Backend TLS Support

Voyager can connect to a tls enabled backend server with or without ssl verification.

ssl: Creates a TLS/SSL socket when connecting to this server in order to cipher/decipher the traffic

if verify not set the following error may occurred
[/etc/haproxy/haproxy.cfg:49] verify is enabled by default but no CA file specified.
If you're running on a LAN where you're certain to trust the server's certificate,
please set an explicit 'verify none' statement on the 'server' line, or use
'ssl-server-verify none' in the global section to disable server-side verifications by default.

verify (none|required): Sets HAProxy‘s behavior regarding the certificated presented by the server: none : doesn’t verify the certificate of the server

required (default value) : TLS handshake is aborted if the validation of the certificate presented by the server returns an error.

veryfyhost : Sets a to look for in the Subject and SubjectAlternateNames fields provided in the certificate sent by the server. If can’t be found, then the TLS handshake is aborted. ie. “ssl verify none”

If this annotation is not set HAProxy will connect to backend as http,
This value should not be set if the backend do not support https resolution.


kind: Service
apiVersion: v1
  name: my-service
  annotations: ssl verify none
    app: MyApp
  - protocol: TCP
    port: 80
    targetPort: 9376

kind: Ingress
  name: test-ingress
  namespace: default
    serviceName: test-service
    servicePort: '80'
  - host:
      - backend:
          serviceName: my-service
          servicePort: '80'

Take your team where it needs to go.

Create your cluster in minutes. Our team is here to help and would be happy to chat with you.