docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update interlock architecture docs

This commit is contained in:
Joao Fernandes 2018-03-09 15:31:31 -08:00 committed by Jim Galasyn
parent e5420960aa
commit 09da03ecbf
8 changed files with 221 additions and 277 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
_data/toc.yaml
View File

@ -1693,10 +1693,12 @@ manuals:
path: /ee/ucp/swarm/deploy-to-collection/
- title: Use secrets in your services
path: /ee/ucp/swarm/use-secrets/
- sectiontitle: Route traffic to your apps
- sectiontitle: Layer 7 routing
section:
- title: Layer 7 routing overview
- title: Overview
path: /ee/ucp/interlock/
- title: Architecture
path: /ee/ucp/interlock/architecture/
- sectiontitle: Introduction
section:
- title: What is Layer 7 routing

166
ee/ucp/images/interlock-architecture-1.svg
View File

@ -1,23 +1,25 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="740px" height="310px" viewBox="0 0 740 310" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" style="background: #FFFFFF;">
<svg width="740px" height="321px" viewBox="0 0 740 321" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" style="background: #FFFFFF;">
<!-- Generator: Sketch 49 (51002) - http://www.bohemiancoding.com/sketch -->
<title>interlock-architecture-1</title>
<desc>Created with Sketch.</desc>
<defs>
<circle id="path-1" cx="4" cy="4" r="4"></circle>
<circle id="path-2" cx="4" cy="4" r="4"></circle>
<circle id="path-3" cx="4" cy="4" r="4"></circle>
<circle id="path-4" cx="4" cy="4" r="4"></circle>
<circle id="path-5" cx="4" cy="4" r="4"></circle>
<circle id="path-6" cx="4" cy="5" r="4"></circle>
<circle id="path-7" cx="4" cy="5" r="4"></circle>
</defs>
<g id="interlock-architecture-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g id="all" transform="translate(177.000000, 5.000000)">
<g id="all" transform="translate(6.000000, 5.000000)">
<text id="Docker-swarm-managed" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#E0E4E7">
<tspan x="8" y="281">Docker swarm managed with UCP</tspan>
<tspan x="8" y="297">Docker swarm managed with UCP</tspan>
</text>
<g id="nodes" transform="translate(21.000000, 100.000000)">
<g id="workers" transform="translate(118.000000, 0.000000)">
<g id="node" transform="translate(118.000000, 0.000000)">
<text id="node-3" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="37.3129883" y="149">node-3</tspan>
</text>
<g id="nodes" transform="translate(133.000000, 100.000000)">
<g id="workers" transform="translate(122.000000, 0.000000)">
<g id="node-4" transform="translate(248.000000, 0.000000)">
<g id="ucp" transform="translate(1.000000, 112.000000)">
<rect id="Rectangle-138" fill="#439FD1" x="0" y="0" width="106" height="22" rx="2"></rect>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
@ -30,6 +32,52 @@
<tspan x="11.3442383" y="15">interlock-proxy:80</tspan>
</text>
</g>
<g id="label">
<g id="node-label">
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#445D6E"></path>
<text id="worker-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">worker node</tspan>
</text>
</g>
</g>
<rect id="node-border" stroke="#445D6E" stroke-width="2" x="0" y="0" width="108" height="135" rx="2"></rect>
</g>
<g id="node-3" transform="translate(124.000000, 0.000000)">
<g id="ucp" transform="translate(1.000000, 112.000000)">
<rect id="Rectangle-138" fill="#439FD1" x="0" y="0" width="106" height="22" rx="2"></rect>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="43.6953125" y="15">UCP </tspan>
</text>
</g>
<g id="wordpress-copy" transform="translate(1.000000, 89.000000)">
<rect id="Rectangle-138" fill="#00B6B5" x="0" y="0" width="106" height="22" rx="2"></rect>
<text id="interlock-proxy:80" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="11.3442383" y="15">interlock-proxy:80</tspan>
</text>
</g>
<g id="label">
<g id="node-label">
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#445D6E"></path>
<text id="worker-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">worker node</tspan>
</text>
</g>
</g>
<rect id="node-border" stroke="#445D6E" stroke-width="2" x="0" y="0" width="108" height="135" rx="2"></rect>
</g>
<g id="node-2">
<g id="ucp" transform="translate(1.000000, 112.000000)">
<rect id="Rectangle-138" fill="#439FD1" x="0" y="0" width="106" height="22" rx="2"></rect>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="43.6953125" y="15">UCP </tspan>
</text>
</g>
<g id="extension" transform="translate(1.000000, 89.000000)">
<rect id="Rectangle-138" fill="#00B6B5" x="0" y="0" width="106" height="22" rx="2"></rect>
<text id="interlock-extension" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="8.35400391" y="15">interlock-extension</tspan>
</text>
</g>
<g id="wordpress-copy-2" transform="translate(1.000000, 66.000000)">
<rect id="Rectangle-138" fill="#FFB463" x="0" y="0" width="106" height="22" rx="2"></rect>
<text id="wordpress:8000" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
@ -46,51 +94,16 @@
</g>
<rect id="node-border" stroke="#445D6E" stroke-width="2" x="0" y="0" width="108" height="135" rx="2"></rect>
</g>
<g id="node">
<text id="node-2" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="37.3129883" y="149">node-2</tspan>
</text>
<g id="ucp" transform="translate(1.000000, 112.000000)">
<rect id="Rectangle-138" fill="#439FD1" x="0" y="0" width="106" height="22" rx="2"></rect>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="43.6953125" y="15">UCP </tspan>
</text>
</g>
<g id="wordpress" transform="translate(1.000000, 89.000000)">
<rect id="Rectangle-138" fill="#00B6B5" x="0" y="0" width="106" height="22" rx="2"></rect>
<text id="interlock-extension" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="8.35400391" y="15">interlock-extension</tspan>
</text>
</g>
<g id="wordpress-copy" transform="translate(1.000000, 66.000000)">
<rect id="Rectangle-138" fill="#00B6B5" x="0" y="0" width="106" height="22" rx="2"></rect>
<text id="interlock-proxy:80" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="11.3442383" y="15">interlock-proxy:80</tspan>
</text>
</g>
<g id="label">
<g id="node-label">
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#445D6E"></path>
<text id="worker-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">worker node</tspan>
</text>
</g>
</g>
<rect id="node-border" stroke="#445D6E" stroke-width="2" x="0" y="0" width="108" height="135" rx="2"></rect>
</g>
</g>
<g id="managers">
<g id="node">
<text id="node-1" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="37.3129883" y="149">node-1</tspan>
</text>
<g id="ucp" transform="translate(1.000000, 112.000000)">
<rect id="Rectangle-138" fill="#439FD1" x="0" y="0" width="106" height="22" rx="2"></rect>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="43.6953125" y="15">UCP </tspan>
</text>
</g>
<g id="wordpress" transform="translate(1.000000, 89.000000)">
<g id="interlock" transform="translate(1.000000, 89.000000)">
<rect id="Rectangle-138" fill="#00B6B5" x="0" y="0" width="106" height="22" rx="2"></rect>
<text id="ucp-interlock" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="22.6435547" y="15">ucp-interlock</tspan>
@ -108,21 +121,21 @@
</g>
</g>
</g>
<g id="load-balancer" transform="translate(137.000000, 55.000000)">
<g id="load-balancer" transform="translate(378.000000, 55.000000)">
<g id="L7">
<rect id="Rectangle-138" fill="#445D6E" x="0" y="0" width="230" height="22" rx="2"></rect>
<rect id="Rectangle-138" fill="#445D6E" x="0" y="0" width="234" height="22" rx="2"></rect>
<text id="your-load-balancer" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="71.4379883" y="15">your load balancer</tspan>
<tspan x="73.4379883" y="15">your load balancer</tspan>
</text>
</g>
<g id="arrow" transform="translate(174.000000, 33.000000) scale(1, -1) rotate(-90.000000) translate(-174.000000, -33.000000) translate(162.000000, 29.000000)">
<g id="arrow" transform="translate(175.000000, 33.000000) scale(1, -1) rotate(-90.000000) translate(-175.000000, -33.000000) translate(163.000000, 29.000000)">
<path d="M2,4 L24,4" id="Line" stroke="#445D6E" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#445D6E" fill-rule="evenodd" xlink:href="#path-1"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="4" cy="4" r="5"></circle>
</g>
</g>
<g id="arrow" transform="translate(56.000000, 33.000000) scale(1, -1) rotate(-90.000000) translate(-56.000000, -33.000000) translate(44.000000, 29.000000)">
<g id="arrow" transform="translate(57.000000, 33.000000) scale(1, -1) rotate(-90.000000) translate(-57.000000, -33.000000) translate(45.000000, 29.000000)">
<path d="M2,4 L24,4" id="Line" stroke="#445D6E" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#445D6E" fill-rule="evenodd" xlink:href="#path-2"></use>
@ -130,13 +143,62 @@
</g>
</g>
</g>
<path d="M0,89.0026084 C0,87.8965983 0.898053234,87 2.00134865,87 L384.998651,87 C386.103966,87 387,87.8872198 387,89.0026084 L387,288.997392 C387,290.103402 386.101947,291 384.998651,291 L2.00134865,291 C0.896034311,291 0,290.11278 0,288.997392 L0,89.0026084 Z" id="group" stroke="#E0E4E7" stroke-width="2" stroke-dasharray="5,5,5,5"></path>
<g id="user" transform="translate(173.000000, 0.000000)" fill="#82949E">
<path d="M0,92.9911272 C0,91.891458 0.895288359,91 1.99262649,91 L726.007374,91 C727.107871,91 728,91.8889081 728,92.9911272 L728,304.008873 C728,305.108542 727.104712,306 726.007374,306 L1.99262649,306 C0.892129269,306 0,305.111092 0,304.008873 L0,92.9911272 Z" id="group" stroke="#E0E4E7" stroke-width="2" stroke-dasharray="5,5,5,5"></path>
<g id="user" transform="translate(413.000000, 0.000000)" fill="#82949E">
<text id="http://wordpress.exa" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500">
<tspan x="0.046875" y="42">http://wordpress.example.org:80</tspan>
</text>
<path d="M80,13 C83.59125,13 86.5,10.083125 86.5,6.5 C86.5,2.90875 83.59125,0 80,0 C76.40875,0 73.5,2.90875 73.5,6.5 C73.5,10.083125 76.40875,13 80,13 L80,13 Z M80,16.25 C75.669375,16.25 67,18.419375 67,22.75 L67,26 L93,26 L93,22.75 C93,18.419375 84.330625,16.25 80,16.25 L80,16.25 Z" id="Shape"></path>
</g>
<g id="networks" transform="translate(6.000000, 174.000000)">
<g id="wordpress-net" transform="translate(351.000000, 0.000000)">
<text font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#E0E4E7">
<tspan x="293.941406" y="75">wordpress-net</tspan>
</text>
<path d="M286.078683,72.7028593 L10.6033191,72.7028593" id="common" stroke="#E0E4E7" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="arrow-3" transform="translate(253.500000, 47.000000) scale(1, -1) rotate(-90.000000) translate(-253.500000, -47.000000) translate(228.500000, 41.500000)">
<g id="Oval">
<use fill="#00B6B5" fill-rule="evenodd" xlink:href="#path-3"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="4" cy="4" r="5"></circle>
</g>
<polyline id="Path-2" stroke="#E0E4E7" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" points="49.7028656 10.4773245 4.08975869 10.4773245 4.08975869 4.67693802"></polyline>
</g>
<g id="arrow-2" transform="translate(129.500000, 47.000000) scale(1, -1) rotate(-90.000000) translate(-129.500000, -47.000000) translate(104.500000, 41.500000)">
<g id="Oval">
<use fill="#00B6B5" fill-rule="evenodd" xlink:href="#path-4"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="4" cy="4" r="5"></circle>
</g>
<polyline id="Path-2" stroke="#E0E4E7" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" points="49.7028656 10.4773245 4.08975869 10.4773245 4.08975869 4.67693802"></polyline>
</g>
<g id="arrow-1" transform="translate(5.500000, 36.000000) scale(1, -1) rotate(-90.000000) translate(-5.500000, -36.000000) translate(-30.500000, 30.500000)">
<g id="Oval">
<use fill="#FFB463" fill-rule="evenodd" xlink:href="#path-5"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="4" cy="4" r="5"></circle>
</g>
<polyline id="Path-2" stroke="#E0E4E7" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" points="71.7028656 10.4773245 4.08975869 10.4773245 4.08975869 4.67693802"></polyline>
</g>
</g>
<g id="ucp-interlock" transform="translate(0.000000, 22.000000)">
<text font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#E0E4E7">
<tspan x="0.273925781" y="53">ucp-interlock</tspan>
</text>
<path d="M244.353587,50.7028593 L70.3892056,50.7028593" id="common" stroke="#E0E4E7" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="arrow-2" transform="translate(248.500000, 25.000000) scale(1, -1) rotate(-90.000000) translate(-248.500000, -25.000000) translate(223.500000, 20.500000)">
<g id="Oval">
<use fill="#00B6B5" fill-rule="evenodd" xlink:href="#path-6"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="4" cy="5" r="5"></circle>
</g>
<polyline id="Path-2" stroke="#E0E4E7" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" points="49.7028656 0.0354891765 4.08975869 0.0354891765 4.08975869 5.67693802"></polyline>
</g>
<g id="arrow-1" transform="translate(126.500000, 25.000000) scale(1, -1) rotate(-90.000000) translate(-126.500000, -25.000000) translate(101.500000, 20.500000)">
<g id="Oval">
<use fill="#00B6B5" fill-rule="evenodd" xlink:href="#path-7"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="4" cy="5" r="5"></circle>
</g>
<polyline id="Path-2" stroke="#E0E4E7" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" points="49.7028656 0.0354891765 4.08975869 0.0354891765 4.08975869 5.67693802"></polyline>
</g>
</g>
</g>
</g>
</g>
</svg>
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 11 KiB

After

Width:  |  Height:  |  Size: 16 KiB

68
ee/ucp/interlock/architecture.md Normal file
View File

@ -0,0 +1,68 @@
---
title: Interlock architecture
description: Learn about Layer 7 routing, an application routing and load balancing system
for Docker Swarm.
keywords: ucp, interlock, load balancing
ui_tabs:
- version: ucp-3.0
orhigher: false
---
{% if include.version=="ucp-3.0" %}
The layer 7 routing solution for swarm workloads is known as Interlock, and has
three components:
* **Interlock-proxy**: This is a proxy/load-balancing service that handles the
requests from the outside world. By default this service is a containerized
NGINX deployment.
* **Interlock-extension**: This service monitors changes in your services and
generates the configuration used by the proxy service.
* **Interlock**: This is the central piece of the layer 7 routing solution.
It uses the Docker API to monitor events, and manages the extension and
proxy services.
This is what the default configuration looks like, once you enable layer 7
routing in UCP:
![](../images/interlock-architecture-1.svg)
An Interlock service starts running on a manager node, an Interlock-extension
service starts running on a worker node, and two replicas of the
Interlock-proxy service run on worker nodes.
## Routing lifecycle
By default layer 7 routing is disabled, so an administrator first needs to
enable this service from the UCP web UI.
Once that happens, UCP creates the `ucp-interlock` overlay network. Then the
`ucp-interlock` service starts and attaches to the Docker socket and the overlay
network that was created. This allows the Interlock service to use the
Docker API. That's also the reason why this service needs to run on a manger
node.
The `ucp-interlock` service then starts the `ucp-interlock-extension` service
and attaches it to the `ucp-interlock` network. This allows both services
to communicate.
The `ucp-interlock-extension` then generates a configuration to be used by
the proxy service. By default the proxy service is NGINX, so this service
generates a standard NGING configuration.
Finally, the `ucp-interlock` service takes this configuration and uses it to
start the `ucp-interlock-proxy` service.
At this point everything is ready for you to start using this service in your
applications.
You deploy your service and apply labels to it describing how the proxy
service should route traffic to that service. Once this happens, the
`ucp-interlock-extension` service generates a new configuration based on those
labels and forwards it to the `ucp-interlock` service, which in turn uses this
to redeploy the `ucp-interlock-proxy` with the new settings.
This all happens in milliseconds and with rolling updates, so that service
is never disrupted for incoming traffic.
{% endif %}

71
ee/ucp/interlock/index.md
View File

@ -2,7 +2,7 @@
title: Layer 7 routing overview
description: Learn about Layer 7 routing, an application routing and load balancing system
for Docker Swarm.
keywords: ucp, layer 7, routing, load balancing
keywords: ucp, interlock, routing, proxy
ui_tabs:
- version: ucp-3.0
orhigher: false
@ -16,48 +16,47 @@ redirect_from:
---
{% if include.version=="ucp-3.0" %}
Layer 7 routing is an application routing and load balancing system for Docker Swarm. It uses
the Docker Remote API to automatically configure extensions such as Nginx or HAProxy for
application traffic.
Docker Engine running in swarm mode has a routing mesh, which makes it easy
to expose your services to the outside world. Since all nodes participate
in the routing mesh, users can access your service by contacting any node.
## About
![swarm routing mess](../images/interlock-overview-1.svg)
- [Introduction](intro/index.md)
- [What is Layer 7 routing](intro/index.md)
- [Architecture](intro/architecture.md)
In this example the WordPress service is listening on port 8000 of the routing
mesh. Even though the service is running on a single node, users can access
WordPress using the domain name or IP of any of the nodes that are part of
the swarm.
## Deployment
UCP extends this one step further with application layer routing (also known
as layer 7 routing), allowing users to access Docker services using domain names
instead of IP addresses.
- [Get started](install/index.md)
- [Deploy Layer 7 routing manually](install/manual-deployment.md)
- [Deploy Layer 7 routing offline](install/offline.md)
- [Deploy Layer 7 routing for production](install/production.md)
![layer 7 routing](../images/interlock-overview-2.svg)
## Configuration
In this example, users can access the WordPress service using
`http://wordpress.example.org`. UCP and Docker Engine take care of routing
the traffic to the right service.
- [Layer 7 routing configuration](configuration/index.md)
- [Service labels](configuration/service-labels.md)
## Features and benefits
## Extensions
Layer 7 routing in UCP supports:
- [NGINX](extensions/nginx.md)
- [HAProxy](extensions/haproxy.md)
## Usage
- [Basic deployment](usage/index.md)
- [Applications with SSL](usage/ssl.md)
- [Application redirects](usage/redirects.md)
- [Persistent (sticky) sessions](usage/sessions.md)
- [Websockets](usage/websockets.md)
- [Canary application instances](usage/canary.md)
- [Service clusters](usage/service-clusters.md)
- [Context/path based routing](usage/context.md)
- [Host mode networking](usage/host-mode-networking.md)
## Operations
- [Updates](ops/index.md)
- [Tuning](ops/tuning.md)
* **High availability**: All the components used for layer 7 routing leverage
Docker swarm for high availability, and handle failures gracefully.
* **Automatic configuration**: UCP monitors your services and automatically
reconfigures the proxy services so that everything handled for you.
* **Scalability**: You can customize and tune the proxy services that handle
user-facing requests to meet whatever demand your services have.
* **TLS**: You can leverage Docker secrets to securely manage TLS Certificates
and keys for your services. Both TLS termination and TCP passthrough are supported.
* **Context-based routing**: You can define where to route the request based on
context or path.
* **Host mode networking**: By default layer 7 routing leverages the Docker Swarm
routing mesh, but you don't have to. You can use host mode networking for maximum
performance.
* **Blue-green and canary deployments**: You can deploy a new version of your application
while traffic is still being routed to the old one.
* **Security**: The layer 7 routing components that are exposed to the outside
world run on worker nodes. Even if they get compromised, your cluster won't.
{% endif %}

46
ee/ucp/interlock/intro/architecture.md
View File

@ -1,46 +0,0 @@
---
title: Layer 7 routing architecture
description: Learn about Layer 7 routing, an application routing and load balancing system
for Docker Swarm.
keywords: ucp, interlock, load balancing
ui_tabs:
- version: ucp-3.0
orhigher: false
---
{% if include.version=="ucp-3.0" %}
The following are definitions that are used:
- Cluster: A group of compute resources running Docker
- Swarm: A Docker cluster running in Swarm mode
- Upstream: An upstream container that serves an application
- Proxy Service: A service that provides load balancing and proxying (such as Nginx)
- Extension Service: A helper service that configures the proxy service
- Service Cluster: A service cluster is an Interlock extension+proxy service
- GRPC: A high-performance RPC framework
## Services
Layer 7 routing runs entirely as Docker Swarm services. There are three core services
in an Interlock routing layer: core, extension and proxy.
## Core
The core service is responsible for interacting with the Docker Remote API and building
an upstream configuration for the extensions. This is served on a GRPC API that the
extensions are configured to access.
## Extension
The extension service is a helper service that queries the Layer 7 routing GRPC API for the
upstream configuration. The extension service uses this to configure
the proxy service. For proxy services that use files such as Nginx or HAProxy the
extension service generates the file and sends it to Interlock using the GRPC API. Interlock
then updates the corresponding Docker Config object for the proxy service.
## Proxy
The proxy service handles the actual requests for the upstream application services. These
are configured using the data created by the corresponding extension service.
Layer 7 routing manages both the extension and proxy service updates for both configuration changes
and application service deployments. There is no intervention from the operator required.
{% endif %}

67
ee/ucp/interlock/intro/index.md
View File

@ -1,67 +0,0 @@
---
title: What is Layer 7 routing
description: Learn about Layer 7 routing, an application routing and load balancing system
for Docker Swarm.
keywords: ucp, interlock, load balancing
ui_tabs:
- version: ucp-3.0
orhigher: false
---
{% if include.version=="ucp-3.0" %}
Layer 7 routing is an application routing proxy service for Docker.
## Design Goals
- Fully integrate with Docker (Swarm, Services, Secrets, Configs)
- Enhanced configuration (context roots, TLS, zero downtime deploy, rollback)
- Support external load balancers (nginx, haproxy, F5, etc) via extensions
- Least privilege for extensions (no Docker API access)
Layer 7 routing was designed to be a first class application routing layer for Docker.
The following are the high level features it provides:
## Automatic Configuration
Layer 7 routing uses the Docker API for configuration. The user does not have to manually
update or restart anything to make services available.
## Native Swarm Support
Layer 7 routing is fully Docker native. It runs on Docker Swarm and routes traffic using
cluster networking and Docker services.
## High Availability
Layer 7 routing runs as Docker services which are highly available and handle failures gracefully.
## Scalability
Layer 7 routing uses a modular design where the proxy service is separate. This allows an
operator to individually customize and scale the proxy layer to whatever demand. This is
transparent to the user and causes no downtime.
## SSL
Layer 7 routing leverages Docker Secrets to securely store and use SSL certificates for services. Both
SSL termination and TCP passthrough are supported.
## Context Based Routing
Layer 7 routing supports advanced application request routing by context or path.
## Host Mode Networking
Layer 7 routing supports running the proxy and application services in "host" mode networking allowing
the operator to bypass the routing mesh completely. This is beneficial if you want
maximum performance for your applications.
## Blue-Green and Canary Service Deployment
Layer 7 routing supports blue-green service deployment allowing an operator to deploy a new application
while the current version is serving. Once traffic is verified to the new application the operator
can scale the older version to zero. If there is a problem the operation is quickly reversible.
## Service Cluster Support
Layer 7 routing supports multiple extension+proxy combinations allowing for operators to partition load
balancing resources for uses such as region or organization based load balancing.
## Least Privilege
Layer 7 routing supports (and recommends) being deployed where the load balancing
proxies do not need to be colocated with a Swarm manager. This makes the
deployment more secure by not exposing the Docker API access to the extension or proxy services.
{% endif %}

30
ee/ucp/interlock/new-arch.md
View File

@ -1,30 +0,0 @@
# Layer 7 routing architecture
The layer 7 routing solution for swarm workloads has three components:
* **Interlock-proxy**: This is a proxy/load-balancing service that handles the
requests from the outside world. By default this service is an NGINX load
balancer.
* **Interlock-extension**: This service generates the configuration for the
proxy service. For this reason it needs to match the proxy service
you're using. If your proxy is NGINX, you need to use the NGINX Interlock extension.
* **Interlock**: This is the central piece of the layer 7 routing solution.
It uses the Docker API to listen for events and keep track of your services.
When something changes in your services, it uses a new configuration generated by
the extension service and automatically reconfigures the proxy service to use
the new configuration.
This is what the default configuration looks like, once you enable layer 7
routing in UCP:
![](../images/interlock-architecture-1.svg)
An Interlock service starts running on a manager node, an Interlock-extension
service starts running on a worker node, and two replicas of the
Interlock-proxy service run on worker nodes.
## Interlock service
## Extension service
## Proxy service

44
ee/ucp/interlock/new.md
View File

@ -1,44 +0,0 @@
# Layer 7 routing overview
Docker Engine running in swarm mode has a routing mesh, which makes it easy
to expose your services to the outside world. Since all nodes participate
in the routing mesh, users can access your service by contacting any node.
![swarm routing mess](../images/interlock-overview-1.svg)
In this example the WordPress service is listening on port 8000 of the routing
mesh. Even though the service is running on a single node, users can access
WordPress using the domain name or IP of any of the nodes that are part of
the swarm.
UCP extends this one step further with application layer routing (also known
as layer 7 routing), allowing users to access Docker services using domain names
instead of IP addresses.
![layer 7 routing](../images/interlock-overview-2.svg)
In this example, users can access the WordPress service using
`http://wordpress.example.org`. UCP and Docker Engine take care of routing
the traffic to the right service.
## Features and benefits
Layer 7 routing in UCP supports:
* **High availability**: All the components used for layer 7 routing leverage
Docker swarm for high availability, and handle failures gracefully.
* **Automatic configuration**: UCP monitors your services and automatically
reconfigures the proxy services so that everything handled for you.
* **Scalability**: You can customize and tune the proxy services that handle
user-facing requests to meet whatever demand your services have.
* **TLS**: You can leverage Docker secrets to securely manage TLS Certificates
and keys for your services. Both TLS termination and TCP passthrough are supported.
* **Context-based routing**: You can define where to route the request based on
context or path.
* **Host mode networking**: By default layer 7 routing leverages the Docker Swarm
routing mesh, but you don't have to. You can use host mode networking for maximum
performance.
* **Blue-green and canary deployments**: You can deploy a new version of your application
while traffic is still being routed to the old one.
* **Security**: The layer 7 routing components that are exposed to the outside
world run on worker nodes. Even if they get compromised, your cluster won't.