k8s-airflow/infra/keepalived_haproxy/haproxy/haproxy.cfg

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

listen stats
    bind *:8404                 # 監控頁面 Port
    stats enable
    stats uri /stats            # 網址路徑
    stats refresh 10s           # 刷新頻率
    stats auth admin:password   # 登入帳號:密碼 (請自行修改)

frontend kubernetes-api
    bind *:6444
    mode tcp
    option tcplog
    default_backend k8s_masters

backend k8s_masters
    mode tcp
    option tcp-check
    balance roundrobin
    # 若要更 aggressive 的健康檢查，可加：
    # tcp-check connect port 6443
    server master-A 10.10.0.85:6443 check fall 3 rise 2
    server master-B 10.10.0.87:6443 check fall 3 rise 2
    server master-C 10.10.0.89:6443 check fall 3 rise 2

frontend postgres_rw
    bind *:5000
    mode tcp
    option tcplog
    default_backend backend_rw

backend backend_rw
    mode tcp
    option httpchk GET /primary
    http-check expect status 200
    server f01 10.10.0.85:5432 check port 8008
    server f02 10.10.0.87:5432 check port 8008
    server f03 10.10.0.89:5432 check port 8008

frontend postgres_ro
    bind *:5001
    mode tcp
    option tcplog
    default_backend backend_ro

backend backend_ro
    mode tcp
    balance roundrobin
    option httpchk GET /read-only
    http-check expect status 200

    server f01 10.10.0.85:5432 check port 8008
    server f02 10.10.0.87:5432 check port 8008
    server f03 10.10.0.89:5432 check port 8008

frontend airflow_web
    bind *:8080
    mode http
    option httplog
    default_backend airflow_web_nodes

backend airflow_web_nodes
    mode http
    balance roundrobin
    option httpchk GET /api/v2/monitor/health
    http-check expect status 200

    # 永遠設定 proto
    http-request set-header X-Forwarded-Proto https if { ssl_fc }
    http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
    http-request set-header X-Forwarded-For %[src]
    http-request set-header Host %[req.hdr(host)]

    server k8s-master-1 10.10.0.85:30080 check
    server k8s-master-2 10.10.0.87:30080 check
    server k8s-master-3 10.10.0.89:30080 check

frontend doris_mysql
    bind *:9031
    default_backend doris_mysql_backend

backend doris_mysql_backend
    balance roundrobin
    option tcp-check
    server fe1 10.10.0.85:9030 check
    server fe2 10.10.0.87:9030 check
    server fe3 10.10.0.89:9030 check

frontend fe_rabbitmq_mgmt
  bind *:15672
  mode http
  default_backend be_rabbitmq_mgmt

backend be_rabbitmq_mgmt
  mode http
  balance roundrobin
  option httpchk GET /
  http-check expect status 200

  # 換成你的 master node IP
  server master1 10.10.0.85:31672 check
  server master2 10.10.0.87:31672 check
  server master3 10.10.0.89:31672 check