Hi all,
Currently I'm working on configuring HAProxy load balancing support for app
cloud.
In checking the session affinity functionality in kuberenetes, I have
verified the load balancing of http traffic with HAProxy. It could be done
using kubernetes contribution repo, 'service loadbalancer' [1].
In order to check the load balancing with https traffic the taken approach
is SSL termination.In the scenario of app cloud, kubernetes cluster is not
directly exposed and the load balancer exists within the cluster. Thus the
communication between the application servers and the load balancer happens
internally. Although SSL termination ends the secure connection at the load
balancer, due to the above mentioned reasons, SSL termination seems to be a
better solution. The reason for the use of SSL termination over SSL pass
through is because of the complexity of handling a separate SSL certificate
for each server behind the load balancer in the case of SSL pass through.
In configuring load balancing with SSL termination, I had to customize
kubernetes haproxy.conf file template of service loadbalancer repo to
support SSL termination.
In order to provide SSL termination, the kubernetes services have to be
annotated with
serviceloadbalancer/lb.sslTerm: "true"
The default approach in load balancing with service load balancer repo is
based on simple fan out approach which uses context path to load balance
the traffic. As we need to load balance based on the host name, we need to
go with the name based virtual hosting approach. It can be achieved via the
following annotation.
serviceloadbalancer/lb.Host: "<host-name>"
Any suggestions on the approach taken are highly appreciated.
Thank you
[1]. https://github.com/kubernetes/contrib/tree/master/service-loadbalancer
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
