Customize the HAProxy control plane VM, including configuration settings, network settings, and load balancing settings.

Appliance Configuration Settings

The table lists and describes the parameters for HAProxy appliance configuration.
Parameter Description Remark or Example
Root Password Initial password for the root user (6-128 characters). Subsequent changes of password must be performed in operating system.
Permit Root Login

Option to allow the root user to login to the VM remotely over SSH.

Root login might be needed for troubleshooting, but keep in mind the security implications of allowing it.
TLS Certificate Authority (ca.crt)

To use the self-signed CA certificate, leave this field empty.

To use your own CA certificate (ca.crt), paste its contents into this field.

You might need to Base64-encode the contents. https://www.base64encode.org/

If you are using the self-signed CA certificate, the public and private keys will be generated from the certificate.

Key (ca.key)

If you are using the self-signed certificate, leave this field empty.

If you provided a CA certificate, paste the contents of the certificate private key in this field.

Network Configuration

The table lists and describes the parameters for HAProxy network configuration.
Parameter Description Remark or Example
Host Name The host name (or FQDN) to assign to the HAProxy control plane VM Default value: haproxy.local
DNS A comma-separated list of DNS server IP addresses.

Default values: 1.1.1.1, 1.0.0.1

Example value: 10.8.8.8

Management IP

The static IP address of the HAProxy control plane VM on the Management network.

A valid IPv4 address with the prefix length of the network, for example: 192.168.0.2/24.

Management Gateway

The IP address of the gateway for the Management network.

For example: 192.168.0.1

Workload IP

The static IP address of the HAProxy control plane VM on the Workload network.

This IP address must be outside of the load balancer IP address range.

A valid IPv4 address with the prefix length of the network, for example: 192.168.10.2/24.

Workload Gateway

The IP address of the gateway for the Workload network.

For example: 192.168.10.1

If you select Frontend configuration, you must enter a gateway. The deployment will not be successful if Frontend is selected and no gateway is specified.

Frontend IP

The static IP address of the HAProxy appliance on the Frontend network.

This value is only used when the Frontend deployment model is selected.

A valid IPv4 address with the prefix length of the network, for example: 192.168.100.2/24

Frontend Gateway

The IP address of the gateway for the Frontend network.

This value is only used when the Frontend deployment model is selected.

For example: 192.168.100.1

Load Balancing Settings

The table lists and describes the parameters for HAProxy load balancer configuration.
Parameter Description Example or Remark
Load Balancer IP Range(s)

In this field you specify a range of IPv4 addresses using CIDR format. The value must be a valid CIDR range or the installation will fail.

HAProxy reserves the IP addresses for virtual IPs (VIPs). Once assigned each VIP address is allocated, HAProxy replies to requests on that address.

The CIDR range you specify here must not overlap with the IPs you assign for the Virtual Servers when you enable Workload Management in the vCenter Server using the vSphere Client.

For example, the network CIDR 192.168.100.0/24 gives the load balancer 256 virtual IP addresses with range 192.168.100.0 - 192.168.100.255.

For example, the network CIDR 192.168.100.0/25 gives the load balancer 128 virtual IP addresses with range 192.168.100.0 - 192.168.100.127.

Dataplane API Management Port

The port on the HAProxy VM on which the load balancer's API service listens.

A valid port. Port 22 is reserved for SSH. The default value is 5556.

HAProxy User ID

Load balancer API user name

The username clients use to authenticate to the load balancer's API service.

Note: You need this username when you enable the Supervisor Cluster.
HAProxy Password

Load balancer API password

The password clients use to authenticate to the load balancer's API service.

Note: You need this password when you enable the Supervisor Cluster.