From 5a15f65db3dfb245919bdd534e93bd711db2eb60 Mon Sep 17 00:00:00 2001 From: "Suren A. Chilingaryan" Date: Sat, 24 Mar 2018 03:05:47 +0100 Subject: Minor tunning --- docs/webservices.txt | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 docs/webservices.txt (limited to 'docs/webservices.txt') diff --git a/docs/webservices.txt b/docs/webservices.txt new file mode 100644 index 0000000..8fad471 --- /dev/null +++ b/docs/webservices.txt @@ -0,0 +1,16 @@ + - The users are not directly connected to the services running in OpenShift. There is always + load-balancing HAProxy sitting in between. There is several implications: + * The service will get request from HAProxy IP. I.e. IP-based authentication is not possible + anymore. + * If multiple service replicas running, by default HAProxy will distribute request in round-robin + fashion. I.e. request from the user will be served by different replicas. If we have several running + datbases which are not completely in sync, the user may get confusing changing data. This can be fixed + by setting 'haproxy.router.openshift.io/balance' to 'source' in route metadata. Then, the destination + replica will be determined based on the client IP. + * HAProxy has configured a default timeout. If replica does not send data within '30s' the connection + will be terminated. It can be increased with 'haproxy.router.openshift.io/timeout' + * There is a several ways to configure certiciates for HTTPS services defined by type of tls termination + in the route specification. With 'passthrough' the container is expected to handle certificates itself. + In the edge termination mode, the certificates are configured in the route and HAProxy manages secure + communication with clients and provides unencrypted data to the service in the cluster. + \ No newline at end of file -- cgit v1.2.3