Open strelok899 opened 11 months ago
Thank you for taking the time to report this issue. It seems like there might be the resource priority in your Terraform code. I suspect that setting a depend_on attribute for the haproxy_bind resource to ensure it is created before haproxy_front might resolve the problem ( In fact, the haproxy_bind resource binds a port to the frontend configuration of HAProxy configuration ). To better assist you, Could you please share your Terraform code ? @strelok899
resource "haproxy_backend" "kubernetes_api_backend" {
count = var.external_loadbalancer_enabled ? 1 : 0
name = "${var.cluster-name}-kubeapi"
mode = "tcp"
balance {
algorithm = "source"
}
}
resource "haproxy_server" "kubernetes_api_backend_server" {
for_each = { for k, v in local.master_nodes_map : k => v if var.external_loadbalancer_enabled }
name = each.key
port = var.kubernetes_api_port
address = each.value.server_ip
parent_name = haproxy_backend.kubernetes_api_backend[0].name
parent_type = "backend"
check = true
inter = 10
rise = 2
fall = 2
depends_on = [haproxy_backend.kubernetes_api_backend]
}
resource "haproxy_frontend" "kubernetes_api_front" {
count = var.external_loadbalancer_enabled ? 1 : 0
name = "${var.cluster-name}-kubeapi"
backend = haproxy_backend.kubernetes_api_backend[0].name
mode = "tcp"
tcplog = true
depends_on = [haproxy_backend.kubernetes_api_backend]
}
resource "haproxy_bind" "kubernetes_api_front_bind" {
count = var.external_loadbalancer_enabled ? 1 : 0
name = "${var.cluster-name}-kubeapi-bind"
port = var.kubernetes_api_bind_port
address = var.kubernetes_api_bind_address
mode = "tcp"
parent_name = haproxy_frontend.kubernetes_api_front[0].name
parent_type = "frontend"
depends_on = [haproxy_frontend.kubernetes_api_front]
}
@SepehrImanian
It appears there's an issue with the HAProxy data plane API when configuring a frontend as TCP and then attempting to set a TCP bind. This results in the following error:
bind '' in section 'frontend' 'mode' missing or invalid mode 'tcp'
To resolve this issue, you can simply remove the mode = "tcp" setting from the haproxy_bind resource.
Additionally, I'll be enhancing error handling for HAProxy data plane responses in version v0.0.8.
@strelok899
resource "haproxy_backend" "kubernetes_api_backend" {
count = var.external_loadbalancer_enabled ? 1 : 0
name = "${var.cluster-name}-kubeapi"
mode = "tcp"
balance {
algorithm = "source"
}
}
resource "haproxy_server" "kubernetes_api_backend_server" {
for_each = { for k, v in local.master_nodes_map : k => v if var.external_loadbalancer_enabled }
name = each.key
port = var.kubernetes_api_port
address = each.value.server_ip
parent_name = haproxy_backend.kubernetes_api_backend[0].name
parent_type = "backend"
check = true
inter = 10
rise = 2
fall = 2
depends_on = [haproxy_backend.kubernetes_api_backend]
}
resource "haproxy_frontend" "kubernetes_api_front" {
count = var.external_loadbalancer_enabled ? 1 : 0
name = "${var.cluster-name}-kubeapi"
backend = haproxy_backend.kubernetes_api_backend[0].name
mode = "tcp"
tcplog = true
depends_on = [haproxy_bind.kubernetes_api_front_bind]
}
resource "haproxy_bind" "kubernetes_api_front_bind" {
count = var.external_loadbalancer_enabled ? 1 : 0
name = "${var.cluster-name}-kubeapi-bind"
port = var.kubernetes_api_bind_port
address = var.kubernetes_api_bind_address
parent_name = haproxy_frontend.kubernetes_api_front[0].name
parent_type = "frontend"
}
@SepehrImanian , so basically like this should work?
maybe you can help me on second issue
server pve-master-2 2.2.2.2:443 check check-ssl verify none
how to set check-ssl verify none
in the server
and superb work on the provider! really high quality project @SepehrImanian kudos
The HAProxy data plane API currently supports features like "check-ssl," "verify," and "none," but these functionalities have not yet been integrated into provider. However, I plan to include them in the upcoming release. @strelok899
Description
i have machine with 2 interfaces with 2 addresses 1.1.1.1 1.1.1.2 what i trying to achieve is :
Steps to Reproduce
Expected behavior: `frontend http_443 mode tcp bind 1.1.1.1:443 stats uri /haproxy?stats default_backend ingress_443
backend ingress_443 mode tcp balance source server pve-master-2 2.2.2.2:443 check check-ssl verify none server pve-master-3 2.2.2.3:443 check check-ssl verify none server pve-master-1 2.2.2.1:443 check check-ssl verify none
`
Actual behavior:
` frontend http_443 mode tcp stats uri /haproxy?stats default_backend ingress_443
backend ingress_443 mode tcp balance source server pve-master-2 2.2.2.2:443 check check-ssl verify none server pve-master-3 2.2.2.3:443 check check-ssl verify none server pve-master-1 2.2.2.1:443 check check-ssl verify none `
Reproduces how often: always
Versions
Not required yet
Additional Information
Any additional information, configuration or data that might be necessary to reproduce the issue.