How to Make Containers Discovery & Influence

Loadbalancers

About me:

Sr DevOps Engineer at GliffyAWS Solutions ArchitectSystems Engineering background

roman@naumenko.ca@naumenko_roman

1. Make several servers participate in the service and do the same work

2. Maintain service unaffected during predefined number of servers failures (high availability)

Traditional objectives for load balancers

Load balancing methods

Round Robin DNS

- First line of balancing, even before request reaches servers- Easy to implement, no integrations on client side

However:

- Recursive resolution- No control over TTLs- DNS server must know infrastructure state (Route53 health checks)

“Hardware”/Layer4 Load Balancers- network transport layer (TCP/UDP)- handle large number of TCP sessions- expensive (hardware), active-passive failover, horizontal scaling

Software/Layer7 Load Balancers- application layer (HTTP/HTTPS/SMTP etc) - number of features for balancing and inspection- secure: no direct access to backend servers- backends see LB’s IP only (look at proxy-protocol)

Yes, it can! Put more servers, reconfigure everything

But can we haz more services, please?

Things are getting complicated…

Infrastructure for services is dynamic

• Ephemeral containers: Swarm/ECS/K8S

• Ephemeral hostnames & randomly named endpoints: ELB, EC2, RDS (won’t see“mysql-db01” any more)

• Random “IP:port” for backends:“-p 8081:80” is not your friend any more

• Dynamic reconfiguration: for example ssl certificates renewed every day (not every 2 years), etc

• Support dozens of internal and multiple external services

• Dynamically add/remove front- and back-ends

Micro-services require LB to do this as well:

• Rate limiting• Deployments control (“blue-green”, “canary”)• Rewrites/ssl offloading/certs

renew/caching/timeouts/etc• {{Insert your own backlog item here}}

LBs have to be dynamic as well

So given the complexity, is there a way to make load-balancers great

again?

Yes, and it is actually easy!

And it will work on your computer™

What is modeled?

That’s your M&M services over there

docker-compose: consul

docker-compose: registrator

docker-compose: load-balancer

docker-compose: a service

Lets run a little demo

Dynamic load balancing with:

services discovery: registrator+consulautomatic configuration: consul-template, KVscaling: docker-composehealth-checks: consul

Configuration complexity

<-HAproxy

Nginx ->

Configuration simplicity

<- Traefik

Fabio ->

$ cat fabio.propertiesregistry.consul.addr = consul:8500

Use cases for docker-compose

★ Faster dev loop: new rules, configs in prod-like env

★ Integration tests for edge servers: Use anything: curl, serverspec, selenium

★ Evaluate baseline performance, compare versions running nginx in docker adds <1 ms (Linux)

★ Model canary and blue-green deployments

★ Effective collaboration for teams

★ Lots of fun

THANK YOU!roman@naumenko.ca@naumenko_roman

https://github.com/rokka-n/lb-sd