How to Make Containers Discovery & Influence Loadbalancers
-
Upload
roman-naumenko -
Category
Engineering
-
view
162 -
download
2
Transcript of How to Make Containers Discovery & Influence Loadbalancers
![Page 1: How to Make Containers Discovery & Influence Loadbalancers](https://reader036.fdocuments.net/reader036/viewer/2022062502/58a9ab861a28ab9c758b57f5/html5/thumbnails/1.jpg)
How to Make Containers Discovery & Influence
Loadbalancers
![Page 2: How to Make Containers Discovery & Influence Loadbalancers](https://reader036.fdocuments.net/reader036/viewer/2022062502/58a9ab861a28ab9c758b57f5/html5/thumbnails/2.jpg)
About me:
Sr DevOps Engineer at GliffyAWS Solutions ArchitectSystems Engineering background
[email protected]@naumenko_roman
![Page 3: How to Make Containers Discovery & Influence Loadbalancers](https://reader036.fdocuments.net/reader036/viewer/2022062502/58a9ab861a28ab9c758b57f5/html5/thumbnails/3.jpg)
1. Make several servers participate in the service and do the same work
2. Maintain service unaffected during predefined number of servers failures (high availability)
Traditional objectives for load balancers
![Page 4: How to Make Containers Discovery & Influence Loadbalancers](https://reader036.fdocuments.net/reader036/viewer/2022062502/58a9ab861a28ab9c758b57f5/html5/thumbnails/4.jpg)
Load balancing methods
Round Robin DNS
- First line of balancing, even before request reaches servers- Easy to implement, no integrations on client side
However:
- Recursive resolution- No control over TTLs- DNS server must know infrastructure state (Route53 health checks)
![Page 5: How to Make Containers Discovery & Influence Loadbalancers](https://reader036.fdocuments.net/reader036/viewer/2022062502/58a9ab861a28ab9c758b57f5/html5/thumbnails/5.jpg)
“Hardware”/Layer4 Load Balancers- network transport layer (TCP/UDP)- handle large number of TCP sessions- expensive (hardware), active-passive failover, horizontal scaling
Software/Layer7 Load Balancers- application layer (HTTP/HTTPS/SMTP etc) - number of features for balancing and inspection- secure: no direct access to backend servers- backends see LB’s IP only (look at proxy-protocol)
![Page 6: How to Make Containers Discovery & Influence Loadbalancers](https://reader036.fdocuments.net/reader036/viewer/2022062502/58a9ab861a28ab9c758b57f5/html5/thumbnails/6.jpg)
![Page 7: How to Make Containers Discovery & Influence Loadbalancers](https://reader036.fdocuments.net/reader036/viewer/2022062502/58a9ab861a28ab9c758b57f5/html5/thumbnails/7.jpg)
Yes, it can! Put more servers, reconfigure everything
But can we haz more services, please?
![Page 8: How to Make Containers Discovery & Influence Loadbalancers](https://reader036.fdocuments.net/reader036/viewer/2022062502/58a9ab861a28ab9c758b57f5/html5/thumbnails/8.jpg)
Things are getting complicated…
![Page 9: How to Make Containers Discovery & Influence Loadbalancers](https://reader036.fdocuments.net/reader036/viewer/2022062502/58a9ab861a28ab9c758b57f5/html5/thumbnails/9.jpg)
Infrastructure for services is dynamic
• Ephemeral containers: Swarm/ECS/K8S
• Ephemeral hostnames & randomly named endpoints: ELB, EC2, RDS (won’t see“mysql-db01” any more)
• Random “IP:port” for backends:“-p 8081:80” is not your friend any more
• Dynamic reconfiguration: for example ssl certificates renewed every day (not every 2 years), etc
![Page 10: How to Make Containers Discovery & Influence Loadbalancers](https://reader036.fdocuments.net/reader036/viewer/2022062502/58a9ab861a28ab9c758b57f5/html5/thumbnails/10.jpg)
• Support dozens of internal and multiple external services
• Dynamically add/remove front- and back-ends
Micro-services require LB to do this as well:
• Rate limiting• Deployments control (“blue-green”, “canary”)• Rewrites/ssl offloading/certs
renew/caching/timeouts/etc• {{Insert your own backlog item here}}
LBs have to be dynamic as well
![Page 11: How to Make Containers Discovery & Influence Loadbalancers](https://reader036.fdocuments.net/reader036/viewer/2022062502/58a9ab861a28ab9c758b57f5/html5/thumbnails/11.jpg)
So given the complexity, is there a way to make load-balancers great
again?
![Page 12: How to Make Containers Discovery & Influence Loadbalancers](https://reader036.fdocuments.net/reader036/viewer/2022062502/58a9ab861a28ab9c758b57f5/html5/thumbnails/12.jpg)
Yes, and it is actually easy!
And it will work on your computer™
![Page 13: How to Make Containers Discovery & Influence Loadbalancers](https://reader036.fdocuments.net/reader036/viewer/2022062502/58a9ab861a28ab9c758b57f5/html5/thumbnails/13.jpg)
What is modeled?
That’s your M&M services over there
![Page 14: How to Make Containers Discovery & Influence Loadbalancers](https://reader036.fdocuments.net/reader036/viewer/2022062502/58a9ab861a28ab9c758b57f5/html5/thumbnails/14.jpg)
docker-compose: consul
![Page 15: How to Make Containers Discovery & Influence Loadbalancers](https://reader036.fdocuments.net/reader036/viewer/2022062502/58a9ab861a28ab9c758b57f5/html5/thumbnails/15.jpg)
docker-compose: registrator
![Page 16: How to Make Containers Discovery & Influence Loadbalancers](https://reader036.fdocuments.net/reader036/viewer/2022062502/58a9ab861a28ab9c758b57f5/html5/thumbnails/16.jpg)
docker-compose: load-balancer
![Page 17: How to Make Containers Discovery & Influence Loadbalancers](https://reader036.fdocuments.net/reader036/viewer/2022062502/58a9ab861a28ab9c758b57f5/html5/thumbnails/17.jpg)
docker-compose: a service
![Page 18: How to Make Containers Discovery & Influence Loadbalancers](https://reader036.fdocuments.net/reader036/viewer/2022062502/58a9ab861a28ab9c758b57f5/html5/thumbnails/18.jpg)
Lets run a little demo
Dynamic load balancing with:
services discovery: registrator+consulautomatic configuration: consul-template, KVscaling: docker-composehealth-checks: consul
![Page 19: How to Make Containers Discovery & Influence Loadbalancers](https://reader036.fdocuments.net/reader036/viewer/2022062502/58a9ab861a28ab9c758b57f5/html5/thumbnails/19.jpg)
Configuration complexity
<-HAproxy
Nginx ->
![Page 20: How to Make Containers Discovery & Influence Loadbalancers](https://reader036.fdocuments.net/reader036/viewer/2022062502/58a9ab861a28ab9c758b57f5/html5/thumbnails/20.jpg)
Configuration simplicity
<- Traefik
Fabio ->
$ cat fabio.propertiesregistry.consul.addr = consul:8500
![Page 21: How to Make Containers Discovery & Influence Loadbalancers](https://reader036.fdocuments.net/reader036/viewer/2022062502/58a9ab861a28ab9c758b57f5/html5/thumbnails/21.jpg)
Use cases for docker-compose
★ Faster dev loop: new rules, configs in prod-like env
★ Integration tests for edge servers: Use anything: curl, serverspec, selenium
★ Evaluate baseline performance, compare versions running nginx in docker adds <1 ms (Linux)
★ Model canary and blue-green deployments
★ Effective collaboration for teams
★ Lots of fun