Good Morning, We have an application which terminates their own SSL, therefore we utilize TLS passthrough in the route configuration. This is our preferred method of communicating with this particular application. This enforces haproxy to operate using tcp mode, which the balance method is hard coded to source [1].
The problems comes in that we’ve got a front door to openshift, so all traffic hits a load balancer external to openshift. Due to the source reading the IP of that external loadbalancer, all traffic gets routed to the same pod. Looking through various PR’s and commits I cannot find the reason why source was chosen, but did see where last year, there was a glimpse of this being touched later on. Would anyone be able to share why this particular balance type was chosen? roundrobin seems like a better choice for us in our particular situation. I also feel like having an external load balancer to openshift is not uncommon and would love to see this be configurable. * [1] https://github.com/openshift/origin/blob/master/images/router/haproxy/conf/haproxy-config.template#L237-L242 * [2] https://cbonte.github.io/haproxy-dconv/configuration–1.5.html#balance -- John Skarbek
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
