Docker Swarm?

There is this interesting point where you realize that you own a data center.

My data center doesn’t look like that beautiful server farm in the picture, but I do have one.

I have multiple servers, each with reasonable amounts of memory. I have independent nodes, capable of performing as ceph nodes and as docker nodes.

Which took me to a step up from K8S.

K8S depends on internal functionality along with a strong API to communicate with the “bare metal” infrastructure.

The cost of this, is memory. When you purchase a VM, the cost is mostly based on the number of CPUs plus the amount of memory. Normally, the offerings are such that to get more memory, you have to get more CPUs.

This means that I am attempting to clear the K8S cluster of everything to take it down. I’ve started moving clients off the cluster to my infrastructure.

In the past, we used a single web server to provide multiple websites. For me, that was Apache.

You set up a virtual host, point that virtual host at the correct files, and away it went. Configuration was fairly easy and straightforward.

That is no longer the case. Today, we use “reverse proxies.”

Until last week, my reverse proxy of choice was Nginx. I am switching to Traefik.

There are still times when you need Nginx, but for the reverse proxy part, Traefik.

So what does all of this mean?

First, there is the firewall. The firewall stops random port scans from seeing anything but the ports I want them to see.

The router/firewall directs all traffic to the load balancers. These redirect the inbound traffic to the docker swarm.

As load balancers, they send the traffic to any of the swarm nodes that is willing to accept the request.

Traefik handles the TLS requirements, passes the request to the correct container, handles the response.

Traefik can use either encrypted or clear internal communications. We use encrypted for almost everything.

To test, I rebooted one of my nodes. 10 seconds after the node went off-line, all the containers were running successfully on other nodes.

If I know that I am taking a node offline, I can drain the node first. There is no downtime then.

As for Docker Swarm? It has been easy to use.

It is configured via docker compose v3 files. If you can bring the containers up with “docker compose up -d” you can run it on a swarm with “docker stack deploy -c docker-compose.yml NAME”.

So what is the downside?

The downside is also the upside. Traefik has dynamic configuration capabilities.

There are “entrypoints”, which is how traffic enters the swarm, there are services, which accept the traffic, and there is middleware processors to modify the traffic between the entrypoint and the service.

An example of a middleware processor is one that redirects HTTP traffic to HTTPS.

So that’s wonderful. Unfortunately, you have lines in your configuration that look like this:
- "traefik.http.routers.vine.rule=HostRegexp(`(?i)^(www\\.)?vineofliberty\\.(com|org|net)$$`)"

I expect to have K8S off and all my clients on a cloud-based swarm by Monday.

It has been a long path, but I’m happy with the results.