Add L2 Load Balancer (#16)

Co-authored-by: Fedor Batonogov <f.batonogov@yandex.ru>

ansible/roles/haproxy_static_pods/files/check_apiserver.sh

@@ -5,7 +5,7 @@ errorExit() {
     exit 1
 }
 
-curl --silent --max-time 2 --insecure https://localhost:7443/ -o /dev/null || errorExit "Error GET https://localhost:7443/"
-if ip addr | grep -q 10.0.70.85; then
-    curl --silent --max-time 2 --insecure https://10.0.70.85:7443/ -o /dev/null || errorExit "Error GET https://10.0.70.85:7443/"
+curl --silent --max-time 2 --insecure https://localhost:8888/ -o /dev/null || errorExit "Error GET https://localhost:8888/"
+if ip addr | grep -q 10.0.75.80; then
+    curl --silent --max-time 2 --insecure https://10.0.75.80:8888/ -o /dev/null || errorExit "Error GET https://10.0.75.80:8888/"
 fi

ansible/roles/haproxy_static_pods/files/haproxy.cfg

@@ -32,7 +32,7 @@ defaults
 # apiserver frontend which proxys to the control plane nodes
 #---------------------------------------------------------------------
 frontend apiserver
-    bind *:7443
+    bind *:8888
     mode tcp
     option tcplog
     default_backend apiserverbackend
@@ -46,7 +46,7 @@ backend apiserverbackend
     mode tcp
     option ssl-hello-chk
     balance     roundrobin
-        server 10.0.70.70 10.0.70.70:6443 check
-        server 10.0.70.78 10.0.70.78:6443 check
-        server 10.0.70.79 10.0.70.79:6443 check
+        server 10.0.75.81 10.0.75.81:6443 check
+        server 10.0.75.82 10.0.75.82:6443 check
+        server 10.0.75.83 10.0.75.83:6443 check
         # [...]

ansible/roles/haproxy_static_pods/files/haproxy.yaml

@@ -5,23 +5,23 @@ metadata:
   namespace: kube-system
 spec:
   containers:
-  - image: haproxy:2.9.7
-    name: haproxy
-    livenessProbe:
-      failureThreshold: 8
-      httpGet:
-        host: localhost
-        path: /healthz
-        port: 7443
-        scheme: HTTPS
-    volumeMounts:
-    - mountPath: /usr/local/etc/haproxy/haproxy.cfg
-      name: haproxyconf
-      readOnly: true
+    - image: haproxy:3.0.2
+      name: haproxy
+      livenessProbe:
+        failureThreshold: 8
+        httpGet:
+          host: localhost
+          path: /healthz
+          port: 8888
+          scheme: HTTPS
+      volumeMounts:
+        - mountPath: /usr/local/etc/haproxy/haproxy.cfg
+          name: haproxyconf
+          readOnly: true
   hostNetwork: true
   volumes:
-  - hostPath:
-      path: /etc/haproxy/haproxy.cfg
-      type: FileOrCreate
-    name: haproxyconf
+    - hostPath:
+        path: /etc/haproxy/haproxy.cfg
+        type: FileOrCreate
+      name: haproxyconf
 status: {}

ansible/roles/haproxy_static_pods/files/keepalived.yaml

@@ -6,26 +6,26 @@ metadata:
   namespace: kube-system
 spec:
   containers:
-  - image: osixia/keepalived:2.0.20
-    name: keepalived
-    resources: {}
-    securityContext:
-      capabilities:
-        add:
-        - NET_ADMIN
-        - NET_BROADCAST
-        - NET_RAW
-    volumeMounts:
-    - mountPath: /usr/local/etc/keepalived/keepalived.conf
-      name: config
-    - mountPath: /etc/keepalived/check_apiserver.sh
-      name: check
+    - image: ghcr.io/batonogov/docker-keepalived:2.0.20
+      name: keepalived
+      resources: {}
+      securityContext:
+        capabilities:
+          add:
+            - NET_ADMIN
+            - NET_BROADCAST
+            - NET_RAW
+      volumeMounts:
+        - mountPath: /usr/local/etc/keepalived/keepalived.conf
+          name: config
+        - mountPath: /etc/keepalived/check_apiserver.sh
+          name: check
   hostNetwork: true
   volumes:
-  - hostPath:
-      path: /etc/keepalived/keepalived.conf
-    name: config
-  - hostPath:
-      path: /etc/keepalived/check_apiserver.sh
-    name: check
+    - hostPath:
+        path: /etc/keepalived/keepalived.conf
+      name: config
+    - hostPath:
+        path: /etc/keepalived/check_apiserver.sh
+      name: check
 status: {}