.. _agent.gobtw: Cluster Ingress Gateway, GoBetween L4 Load Balancer =================================================== This feature is not enabled by default. Role ---- Services with ip addresses allocated on cluster backend networks are exposable either through portmapping or through an ingress gateway. The GoBetween ingress gateway is a L4 load-balancer configured by a OpenSVC-specific daemon to expose services through a public ip address. Several ingress gateways can be running on the same cluster, and services can choose which gateway they want to be exposed through. Implementation -------------- * A failover service. The active instance runs a GoBetween load balancer process and a janitoring daemon. * The GoBetween daemon is run as a docker container with an inital configuration enabling the Rest API. * The janitoring daemon, also run as a docker container, listens to cluster events on the opensvc daemon unix socket (bind-mounted in the container) and configures the load balancer servers through the GoBetween Rest API. * The janitoring daemon docker instance runs "privileged" to have r/w access to the opensvc daemon unix socket. * The janitoring daemon depends on the Cluster DNS, as the servers backends are deduced from SRV records. Docker images +++++++++++++ * yyyar/gobetween * ghcr.io/opensvc/igw_gobetween Configure --------- Preliminary steps +++++++++++++++++ * :ref:`agent.dns` * :ref:`agent.cni` Deploy the GoBetween service ++++++++++++++++++++++++++++ Create the service using the following command. Change the ``--env`` options as appropriate:: $ svcmgr create -s ogwl4 \ --config http://www.opensvc.com/init/static/templates/ogwl4.conf \ --provision \ --env public_interface=br-prd \ --env public_ipaddr=192.168.100.32 \ --env public_netmask=24 Unfreeze the service:: $ svcmgr unfreeze -s ogwl4 Expose services +++++++++++++++ The :kw:`expose` ip resources keyword must be set for the cluster DNS to serve the necessary SRV records. Service exposition through this ingress gateway is controlled through ``env`` section keywords. Most keywords are optional. General ******* * igw_gobtw_bind:: required to configure lb servers. -: [-: ...] addr default=0.0.0.0, port default=* * = allocated automatically from a predefined range (1024-65535) * igw_gobtw_target_lb:: [ ...] optional (default : None) If set to a list of ingress gateway hostnames, only those gateways handle the binded servers. If not set, all gateways handle the binded servers. * igw_gobtw_balance:: the policy used by gobetween to select a backend slot to handle a new connection. 'weight' is the default balance policy. you can also configure to : iphash : target backend will be calculated using hash function of client ip address mod backends count. leastconn : GoBetween will select backends with least connections to it. roundrobin : each new connection will be proxies to next backend in the backends pool successively. leastbandwidth : backends with least sum of rx/tx per second traffic will be selected for next request. * igw_gobtw_protocol:: default protocol for gobetween is tcp. * igw_gobtw_max_connections:: default : 0 * igw_gobtw_client_idle_timeout:: default : 0 * igw_gobtw_backend_idle_timeout:: default : 0 * igw_gobtw_sni:: optional (default : None) * igw_gobtw_proxy_protocol:: optional (default : None) * igw_gobtw_tls:: required if protocol == "tls" (default : None) * igw_gobtw_backends_tls:: optional : backends tls options (if present -- connect to backends through tls) (default : None) * igw_gobtw_udp:: optional and only if protocol == "udp" (default : None) * igw_gobtw_access:: optional (default : None) Discovery ********* The janitor forces GoBetween services backend discovery driver to SRV. The OpenSVC cluster DNS maintains the SRV recordsets up-to-date. * igw_gobtw_discovery_kind:: default : SRV (this discovery method uses DNS lookup to build backends list) * igw_gobtw_discovery_srv_dns_protocol:: default : tcp * igw_gobtw_discovery_srv_lookup_server:: ip default= & port default=53 use the keyword 'dns_port' in the env section to change the default port. * igw_gobtw_discovery_srv_lookup_pattern:: auto configured by default * igw_gobtw_discovery_failpolicy:: optional : keeplast or setempty - what to do with backends if discovery fails default : keeplast * igw_gobtw_discovery_interval:: backends cache invalidation interval; 0 means never. default : 0 * igw_gobtw_discovery_timeout:: optional : max time to wait for discover until falling to failpolicy default : 0 Healthchecks ************ Healthchecks are used for determine service status of backend nodes pool If there are no healthcheck server section defined - backend nodes marked as "ok" can be deleted from backend according to discovery rules and intervals * igw_gobtw_healthcheck_kind:: ping : check connection to backend nodes by initiate new connection from GoBetween side to each backend node from discovery list. * igw_gobtw_healthcheck_interval:: default : 2s * igw_gobtw_healthcheck_timeout:: max time for script to execute until mark as failed (this value should be lower than interval) default for ping : 500ms * igw_gobtw_healthcheck_fails:: optional default : 1 * igw_gobtw_healthcheck_passes:: optional default : 1 Verify ------ Create a load-balanced service ++++++++++++++++++++++++++++++ Test with this simple scaler service:: $ svcmgr create -s svcweb \ --config http://www.opensvc.com/init/static/templates/svcweb.conf \ --provision $ om svcweb unfreeze $ svcmgr scale -s svcweb --to 4 Verify the SRV record +++++++++++++++++++++ This service exposes 80/tcp to DNS through the following directive :: $ om svcweb print config ... [ip#1] expose = 80/tcp $ dig _http._tcp.svcweb.default.svc.cluster7 SRV @192.168.100.29 -p 5300 Adapt the DNS ip address for your context. Verify the load-balanced server +++++++++++++++++++++++++++++++ This service is exposed through the ogwl4 load-balancer port 1024:: $ om svcweb print config ... [env] igw_gobtw_bind = 80/tcp-0.0.0.0:1024 443/tcp $ wget -O- http://192.168.100.32:1024/ Verify the logs +++++++++++++++ :: $ docker logs ogwl4.container.0 $ docker logs ogwl4.container.1 Verify GoBetween configuration ++++++++++++++++++++++++++++++ :: $ python -c "import requests; print requests.get(\"http://192.168.100.32:8888/servers\").json()" Adapt the GoBetween ip address and port for your context.