diff --git a/clusters/k8s01/nginx-system/haproxy.yaml b/clusters/k8s01/nginx-system/haproxy.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..3b23e59ce61043ce979c04a6f5a0fe1faf76094d
--- /dev/null
+++ b/clusters/k8s01/nginx-system/haproxy.yaml
@@ -0,0 +1,130 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: haproxy
+ labels:
+ app.kubernetes.io/name: haproxy
+ app.kubernetes.io/instance: haproxy
+ app.kubernetes.io/component: haproxy
+spec:
+ replicas: 2
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: haproxy
+ app.kubernetes.io/instance: haproxy
+ app.kubernetes.io/component: haproxy
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: haproxy
+ app.kubernetes.io/instance: haproxy
+ app.kubernetes.io/component: haproxy
+ spec:
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: app.kubernetes.io/name
+ operator: In
+ values:
+ - haproxy
+ - key: app.kubernetes.io/instance
+ operator: In
+ values:
+ - haproxy
+ - key: app.kubernetes.io/component
+ operator: In
+ values:
+ - haproxy
+ topologyKey: kubernetes.io/hostname
+ containers:
+ - name: haproxy
+ image: docker.io/library/haproxy:2.8.2
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 80
+ protocol: TCP
+ - containerPort: 443
+ protocol: TCP
+ volumeMounts:
+ - mountPath: /usr/local/etc/haproxy/
+ name: haproxy-config
+ resources:
+ requests:
+ memory: 128Mi
+ cpu: 10m
+ limits:
+ memory: 1Gi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ runAsUser: 102
+ restartPolicy: Always
+ volumes:
+ - name: haproxy-config
+ configMap:
+ name: haproxy-config
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ sysctls:
+ - name: 'net.ipv4.ip_unprivileged_port_start'
+ value: "0"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: haproxy-config
+ namespace: nginx-system
+data:
+ haproxy.cfg: |
+ listen http
+ bind 0.0.0.0:80
+ mode tcp
+ log stdout format short daemon info
+ timeout connect 7s
+ timeout client 10m
+ timeout server 10m
+ server svc-nginx-ingress-http nginx-ingress-ingress-nginx-controller:80 send-proxy-v2
+
+ listen https
+ bind 0.0.0.0:443
+ mode tcp
+ log stdout format short daemon info
+ timeout connect 7s
+ timeout client 10m
+ timeout server 10m
+ server svc-nginx-ingress-https nginx-ingress-ingress-nginx-controller:443 send-proxy-v2
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/name: haproxy
+ app.kubernetes.io/instance: haproxy
+ app.kubernetes.io/component: haproxy
+ name: haproxy-proxy-protocol
+ namespace: nginx-system
+spec:
+ externalIPs:
+ - 116.203.244.59
+ externalTrafficPolicy: Local
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: 80
+ - name: https
+ port: 443
+ protocol: TCP
+ targetPort: 443
+ selector:
+ app.kubernetes.io/name: haproxy
+ app.kubernetes.io/instance: haproxy
+ app.kubernetes.io/component: haproxy
+ type: LoadBalancer
diff --git a/clusters/k8s01/nginx-system/release-override.yaml b/clusters/k8s01/nginx-system/release-override.yaml
index a03625313729a58920b90087787a9e863b3f7c55..df3ed0f17070bcc53aa406afca44d297eaaf0663 100644
--- a/clusters/k8s01/nginx-system/release-override.yaml
+++ b/clusters/k8s01/nginx-system/release-override.yaml
@@ -5,15 +5,15 @@ metadata:
namespace: nginx-system
type: Opaque
stringData:
- values-overrides.yaml: ENC[AES256_GCM,data:mIQtKGegxGNV2Fkl0hQXLaam2EQCaVwJ3R+UFdjrMf1e2YnjiBm7OoB2oqjL/51353btrBc8s3DO5D9+EsPmsM73TsaIiMtcv5jVQ/UTWTWVKlAjiIjrszDXT0CIgVDwfvsOl+6ztXuupxhM98CEQdeGv35VFu5XAJyN6+/vz0EXP8AwS1NGiCbzCR03B+9LlqXY1QO/pw==,iv:V9uCRqPg9ot34I+rTVLfqr5LbBpCpBt/LHMkfkAvktM=,tag:aqvfOXt6vOUaGpXoaFfdOw==,type:str]
+ values-overrides.yaml: ENC[AES256_GCM,data:Ie8tjjALb6+iyPQ1Jqr95NA6t4vfsV6JgKVMaUKVNMbp1ID7Aplwkv9rX7KtU+poqgjJk8OLzl7Gy6XFVCU0rhR1zjPtlYGQdDP0S7oUllquPq18EpIBMWQLILi+WLj6NzMfSx3Krd2dwaleVw8Pb9cIKGpdf3WUEAEpW7ONLywEBbrqz4nDTrYNppPBSOPDdUPRaKmTbeW8hqYzwfuigZfQvKE=,iv:Xa5Vy1diaKcI4ZCFl+9zlu/Ah2tZUJ3hxLMTcGwEEco=,tag:bybBokXQUWKKdP3Sga8ATQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
- lastmodified: "2023-09-15T20:34:46Z"
- mac: ENC[AES256_GCM,data:0TfkDbaU7/nuDowbVKvnWUc65FnNFW3alvdNXzM564F/BZHN7w8nS7Nc3Lfpzrw28zXhCjFohLwJfOZX778fqmDOSeejGxvyKIAoz5mxqVyLHsxH/fuatzlrSaB/wXjeS4wouR/x+U5d3efJ8eGahDGwk1OpF1nUJy8bcrBpD5s=,iv:Wtd0QH1J2iBUlIW7TQk/yKQt6Be7hasuv9r3abPF4tY=,tag:XBpoIIVwbzOYrbS55YrRQw==,type:str]
+ lastmodified: "2023-09-15T20:40:46Z"
+ mac: ENC[AES256_GCM,data:wp8IJaqv/bnutbNf5a7QPGnL2jOuErN2glmnXH5b4zdZ9eqTGTEn5qJSNpe3X9BvsnxQvynrCA/Wydea2fwDg+yISPk2Ha+wwefqbNBUiz2gmbflTmGkgYrzBINwBFc2Gc+DUvongcF7F4hdjXaHEOLWTEoxawai1pQSZB6SAXI=,iv:8M4KXpzktQ1tuL24+yHr3hw2xebCoZV5+pQocQUK33c=,tag:YwgG69QEUUHFIoBcAUU/5A==,type:str]
pgp:
- created_at: "2022-02-09T22:43:33Z"
enc: |-