Hi all, I have only tested for http traffic earlier. Although the kubernetes service loadbalancer template has support for https, when I have deployed an application ( dell/tomcat ) which has the support for https, the ha proxy load balancer did not identify it as a https service in the haproxy configuration file. It just identified the application as a http application and updated the configuration file accordingly. Thus I have manually altered the ha proxy configuration file to support for https traffic with a self signed certificate specific for the node ip. But it fails in accessing the application, since the application needs the self signed certificate specific to the application. As a solution for this I'm trying with bind option 'cert' to bind several certificate files[2] of the specific applications.
Any suggestions on this are highly appreciated. [1] . https://github.com/kubernetes/contrib/tree/master/service-loadbalancer [2] . https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.1-crt Thanks On Wed, Mar 9, 2016 at 10:33 AM, Imesh Gunaratne <im...@wso2.com> wrote: > Hi Deep, > > On Tue, Mar 8, 2016 at 8:08 PM, Deependra Ariyadewa <d...@wso2.com> wrote: > >> >> On Mon, Mar 7, 2016 at 10:30 AM, Nishadi Kirielle <nish...@wso2.com> >> wrote: >> >>> Hi All, >>> I have written the blog post on load balancing and session affinity in >>> kubernetes. [1] >>> >> >> I am going test session affinity for HTTPS triffic in Kubernetes >> following your configurations. Did you try to enable session affinity for >> HTTPS triffic in Kubernetes. >> >> We would need to configure haproxy with relevant SSL certificates for > HTTPS to work. I do not think we tested it. See [1] for the haproxy config > template used by the service load balancer. This will get packaged to the > Docker service load balancer Docker image [2]. > > [1] > https://github.com/kubernetes/contrib/blob/master/service-loadbalancer/template.cfg > [2] > https://github.com/kubernetes/contrib/blob/master/service-loadbalancer/Dockerfile > > Thanks > > >> Thanks, >> Deependra. >> >>> >>> Thank you >>> >>> [1]. >>> http://nishadikirielle.blogspot.com/2016/03/load-balancing-kubernetes-services-and.html >>> >>> On Fri, Mar 4, 2016 at 8:22 PM, Nishadi Kirielle <nish...@wso2.com> >>> wrote: >>> >>>> Thanks a lot. I will write a blog post and share it. >>>> >>>> Thanks >>>> >>>> >>>> >>>> On Fri, Mar 4, 2016 at 6:07 PM, Sagara Gunathunga <sag...@wso2.com> >>>> wrote: >>>> >>>>> >>>>> Great, it would be better if Nishadi can write a step by step blog >>>>> post about how to do this. We had to do a 30 hours hackathon to change >>>>> MSF4J Pet-store sample due to this issue :) >>>>> >>>>> Thanks ! >>>>> >>>>> On Fri, Mar 4, 2016 at 5:54 PM, Imesh Gunaratne <im...@wso2.com> >>>>> wrote: >>>>> >>>>>> Indeed! Overall great effort!! >>>>>> >>>>>> Thanks >>>>>> >>>>>> On Fri, Mar 4, 2016 at 3:36 PM, Lakmal Warusawithana <lak...@wso2.com >>>>>> > wrote: >>>>>> >>>>>>> Great work Nishadi! >>>>>>> >>>>>>> On Fri, Mar 4, 2016 at 3:34 PM, Nishadi Kirielle <nish...@wso2.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi all, >>>>>>>> In attempting to configure session affinity in kubernetes load >>>>>>>> balancing, I tried to run nginx alpha ingress controller[1] to expose >>>>>>>> the >>>>>>>> services through ingress. But the generated nginx configuration file >>>>>>>> were >>>>>>>> missing the service ports to access the services. Thus I have manually >>>>>>>> updated the configuration file to check the functionality of ingress. >>>>>>>> Since >>>>>>>> session affinity is available in haproxy, I have created a haproxy >>>>>>>> docker >>>>>>>> container and manually updated its configuration file in order to >>>>>>>> check its >>>>>>>> functionality with ingress. >>>>>>>> As per a suggestion of Imesh and Lakmal, I have tried kubernetes >>>>>>>> service loadbalancer repo[2]. There, they have developed the load >>>>>>>> balancing >>>>>>>> directly with pods, bypassing the services. This procedure corrects the >>>>>>>> session affinity problem in load balancing in kubernetes. >>>>>>>> >>>>>>>> Thanks >>>>>>>> >>>>>>>> [1] . >>>>>>>> https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx-alpha >>>>>>>> [2] . >>>>>>>> https://github.com/kubernetes/contrib/tree/master/service-loadbalancer >>>>>>>> >>>>>>>> On Mon, Feb 29, 2016 at 12:35 PM, Imesh Gunaratne <im...@wso2.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Mon, Feb 29, 2016 at 12:12 PM, Lakmal Warusawithana < >>>>>>>>> lak...@wso2.com> wrote: >>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Mon, Feb 29, 2016 at 11:56 AM, Imesh Gunaratne <im...@wso2.com >>>>>>>>>> > wrote: >>>>>>>>>> >>>>>>>>>>> Hi Lakmal, >>>>>>>>>>> >>>>>>>>>>> On Mon, Feb 29, 2016 at 11:37 AM, Lakmal Warusawithana < >>>>>>>>>>> lak...@wso2.com> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi, >>>>>>>>>>>> >>>>>>>>>>>> What is we are tying to do here? Are we trying to verify the >>>>>>>>>>>> ClientIP when exposing service via NodePort? IMO its working >>>>>>>>>>>> without issue. >>>>>>>>>>>> >>>>>>>>>>>> Yes the first step was to verify ClientIP and then try to get >>>>>>>>>>> an Ingress Controller either with nginx or haproxy working with >>>>>>>>>>> session >>>>>>>>>>> affinity. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> If you want to verify ClientIP, Udara has written very simple >>>>>>>>>> code, better to used that. >>>>>>>>>> >>>>>>>>>> Guys, we need to resolve this very fast... too much time taking >>>>>>>>>> basic stuff, which we already verified :( >>>>>>>>>> >>>>>>>>> >>>>>>>>> We are on it Lakmal! Will resolve this ASAP. >>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> Thanks >>>>>>>>>>> >>>>>>>>>>> On Mon, Feb 29, 2016 at 11:37 AM, Lakmal Warusawithana < >>>>>>>>>>> lak...@wso2.com> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi, >>>>>>>>>>>> >>>>>>>>>>>> What is we are tying to do here? Are we trying to verify the >>>>>>>>>>>> ClientIP when exposing service via NodePort? IMO its working >>>>>>>>>>>> without issue. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Sun, Feb 28, 2016 at 11:58 PM, Nishadi Kirielle < >>>>>>>>>>>> nish...@wso2.com> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi all, >>>>>>>>>>>>> >>>>>>>>>>>>> In order to test the session affinity in Kubernetes, I have >>>>>>>>>>>>> deployed WordPress on a kubernetes cluster with several replicas >>>>>>>>>>>>> and >>>>>>>>>>>>> enabled the session affinity by setting >>>>>>>>>>>>> service.spec.sessionAffinity to >>>>>>>>>>>>> "ClientIP". When the kubernetes service is exposed through >>>>>>>>>>>>> NodePort, I have >>>>>>>>>>>>> tested the accuracy of session affinity using Apache bench mark >>>>>>>>>>>>> for simple >>>>>>>>>>>>> load testing. With a load of 1000 requests and a maximum of 2 >>>>>>>>>>>>> requests >>>>>>>>>>>>> running concurrently, all requests returned successfully without >>>>>>>>>>>>> a failure. >>>>>>>>>>>>> Thus the session affinity is functioning properly when the >>>>>>>>>>>>> services are >>>>>>>>>>>>> exposed via NodePort. >>>>>>>>>>>>> >>>>>>>>>>>>> The next attempt is to test the session affinity with ingress >>>>>>>>>>>>> API exposing the services. >>>>>>>>>>>>> >>>>>>>>>>>>> Any feedback or suggestions are highly appreciated. >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> *Nishadi Kirielle* >>>>>>>>>>>>> *Software Engineering Intern* >>>>>>>>>>>>> Mobile : +94 (0) 714722148 >>>>>>>>>>>>> Blog : http://nishadikirielle.blogspot.com/ >>>>>>>>>>>>> nish...@wso2.comm >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Dev mailing list >>>>>>>>>>>>> Dev@wso2.org >>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Lakmal Warusawithana >>>>>>>>>>>> Director - Cloud Architecture; WSO2 Inc. >>>>>>>>>>>> Mobile : +94714289692 >>>>>>>>>>>> Blog : http://lakmalsview.blogspot.com/ >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Dev mailing list >>>>>>>>>>>> Dev@wso2.org >>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> *Imesh Gunaratne* >>>>>>>>>>> Senior Technical Lead >>>>>>>>>>> WSO2 Inc: http://wso2.com >>>>>>>>>>> T: +94 11 214 5345 M: +94 77 374 2057 >>>>>>>>>>> W: http://imesh.io >>>>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Lakmal Warusawithana >>>>>>>>>> Director - Cloud Architecture; WSO2 Inc. >>>>>>>>>> Mobile : +94714289692 >>>>>>>>>> Blog : http://lakmalsview.blogspot.com/ >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> *Imesh Gunaratne* >>>>>>>>> Senior Technical Lead >>>>>>>>> WSO2 Inc: http://wso2.com >>>>>>>>> T: +94 11 214 5345 M: +94 77 374 2057 >>>>>>>>> W: http://imesh.io >>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> *Nishadi Kirielle* >>>>>>>> *Software Engineering Intern* >>>>>>>> Mobile : +94 (0) 714722148 >>>>>>>> Blog : http://nishadikirielle.blogspot.com/ >>>>>>>> nish...@wso2.com >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Lakmal Warusawithana >>>>>>> Director - Cloud Architecture; WSO2 Inc. >>>>>>> Mobile : +94714289692 >>>>>>> Blog : http://lakmalsview.blogspot.com/ >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Imesh Gunaratne* >>>>>> Senior Technical Lead >>>>>> WSO2 Inc: http://wso2.com >>>>>> T: +94 11 214 5345 M: +94 77 374 2057 >>>>>> W: http://imesh.io >>>>>> Lean . Enterprise . Middleware >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> Dev@wso2.org >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Sagara Gunathunga >>>>> >>>>> Architect; WSO2, Inc.; http://wso2.com >>>>> V.P Apache Web Services; http://ws.apache.org/ >>>>> Linkedin; http://www.linkedin.com/in/ssagara >>>>> Blog ; http://ssagara.blogspot.com >>>>> >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> Dev@wso2.org >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Nishadi Kirielle* >>>> *Software Engineering Intern* >>>> Mobile : +94 (0) 714722148 >>>> Blog : http://nishadikirielle.blogspot.com/ >>>> nish...@wso2.com >>>> >>> >>> >>> >>> -- >>> *Nishadi Kirielle* >>> *Software Engineering Intern* >>> Mobile : +94 (0) 714722148 >>> Blog : http://nishadikirielle.blogspot.com/ >>> nish...@wso2.com >>> >>> _______________________________________________ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Deependra Ariyadewa >> WSO2, Inc. http://wso2.com/ http://wso2.org >> >> email d...@wso2.com; cell +94 71 403 5996 ; >> Blog http://risenfall.wordpress.com/ >> PGP info: KeyID: 'DC627E6F' >> >> *WSO2 - Lean . Enterprise . Middleware* >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > *Imesh Gunaratne* > Senior Technical Lead > WSO2 Inc: http://wso2.com > T: +94 11 214 5345 M: +94 77 374 2057 > W: http://imesh.io > Lean . Enterprise . Middleware > > -- *Nishadi Kirielle* *Software Engineering Intern* Mobile : +94 (0) 714722148 Blog : http://nishadikirielle.blogspot.com/ nish...@wso2.com
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev