ansible/haproxy
ansible/haproxy
2
0
Fork 0
Code Issues 1 Pull requests Activity

feat: add k3s like configs

Browse source
This commit is contained in:
Simon Cornet 2026-04-17 14:04:23 +02:00
commit 9dff54a75f
4 changed files with 212 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
defaults/main.yaml
View file

@ -11,6 +11,7 @@ haproxy_global:
group: "haproxy" group: "haproxy"
daemon: true daemon: true
stats_socket: "/var/lib/haproxy/stats user haproxy group haproxy mode 660 level admin" stats_socket: "/var/lib/haproxy/stats user haproxy group haproxy mode 660 level admin"
stats_timeout: "" # optional, e.g., "30s"
# default settings # default settings
haproxy_defaults: haproxy_defaults:

101
examples/k3s-example.yaml Normal file
View file

@ -0,0 +1,101 @@
---
# Example playbook for K3s HAProxy configuration
- name: "Deploy HAProxy for K3s Cluster"
hosts: "haproxy_servers"
become: true
vars:
# global settings
haproxy_global:
log:
- "/dev/log local0"
- "/dev/log local1 notice"
chroot: "/var/lib/haproxy"
stats_socket: "/run/haproxy-admin.sock mode 660 level admin"
stats_timeout: "30s"
user: "haproxy"
group: "haproxy"
daemon: true
# defaults settings
haproxy_defaults:
log: "global"
mode: "tcp"
options:
- "tcplog"
- "dontlognull"
timeout_connect: "5000"
timeout_client: "50000"
timeout_server: "50000"
# frontends
haproxy_frontends:
- name: "fe-k3s-http"
bind: "192.168.10.17:80"
default_backend: "be-k3s-http"
- name: "fe-k3s-https"
bind: "192.168.10.17:443"
default_backend: "be-k3s-https"
- name: "fe-k3s-api"
bind: "192.168.10.17:6443"
default_backend: "be-k3s-nodes"
# backends
haproxy_backends:
- name: "be-k3s-http"
balance: "roundrobin"
stick_table: "type ip size 200k expire 30m"
stick:
- "on src"
options:
- "option tcp-check"
servers:
- name: "k3s-node01"
address: "192.168.10.21:80"
check: true
- name: "k3s-node02"
address: "192.168.10.22:80"
check: true
- name: "k3s-node03"
address: "192.168.10.23:80"
check: true
- name: "be-k3s-https"
balance: "roundrobin"
stick_table: "type ip size 200k expire 30m"
stick:
- "on src"
options:
- "option tcp-check"
servers:
- name: "k3s-node01"
address: "192.168.10.21:443"
check: true
- name: "k3s-node02"
address: "192.168.10.22:443"
check: true
- name: "k3s-node03"
address: "192.168.10.23:443"
check: true
- name: "be-k3s-nodes"
balance: "roundrobin"
options:
- "option tcp-check"
servers:
- name: "k3s-node01"
address: "192.168.10.21:6443"
check: true
- name: "k3s-node02"
address: "192.168.10.22:6443"
check: true
- name: "k3s-node03"
address: "192.168.10.23:6443"
check: true
roles:
- "role-haproxy"

107
readme.md
View file

@ -10,6 +10,7 @@ Install and configure HAProxy load balancer with flexible frontends, backends, a
|----------|----------|---------|-------------| |----------|----------|---------|-------------|
| `haproxy_global.log` | No | List with `/dev/log local2` | Log target (string or list) | | `haproxy_global.log` | No | List with `/dev/log local2` | Log target (string or list) |
| `haproxy_global.stats_socket` | No | See defaults | Stats socket configuration | | `haproxy_global.stats_socket` | No | See defaults | Stats socket configuration |
| `haproxy_global.stats_timeout` | No | Empty | Stats timeout (optional, e.g., "30s") |
| `haproxy_global.chroot` | No | `/var/lib/haproxy` | Chroot directory | | `haproxy_global.chroot` | No | `/var/lib/haproxy` | Chroot directory |
| `haproxy_global.user` | No | `haproxy` | User to run as | | `haproxy_global.user` | No | `haproxy` | User to run as |
| `haproxy_global.group` | No | `haproxy` | Group to run as | | `haproxy_global.group` | No | `haproxy` | Group to run as |
@ -168,6 +169,112 @@ Configuration for Teleport with SSL session persistence and advanced health chec
- "role-haproxy" - "role-haproxy"
``` ```
### K3s Cluster Example
Configuration for K3s cluster with IP-based session persistence:
```yaml
---
- name: "Deploy HAProxy for K3s Cluster"
hosts: "haproxy_servers"
become: true
vars:
# global settings
haproxy_global:
log:
- "/dev/log local0"
- "/dev/log local1 notice"
chroot: "/var/lib/haproxy"
stats_socket: "/run/haproxy-admin.sock mode 660 level admin"
stats_timeout: "30s"
user: "haproxy"
group: "haproxy"
daemon: true
# defaults settings
haproxy_defaults:
log: "global"
mode: "tcp"
options:
- "tcplog"
- "dontlognull"
timeout_connect: "5000"
timeout_client: "50000"
timeout_server: "50000"
# frontends
haproxy_frontends:
- name: "fe-k3s-http"
bind: "192.168.10.17:80"
default_backend: "be-k3s-http"
- name: "fe-k3s-https"
bind: "192.168.10.17:443"
default_backend: "be-k3s-https"
- name: "fe-k3s-api"
bind: "192.168.10.17:6443"
default_backend: "be-k3s-nodes"
# backends with IP-based sticky sessions
haproxy_backends:
- name: "be-k3s-http"
balance: "roundrobin"
stick_table: "type ip size 200k expire 30m"
stick:
- "on src"
options:
- "option tcp-check"
servers:
- name: "k3s-node01"
address: "192.168.10.21:80"
check: true
- name: "k3s-node02"
address: "192.168.10.22:80"
check: true
- name: "k3s-node03"
address: "192.168.10.23:80"
check: true
- name: "be-k3s-https"
balance: "roundrobin"
stick_table: "type ip size 200k expire 30m"
stick:
- "on src"
options:
- "option tcp-check"
servers:
- name: "k3s-node01"
address: "192.168.10.21:443"
check: true
- name: "k3s-node02"
address: "192.168.10.22:443"
check: true
- name: "k3s-node03"
address: "192.168.10.23:443"
check: true
- name: "be-k3s-nodes"
balance: "roundrobin"
options:
- "option tcp-check"
servers:
- name: "k3s-node01"
address: "192.168.10.21:6443"
check: true
- name: "k3s-node02"
address: "192.168.10.22:6443"
check: true
- name: "k3s-node03"
address: "192.168.10.23:6443"
check: true
roles:
- "role-haproxy"
```
### WAF Example with SSL Persistence ### WAF Example with SSL Persistence
```yaml ```yaml

3
templates/haproxy.cfg.j2
View file

@ -10,6 +10,9 @@ global
{%- if haproxy_global.stats_socket is defined %} {%- if haproxy_global.stats_socket is defined %}
stats socket {{ haproxy_global.stats_socket }} stats socket {{ haproxy_global.stats_socket }}
{%- endif %} {%- endif %}
{%- if haproxy_global.stats_timeout is defined and haproxy_global.stats_timeout != "" %}
stats timeout {{ haproxy_global.stats_timeout }}
{%- endif %}
{%- if haproxy_global.chroot is defined %} {%- if haproxy_global.chroot is defined %}
chroot {{ haproxy_global.chroot }} chroot {{ haproxy_global.chroot }}
{%- endif %} {%- endif %}