haproxy

The files for vSphere with Tanzu with HA Proxy are available at: https://github.com/haproxytech/vmware-haproxy

For setup, see vSphere with Tanzu Quick Start Guide

Management (DHCP) - 192.168.10.0/24 - gateway 192.168.10.1 VLAN12 - 192.168.12.0/24 - gateway 192.168.12.1 (Workload) VLAN15 - 192.168.15.0/24 - gateway 192.168.15.1 (Frontend)

Supervisor VMs are deployed with NICs on Management and Workload networks HAProxy is deployed with two virtual NICs (Default configuration), one connected to the management network, and a second one connected to the Primary Workload Network.

  • The Frontend network is only used when the HAProxy control plane VM is deployed with three NICs
  • Recommended for production installations.
  • The Frontend network is where you expose the virtual IP address (VIP). HAProxy will balance and forward the traffic to the appropriate backend.

Workload Management

Host Name haproxy.markalston.net

DNS: 8.8.8.8, 8.8.4.4

Management IP Address: 192.168.10.12/24 Gateway: 192.168.10.1 Subnet Mask: 255.255.255.0 DNS Server: 8.8.8.8, 8.8.4.4 NTP Server: time.vmware.com

Workload IP: 192.168.12.2/24 Workload gateway 192.168.12.1

Frontend IP Address: 192.168.15.2/24 Gateway: 192.168.15.1 Subnet Mask: 255.255.255.0 DNS Server: 8.8.8.8, 8.8.4.4 NTP Server: time.vmware.com

Load Balancer IP Ranges, comma-separated in CIDR format (Eg 1.2.3.4/28,5.6.7.8/28): 192.168.15.128/25

Loadbalancer: Name: haproxy Type: HAProxy Management IP addresses: 192.168.10.12:5556 User name: admin Password: Cl0udFoundry! Virtual IP Ranges: 192.168.24.66-192.168.15.254 Server Certificate Authority: In order to obtain this you will need to SSH into the HAProxy VM and copy the content of server.crt located in /etc/haproxy —–BEGIN CERTIFICATE—– MIIECDCCAvCgAwIBAgIJANvTHyrya4PUMA0GCSqGSIb3DQEBCwUAMG4xCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlQYWxvIEFsdG8x DzANBgNVBAoMBlZNd2FyZTENMAsGA1UECwwEQ0FQVjEWMBQGA1UEAwwNMTkyLjE2 OC4xMC4xMjAeFw0yMTEwMzAyMzUzMTlaFw0zMTEwMjgyMzUzMTlaMHcxCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlQYWxvIEFsdG8x DzANBgNVBAoMBlZNd2FyZTENMAsGA1UECwwEQ0FQVjEfMB0GA1UEAwwWaGFwcm94 eS5tYXJrYWxzdG9uLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB ALoetUmJuuzXo9YKtFbXQPJg5Iuzt3b9GoxM2lw97rHl/l3rabWH0X7qRPO1j3n1 KJ4EBWG0gGMOnG2l64aODzTpY0G8YzHRfYfHo8FJPEraWfFl2Nyy7OIWo4vtd/Hi CZFT+0rKwsPSq3t+8PKIpL9muwefDZ+LiEtx4Mlq7OXokY2ER11uK/vtKLtUWXXZ cVYv8eZAUx2hWnWxS34ahFLvW9Gs7Efg1ZOBLIjpwVZqsjf3vW99vUN7il8oHUb1 gP7XtD909mBUy8VgTzUcSm2wxJE/VvAFvCwj4WVjVrB94F/ZSXnY9EivU51EY5F6 O59BKFRoYe3s+y6Y47yZA7cCAwEAAaOBnzCBnDAJBgNVHRMEAjAAMAsGA1UdDwQE AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwHQYDVR0OBBYEFPhz tgsOVt0N3TFUuqAQFogJjeqSMEQGA1UdEQQ9MDuCFmhhcHJveHkubWFya2Fsc3Rv bi5uZXSCCWxvY2FsaG9zdIcEfwAAAYcEwKgKDIcEwKgLAocEwKgMAjANBgkqhkiG 9w0BAQsFAAOCAQEAkCMPwN6yh1zv30waF4nlHHxdteFbNAYbVgTE1Pxig20GNR8G VQwPv9mGER2yNF9CzHuBVRR7xBhQTvVRbr9BAqusb2aEiddmw8vJlLHHjIIXeR46 A8xXKB1+CIA1Wt8WD4O4FrqbkhIpXs2BwdaYsjecWjzTIoidIybpLJBM+H6L8ZbJ aCH8xCRcOoad+Ssl9zdUAJrqKLp5ZXpz1xfdhXpFUshxt6+P3Z97HphhUmtUSjBw /FqgqO71cXMidE3ImS6UYtgovQffQIv5ATEloQvB0hCSsT6LrBx0OhM9pfYl/aOn LVuNKWVzbLKv0MXnzU7afqxrb2TIXSx6IcPmIw== —–END CERTIFICATE—– ssh root@haproxy.markalston.net Cl0udFoundry!

  • Configure the Management network parameters for the Control Plane and Worker nodes

Management Network: VM Network Starting IP Address: 192.168.10.210 Subnet Mask: 255.255.255.0 Gateway: 192.168.10.1 DNS Server: 8.8.8.8,8.8.4.4 DNS Search Domain(s): markalston.net NTP Server: time.vmware.com

Workload Network Internal Network for for Kubernetes Services: 10.96.0.0/24 Port Group: user-workload Network Name: workload-1 Ip Address Ranges: 192.168.12.3-192.168.12.254 Subnet Mask: 255.255.255.0 Gateway: 192.168.12.1 DNS Servers: 8.8.8.8,8.8.4.4 NTP Servers: time.vmware.com

Tiny

kubectl vsphere login –vsphere-username administrator@vsphere.local –server=https://192.168.15.130 –insecure-skip-tls-verify

192.168.10.64/26 wcp Cl0udFoundry!

—–BEGIN RSA PRIVATE KEY—– MIIEpAIBAAKCAQEAuh61SYm67Nej1gq0VtdA8mDki7O3dv0ajEzaXD3useX+Xetp tYfRfupE87WPefUongQFYbSAYw6cbaXrho4PNOljQbxjMdF9h8ejwUk8StpZ8WXY 3LLs4haji+138eIJkVP7SsrCw9Kre37w8oikv2a7B58Nn4uIS3HgyWrs5eiRjYRH XW4r++0ou1RZddlxVi/x5kBTHaFadbFLfhqEUu9b0azsR+DVk4EsiOnBVmqyN/e9 b329Q3uKXygdRvWA/te0P3T2YFTLxWBPNRxKbbDEkT9W8AW8LCPhZWNWsH3gX9lJ edj0SK9TnURjkXo7n0EoVGhh7ez7LpjjvJkDtwIDAQABAoIBADq/Ip25mYTUc+RF sLKQcvGOX9UwvsISFeUfBPWEnukMHYProIwp+JhEvcrnDgiCt3VY85HpdXTO0dVS P8tS373lxOyk1/KLm0HWY/vIb/14eldVvGO9HkQmvSyXofp5TGfQyErNQTiqMHJk mQ0U0FuRw4seSyCG3Fhj833gADJ48Ut2dNSTH2QsIuKhp9/K6jwwOsHh0MYKC0IN vylDiU2IEPbvaZLXdz9Z0MMBOX0lZqw/edp4oe+BJlRrry2Tjhz0FgpsKOjY8urH Aq+5VWD9fabbnpqqeQ32xzVl7CcTMdeOs+fpVfevvcv1YHS/Q8ukZPsE5kUbQ4wy Hz3zf+ECgYEA9yjO2lzrXFn0Ll+z+bY1b8FtuddkOUUpu+6D8Akddde8lVMpW0xw rNX8AlrHqBWDPa9V+8K6dZ59GZxedxKMUKjNERQNtuY6D+BIkD904xkIpv5a2jNf ztOrBSD2FMKXfX7BHrOu36KPCpdcilJo33Y6oZKg+MvWRy4SSfJ4Wy8CgYEAwMb5 MMUb6+HitrQt0eg/UZATMVMKsvURwK7qN6eL1prc274xlagwANs1UQd45PmJLkUV nWpM3airGxP+5MjVdCXMn6xg5Sw28/vwWVKeWxmEBUOTECA1UDh4mTCWUzfKNU2l Td0LMV9K0F2PL22NwIO2AOkcHhaCzr1nsZMMHfkCgYEAjC/FQ+24QWV0Lmlx94z1 ujGIPwSAgEtOZJ3gj+FbqF95Q2kr5/DvZ9jnW56J6DhrfC1bI7VLdTMz2bbrjbYj iAx2Y91v+fGTtTWNcuPLNJQaaD2U4naJPRKpyfrsGNJWgoPGnddktMvLPkKj5oDf ov+4ObSlQPi8zRrAnNi+k1kCgYB3BOGo2KkqcyXUA14esLMXGkqfM1PxtRimy9dT USAm+SnOiZh3e4VXof9C7cgYJnApnwF/VLfsSkyJxUij29LdiNDS7ExOcYPkEvIL U9TtDc3SqivL0vbXdmYOvk6xRkqTqkKa1hQpAVphVsImWA8igq8F1OZFNUTBe3Lf 0ZezkQKBgQCDiciRJQRf3NShY5Sj2dtqRG92YNCDf/FvDr47V/zRhQS/vXW3vHCL GBpW+SXBuFcFp+tc1GMLk0JvjgUehB5Bx7b7jNLJOX4n8xHa2mhRfbcuzYEqcCqA lXAXutq9UMGlciiGKM/nYm0brviK7zthycuS7+GXdK1xzqBT3zcyZw== —–END RSA PRIVATE KEY—–

This project is for educational and home lab purposes.