change secure haproxy kubernetes connection
diff --git a/haproxy/proxy/listen/kubernetes/apiserver.yml b/haproxy/proxy/listen/kubernetes/apiserver.yml
new file mode 100644
index 0000000..a45a71a
--- /dev/null
+++ b/haproxy/proxy/listen/kubernetes/apiserver.yml
@@ -0,0 +1,24 @@
+parameters:
+ haproxy:
+ proxy:
+ listen:
+ k8s_secure:
+ type: kubernetes
+ options:
+ - ssl-hello-chk
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 443
+ servers:
+ - name: ${_param:cluster_node01_hostname}
+ host: ${_param:cluster_node01_address}
+ port: 443
+ params: check
+ - name: ${_param:cluster_node02_hostname}
+ host: ${_param:cluster_node02_address}
+ port: 443
+ params: check
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: 443
+ params: check
\ No newline at end of file
diff --git a/haproxy/proxy/listen/kubernetes/apiserver_secure.yml b/haproxy/proxy/listen/kubernetes/apiserver_secure.yml
deleted file mode 100644
index a2994ef..0000000
--- a/haproxy/proxy/listen/kubernetes/apiserver_secure.yml
+++ /dev/null
@@ -1,36 +0,0 @@
-parameters:
- haproxy:
- proxy:
- listen:
- k8s_secure:
- mode: http
- http_request:
- # Common proxy headers
- - action: "set-header X-Forwarded-Port %[dst_port]"
- - action: "add-header X-Forwarded-Proto https"
- condition: "if { ssl_fc }"
- - action: "add-header X-Forwarded-Proto http"
- condition: "if !{ ssl_fc }"
- options:
- - forwardfor
- - httpclose
- - httplog
- binds:
- - address: ${_param:cluster_vip_address}
- port: 443
- ssl:
- enabled: true
- pem_file: /etc/kubernetes/ssl/kubernetes-server.pem
- servers:
- - name: ${_param:cluster_node01_hostname}
- host: ${_param:cluster_node01_address}
- port: 443
- params: "check ssl verify none"
- - name: ${_param:cluster_node02_hostname}
- host: ${_param:cluster_node02_address}
- port: 443
- params: "check ssl verify none"
- - name: ${_param:cluster_node03_hostname}
- host: ${_param:cluster_node03_address}
- port: 443
- params: "check ssl verify none"