Add L2 Load Balancer (#16)

Co-authored-by: Fedor Batonogov <f.batonogov@yandex.ru>

ansible/roles/haproxy_static_pods/files/check_apiserver.sh

@@ -5,7 +5,7 @@ errorExit() {
     exit 1
 }
 
-curl --silent --max-time 2 --insecure https://localhost:7443/ -o /dev/null || errorExit "Error GET https://localhost:7443/"
-if ip addr | grep -q 10.0.70.85; then
-    curl --silent --max-time 2 --insecure https://10.0.70.85:7443/ -o /dev/null || errorExit "Error GET https://10.0.70.85:7443/"
+curl --silent --max-time 2 --insecure https://localhost:8888/ -o /dev/null || errorExit "Error GET https://localhost:8888/"
+if ip addr | grep -q 10.0.75.80; then
+    curl --silent --max-time 2 --insecure https://10.0.75.80:8888/ -o /dev/null || errorExit "Error GET https://10.0.75.80:8888/"
 fi

ansible/roles/haproxy_static_pods/files/haproxy.cfg

@@ -32,7 +32,7 @@ defaults
 # apiserver frontend which proxys to the control plane nodes
 #---------------------------------------------------------------------
 frontend apiserver
-    bind *:7443
+    bind *:8888
     mode tcp
     option tcplog
     default_backend apiserverbackend
@@ -46,7 +46,7 @@ backend apiserverbackend
     mode tcp
     option ssl-hello-chk
     balance     roundrobin
-        server 10.0.70.70 10.0.70.70:6443 check
-        server 10.0.70.78 10.0.70.78:6443 check
-        server 10.0.70.79 10.0.70.79:6443 check
+        server 10.0.75.81 10.0.75.81:6443 check
+        server 10.0.75.82 10.0.75.82:6443 check
+        server 10.0.75.83 10.0.75.83:6443 check
         # [...]

ansible/roles/haproxy_static_pods/files/haproxy.yaml

@@ -5,23 +5,23 @@ metadata:
   namespace: kube-system
 spec:
   containers:
-  - image: haproxy:2.9.7
-    name: haproxy
-    livenessProbe:
-      failureThreshold: 8
-      httpGet:
-        host: localhost
-        path: /healthz
-        port: 7443
-        scheme: HTTPS
-    volumeMounts:
-    - mountPath: /usr/local/etc/haproxy/haproxy.cfg
-      name: haproxyconf
-      readOnly: true
+    - image: haproxy:3.0.2
+      name: haproxy
+      livenessProbe:
+        failureThreshold: 8
+        httpGet:
+          host: localhost
+          path: /healthz
+          port: 8888
+          scheme: HTTPS
+      volumeMounts:
+        - mountPath: /usr/local/etc/haproxy/haproxy.cfg
+          name: haproxyconf
+          readOnly: true
   hostNetwork: true
   volumes:
-  - hostPath:
-      path: /etc/haproxy/haproxy.cfg
-      type: FileOrCreate
-    name: haproxyconf
+    - hostPath:
+        path: /etc/haproxy/haproxy.cfg
+        type: FileOrCreate
+      name: haproxyconf
 status: {}

ansible/roles/haproxy_static_pods/files/keepalived.yaml

@@ -6,26 +6,26 @@ metadata:
   namespace: kube-system
 spec:
   containers:
-  - image: osixia/keepalived:2.0.20
-    name: keepalived
-    resources: {}
-    securityContext:
-      capabilities:
-        add:
-        - NET_ADMIN
-        - NET_BROADCAST
-        - NET_RAW
-    volumeMounts:
-    - mountPath: /usr/local/etc/keepalived/keepalived.conf
-      name: config
-    - mountPath: /etc/keepalived/check_apiserver.sh
-      name: check
+    - image: ghcr.io/batonogov/docker-keepalived:2.0.20
+      name: keepalived
+      resources: {}
+      securityContext:
+        capabilities:
+          add:
+            - NET_ADMIN
+            - NET_BROADCAST
+            - NET_RAW
+      volumeMounts:
+        - mountPath: /usr/local/etc/keepalived/keepalived.conf
+          name: config
+        - mountPath: /etc/keepalived/check_apiserver.sh
+          name: check
   hostNetwork: true
   volumes:
-  - hostPath:
-      path: /etc/keepalived/keepalived.conf
-    name: config
-  - hostPath:
-      path: /etc/keepalived/check_apiserver.sh
-    name: check
+    - hostPath:
+        path: /etc/keepalived/keepalived.conf
+      name: config
+    - hostPath:
+        path: /etc/keepalived/check_apiserver.sh
+      name: check
 status: {}

ansible/roles/haproxy_static_pods/tasks/main.yml

@@ -1,9 +1,9 @@
 # tasks file for haproxy_static_pods
 - name: Создать директории /etc/kubernetes/manifests и /etc/keepalived
   ansible.builtin.file:
-    path: '{{ item }}'
+    path: "{{ item }}"
     state: directory
-    mode: '755'
+    mode: "755"
   with_items:
     - /etc/kubernetes/manifests
     - /etc/keepalived
@@ -19,22 +19,22 @@
   ansible.builtin.copy:
     src: check_apiserver.sh
     dest: /etc/keepalived/check_apiserver.sh
-    mode: '644'
+    mode: "644"
 
 - name: Наливаю haproxy.cfg
   ansible.builtin.copy:
     src: haproxy.cfg
     dest: /etc/haproxy/haproxy.cfg
-    mode: '644'
+    mode: "644"
 
 - name: Наливаю keepalived static pods manifest
   ansible.builtin.copy:
     src: keepalived.yaml
     dest: /etc/kubernetes/manifests/keepalived.yaml
-    mode: '644'
+    mode: "644"
 
 - name: Наливаю haproxy static pods manifest
   ansible.builtin.copy:
     src: haproxy.yaml
     dest: /etc/kubernetes/manifests/haproxy.yaml
-    mode: '644'
+    mode: "644"

ansible/roles/haproxy_static_pods/templates/keepalived.conf.j2

@@ -21,7 +21,7 @@ vrrp_instance VI_1 {
         auth_pass {{ lookup('password', 'secrets/kubeadm/keepalived/auth_pass length=64') }}
     }
     virtual_ipaddress {
-        10.0.70.85/24
+        10.0.75.80/24
     }
     track_script {
         check_apiserver