Hi all, Currently I'm working on configuring HAProxy load balancing support for app cloud. In checking the session affinity functionality in kuberenetes, I have verified the load balancing of http traffic with HAProxy. It could be done using kubernetes contribution repo, 'service loadbalancer' [1].
In order to check the load balancing with https traffic the taken approach is SSL termination.In the scenario of app cloud, kubernetes cluster is not directly exposed and the load balancer exists within the cluster. Thus the communication between the application servers and the load balancer happens internally. Although SSL termination ends the secure connection at the load balancer, due to the above mentioned reasons, SSL termination seems to be a better solution. The reason for the use of SSL termination over SSL pass through is because of the complexity of handling a separate SSL certificate for each server behind the load balancer in the case of SSL pass through. In configuring load balancing with SSL termination, I had to customize kubernetes haproxy.conf file template of service loadbalancer repo to support SSL termination. In order to provide SSL termination, the kubernetes services have to be annotated with serviceloadbalancer/lb.sslTerm: "true" The default approach in load balancing with service load balancer repo is based on simple fan out approach which uses context path to load balance the traffic. As we need to load balance based on the host name, we need to go with the name based virtual hosting approach. It can be achieved via the following annotation. serviceloadbalancer/lb.Host: "<host-name>" Any suggestions on the approach taken are highly appreciated. Thank you [1]. https://github.com/kubernetes/contrib/tree/master/service-loadbalancer
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev