Quick Tip: vSphere with Tanzu an HA-Proxy

This is a short article with tips and tricks I experienced when deploying vSphere with Tanzu and HA-Proxy as a Load Balancer.

Deploying Ha-Proxy OVA

Network

Alwasys use three NICs when deploying in a production environment. It is very important that these IP addresses do not overlap with the address ranges of your workloads and load balancers, or with the gateway itself.

At first it can be somewhat confusing what networks are needed and which services will be deployed in each network.

• Management: Your Management Network (must be only accessible for Admins, like vCenter)
• Workload: This is the workload IP address for the HA Proxy server. This subnet will be used to for virtual servers created by HA-Proxy.
• Frontend: This is the frontend IP address for the HA Proxy server. From this network clients will access resources.

For a simple PoC you can safely use two NIC. Management is seperate and Workload/Frontend will be shared.

Certificate

Just leave it blank it will be generated for you.

Getting the Certificate

From your Workstation run the following command to get the Certificates from HA-Proxy needed for the Workload Management Feature Setup:

1scp root@haproxyMGMTIP:/etc/haproxy/ca.crt ca.crt && cat ca.crt