From c5f738e1e4d2355d4fb68ab7f37a3e7392cbac76 Mon Sep 17 00:00:00 2001
From: ss75710541 <75710541@qq.com>
Date: Thu, 14 Oct 2021 17:55:39 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20haproxy=20=E5=A2=9E=E5=8A=A0=20ingress?=
 =?UTF-8?q?=20nodeport=20=E8=BD=AC=E5=8F=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ansible.hosts.ha.vip.tpl                      |  4 +++
 roles/ha-loadbalance/templates/haproxy.cfg.j2 | 32 ++++++++++++++++++-
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/ansible.hosts.ha.vip.tpl b/ansible.hosts.ha.vip.tpl
index 7b3cd66..f962d71 100644
--- a/ansible.hosts.ha.vip.tpl
+++ b/ansible.hosts.ha.vip.tpl
@@ -54,6 +54,10 @@ keepalived_image="{{registry_repo}}/osixia/keepalived:2.0.17"
 keepalived_router_id=250
 keepalived_auth_pass=solarfs{{keepalived_router_id}}
 
+# open haproxy ingress tcp proxy
+ingress_nodeport_http=32080
+ingress_nodeport_https=32443
+
 # helm
 helm_binary_md5=e4500993ba21e5e6bdfbc084b4342025
 helm_binary_url=https://pnode.solarfs.io/dn/file/{{helm_binary_md5}}/helm-v3.6.0-linux-amd64.tar.gz
diff --git a/roles/ha-loadbalance/templates/haproxy.cfg.j2 b/roles/ha-loadbalance/templates/haproxy.cfg.j2
index 84d94d7..9e26cb1 100644
--- a/roles/ha-loadbalance/templates/haproxy.cfg.j2
+++ b/roles/ha-loadbalance/templates/haproxy.cfg.j2
@@ -47,5 +47,35 @@ backend apiserver
     option ssl-hello-chk
     balance     roundrobin
 {% for host in groups['masters'] %}
-        server {{ hostvars[host].inventory_hostname}} {{ hostvars[host].ansible_host }}:{{api_server_src_port}} check
+    server {{ hostvars[host].inventory_hostname}} {{ hostvars[host].ansible_host }}:{{api_server_src_port}} check
 {% endfor %}
+
+{% if ingress_nodeport_http is defined %}
+frontend ingress-nginx-http
+    bind *:80
+    mode tcp
+    option tcplog
+    default_backend ingress-nginx-http
+
+backend ingress-nginx-http
+    mode tcp
+    balance     roundrobin
+{% for host in groups['masters'] %}
+    server {{ hostvars[host].inventory_hostname}} {{ hostvars[host].ansible_host }}:{{ingress_nodeport_http}} check
+{% endfor %}
+{% endif %}
+
+{% if ingress_nodeport_https is defined %}
+frontend ingress-nginx-https
+    bind *:443
+    mode tcp
+    option tcplog
+    default_backend ingress-nginx-https
+
+backend ingress-nginx-https
+    mode tcp
+    balance     roundrobin
+{% for host in groups['masters'] %}
+    server {{ hostvars[host].inventory_hostname}} {{ hostvars[host].ansible_host }}:{{ingress_nodeport_https}} check
+{% endfor %}
+{% endif %}