I love the concept of fabio where you cut out all the middle layers and simply route according to the service records. I'd love to see TCP routing for ssh and mysql services but that's a different issue ;)
What I'd like to suggest here is that SSL certs are fetched from Vault. This would allow services to have auto-generated certs based on Vault's PKI support which has improved greatly in the last couple of releases. I believe the Rest API for Vault is very simple if you are just requesting certs and then it's just a case of tracking expiry - which can be done in memory because restarting fabio you can just request fresh certs. You could even fetch certs lazily on first routing request.
I love the concept of fabio where you cut out all the middle layers and simply route according to the service records. I'd love to see TCP routing for ssh and mysql services but that's a different issue ;)
What I'd like to suggest here is that SSL certs are fetched from Vault. This would allow services to have auto-generated certs based on Vault's PKI support which has improved greatly in the last couple of releases. I believe the Rest API for Vault is very simple if you are just requesting certs and then it's just a case of tracking expiry - which can be done in memory because restarting fabio you can just request fresh certs. You could even fetch certs lazily on first routing request.