Comments (4)
Thanks for the hints, I have managed to get this working (leaving my setup below to help someone else)
Im using Traefik for proxy/acme
- You basically have two choices where to run traefik, either run it on manager nodes or run it on worker nodes
- Running on managers is easier as there is direct access to the docker.sock, though there are questions around scalability
- Running on workers is harder, as you need to proxy the docker.sock, or wait for the possible introspecition PR, however this setup will apparently scale better traefik/traefik#766
- For the moment I have chosen to run it on the manager nodes only
- Gets more complicated with Lets Encrypt in the mix https://docs.traefik.io/user-guide/cluster/
Then you need to configure the service to by-pass the ingress mesh, using host mode ports
traefikedge:
image: traefik:1.4.3-alpine
ports:
- target: 80
published: 80 #for redirect to HTTPS
protocol: tcp
mode: host #to bypass ingress mesh, to preserve client ip
- target: 443
published: 443
protocol: tcp
mode: host #to bypass ingress mesh, to preserve client ip
networks:
- netfront
deploy:
mode: global
placement:
constraints:
- node.role == manager
Then I manually added port 80+443 to the azure load balancer that points at the manager nodes
from for-azure.
@rocketraman The behavior you are observing is due to moby/moby#25526
You can try the temporary workaround of specifying mode=host
as mentioned in that issue and documented here: https://github.com/docker/docker.github.io/blob/2248f78dabc2b0e5092fd550ad0aa3c15d41e2b0/engine/swarm/services.md#publish-a-services-ports-directly-on-the-swarm-node
from for-azure.
Closing since this a duplicate of moby/moby#25526
from for-azure.
You can try the temporary workaround of specifying mode=host as mentioned in that issue and documented here:
@ddebroy I tried this workaround. It seems that publishing the port with mode=host
does not integrate with the automatic updates to the Azure load balancer. So this is fairly unusable as things stand now.
In addition, the externalLoadBalancer backend pool only goes to the worker nodes, but if something like dockercloud/haproxy
is published to the worker nodes, it doesn't have access to the manager nodes' docker.sock
. One should be able to use DOCKER_HOST
env with dockercloud/haproxy
but I couldn't get that to work either: it just insists that the host is not resolved, or if using a manager IP directly, that access was denied.
from for-azure.
Related Issues (20)
- Newly provisioned swarm is not working as swarm is not initialized. HOT 5
- Cloudstor plugin not enabled in newly provisioned swarm HOT 11
- Cannot SSH into node after VM restart - no agent container HOT 3
- waagent.log is not rotating 18.03.0-ce HOT 1
- tcp4 / tcp port not being exposed/mapped to running container after it's been in use before
- Not able to share cloudstor azure named volumes across multiple containers on same host HOT 12
- Docker logs not moving to storage accounts instead kept on Disk. HOT 3
- how to enable auto-scaling for swarm-worker-vmss on the basis of Memory usage
- Cloudstor: Prevent deletion of underlying Azure file share when docker volume is removed. HOT 2
- Fail to deploy Docker for Azure HOT 3
- Unable to SSH into Manager VMSS's after upgrading the instance(s) to the last mode on Azure portal HOT 2
- Project no longer supported? HOT 10
- Mongodb failed to run with persisted volume with cloudstor plugin. HOT 2
- Enable hard link support in cloudstor:azure
- Cannot restart docker daemon on management nodes
- VMSS restart hangs indefinitely at creating .ssh directory
- Error response from daemon: plugin cloudstor:azure already exists
- Storage account
- Can't connect to my Azure Docker Image BDD from SQL Management Studio
- Does not work at all
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from for-azure.