docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Review Interlock production deployment

This commit is contained in:
Joao Fernandes 2018-03-13 18:09:20 -07:00 committed by Jim Galasyn
parent d8f45c7638
commit a6dafedfe2
6 changed files with 329 additions and 145 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

207
ee/ucp/images/interlock-deploy-production-1.svg Normal file
View File

@ -0,0 +1,207 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="740px" height="310px" viewBox="0 0 740 310" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" style="background: #FFFFFF;">
<!-- Generator: Sketch 49 (51002) - http://www.bohemiancoding.com/sketch -->
<title>interlock-deploy-production-1</title>
<desc>Created with Sketch.</desc>
<defs>
<circle id="path-1" cx="4" cy="4" r="4"></circle>
<circle id="path-2" cx="4" cy="4" r="4"></circle>
</defs>
<g id="interlock-deploy-production-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g id="all" transform="translate(9.000000, 10.000000)">
<text id="Docker-swarm-managed" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#E0E4E7">
<tspan x="7" y="281">Docker swarm managed with UCP</tspan>
</text>
<g id="nodes" transform="translate(8.000000, 100.000000)">
<g id="workers" transform="translate(357.000000, 0.000000)">
<g id="node" transform="translate(242.000000, 0.000000)">
<text id="node-6" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="37.3129883" y="149">node-6</tspan>
</text>
<g id="ucp" transform="translate(1.000000, 112.000000)">
<rect id="Rectangle-138" fill="#439FD1" x="0" y="0" width="106" height="22" rx="2"></rect>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="43.6953125" y="15">UCP </tspan>
</text>
</g>
<g id="wordpress-copy" transform="translate(1.000000, 89.000000)">
<rect id="Rectangle-138" fill="#00B6B5" x="0" y="0" width="106" height="22" rx="2"></rect>
<text id="interlock-proxy:80" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="11.3442383" y="15">interlock-proxy:80</tspan>
</text>
</g>
<g id="label">
<g id="node-label">
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#445D6E"></path>
<text id="worker-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">worker node</tspan>
</text>
</g>
</g>
<rect id="node-border" stroke="#445D6E" stroke-width="2" x="0" y="0" width="108" height="135" rx="2"></rect>
</g>
<g id="node" transform="translate(128.000000, 0.000000)">
<text id="node-5" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="37.3129883" y="149">node-5</tspan>
</text>
<g id="ucp" transform="translate(1.000000, 112.000000)">
<rect id="Rectangle-138" fill="#439FD1" x="0" y="0" width="106" height="22" rx="2"></rect>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="43.6953125" y="15">UCP </tspan>
</text>
</g>
<g id="wordpress" transform="translate(1.000000, 89.000000)">
<rect id="Rectangle-138" fill="#00B6B5" x="0" y="0" width="106" height="22" rx="2"></rect>
<text id="interlock-proxy:80" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="10.8442383" y="15">interlock-proxy:80</tspan>
</text>
</g>
<g id="wordpress-copy" transform="translate(12.000000, 70.000000)" fill="#FFFFFF" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal">
<text id="interlock-proxy:80">
<tspan x="0.344238281" y="11">interlock-proxy:80</tspan>
</text>
</g>
<g id="label">
<g id="node-label">
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#445D6E"></path>
<text id="worker-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">worker node</tspan>
</text>
</g>
</g>
<rect id="node-border" stroke="#445D6E" stroke-width="2" x="0" y="0" width="108" height="135" rx="2"></rect>
</g>
<g id="node-copy-3">
<text id="node-4" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="37.3129883" y="149">node-4</tspan>
</text>
<g id="ucp" transform="translate(1.000000, 112.000000)">
<rect id="Rectangle-138" fill="#439FD1" x="0" y="0" width="106" height="22" rx="2"></rect>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="43.6953125" y="15">UCP </tspan>
</text>
</g>
<g id="wordpress-copy" transform="translate(1.000000, 89.000000)">
<rect id="Rectangle-138" fill="#00B6B5" x="0" y="0" width="106" height="22" rx="2"></rect>
<text id="interlock-extension" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="8.85400391" y="15">interlock-extension</tspan>
</text>
</g>
<g id="wordpress-copy-2" transform="translate(1.000000, 66.000000)">
<rect id="Rectangle-138" fill="#FFB463" x="0" y="0" width="106" height="22" rx="2"></rect>
<text id="wordpress:8000" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="16.0390625" y="15">wordpress:8000</tspan>
</text>
</g>
<g id="label">
<g id="node-label">
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#445D6E"></path>
<text id="worker-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">worker node</tspan>
</text>
</g>
</g>
<rect id="node-border" stroke="#445D6E" stroke-width="2" x="0" y="0" width="108" height="135" rx="2"></rect>
</g>
</g>
<g id="managers">
<g id="node" transform="translate(228.000000, 0.000000)">
<text id="node-3" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="37.3129883" y="149">node-3</tspan>
</text>
<g id="ucp" transform="translate(1.000000, 112.000000)">
<rect id="Rectangle-138" fill="#439FD1" x="0" y="0" width="106" height="22" rx="2"></rect>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="43.6953125" y="15">UCP </tspan>
</text>
</g>
<g id="label">
<g id="node-label">
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#445D6E"></path>
<text id="manager-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">manager node</tspan>
</text>
</g>
</g>
<rect id="node-border" stroke="#445D6E" stroke-width="2" x="0" y="0" width="108" height="135" rx="2"></rect>
</g>
<g id="node-copy" transform="translate(114.000000, 0.000000)">
<text id="node-2" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="37.3129883" y="149">node-2</tspan>
</text>
<g id="ucp" transform="translate(1.000000, 112.000000)">
<rect id="Rectangle-138" fill="#439FD1" x="0" y="0" width="106" height="22" rx="2"></rect>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="43.6953125" y="15">UCP </tspan>
</text>
</g>
<g id="label">
<g id="node-label">
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#445D6E"></path>
<text id="manager-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">manager node</tspan>
</text>
</g>
</g>
<rect id="node-border" stroke="#445D6E" stroke-width="2" x="0" y="0" width="108" height="135" rx="2"></rect>
</g>
<g id="node-copy-2">
<text id="node-1" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="37.3129883" y="149">node-1</tspan>
</text>
<g id="ucp" transform="translate(1.000000, 112.000000)">
<rect id="Rectangle-138" fill="#439FD1" x="0" y="0" width="106" height="22" rx="2"></rect>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="43.6953125" y="15">UCP </tspan>
</text>
</g>
<g id="wordpress" transform="translate(1.000000, 89.000000)">
<rect id="Rectangle-138" fill="#00B6B5" x="0" y="0" width="106" height="22" rx="2"></rect>
<text id="ucp-interlock" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="22.6435547" y="15">ucp-interlock</tspan>
</text>
</g>
<g id="label">
<g id="node-label">
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#445D6E"></path>
<text id="manager-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">manager node</tspan>
</text>
</g>
</g>
<rect id="node-border" stroke="#445D6E" stroke-width="2" x="0" y="0" width="108" height="135" rx="2"></rect>
</g>
</g>
</g>
<g id="load-balancer" transform="translate(492.000000, 55.000000)">
<g id="L7">
<rect id="Rectangle-138" fill="#445D6E" x="0" y="0" width="224" height="22" rx="2"></rect>
<text id="your-load-balancer" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="68.4379883" y="15">your load balancer</tspan>
</text>
</g>
<g id="arrow" transform="translate(170.000000, 33.000000) scale(1, -1) rotate(-90.000000) translate(-170.000000, -33.000000) translate(158.000000, 29.000000)">
<path d="M2,4 L24,4" id="Line" stroke="#445D6E" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#445D6E" fill-rule="evenodd" xlink:href="#path-1"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="4" cy="4" r="5"></circle>
</g>
</g>
<g id="arrow" transform="translate(56.000000, 33.000000) scale(1, -1) rotate(-90.000000) translate(-56.000000, -33.000000) translate(44.000000, 29.000000)">
<path d="M2,4 L24,4" id="Line" stroke="#445D6E" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#445D6E" fill-rule="evenodd" xlink:href="#path-2"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="4" cy="4" r="5"></circle>
</g>
</g>
</g>
<path d="M0,89.0026084 C0,87.8965983 0.899745421,87 1.99463835,87 L721.005362,87 C722.10697,87 723,87.8872198 723,89.0026084 L723,288.997392 C723,290.103402 722.100255,291 721.005362,291 L1.99463835,291 C0.89303001,291 0,290.11278 0,288.997392 L0,89.0026084 Z" id="group" stroke="#E0E4E7" stroke-width="2" stroke-dasharray="5,5,5,5"></path>
<g id="user" transform="translate(532.000000, 0.000000)" fill="#82949E">
<text id="http://wordpress.exa" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500">
<tspan x="0.129394531" y="42">http://wordpress.example.org</tspan>
</text>
<path d="M73,13 C76.59125,13 79.5,10.083125 79.5,6.5 C79.5,2.90875 76.59125,0 73,0 C69.40875,0 66.5,2.90875 66.5,6.5 C66.5,10.083125 69.40875,13 73,13 L73,13 Z M73,16.25 C68.669375,16.25 60,18.419375 60,22.75 L60,26 L86,26 L86,22.75 C86,18.419375 77.330625,16.25 73,16.25 L73,16.25 Z" id="Shape"></path>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 16 KiB

30
ee/ucp/interlock/deploy/index.md Normal file
View File

@ -0,0 +1,30 @@
---
title: Enable ayer 7 routing
description: Learn about Layer 7 routing, an application routing and load balancing system
for Docker Swarm.
keywords: ucp, layer 7, routing, load balancing
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
---
{% if include.version=="ucp-3.0" %}
To enable support for layer 7 routing, also known as HTTP routing mesh,
log in to the UCP web UI as an administrator, navigate to the **Admin Settings**
page, and click the **Routing Mesh** option. Check the **Enable routing mesh** option.
![http routing mesh](../../images/interlock-install-3.png){: .with-border}
By default, the routing mesh service listens on port 80 for HTTP and port
8443 for HTTPS. Change the ports if you already have services that are using
them.
Once you save, the layer 7 routing service can be used by your swarm services.
{% elsif include.version=="ucp-2.2" %}
* [Configure UCP 2.2 HTTP routing mesh](/datacenter/ucp/2.2/guides/admin/configure/use-domain-names-to-access-services.md)
{% endif %}

92
ee/ucp/interlock/deploy/production.md Normal file
View File

@ -0,0 +1,92 @@
---
title: Configure layer 7 routing for production
description: Learn about Interlock, an application routing and load balancing system
for Docker Swarm.
keywords: ucp, interlock, load balancing
ui_tabs:
- version: ucp-3.0
orhigher: false
---
{% if include.version=="ucp-3.0" %}
The layer 7 solution that ships out of the box with UCP is highly available
and fault tolerant. It is also designed to work independently of how many
nodes you're managing with UCP.
![production deployment](../../images/interlock-deploy-production-1.svg)
For a production-grade deployment, you should tune the default deployment to
have two nodes dedicated for running the two replicas of the
`ucp-interlock-proxy` service. This makes sure:
* The proxy services have dedicated resources to handle user requests. You
can configure these nodes with higher performance network interfaces.
* No application traffic can be routed to a manager node. This makes the
deployment secure.
* The proxy service is running on two nodes. If one node fails layer 7 routing
still works.
To achieve this you need to:
1. Enable layer 7 routing. [Learn how](index.md).
2. Pick two nodes that are going to be dedicated to run the proxy service.
3. Apply labels to those nodes, so that you can constrain the proxy service to
only run on nodes with those labels.
4. Update the proxy service with the constraint.
5. Configure your load balancer to route traffic to the dedicated nodes only.
## Apply labels to nodes
In this example, we've chose node-5 and node-6 to be dedicated just for running
the proxy service. To apply labels to those nodes run:
```bash
docker node update --label-add nodetype=loadbalancer <node>
```
To make sure the label was successfully applied, run:
{% raw %}
```bash
docker node inspect --format '{{ index .Spec.Labels "nodetype" }}' <node>
```
{% endraw %}
The command should print "loadbalancer".
## Configure the proxy service
Now that your nodes are labelled, you can add a constraint to the
`ucp-interlock-proxy`service, so make sure it only gets scheduled on nodes
with the right label:
```bash
docker service update \
--detach \
--constraint-add node.labels.nodetype==loadbalancer \
--stop-signal SIGTERM \
--stop-grace-period 5s \
$(docker service ls -f 'label=type=com.docker.interlock.core.proxy' -q)
```
This updates the proxy service to only be scheduled on node with the the
"loadbalancer" label. It also stops the task with a `SIGTERM` signal and gives
them five seconds to terminate, which allows the proxy service to stop accepting
new requests and finished serving existing requests from users.
Now you can check if the proxy service is running on the dedicated nodes:
```
docker service ps ucp-interlock-proxy
```
## Configure your load balancer
Once the proxy service is running on a dedicated node, configure your upstream
load balancer with the domain names or IP addresses of the nodes running
the proxy service.
This makes sure all traffic is directed to these nodes.
{% endif %}

0
ee/ucp/interlock/enable.md Normal file
View File

54
ee/ucp/interlock/install/index.md
View File

@ -1,54 +0,0 @@
---
title: Get started with Layer 7 routing
description: Learn about Layer 7 routing, an application routing and load balancing system
for Docker Swarm.
keywords: ucp, layer 7, routing, load balancing
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
---
{% if include.version=="ucp-3.0" %}
Docker Enterprise Edition has a routing mesh that allows you to make your
services available to the outside world using a domain name. This is also
known as a layer 7 load balancer.
![swarm routing mesh](../../images/interlock-install-1.svg)
In this example, the WordPress service is being served on port 8000.
Users can access WordPress using the IP address of any node in the cluster
and port 8000. If WordPress is not running in that node, the
request is redirected to a node that is.
Docker EE extends this and provides a routing mesh for application-layer
load balancing. This allows you to access services with HTTP and HTTPS
endpoints using a domain name instead of an IP.
![http routing mesh](../../images/interlock-install-2.svg)
In this example, the WordPress service listens on port 8000, but it is made
available to the outside world as `wordpress.example.org`.
When users access `wordpress.example.org`, the HTTP routing mesh routes
the request to the service running WordPress in a way that is transparent to
them.
## Enable the routing mesh
To enable the HTTP routing mesh, Log in as an administrator, go to the
UCP web UI, navigate to the **Admin Settings** page, and click the
**Routing Mesh** option. Check the **Enable routing mesh** option.
![http routing mesh](../../images/interlock-install-3.png){: .with-border}
By default, the routing mesh service listens on port 80 for HTTP and port
8443 for HTTPS. Change the ports if you already have services that are using
them.
{% elsif include.version=="ucp-2.2" %}
* [Configure UCP 2.2 HTTP routing mesh](/datacenter/ucp/2.2/guides/admin/configure/use-domain-names-to-access-services.md)
{% endif %}

91
ee/ucp/interlock/install/production.md
View File

@ -1,91 +0,0 @@
---
title: Deploy Interlock for Production
description: Learn about Interlock, an application routing and load balancing system
for Docker Swarm.
keywords: ucp, interlock, load balancing
ui_tabs:
- version: ucp-3.0
orhigher: false
---
{% if include.version=="ucp-3.0" %}
## Production Deployment
In this section you will find documentation on configuring Interlock
for a production environment. If you have not yet deployed Interlock please
see the [Getting Started](index.md) section as this information builds upon the
basic deployment. This example will not cover the actual deployment of infrastructure.
It assumes you have a vanilla Swarm cluster (`docker init` and `docker swarm join` from the nodes).
See the [Swarm](https://docs.docker.com/engine/swarm/) documentation if you need help
getting a Swarm cluster deployed.
In this example we will configure an eight (8) node Swarm cluster. There are three (3) managers
and five (5) workers. Two of the workers are configured with node labels to be dedicated
ingress cluster load balancer nodes. These will receive all application traffic.
There is also an upstream load balancer (such as an Elastic Load Balancer or F5). The upstream
load balancers will be statically configured for the two load balancer worker nodes.
This configuration has several benefits. The management plane is both isolated and redundant.
No application traffic hits the managers and application ingress traffic can be routed
to the dedicated nodes. These nodes can be configured with higher performance network interfaces
to provide more bandwidth for the user services.
![Interlock 2.0 Production Deployment](interlock_production_deploy.png)
## Node Labels
We will configure the load balancer worker nodes (`lb-00` and `lb-01`) with node labels in order to pin the Interlock Proxy
service. Once you are logged into one of the Swarm managers run the following to add node labels
to the dedicated ingress workers:
```bash
$> docker node update --label-add nodetype=loadbalancer lb-00
lb-00
$> docker node update --label-add nodetype=loadbalancer lb-01
lb-01
```
You can inspect each node to ensure the labels were successfully added:
```bash
{% raw %}
$> docker node inspect -f '{{ .Spec.Labels }}' lb-00
map[nodetype:loadbalancer]
$> docker node inspect -f '{{ .Spec.Labels }}' lb-01
map[nodetype:loadbalancer]
{% endraw %}
```
## Configure Proxy Service
Once we have the node labels we can re-configure the Interlock Proxy service to be constrained to those
workers. Again, from a manager run the following to pin the proxy service to the ingress workers:
```bash
$> docker service update --replicas=2 \
--constraint-add node.labels.nodetype==loadbalancer \
--stop-signal SIGTERM \
--stop-grace-period=5s \
$(docker service ls -f 'label=type=com.docker.interlock.core.proxy' -q)
```
This updates the proxy service to have two (2) replicas and ensure they are constrained to
the workers with the label `nodetype==loadbalancer` as well as configure the stop signal for the tasks
to be a `SIGTERM` with a grace period of five (5) seconds. This will ensure that Nginx closes the connections
before exiting to ensure the client request is finished.
Inspect the service to ensure the replicas have started on the desired nodes:
```bash
$> docker service ps $(docker service ls -f 'label=type=com.docker.interlock.core.proxy' -q)
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
o21esdruwu30 interlock-proxy.1 nginx:alpine lb-01 Running Preparing 3 seconds ago
n8yed2gp36o6 \_ interlock-proxy.1 nginx:alpine mgr-01 Shutdown Shutdown less than a second ago
aubpjc4cnw79 interlock-proxy.2 nginx:alpine lb-00 Running Preparing 3 seconds ago
```
Once configured you can update the settings in the upstream load balancer (ELB, F5, etc) with the
addresses of the dedicated ingress workers. This will direct all traffic to these nodes.
You have now configured Interlock for a dedicated ingress production environment. See the [Configuration](/config/interlock/) section
if you want to continue tuning.
{% endif %}