One SSL, One Domain with Multiple Services: HAproxy on Kubernetes
--
Today’s systems depends on multiple services with multiple back-ends. Also, in micro-service architecture, there are multiple services that front-end have to be communicate. This problem can be solved with multiple domain and multiple SSL bind to them but there is a solution that require less cost and maintenance over domains and their SSLs.
When handling lots of clients and lots of services, we have to use more reliable and highly available tools in our infrastructure. Kubernetes and HAProxy one of the most reliable and highly available tools in industry. Following architecture help you to reduce managing these connections.
This architecture provide, communication between your front-end Apps and multiple service on your company, this architecture reduce workload and cost of your system. HAProxy terminates SSL communication and provide communication with multiple services over one SSL.
Solutions is Reverse Proxy with SSL termination on HAproxy. Following solution deployed on bare metal Kubernetes. This means that if you deploy this solution on cloud, you can use Load Balancer instead of NodePort to get more dynamism.
HAProxy
HAproxy is one of the most widely used Highly Available Load Balancer software over TCP&HTTP. It is fast, reliable and open-source :)
For more information about HAProxy and it’s features please visit following link: HAProxy
HAProxy Configurations
HAProxy manages all of it configuration from a file called haproxy.cfg. Current stable version is HAProxy 2.1-stable. Documentation of latest stable version of haproxy about configuration can be reach from HAProxy Configurations.
First of all our SSL file must be ready for HAProxy. How can we make ready our SSL for HAProxy. There are multiple file type for SSL certificate such as p12, crt and key or jks for Java.
Following commands describe how to convert file to file.
- jks to p12
