use a single backend if content-cache is fronting a single k8s cluster
Bug #1952452 reported by
Junien F
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Content Cache Charm |
Triaged
|
Low
|
Unassigned |
Bug Description
Hi,
In the case where content-cache is fronting a single k8s cluster, it might make sense to use a single backend in haproxy.
I'm not sure having one health-check per _site_ makes sense in this context. The k8s cluster has its own ingress and its own health-checks, and will reroute traffic if needed.
This would avoid requiring to have all the certificates in the k8s cluster, as haproxy=>k8s could use a single certificate and route traffic based on the Host header as normal.
This would allow better connection reuse, and reduce TLS handshakes.
To post a comment you must log in.
I think this is a good idea, especially for content caches where there are lots of sites defined, most of which are low traffic.
I think we can implement this in the backend HAProxy layer where either a sites configuration option to collapse or a global charm option to collapse backends if it detects that there are multiple definitions with the same set of backends.
We'll still want multiple sites in Nginx, separate and isolated cache.
Not sure about the bit with having a single certificate though.