DEVHIDE
Login Or Sign up

How to setup haproxy with docker swarm where haproxy is "outside" the overlay network?

813 Views Asked by At

I'm trying to setup a docker based system with the least amount of network abstraction/virtualization possible. This is why I avoided k8s and am trying docker-swarm instead.

I'd like haproxy to be started directly via systemd and listen to external traffic on ports 80/443 directly, i.e. without docker coming into the picture. However, when proxying traffing to backend servers, I'd like it to connect to docker-swarm services running in dnsrr mode.

How do I set this up? I've read this blog post multiple times, but in all three configurations it seems that haproxy itself is running as a docker-swarm service. I do not want any network "abstraction" to come between haproxy and customer-facing traffic.

Is a setup like this possible?

PS: A related question might be, how do I communicate between the host and a docker-swarm container running on the same host? I tried pinging 10.0.6.75 (the container's IP address) on the same host on which it was running, but it didn't work. Do I need to create some network route, or make some entry in iptables to get this to work?

docker docker-swarm haproxy docker-swarm-mode
Original Q&A
1

There are 1 best solutions below

3
xihh On

If you use docker, you can't avoid a layer of network abstraction, because it creates a virtual network with it's own routes and should be inaccesible to your host networks by default.

If all you want is to make docker services accessible without the hassle, I'd recommend you to use traefik to track docker services instead of haproxy. But, if you insist in using HAproxy, you can either:

Run haproxy inside a docker container

And expose it to the host network.

# add this service to your swarm configuration
version: "3.3"
services:
  proxy:
    image: haproxy
    configs:
      - source: haproxy
        target: /etc/haproxy/haproxy.cfg
    ports:
      # Add here all the ports you want managed by haproxy
      - '80:80'
      - '443:443'
# this is your current haproxy config
configs:
  haproxy:
    file: ./haproxy.conf

Use a host networking for your docker services

version: "3.3"
# add this network to your swarm configuration
networks:
  host:
    driver: host
services:
  app:
    image: whatever
    ...
    # add this network to your apps
    networks:
      host:

Manually bind the HAproxy service to the network interface(s)

Inspect the docker network for your services.

$ docker network ls
NETWORK ID     NAME                               DRIVER    SCOPE
4d992742292c   bridge                             bridge    local
$ docker network inspect ${ID_OR_NAME}
[
    {
       "Name": "bridge",
       "Id": "4d9927...",
       "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }
            ]
       },
       ...
       "Options": {
            ...
            "com.docker.network.bridge.name": "docker0",
       }
...

Add to your haproxy configuration:

service network DEVICE # i.e. docker0
  auto off
  ip address 172.17.0.11 # ensure it's available
  ip route 172.17.0.1 172.17.0.1

Related Questions in DOCKER

Related Questions in DOCKER-SWARM

Related Questions in HAPROXY

Related Questions in DOCKER-SWARM-MODE

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.