On Wed, Oct 23, 2019 at 08:52:58AM +1100, Igor Cicimov wrote: > Sorry misread your issue. It is a strange setup you got there wonder why do > you need cross DC load balancing on the k8s ingress when you are already > doing it globally via DNS?
Agreed, for me the setup is completely shifted by one level. There's a reason many people set their backend section names to the virtual host names: an application or a service corresponds to a virtual host name. And that's not something related to haproxy but to the HTTP protocol. Servers will emit redirects and cookies mentioning the same host name, HTML pages will contain URLs mentioning the same host name thus all servers part of a same farm must absolutely use the same Host header. Here my impression is that the application is strangely architected and tries to use haproxy to work around an architecture mistake. In short, instead of using the frontend to route to different backends, it uses the backend to route to different servers. Since header manipulation rules are per-backend, here obviously it creates an issue as the manipulation unsurprizingly happens at the wrong step. I'm not against seeing how we can make haproxy easier to use to work around such broken setups, but I'm really not willing to make it more confusing to use for everyone just for the sake of working around such mistakes. Typically we need to rework health checks to make them easier to configure and make it possible to send per-server variations as I proposed in a previous e-mail in this thread. Cheers, Willy
