mihaitodor
commented
6 years ago I'll let @relistan comment on the general architecture, but, from a code perspective:
- Here is the function which parses the
HealthCheckArgsfor your service. You will notice that thehostresolves tom.DefaultCheckHost, which, unless specified explicitly viaSIDECAR_ADVERTISE_IP, comes from here, which is determined in here to be the first private IPv4 address (that is not excluded viaSIDECAR_EXCLUDE_IPS) returned bynet.InterfaceAddrs(). - If you look closer at
templateCheckArgs, you'll see that, in the case oftcp, it callssvc.PortForServicePort(p, "tcp"), which means that it will inspect theServicePort_80=xxxxlabel on your service container, so the health check will be directed athost:xxxx, wherehostis the host which runs Envoy andxxxxis the fixed port which Envoy will redirect to the dynamic port that Docker assigns to the published port 80 when you run your service withdocker run -p80 .... - Here we fetch an instance of
HttpGetCmd(for HTTP health checks), which simply callshttp.Get(args)when invoked from here, whereargscontains the instantiation of theHealthCheckArgstemplate, as described above. - Since you're using Envoy as a proxy, why is
HAPROXY_DISABLEset tofalsein the log you pasted above? - Like I said here, you might need to fiddle with
HAPROXY_BIND_IP(unfortunately, the variable name has not been refactored when we added the Envoy integration, but it's being used by Envoy as well. See here and here). Its default value is192.168.168.168, but you can set it to another private routable IP. Note that when Sidecar is running in host networking mode, it callsip addr add $HAPROXY_BIND_IP/32 dev lohere ONLY if you set this variable explicitly when running the container because s6 doesn't know about the default value set in the sidecar executable. @relistan is there a reason why we don't setENV HAPROXY_BIND_IP="192.168.168.168"in the Sidecar Dockerfile?
relistan
njordr
Hey.
I'm trying to figure out if I can/how I can use sidecar with docker swarm
I created a cluster (single host) with 4 services:
Portainer server bind port 9000 nginx bind port 80 and 443
All the services are on the ingress network for two reason:
Expected result:
Desiderata:
Actual result:
HealthCheckArgs="http://{{ host }}:{{ tcp 80 }}/", host variable retrieves a different IP from the one assigned (in this case it tries to check the service on IP 10.255.0.5 but the service is on IP 10.255.0.10). you can see that in the log belowtime="2018-09-12T19:29:39Z" level=info msg="Adding health check: HttpGet (ID: 59844989cd37), Args: http://10.255.0.5:-1/",I could have misunderstood sidecar architecture/swarm functionalities so this probably is not a bug :)
Here are sidecar debug logs