.168.10.21:6443"
+            check: true
+          - name: "k3s-node02"
+            address: "192.168.10.22:6443"
+            check: true
+          - name: "k3s-node03"
+            address: "192.168.10.23:6443"
+            check: true
+
+  roles:
+    - "role-haproxy"
+```
+
 ### WAF Example with SSL Persistence
 
 ```yaml
diff --git a/templates/haproxy.cfg.j2 b/templates/haproxy.cfg.j2
index 2b1dce1..b3510d5 100644
--- a/templates/haproxy.cfg.j2
+++ b/templates/haproxy.cfg.j2
@@ -10,6 +10,9 @@ global
 {%- if haproxy_global.stats_socket is defined %}
   stats socket {{ haproxy_global.stats_socket }}
 {%- endif %}
+{%- if haproxy_global.stats_timeout is defined and haproxy_global.stats_timeout != "" %}
+  stats timeout {{ haproxy_global.stats_timeout }}
+{%- endif %}
 {%- if haproxy_global.chroot is defined %}
   chroot {{ haproxy_global.chroot }}
 {%- endif %}