We are spinning up a vSphere with Tanzu environment with HAProxy to test the solution before implementing.
We managed to enable Workload management in vCenter (7.0.1) and create a first namespace. However, when we try to access the webpage through the Frontend assigned IP (172.16.0.224), we end up with a connection closed error in the browser.
If we try to access the page from the MGT IP (10.101.0.235), the page loads just fine. If we try to login with kubectl through that IP, it essentially tries to connect through the Frontend and ends with:
time="2021-02-16T14:43:45-05:00" level=warning msg="Error occurred during HTTP request: Post https://172.16.0.224/wcp/login: EOF"
time="2021-02-16T14:43:46-05:00" level=error msg="Login failed: Post https://172.16.0.224/wcp/login: EOF"
We configured HAProxy with the IP 172.16.0.60(255.255.255.0) in that network and the range for VIP at 172.16.0.224/28. Workload Management is also configured to use that ip range. From HAProxy in SSH, every config looks okay, we can ping machines in any of the netowrks (Frontend, management and workload). We can also succesfully communicate with the Control Plane MGT IP.
We undid/redid the configuration just to be sure, no result. netstat-i on HAProxy shows it listens to 172.16.0.224:HTTPS. We tested from a machine that also is in the Frontend network to eleminate routing issues. Same problem.
Posting this here for ideas while we keep on searching
After many tests, we found that two of our vDS have really simillar names but point on different ressource. Although, in Workload Management, the correct vDS was used, the frontend interface on the HAProxy VM was not configured correctly. Because of that, HAProxy didn't have access to a lot of required ressources.