1 files changed, 16 insertions, 0 deletions

diff --git a/docs/webservices.txt b/docs/webservices.txt
new file mode 100644
index 0000000..8fad471
--- /dev/null
+++ b/docs/webservices.txt
@@ -0,0 +1,16 @@
+ - The users are not directly connected to the services running in OpenShift. There is always
+ load-balancing HAProxy sitting in between. There is several implications:
+    * The service will get request from HAProxy IP. I.e. IP-based authentication is not possible
+    anymore.
+    * If multiple service replicas running, by default HAProxy will distribute request in round-robin
+    fashion. I.e. request from the user will be served by different replicas. If we have several running
+    datbases which are not completely in sync, the user may get confusing changing data. This can be fixed
+    by setting 'haproxy.router.openshift.io/balance' to 'source' in route metadata. Then, the destination
+    replica will be determined based on the client IP.
+    * HAProxy has configured a default timeout. If replica does not send data within '30s' the connection
+    will be terminated. It can be increased with 'haproxy.router.openshift.io/timeout'
+    * There is a several ways to configure certiciates for HTTPS services defined by type of tls termination
+    in the route specification. With 'passthrough' the container is expected to handle certificates itself.
+    In the edge termination mode, the certificates are configured in the route and HAProxy manages secure
+    communication with clients and provides unencrypted data to the service in the cluster.
+    
\ No newline at end of file