On Thu, Mar 10, 2016 at 10:49 AM, Nishadi Kirielle <nish...@wso2.com> wrote:
> Hi all, > I have only tested for http traffic earlier. Although the kubernetes > service loadbalancer template has support for https, when I have deployed > an application ( dell/tomcat ) which has the support for https, the ha > proxy load balancer did not identify it as a https service in the haproxy > configuration file. It just identified the application as a http > application and updated the configuration file accordingly. > Yes, in our K8S services we have defined the protocol as TCP, not as HTTPS/SSL. Therefore there is no way for the service load balancer to find this information by looking at the services. > Thus I have manually altered the ha proxy configuration file to support > for https traffic with a self signed certificate specific for the node ip. > But it fails in accessing the application, since the application needs the > self signed certificate specific to the application. > As a solution for this I'm trying with bind option 'cert' to bind several > certificate files[2] of the specific applications. > Shall we try with the default self signed certificate distributed with a WSO2 product? Thanks > > Any suggestions on this are highly appreciated. > [1] . > https://github.com/kubernetes/contrib/tree/master/service-loadbalancer > [2] . > https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.1-crt > > Thanks > > On Wed, Mar 9, 2016 at 10:33 AM, Imesh Gunaratne <im...@wso2.com> wrote: > >> Hi Deep, >> >> On Tue, Mar 8, 2016 at 8:08 PM, Deependra Ariyadewa <d...@wso2.com> >> wrote: >> >>> >>> On Mon, Mar 7, 2016 at 10:30 AM, Nishadi Kirielle <nish...@wso2.com> >>> wrote: >>> >>>> Hi All, >>>> I have written the blog post on load balancing and session affinity in >>>> kubernetes. [1] >>>> >>> >>> I am going test session affinity for HTTPS triffic in Kubernetes >>> following your configurations. Did you try to enable session affinity for >>> HTTPS triffic in Kubernetes. >>> >>> We would need to configure haproxy with relevant SSL certificates for >> HTTPS to work. I do not think we tested it. See [1] for the haproxy config >> template used by the service load balancer. This will get packaged to the >> Docker service load balancer Docker image [2]. >> >> [1] >> https://github.com/kubernetes/contrib/blob/master/service-loadbalancer/template.cfg >> [2] >> https://github.com/kubernetes/contrib/blob/master/service-loadbalancer/Dockerfile >> >> Thanks >> >> >>> Thanks, >>> Deependra. >>> >>>> >>>> Thank you >>>> >>>> [1]. >>>> http://nishadikirielle.blogspot.com/2016/03/load-balancing-kubernetes-services-and.html >>>> >>>> On Fri, Mar 4, 2016 at 8:22 PM, Nishadi Kirielle <nish...@wso2.com> >>>> wrote: >>>> >>>>> Thanks a lot. I will write a blog post and share it. >>>>> >>>>> Thanks >>>>> >>>>> >>>>> >>>>> On Fri, Mar 4, 2016 at 6:07 PM, Sagara Gunathunga <sag...@wso2.com> >>>>> wrote: >>>>> >>>>>> >>>>>> Great, it would be better if Nishadi can write a step by step blog >>>>>> post about how to do this. We had to do a 30 hours hackathon to change >>>>>> MSF4J Pet-store sample due to this issue :) >>>>>> >>>>>> Thanks ! >>>>>> >>>>>> On Fri, Mar 4, 2016 at 5:54 PM, Imesh Gunaratne <im...@wso2.com> >>>>>> wrote: >>>>>> >>>>>>> Indeed! Overall great effort!! >>>>>>> >>>>>>> Thanks >>>>>>> >>>>>>> On Fri, Mar 4, 2016 at 3:36 PM, Lakmal Warusawithana < >>>>>>> lak...@wso2.com> wrote: >>>>>>> >>>>>>>> Great work Nishadi! >>>>>>>> >>>>>>>> On Fri, Mar 4, 2016 at 3:34 PM, Nishadi Kirielle <nish...@wso2.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi all, >>>>>>>>> In attempting to configure session affinity in kubernetes load >>>>>>>>> balancing, I tried to run nginx alpha ingress controller[1] to expose >>>>>>>>> the >>>>>>>>> services through ingress. But the generated nginx configuration file >>>>>>>>> were >>>>>>>>> missing the service ports to access the services. Thus I have manually >>>>>>>>> updated the configuration file to check the functionality of ingress. >>>>>>>>> Since >>>>>>>>> session affinity is available in haproxy, I have created a haproxy >>>>>>>>> docker >>>>>>>>> container and manually updated its configuration file in order to >>>>>>>>> check its >>>>>>>>> functionality with ingress. >>>>>>>>> As per a suggestion of Imesh and Lakmal, I have tried kubernetes >>>>>>>>> service loadbalancer repo[2]. There, they have developed the load >>>>>>>>> balancing >>>>>>>>> directly with pods, bypassing the services. This procedure corrects >>>>>>>>> the >>>>>>>>> session affinity problem in load balancing in kubernetes. >>>>>>>>> >>>>>>>>> Thanks >>>>>>>>> >>>>>>>>> [1] . >>>>>>>>> https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx-alpha >>>>>>>>> [2] . >>>>>>>>> https://github.com/kubernetes/contrib/tree/master/service-loadbalancer >>>>>>>>> >>>>>>>>> On Mon, Feb 29, 2016 at 12:35 PM, Imesh Gunaratne <im...@wso2.com> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Mon, Feb 29, 2016 at 12:12 PM, Lakmal Warusawithana < >>>>>>>>>> lak...@wso2.com> wrote: >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Mon, Feb 29, 2016 at 11:56 AM, Imesh Gunaratne < >>>>>>>>>>> im...@wso2.com> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi Lakmal, >>>>>>>>>>>> >>>>>>>>>>>> On Mon, Feb 29, 2016 at 11:37 AM, Lakmal Warusawithana < >>>>>>>>>>>> lak...@wso2.com> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi, >>>>>>>>>>>>> >>>>>>>>>>>>> What is we are tying to do here? Are we trying to verify the >>>>>>>>>>>>> ClientIP when exposing service via NodePort? IMO its working >>>>>>>>>>>>> without issue. >>>>>>>>>>>>> >>>>>>>>>>>>> Yes the first step was to verify ClientIP and then try to get >>>>>>>>>>>> an Ingress Controller either with nginx or haproxy working with >>>>>>>>>>>> session >>>>>>>>>>>> affinity. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> If you want to verify ClientIP, Udara has written very simple >>>>>>>>>>> code, better to used that. >>>>>>>>>>> >>>>>>>>>>> Guys, we need to resolve this very fast... too much time taking >>>>>>>>>>> basic stuff, which we already verified :( >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> We are on it Lakmal! Will resolve this ASAP. >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> Thanks >>>>>>>>>>>> >>>>>>>>>>>> On Mon, Feb 29, 2016 at 11:37 AM, Lakmal Warusawithana < >>>>>>>>>>>> lak...@wso2.com> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi, >>>>>>>>>>>>> >>>>>>>>>>>>> What is we are tying to do here? Are we trying to verify the >>>>>>>>>>>>> ClientIP when exposing service via NodePort? IMO its working >>>>>>>>>>>>> without issue. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On Sun, Feb 28, 2016 at 11:58 PM, Nishadi Kirielle < >>>>>>>>>>>>> nish...@wso2.com> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Hi all, >>>>>>>>>>>>>> >>>>>>>>>>>>>> In order to test the session affinity in Kubernetes, I have >>>>>>>>>>>>>> deployed WordPress on a kubernetes cluster with several replicas >>>>>>>>>>>>>> and >>>>>>>>>>>>>> enabled the session affinity by setting >>>>>>>>>>>>>> service.spec.sessionAffinity to >>>>>>>>>>>>>> "ClientIP". When the kubernetes service is exposed through >>>>>>>>>>>>>> NodePort, I have >>>>>>>>>>>>>> tested the accuracy of session affinity using Apache bench mark >>>>>>>>>>>>>> for simple >>>>>>>>>>>>>> load testing. With a load of 1000 requests and a maximum of 2 >>>>>>>>>>>>>> requests >>>>>>>>>>>>>> running concurrently, all requests returned successfully without >>>>>>>>>>>>>> a failure. >>>>>>>>>>>>>> Thus the session affinity is functioning properly when the >>>>>>>>>>>>>> services are >>>>>>>>>>>>>> exposed via NodePort. >>>>>>>>>>>>>> >>>>>>>>>>>>>> The next attempt is to test the session affinity with ingress >>>>>>>>>>>>>> API exposing the services. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Any feedback or suggestions are highly appreciated. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> *Nishadi Kirielle* >>>>>>>>>>>>>> *Software Engineering Intern* >>>>>>>>>>>>>> Mobile : +94 (0) 714722148 >>>>>>>>>>>>>> Blog : http://nishadikirielle.blogspot.com/ >>>>>>>>>>>>>> nish...@wso2.comm >>>>>>>>>>>>>> >>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> Dev mailing list >>>>>>>>>>>>>> Dev@wso2.org >>>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> Lakmal Warusawithana >>>>>>>>>>>>> Director - Cloud Architecture; WSO2 Inc. >>>>>>>>>>>>> Mobile : +94714289692 >>>>>>>>>>>>> Blog : http://lakmalsview.blogspot.com/ >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Dev mailing list >>>>>>>>>>>>> Dev@wso2.org >>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> *Imesh Gunaratne* >>>>>>>>>>>> Senior Technical Lead >>>>>>>>>>>> WSO2 Inc: http://wso2.com >>>>>>>>>>>> T: +94 11 214 5345 M: +94 77 374 2057 >>>>>>>>>>>> W: http://imesh.io >>>>>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Lakmal Warusawithana >>>>>>>>>>> Director - Cloud Architecture; WSO2 Inc. >>>>>>>>>>> Mobile : +94714289692 >>>>>>>>>>> Blog : http://lakmalsview.blogspot.com/ >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> *Imesh Gunaratne* >>>>>>>>>> Senior Technical Lead >>>>>>>>>> WSO2 Inc: http://wso2.com >>>>>>>>>> T: +94 11 214 5345 M: +94 77 374 2057 >>>>>>>>>> W: http://imesh.io >>>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> *Nishadi Kirielle* >>>>>>>>> *Software Engineering Intern* >>>>>>>>> Mobile : +94 (0) 714722148 >>>>>>>>> Blog : http://nishadikirielle.blogspot.com/ >>>>>>>>> nish...@wso2.com >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Lakmal Warusawithana >>>>>>>> Director - Cloud Architecture; WSO2 Inc. >>>>>>>> Mobile : +94714289692 >>>>>>>> Blog : http://lakmalsview.blogspot.com/ >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Imesh Gunaratne* >>>>>>> Senior Technical Lead >>>>>>> WSO2 Inc: http://wso2.com >>>>>>> T: +94 11 214 5345 M: +94 77 374 2057 >>>>>>> W: http://imesh.io >>>>>>> Lean . Enterprise . Middleware >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Dev mailing list >>>>>>> Dev@wso2.org >>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Sagara Gunathunga >>>>>> >>>>>> Architect; WSO2, Inc.; http://wso2.com >>>>>> V.P Apache Web Services; http://ws.apache.org/ >>>>>> Linkedin; http://www.linkedin.com/in/ssagara >>>>>> Blog ; http://ssagara.blogspot.com >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> Dev@wso2.org >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Nishadi Kirielle* >>>>> *Software Engineering Intern* >>>>> Mobile : +94 (0) 714722148 >>>>> Blog : http://nishadikirielle.blogspot.com/ >>>>> nish...@wso2.com >>>>> >>>> >>>> >>>> >>>> -- >>>> *Nishadi Kirielle* >>>> *Software Engineering Intern* >>>> Mobile : +94 (0) 714722148 >>>> Blog : http://nishadikirielle.blogspot.com/ >>>> nish...@wso2.com >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Deependra Ariyadewa >>> WSO2, Inc. http://wso2.com/ http://wso2.org >>> >>> email d...@wso2.com; cell +94 71 403 5996 ; >>> Blog http://risenfall.wordpress.com/ >>> PGP info: KeyID: 'DC627E6F' >>> >>> *WSO2 - Lean . Enterprise . Middleware* >>> >>> _______________________________________________ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> *Imesh Gunaratne* >> Senior Technical Lead >> WSO2 Inc: http://wso2.com >> T: +94 11 214 5345 M: +94 77 374 2057 >> W: http://imesh.io >> Lean . Enterprise . Middleware >> >> > > > -- > *Nishadi Kirielle* > *Software Engineering Intern* > Mobile : +94 (0) 714722148 > Blog : http://nishadikirielle.blogspot.com/ > nish...@wso2.com > -- *Imesh Gunaratne* Senior Technical Lead WSO2 Inc: http://wso2.com T: +94 11 214 5345 M: +94 77 374 2057 W: http://imesh.io Lean . Enterprise . Middleware
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev