haproxy | Development repository for the haproxy cookbook | Configuration Management library

i have a question related to design and architecture needs instead of issue one, we have a kubernetes cluster which handle our production workload, we need to secure external traffic to this cluster so we have designed this approach :

• make a worker node with ingress controller and without any workload
• place this worker node in a DMZ zone in order to handle external traffic to our clusterIP services of our applications.

is that a good idea for securing our workloads ?

if we place an HAproxy in a DMZ zone (as a L4 just to load balance traffic to workers to be handled by ingress nginx for ex) it'll not give us an other level of security (protocol break)

note that we don't have a WAF. Any ideas please??

I am using Kubernetes services with custom endpoints to access external redis cluster.

But I can't know which one is master and I want to ensure it only forward incoming connections to reach a master.

Is there anything in Kubernetes I could use for checking nodes and to get master?

This is piece of code from haproxy that does the job I need

I have configured a K8S cluster with istio-ingressgateway as per the docs.

Although the HPE Container Platform managed haproxy gateway can route traffic to the istio-ingressgateway, I would like to access the host endpoints directly.

How can I determine the ingress IP addresses and ports for the hosts avoiding the managed haproxy gateway?

I have a PostgreSQL cluster on Patroni (Haproxy+Keepalived+etcd) - one primary node and two standby nodes.

For now, Haproxy is configured in this way:

• port 5000 to connect to the primary node
• port 5001 to connect to the standby nodes

How can I configure Haproxy so that the port 5001 is used to connect to the standby nodes as well as the primary node?

This is my haproxy.cfg below:

I am using HAProxy as the ingress-controller in my GKE clusters. And exposing HAProxy service as LoadBalancer service(Internal).

Recently, I experienced an issue, where the HA-Proxy service changed its EXTERNAL-IP, and traffic stopped routing to HAProxy. This issue occurred multiple times on different days(now it has stopped). I had to manually add that new External-IP to the frontend of that Loadbalancer to allow traffic to HAProxy.
There were two pods running for HAProxy, and both had been running for days, and there was nothing in their logs. I assume it was something related to Service or GCP LB and not HAProxy itself.
I am afraid that I don't have any logs related to that.

I still don't know, what caused the service IP to change. As there were no recent changes, and the cluster and all services were running for many days properly, and suddenly this occurred.

Has anyone faced a similar issue earlier? Or what can I do to avoid such issue in future?
What could have caused the IP to change?

This is how my service is configured:

I'm final student who research and implement Openstack Victoria. When I configure Project: Octavia - Loadbalancer on multi-node - CentOS8, I have a issue. Seem like octavia.amphorae.drivers.haproxy.rest_api_driver couldn't connect to Amphora instance and port 9443 didn't run on my Network Node aka Octavia-API. In controller node, the amphora instance still running nornally. I follow https://www.server-world.info/en/note?os=CentOS_8&p=openstack_victoria4&f=11 to configure my lab. This is my cfg file below, pls help me to figure out. Regards!

I created lb_net in type vxlan and lb-secgroup, when i use command to create lb it still pending-create:

I would like to use the haproxy option forwardfor except network-here for multiple networks, not just a single one.

I'm looking for something like

I have two servers, one serves HTTP and the other serves HTTPS.

I opened a TCP connection to the HTTP server

I configure openstack victoria multi-node on CentOS8. When I create amphora-disk-image (option -r rootpassword), I have an issue: