kubespray/roles/kubernetes/node/templates/loadbalancer/haproxy.cfg.j2

global
    maxconn                 4000
    log                     127.0.0.1 local0

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option                  http-server-close
    option                  redispatch
    retries                 5
    timeout http-request    5m
    timeout queue           5m
    timeout connect         30s
    timeout client          {{ loadbalancer_apiserver_keepalive_timeout }}
    timeout server          15m
    timeout http-keep-alive 30s
    timeout check           30s
    maxconn                 4000

{% if loadbalancer_apiserver_healthcheck_port is defined -%}
frontend healthz
  bind 0.0.0.0:{{ loadbalancer_apiserver_healthcheck_port }}
  {% if enable_dual_stack_networks -%}
  bind :::{{ loadbalancer_apiserver_healthcheck_port }}
  {% endif -%}
  mode http
  monitor-uri /healthz
{% endif %}

frontend kube_api_frontend
  bind 127.0.0.1:{{ loadbalancer_apiserver_port|default(kube_apiserver_port) }}
  {% if enable_dual_stack_networks -%}
  bind [::1]:{{ loadbalancer_apiserver_port|default(kube_apiserver_port) }};
  {% endif -%}
  mode tcp
  option tcplog
  default_backend kube_api_backend

backend kube_api_backend
  mode tcp
  balance leastconn
  default-server inter 15s downinter 15s rise 2 fall 2 slowstart 60s maxconn 1000 maxqueue 256 weight 100
  option httpchk GET /healthz
  http-check expect status 200
  {% for host in groups['kube_control_plane'] -%}
  server {{ host }} {{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(fallback_ips[host])) }}:{{ kube_apiserver_port }} check check-ssl verify none
  {% endfor -%}