Michal,
Thank you for your message.


To explain what I mean a little better, let’s look at a use case of a web-based service running in a cloud but not using a Database-as-a-Service offering. In this setup (a sample diagram: https://www.cozumpark.com/wp-content/uploads/2020/02/image-5.png) a good security practice is to use a different (“internal”) load balancer for database servers and different (“public”) - for all the web servers serving user requests. The database doesn’t need to be accessible from the outside world, so this split provides a physical separation of traffic and this is exactly what I’m suggesting here.

 

As for how to archive this, we can keep one HAProxy process in one container (and use regular Kolla images) but there will simply be two HAProxy containers (one “external” and one “public”) running either on the same controllers or on different ones.

 

I hope this explanation helps but please do let me know if you want me to elaborate on any particular aspect of it.