how to make containers discovery & influence loadbalancers
TRANSCRIPT
How to Make Containers Discovery & Influence
Loadbalancers
About me:
Sr DevOps Engineer at GliffyAWS Solutions ArchitectSystems Engineering background
[email protected]@naumenko_roman
1. Make several servers participate in the service and do the same work
2. Maintain service unaffected during predefined number of servers failures (high availability)
Traditional objectives for load balancers
Load balancing methods
Round Robin DNS
- First line of balancing, even before request reaches servers- Easy to implement, no integrations on client side
However:
- Recursive resolution- No control over TTLs- DNS server must know infrastructure state (Route53 health checks)
“Hardware”/Layer4 Load Balancers- network transport layer (TCP/UDP)- handle large number of TCP sessions- expensive (hardware), active-passive failover, horizontal scaling
Software/Layer7 Load Balancers- application layer (HTTP/HTTPS/SMTP etc) - number of features for balancing and inspection- secure: no direct access to backend servers- backends see LB’s IP only (look at proxy-protocol)
Yes, it can! Put more servers, reconfigure everything
But can we haz more services, please?
Things are getting complicated…
Infrastructure for services is dynamic
• Ephemeral containers: Swarm/ECS/K8S
• Ephemeral hostnames & randomly named endpoints: ELB, EC2, RDS (won’t see“mysql-db01” any more)
• Random “IP:port” for backends:“-p 8081:80” is not your friend any more
• Dynamic reconfiguration: for example ssl certificates renewed every day (not every 2 years), etc
• Support dozens of internal and multiple external services
• Dynamically add/remove front- and back-ends
Micro-services require LB to do this as well:
• Rate limiting• Deployments control (“blue-green”, “canary”)• Rewrites/ssl offloading/certs
renew/caching/timeouts/etc• {{Insert your own backlog item here}}
LBs have to be dynamic as well
So given the complexity, is there a way to make load-balancers great
again?
Yes, and it is actually easy!
And it will work on your computer™
What is modeled?
That’s your M&M services over there
docker-compose: consul
docker-compose: registrator
docker-compose: load-balancer
docker-compose: a service
Lets run a little demo
Dynamic load balancing with:
services discovery: registrator+consulautomatic configuration: consul-template, KVscaling: docker-composehealth-checks: consul
Configuration complexity
<-HAproxy
Nginx ->
Configuration simplicity
<- Traefik
Fabio ->
$ cat fabio.propertiesregistry.consul.addr = consul:8500
Use cases for docker-compose
★ Faster dev loop: new rules, configs in prod-like env
★ Integration tests for edge servers: Use anything: curl, serverspec, selenium
★ Evaluate baseline performance, compare versions running nginx in docker adds <1 ms (Linux)
★ Model canary and blue-green deployments
★ Effective collaboration for teams
★ Lots of fun
