HA-Proxy Layer4 连接，信息：“连接被拒绝”

我很难理解如何正确配置haproxy

root@k8s-eu-1-control-plane-node-1:~# sudo systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
     Loaded: loaded (/lib/systemd/system/haproxy.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2023-12-01 10:12:16 CET; 5s ago
       Docs: man:haproxy(1)
             file:/usr/share/doc/haproxy/configuration.txt.gz
   Main PID: 33265 (haproxy)
      Tasks: 11 (limit: 72235)
     Memory: 41.0M
        CPU: 249ms
     CGroup: /system.slice/haproxy.service
             ├─33265 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -S /run/haproxy-master.sock
             └─33268 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -S /run/haproxy-master.sock

Dec 01 10:12:16 k8s-eu-1-control-plane-node-1 haproxy[33265]: [NOTICE]   (33265) : haproxy version is 2.6.15-1ppa1~jammy
Dec 01 10:12:16 k8s-eu-1-control-plane-node-1 haproxy[33265]: [NOTICE]   (33265) : path to executable is /usr/sbin/haproxy
Dec 01 10:12:16 k8s-eu-1-control-plane-node-1 haproxy[33265]: [WARNING]  (33265) : config : 'option forwardfor' ignored for frontend 'apiserver' as it requires HTTP mode.
Dec 01 10:12:16 k8s-eu-1-control-plane-node-1 haproxy[33265]: [WARNING]  (33265) : config : 'option forwardfor' ignored for backend 'apiserverbackend' as it requires HTTP mode.
Dec 01 10:12:16 k8s-eu-1-control-plane-node-1 haproxy[33265]: [NOTICE]   (33265) : New worker (33268) forked
Dec 01 10:12:16 k8s-eu-1-control-plane-node-1 haproxy[33265]: [NOTICE]   (33265) : Loading success.
Dec 01 10:12:16 k8s-eu-1-control-plane-node-1 systemd[1]: Started HAProxy Load Balancer.
Dec 01 10:12:16 k8s-eu-1-control-plane-node-1 haproxy[33268]: [WARNING]  (33268) : Server apiserverbackend/k8s-eu-1-control-plane-node-1 is DOWN, reason: Layer4 connection problem, info: "Connection refused", check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remain>
Dec 01 10:12:16 k8s-eu-1-control-plane-node-1 haproxy[33268]: [ALERT]    (33268) : sendmsg()/writev() failed in logger #1: Connection refused (errno=111)
Dec 01 10:12:16 k8s-eu-1-control-plane-node-1 haproxy[33268]: [ALERT]    (33268) : backend 'apiserverbackend' has no server available!

这是/etc/haproxy/haproxy.cfg：

# https://github.com/kubernetes/kubeadm/blob/main/docs/ha-considerations.md#haproxy-configuration

# /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    #log /dev/log local0
    #log /dev/log local1 notice

    log /var/log local0
    log /var/log local1 notice

    daemon

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 1
    timeout http-request    10s
    timeout queue           20s
    timeout connect         5s
    timeout client          20s
    timeout server          20s
    timeout http-keep-alive 10s
    timeout check           10s

#---------------------------------------------------------------------
# apiserver frontend which proxys to the control plane nodes
#---------------------------------------------------------------------

# https://www.digitalocean.com/community/tutorials/haproxy-network-error-cannot-bind-socket

frontend apiserver
    #bind *:6445
    bind *:45000
    mode tcp
    option tcplog
    default_backend apiserverbackend

#---------------------------------------------------------------------
# round robin balancing for apiserver
#---------------------------------------------------------------------
backend apiserverbackend
    option httpchk GET /healthz
    http-check expect status 200
    mode tcp
    option ssl-hello-chk
    balance     roundrobin
        #server ${HOST1_ID} ${HOST1_ADDRESS}:${APISERVER_SRC_PORT} check
        server k8s-eu-1-control-plane-node-1 aa.aaa.aaa.aa:46000 check

这是输出sudo ip -4 -c address show：

root@k8s-eu-1-control-plane-node-1:~# sudo ip -4 -c address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    altname enp0s18
    altname ens18
    inet aa.aaa.aaa.aa/19 brd hh.hhh.hhh.hhh scope global eth0
       valid_lft forever preferred_lft forever
    inet 10.0.0.30/32 scope global eth0
       valid_lft forever preferred_lft forever

端口范围：

root@k8s-eu-1-control-plane-node-1:~# cat /proc/sys/net/ipv4/ip_local_port_range
32768   60999

空输出ss -tnl |grep 46000：

root@k8s-eu-1-control-plane-node-1:~# ss -tnl | grep 46000
root@k8s-eu-1-control-plane-node-1:~# 

如何正确配置haproxy？