Hi,

For mysql you can use proxysql as a separate loadbalancer.

But I don't understand your other questions... Does it mean that you want to run haproxy for some service (for example mariadb ..if proxysql is not used) in a mariadb container ? Or have a separate haproxy_mariadb container to do this ?

If yes , both are bad ideas.

First option contradicts the idea of "one process per container".

The Second option will just run multiple instances of haproxy containers.

Could you please explain in detail ?

Thanks,

kevko

Michal Arbet
Openstack Engineer

Ultimum Technologies a.s.
Na Poříčí 1047/26, 11000 Praha 1
Czech Republic

+420 604 228 897
michal.arbet@ultimum.io
https://ultimum.io

LinkedIn | Twitter | Facebook

pá 11. 11. 2022 v 15:41 odesílatel Mariusz Karpiarz <m.karpiarz@eschercloud.ai> napsal:

All,

Was the idea of moving internal components deployed by kolla-ansible (like the MySQL database) to a load balancer separate to the one used by user-facing APIs discussed anywhere? This feels like a good option to have for security but, as far as I'm aware, it's not supported by kolla-ansible.

It should be possible to use existing Kolla HAProxy images, but mount config files from subdirectories of `/etc/kolla/haproxy/` for each container. I suspect the main hurtle here would be rewriting the user interface of kolla-ansible to account for the split whilst maintaining backward compatibility...

Mariusz Karpiarz