Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add documentation for Træfik on docker swarm mode #715

Merged
merged 1 commit into from
Oct 6, 2016

Conversation

vdemeester
Copy link
Contributor

Still a little bit work in progress, I need to add output of commands 👼.

Also small update on the swarm one.

/cc @containous/traefik

🐸

Signed-off-by: Vincent Demeester vincent@sbr.pm

@vdemeester vdemeester added this to the 1.1 milestone Oct 5, 2016
@vdemeester vdemeester force-pushed the update-docs-for-swarmmode branch from 7afe973 to 36c7d4c Compare October 5, 2016 12:57
@vdemeester vdemeester changed the title WIP: Add documentation for Træfik on docker swarm mode Add documentation for Træfik on docker swarm mode Oct 5, 2016
@bvis
Copy link

bvis commented Oct 5, 2016

Hi, I've tested this docs with the 1.1.0-rc1 and it is not correct.

In your examples you are missing the needed labels to let traefik check the services. I've tried this instead with success:

docker network create traefik-net --driver overlay

docker service create \
  --name traefik \
  --constraint=node.role==manager \
  --publish 80:80 --publish 8080:8080 \
  --mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
  --network traefik-net \
  traefik:camembert \
  --docker \
  --docker.swarmmode \
  --docker.domain=docker.localhost \
  --docker.watch \
  --logLevel=DEBUG \
  --web

docker service create \
    --name whoami0 \
    --network traefik-net \
    --label "traefik.backend=whoami" \
    --label "traefik.frontend.rule=Host:whoami.docker.localhost" \
    --label "traefik.port=80" \
    emilevauge/whoami

docker service create \
    --name whoami1 \
    --network traefik-net \
    --label "traefik.backend=whoami" \
    --label "traefik.frontend.rule=Host:whoami.docker.localhost" \
    --label "traefik.port=80" \
    emilevauge/whoami

$ curl -H Host:whoami.docker.localhost http://localhost
Hostname: 640be50494d2
IP: 127.0.0.1
IP: ::1
IP: 10.0.6.7
IP: 10.0.6.6
IP: fe80::42:aff:fe00:607
IP: 172.21.0.4
IP: fe80::42:acff:fe15:4
GET / HTTP/1.1
Host: whoami.docker.localhost
User-Agent: curl/7.43.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 10.255.0.4
X-Forwarded-Host: whoami.docker.localhost
X-Forwarded-Proto: http
X-Forwarded-Server: 57dd126575c5

 $ curl -H Host:whoami.docker.localhost http://localhost
Hostname: c5c321cac154
IP: 127.0.0.1
IP: ::1
IP: 10.0.6.5
IP: 10.0.6.4
IP: fe80::42:aff:fe00:605
IP: 172.21.0.3
IP: fe80::42:acff:fe15:3
GET / HTTP/1.1
Host: whoami.docker.localhost
User-Agent: curl/7.43.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 10.255.0.4
X-Forwarded-Host: whoami.docker.localhost
X-Forwarded-Proto: http
X-Forwarded-Server: 57dd126575c5

Probably create a PR for this PR does not worth it. ;)

X-Forwarded-Server: 8fbc39271b4c
```

Note that as Træfik is publish, you can access it from any machine

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is published

```

Note that as Træfik is publish, you can access it from any machine
(and not only the manager).

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove parenthesis

@@ -1,7 +1,7 @@
# Swarm cluster

This section explains how to create a multi-host [swarm](https://docs.docker.com/swarm) cluster using [docker-machine](https://docs.docker.com/machine/) and how to deploy Træfɪk on it.
The cluster will be made of:
The cluster is be made of:

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The cluster consists of

on a manager node.
- `--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock`:
we bind mount the docker socket where Træfik is scheduled to be able
to speak to him.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

to speak to the docker daemon

@weitzj
Copy link

weitzj commented Oct 5, 2016

It would be nice to have 2 separate networks for the whoami backends.
I wilk probably add an example with traefik, docker-compose bundle, docker service deploy where separate networks are even more important

@vdemeester vdemeester force-pushed the update-docs-for-swarmmode branch from 36c7d4c to 6d02892 Compare October 6, 2016 09:26
@vdemeester
Copy link
Contributor Author

@ralphtheninja thanks 👼

@bvis Yes, I forgot --label "traefik.port=80" in my example, thanks 👼. I can make an example of what you describe but that's not what I was going for here. I'm using the same image twice because I'm lazy 😂 but I really want 2 different service served by Træfik as they were different app.

@weitzj I definitely went for the simplest example ever here 😅. We could enhance the documentation with multiple network (one for each app served) and a way to update the traefik service to connect to those as needed (but doesn't look like there is a docker service update --add-network yet though 😓).

@vdemeester vdemeester force-pushed the update-docs-for-swarmmode branch 2 times, most recently from d6f8fdc to 2acef27 Compare October 6, 2016 11:26
@emilevauge
Copy link
Member

Needs a rebase :)

@vdemeester vdemeester force-pushed the update-docs-for-swarmmode branch 3 times, most recently from 37eb96d to c98b416 Compare October 6, 2016 13:46
Also small update on the swarm one.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
@vdemeester vdemeester force-pushed the update-docs-for-swarmmode branch from c98b416 to 3692e1c Compare October 6, 2016 13:48
@emilevauge emilevauge merged commit b1b600e into traefik:v1.1 Oct 6, 2016
@vdemeester vdemeester deleted the update-docs-for-swarmmode branch October 6, 2016 15:40
@tlvenn
Copy link

tlvenn commented Oct 26, 2016

Unless I am mistaken there is a slight error with how the placement contraint is declared, the official syntax is --constraint string not --constraint=string

https://docs.docker.com/engine/reference/commandline/service_create/#/specify-service-constraints---constraint

@vdemeester
Copy link
Contributor Author

@tlvenn both should work the same 👼

@tlvenn
Copy link

tlvenn commented Oct 27, 2016

Ya I didnt check but figured it would however I believe it would be a little bit better to stick with the official syntax, especially given that's the one you are already using for the other options ;)

Anyway, I am nitpicking, thanks in any case, for putting the doc together.

@vdemeester
Copy link
Contributor Author

😝

@tlvenn
Copy link

tlvenn commented Oct 27, 2016

One new question, did you investigate the --endpoint-mode option ? By default docker will use and create a virtual ip to load balance itself the service. One can use --endpoint-mode dnsrr to disable VIP and rely on simple dns round robin. Their documentation seems to suggest to use this when using your own load balancer, which is what we are doing.

You can configure the service to use DNS round-robin directly without using a VIP, by setting the --endpoint-mode dnsrr when you create the service. DNS round-robin is useful in cases where you want to use your own load balancer.

Should we update the doc to reflect that ?

@ralphtheninja
Copy link

Should we update the doc to reflect that ?

Make a PR and lets discuss that instead ;)

@tlvenn
Copy link

tlvenn commented Oct 27, 2016

Well there is no point to create a PR if we dont even agree it should be amended...
The doc works perfectly fine as it is, it just create an un necessary IP for the service being load balanced by Traefik.

In the end, there are 3 choices:

  1. Keep it simple and dont mention --endpoint-mode dnsrr
  2. Amend the doc to use --endpoint-mode dnsrr and explain it.
  3. Amend the doc to mention --endpoint-mode dnsrr as an option to avoid creating the VIP.

In case we choose 2 or 3, I am happy to create the PR.

@tlvenn
Copy link

tlvenn commented Oct 28, 2016

One last comment, for security purpose, the docker socket should really be mounted in read only mode so that in the unlikely event the container is compromised, it does not mean the whole cluster has been taken over...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants