Skip to content
RACHUNA-NET.PL

🌐 Architektura sieciowa klastra

Topologia fizyczna

Section titled “Topologia fizyczna”

Vault HA

Stos serwisów na każdym węźle

Section titled “Stos serwisów na każdym węźle”
SerwisPortRolaConfig
KeepalivedVRRPVIP failover (10.3.1.253)FQDN-based health check na :8200
HAProxy443 (HTTPS)Load balancer, SNI routingFrontendz: vault + consul DNS names
Vault8200 (HTTP), 8201 (cluster)Secrets + PKI engineStorage: Consul HA backend, TLS enabled
Consul8500 (HTTP), 8501 (HTTPS), 8502 (gRPC), 8600 (DNS)Storage backend, service discoveryServer mode, 3-node cluster, TLS + ACL

Routing SNI (HAProxy)

Section titled “Routing SNI (HAProxy)”
Client → vault.rachuna-net.pl:443

HAProxy :443 (TCP mode, SNI-aware)
  ├─ SNI: vault.rachuna-net.pl → localhost:8200 (Vault)
  └─ SNI: consul.rachuna-net.pl → localhost:8501 (Consul HTTPS)

Parametry Keepalived

Section titled “Parametry Keepalived”
  • Virtual IP: 10.3.1.253/24 na eth0
  • VRRP instance: VAULT_VIP, virtual_router_id 53
  • Health check: 5s interval, HTTP GET https://127.0.0.1:8200/v1/sys/health?standbyok=true&sealedcode=503
  • Advert interval: 1s
  • Failover: prioritety: 200 (MASTER vault-1022) → 120 (MASTER vault-1023) → 110 (BACKUP vault-1024)