#### MAKE CHANGES HERE ONLY IF YOU REALLY KNOW WHAT YOU ARE DOING #####
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    log 127.0.0.1   local0

    user haproxy
    group haproxy

    pidfile     /var/run/haproxy.pid
    tune.ssl.default-dh-param 2048
    maxconn     10000
    daemon


#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    
    option                  dontlognull
    
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    
    maxconn                 10000


#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------

frontend KubeAPI
    bind *:6443
    mode tcp

    default_backend KubeAPI_backend

frontend Konnectivity
    bind *:8132
    mode tcp

    default_backend Konnectivity_backend

frontend ControllerJoinAPI
    bind *:9443
    mode tcp

    default_backend ControllerJoinAPI_backend


#---------------------------------------------------------------------
# backends
#---------------------------------------------------------------------

backend default
    mode http
    errorfile 503 /etc/haproxy/welcome.http

backend KubeAPI_backend
    mode tcp

    server k0s-controller1 [CONTROLLER-X1-IP]:6443 check check-ssl verify none
    server k0s-controller2 [CONTROLLER-X2-IP]:6443 check check-ssl verify none
    server k0s-controller3 [CONTROLLER-X3-IP]:6443 check check-ssl verify none

backend Konnectivity_backend
    mode tcp

    server k0s-controller1 [CONTROLLER-X1-IP]:8132 check check-ssl verify none
    server k0s-controller2 [CONTROLLER-X2-IP]:8132 check check-ssl verify none
    server k0s-controller3 [CONTROLLER-X3-IP]:8132 check check-ssl verify none

backend ControllerJoinAPI_backend
    mode tcp

    server k0s-controller1 [CONTROLLER-X1-IP]:9443 check check-ssl verify none
    server k0s-controller2 [CONTROLLER-X2-IP]:9443 check check-ssl verify none
    server k0s-controller3 [CONTROLLER-X3-IP]:9443 check check-ssl verify none


#---------------------------------------------------------------------
# stats
#---------------------------------------------------------------------

listen stats
   bind *:9000
   mode http
   stats enable
   stats uri /