self-hosting/roles/kubernetes/templates/keepalived.conf.j2

global_defs {
  default_interface {{vpn_interface}}
}

vrrp_instance VI_1 {
  interface {{vpn_interface}}
  track_interface {
    {{vpn_interface}}
  }

{% if inventory_hostname == initial_master %}
  state MASTER
  priority 100
{% else %}
  state BACKUP
  priority 50
{% endif %}
  virtual_router_id {{ router_id }}
  nopreempt

  unicast_peer {
{% for host in groups['k8s_masters'] %}
    {{ hostvars[host]['vpn_ip'] }}
{% endfor %}
  }

  virtual_ipaddress {
    {{ api_floating_ip }}/{{ api_floating_mask }}
  }

  authentication {
    auth_type PASS
    auth_pass d0cker
  }

  notify "/container/service/keepalived/assets/notify.sh"
}

virtual_server {{ api_floating_ip }} {{ api_floating_port }} {
    delay_loop 10
    protocol TCP
    lb_algo rr
    # Use direct routing
    lb_kind DR
    persistence_timeout 7200

{% for host in groups['k8s_masters'] %}
    real_server {{ hostvars[host]['vpn_ip'] }} {{ api_floating_port }} {
        weight 1
        TCP_CHECK {
          connect_timeout 5
          connect_port 6443
        }
    }
{% endfor %}
}