This document outlines the essential initial troubleshooting steps and basic operations for the HAProxy virtual appliance in a vSphere Kubernetes Service (VKS) environment.

vSphere Kubernetes Service

1. Verifying Process Status

Ensure that HAProxy and its associated routing services are running correctly.

systemctl status haproxy
systemctl status anyip-routes
systemctl list-units --state=failed # Identify any failed processes

2. HAProxy Basic Configuration and Operations

# Configuration file path
/etc/haproxy/haproxy.cfg

# Validate configuration file syntax
haproxy -c -f /etc/haproxy/haproxy.cfg

# Reload the HAProxy service
systemctl reload haproxy

# Review HAProxy service logs:
journalctl -xeu haproxy

3. Verifying VIP and Network Routing Configurations

# Check the VIP range configuration file
cat /etc/vmware/anyip-routes.cfg

# Review anyip-routes service logs
journalctl -xeu anyip-routes

# Ensure the VIP ranges specified in anyip-routes.cfg are properly registered in the OS local routing table.
ip route list table local | grep local

# Check the Workload Network configuration file
cat /etc/vmware/workload-networks.cfg

4. Verifying Management API and Certificate

Checking HAProxy CA Certificate Expiration

The default self-signed certificate is valid for 10 years, so unexpected expiration is rare. However, periodic checks are recommended if a custom certificate has been applied.

cat /etc/haproxy/ca.crt | openssl x509 -serial -dates -issuer -noout

Management API Health

Access the following URL via a web browser (or use curl from the command line) to confirm it returns API version and status information in JSON format.

https://<HAPROXY_MGMT_IP_FQDN>:5556/v2/info

• HAProxy service fails to start after adding new Virtual IP Ranges in VKS
• Japanese KB: https://knowledge.broadcom.com/external/article?articleNumber=431363