My knowledge of OpenShift (OKD) isn't deep - I actually still have a few things I need help from our community here - but I've had a perfect experience with the setup below for HAProxy...
#---------------------------------------------------------------------
# Global settings.
#---------------------------------------------------------------------
global
maxconn 20000
log /dev/log local0 info
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
user haproxy
group haproxy
daemon
# Turn on stats unix socket.
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# Common defaults that all the "listen" and "backend" sections will use if not designated
# in their block.
#---------------------------------------------------------------------
defaults
log global
maxconn 20000
mode http
option dontlognull
option http-server-close
option httplog
option redispatch
retries 3
timeout check 10s
timeout client 300s
timeout connect 10s
timeout http-keep-alive 10s
timeout http-request 10s
timeout queue 1m
timeout server 300s
listen stats
bind :9000
mode http
option forwardfor except
127.0.0.0/8
stats enable
stats uri /
frontend okd4_k8s_api_fe
bind :6443
default_backend okd4_k8s_api_be
mode tcp
option tcplog
backend okd4_k8s_api_be
balance roundrobin
mode tcp
# server okd4-bootstrap
10.3.0.4:6443 check
server okd4-control-plane-1
10.3.0.5:6443 check
server okd4-control-plane-2
10.3.0.6:6443 check
server okd4-control-plane-3
10.3.0.7:6443 check
frontend okd4_machine_config_server_fe
bind :22623
default_backend okd4_machine_config_server_be
mode tcp
option tcplog
backend okd4_machine_config_server_be
balance roundrobin
mode tcp
# server okd4-bootstrap
10.3.0.4:22623 check
server okd4-control-plane-1
10.3.0.5:22623 check
server okd4-control-plane-2
10.3.0.6:22623 check
server okd4-control-plane-3
10.3.0.7:22623 check
frontend okd4_http_ingress_traffic_fe
bind *:80
default_backend okd4_http_ingress_traffic_be
mode tcp
option tcplog
backend okd4_http_ingress_traffic_be
balance roundrobin
mode tcp
server okd4-compute-1
10.3.0.8:80 check
server okd4-compute-2
10.3.0.9:80 check
frontend okd4_https_ingress_traffic_fe
bind *:443
default_backend okd4_https_ingress_traffic_be
mode tcp
option tcplog
backend okd4_https_ingress_traffic_be
balance roundrobin
mode tcp
server okd4-compute-1
10.3.0.8:443 check
server okd4-compute-2
10.3.0.9:443 check
So I suggest you compare it with yours and see if something is divergent. Note in particular the parameter `balance roundrobin` (not `source`). This helped me avoid some problems.
Another suggestion of a general nature is that you note that your servers have enough hardware resources as shown in this table (as this is often a "hidden" source of a lot of problems):
NAME ROLE CPU RAM
OKD_BOOTSTRAP bootstrap 4[V] 8~16
OKD_MASTER_1 master 4[V] 8~16
OKD_MASTER_2 master 4[V] 8~16
OKD_MASTER_3 master 4[V] 8~16
OKD_WORKER_1 worker 4[V] 12~16
OKD_WORKER_2 worker 4[V] 12~16
OKD_SERVICES DNS/LB/web/NFS 4[V] 4
_ [V] Nested virtualization enabled (if your nodes run on a Hypervisor).