One SSL, One Domain with Multiple Services: HAproxy on Kubernetes
Today’s systems depends on multiple services with multiple back-ends. Also, in micro-service architecture, there are multiple services that front-end have to be communicate. This problem can be solved with multiple domain and multiple SSL bind to them but there is a solution that require less cost and maintenance over domains and their SSLs.
When handling lots of clients and lots of services, we have to use more reliable and highly available tools in our infrastructure. Kubernetes and HAProxy one of the most reliable and highly available tools in industry. Following architecture help you to reduce managing these connections.
This architecture provide, communication between your front-end Apps and multiple service on your company, this architecture reduce workload and cost of your system. HAProxy terminates SSL communication and provide communication with multiple services over one SSL.
Reverse Proxy with SSL termination on HAproxy. Following solution deployed on bare metal Kubernetes. This means that if you deploy this solution on cloud, you can use
Load Balancer instead of
NodePort to get more dynamism.
HAproxy is one of the most widely used Highly Available Load Balancer software over TCP&HTTP. It is fast, reliable and open-source :)
For more information about
HAProxy and it’s features please visit following link: HAProxy
HAProxy manages all of it configuration from a file called haproxy.cfg. Current stable version is
HAProxy 2.1-stable. Documentation of latest stable version of haproxy about configuration can be reach from HAProxy Configurations.
First of all our SSL file must be ready for
HAProxy. How can we make ready our SSL for
HAProxy. There are multiple file type for SSL certificate such as p12, crt and key or jks for Java.
Following commands describe how to convert file to file.
- jks to p12