This message was deleted.
# k3sa
adamant-kite-43734
01/27/2024, 8:15 AMThis message was deleted.
c
creamy-pencil-82913
01/27/2024, 9:28 AMHave you looked into enabling proxy protocol between haproxy and Traefik?
creamy-pencil-82913
01/27/2024, 9:28 AMThat would be the least work
creamy-pencil-82913
01/27/2024, 9:29 AMYou could also redo everything to tear out haproxy and just use multiple DNS records with a short ttl, and just take the DNS record for that host out before you take it down for maintenance. That's commonly known as DNS load balancing.
b
better-rose-3015
01/27/2024, 10:05 AMLooks like I hit an old bug at traefik helm chart and upgrading the whole thing fixed the proxy working. That's probably the best solution :o) For the records:
Copy code
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: traefik
namespace: kube-system
spec:
valuesContent: |-
ports:
websecure:
proxyProtocol:
insecure: true
web:
proxyProtocol:
insecure: true/var/lib/rancher/k3s/server/manifests/traefik-config.yamlinsecure: truetrustedIPs: [ "10.0.0.0/8" ]q
quick-dentist-45681
01/28/2024, 8:01 AMThere are also options for solving the virtual ip problem. I would look into purelb or metallb.
You could also build your own using things like keepalived and haproxy. A former company I worked at built their own combination LB/ingress controller using keepalived + haproxy + some python scripts.
b
better-rose-3015
01/29/2024, 7:49 AM@quick-dentist-45681 I only have a bunch on VMs from a hosting provider who doesn't offer anything like LB. I don't know which of the VMs are on the same hypervisor or even DC. I don't think HA is possible with this setup, or is it?
q
quick-dentist-45681
01/29/2024, 8:46 AMSo the idea of purelb and metallb is that they manage one or more virtual ips, and one of your designated vms holds that ip (in addition to its real ip). If that vm goes down, purelb/metallb arranges for one of the other vms to take over the virtual ip.
For this to work on public internet, you need all your designated vms to be publicly accessible on the internet, and you need a range of public ips that you can select virtual ips from, that get routed into your network. I've never done the network side of that, so don't know how difficult that part is, but the purelb docs have some details about what you need I believe.
Of course, if all your vms are really on the same bare-metal server, and that server goes down, then you'll be offline no matter what, but there are a range of situations where one vm can be down, while the others are up, and these solutions work well in those cases.
I recommend checking out the purelb docs.
b
better-rose-3015
01/29/2024, 8:49 AMyou need a range of public ips that you can select virtual ips from, that get routed into your networkAnd that is exactly what I don't have. I don't have any virtual IPs, just 1 fixed IP per server. It could work with IPv6, but I'm not sure I want to get involved with this right now. There's also no way to use BGP or anything like that. Sadly
better-rose-3015
01/29/2024, 8:51 AMI could potentially, as Brandon suggested, just ditch the LB and use DNS for load-balancing, but this won't help me when one of the servers goes down unscheduled. It's just not an ideal setup.
3 Views