docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8051 from trapier/interlock-service-cluster-fixes 

interlock service cluster fixes
This commit is contained in:
L-Hudson 2019-01-24 09:42:33 -05:00 committed by GitHub
parent 124e5d2281 24faf7d265
commit c01eb294f2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 22 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
ee/ucp/interlock/usage/service-clusters.md
View File

@ -7,7 +7,7 @@ keywords: ucp, interlock, load balancing
In this example we will configure an eight (8) node Swarm cluster that uses service clusters In this example we will configure an eight (8) node Swarm cluster that uses service clusters
to route traffic to different proxies. There are three (3) managers to route traffic to different proxies. There are three (3) managers
and five (5) workers. Two of the workers are configured with node labels to be dedicated and five (5) workers. Four of the workers are configured with node labels to be dedicated
ingress cluster load balancer nodes. These will receive all application traffic. ingress cluster load balancer nodes. These will receive all application traffic.
This example will not cover the actual deployment of infrastructure. This example will not cover the actual deployment of infrastructure.
@ -17,15 +17,18 @@ getting a Swarm cluster deployed.
![Interlock Service Clusters](interlock_service_clusters.png) ![Interlock Service Clusters](interlock_service_clusters.png)
We will configure the load balancer worker nodes (`lb-00` and `lb-01`) with node labels in order to pin the Interlock Proxy We will configure four load balancer worker nodes (`lb-00` through `lb-03`) with node labels in order to pin the Interlock Proxy
service. Once you are logged into one of the Swarm managers run the following to add node labels service for each Interlock service cluster. Once you are logged into one of the Swarm managers run the following to add node labels to the dedicated ingress workers:
to the dedicated ingress workers:
```bash ```bash
$> docker node update --label-add nodetype=loadbalancer --label-add region=us-east lb-00 $> docker node update --label-add nodetype=loadbalancer --label-add region=us-east lb-00
lb-00 lb-00
$> docker node update --label-add nodetype=loadbalancer --label-add region=us-west lb-01 $> docker node update --label-add nodetype=loadbalancer --label-add region=us-east lb-01
lb-01 lb-01
$> docker node update --label-add nodetype=loadbalancer --label-add region=us-west lb-02
lb-02
$> docker node update --label-add nodetype=loadbalancer --label-add region=us-west lb-03
lb-03
``` ```
You can inspect each node to ensure the labels were successfully added: You can inspect each node to ensure the labels were successfully added:
@ -34,7 +37,7 @@ You can inspect each node to ensure the labels were successfully added:
{% raw %} {% raw %}
$> docker node inspect -f '{{ .Spec.Labels }}' lb-00 $> docker node inspect -f '{{ .Spec.Labels }}' lb-00
map[nodetype:loadbalancer region:us-east] map[nodetype:loadbalancer region:us-east]
$> docker node inspect -f '{{ .Spec.Labels }}' lb-01 $> docker node inspect -f '{{ .Spec.Labels }}' lb-02
map[nodetype:loadbalancer region:us-west] map[nodetype:loadbalancer region:us-west]
{% endraw %} {% endraw %}
``` ```
@ -56,11 +59,12 @@ PollInterval = "3s"
ProxyArgs = [] ProxyArgs = []
ProxyServiceName = "ucp-interlock-proxy-us-east" ProxyServiceName = "ucp-interlock-proxy-us-east"
ProxyConfigPath = "/etc/nginx/nginx.conf" ProxyConfigPath = "/etc/nginx/nginx.conf"
ProxyReplicas = 2
ServiceCluster = "us-east" ServiceCluster = "us-east"
PublishMode = "host" PublishMode = "host"
PublishedPort = 80 PublishedPort = 8080
TargetPort = 80 TargetPort = 80
PublishedSSLPort = 443 PublishedSSLPort = 8443
TargetSSLPort = 443 TargetSSLPort = 443
[Extensions.us-east.Config] [Extensions.us-east.Config]
User = "nginx" User = "nginx"
@ -81,11 +85,12 @@ PollInterval = "3s"
ProxyArgs = [] ProxyArgs = []
ProxyServiceName = "ucp-interlock-proxy-us-west" ProxyServiceName = "ucp-interlock-proxy-us-west"
ProxyConfigPath = "/etc/nginx/nginx.conf" ProxyConfigPath = "/etc/nginx/nginx.conf"
ProxyReplicas = 2
ServiceCluster = "us-west" ServiceCluster = "us-west"
PublishMode = "host" PublishMode = "host"
PublishedPort = 80 PublishedPort = 8080
TargetPort = 80 TargetPort = 80
PublishedSSLPort = 443 PublishedSSLPort = 8443
TargetSSLPort = 443 TargetSSLPort = 443
[Extensions.us-west.Config] [Extensions.us-west.Config]
User = "nginx" User = "nginx"
@ -100,14 +105,14 @@ PollInterval = "3s"
EOF EOF
oqkvv1asncf6p2axhx41vylgt oqkvv1asncf6p2axhx41vylgt
``` ```
Note that we are using "host" mode networking in order to use the same ports (`80` and `443`) in the cluster. We cannot use ingress Note that we are using "host" mode networking in order to use the same ports (`8080` and `8443`) in the cluster. We cannot use ingress
networking as it reserves the port across all nodes. If you want to use ingress networking you will have to use different ports networking as it reserves the port across all nodes. If you want to use ingress networking you will have to use different ports
for each service cluster. for each service cluster.
Next we will create a dedicated network for Interlock and the extensions: Next we will create a dedicated network for Interlock and the extensions:
```bash ```bash
$> docker network create -d overlay interlock $> docker network create -d overlay ucp-interlock
``` ```
Now we can create the Interlock service: Now we can create the Interlock service:
@ -116,10 +121,10 @@ Now we can create the Interlock service:
$> docker service create \ $> docker service create \
--name ucp-interlock \ --name ucp-interlock \
--mount src=/var/run/docker.sock,dst=/var/run/docker.sock,type=bind \ --mount src=/var/run/docker.sock,dst=/var/run/docker.sock,type=bind \
--network interlock \ --network ucp-interlock \
--constraint node.role==manager \ --constraint node.role==manager \
--config src=com.docker.ucp.interlock.conf-1,target=/config.toml \ --config src=com.docker.ucp.interlock.conf-1,target=/config.toml \
{{ page.ucp_org }}/interlock:{{ page.ucp_version }} run -c /config.toml {{ page.ucp_org }}/ucp-interlock:{{ page.ucp_version }} run -c /config.toml
sjpgq7h621exno6svdnsvpv9z sjpgq7h621exno6svdnsvpv9z
``` ```
@ -177,13 +182,13 @@ Only the service cluster that is designated will be configured for the applicati
will not be configured to serve traffic for the `us-west` service cluster and vice versa. We can see this in action when we will not be configured to serve traffic for the `us-west` service cluster and vice versa. We can see this in action when we
send requests to each service cluster. send requests to each service cluster.
When we send a request to the `us-east` service cluster it only knows about the `us-east` application (be sure to ssh to the `lb-00` node): When we send a request to the `us-east` service cluster it only knows about the `us-east` application. This example uses IP address lookup from the swarm API, so ssh to a manager node or configure your shell with a UCP client bundle before testing:
```bash ```bash
{% raw %} {% raw %}
$> curl -H "Host: demo-east.local" http://$(docker node inspect -f '{{ .Status.Addr }}' lb-00)/ping $> curl -H "Host: demo-east.local" http://$(docker node inspect -f '{{ .Status.Addr }}' lb-00):8080/ping
{"instance":"1b2d71619592","version":"0.1","metadata":"us-east","request_id":"3d57404cf90112eee861f9d7955d044b"} {"instance":"1b2d71619592","version":"0.1","metadata":"us-east","request_id":"3d57404cf90112eee861f9d7955d044b"}
$> curl -H "Host: demo-west.local" http://$(docker node inspect -f '{{ .Status.Addr }}' lb-00)/ping $> curl -H "Host: demo-west.local" http://$(docker node inspect -f '{{ .Status.Addr }}' lb-00):8080/ping
<html> <html>
<head><title>404 Not Found</title></head> <head><title>404 Not Found</title></head>
<body bgcolor="white"> <body bgcolor="white">