Configuration file options for Layer 7 routing

This topic describes the configuration options for the primary Interlock services.

For configuration instructions, see Configure Layer 7 routing service.

Core configuration

The following core configuration options are available for the ucp-interlock service:

Option

Type

Description

ListenAddr

string

Address to serve the Interlock GRPC API. The default is 8080.

DockerURL

string

Path to the socket or TCP address to the Docker API. The default is unix:// /var/run/docker.sock.

TLSCACert

string

Path to the CA certificate for connecting securely to the Docker API.

TLSCert

string

Path to the certificate for connecting securely to the Docker API.

TLSKey

string

Path to the key for connecting securely to the Docker API.

AllowInsecure

bool

A value of true skips TLS verification when connecting to the Docker API via TLS.

PollInterval

string

Interval to poll the Docker API for changes. The default is 3s.

EndpointOverride

string

Override the default GRPC API endpoint for extensions. Swarm detects the default.

Extensions

[]extension

Refer to Extension configuration for the array of extensions.

Extension configuration

The following options are available to configure the extensions. Interlock must contain at least one extension to service traffic.

Option

Type

Description

Image

string

Name of the Docker image to use for the extension.

Args

[]string

Arguments to pass to the extension service.

Labels

map[string]string

Labels to add to the extension service.

Networks

[]string

Allows the administrator to cherry pick a list of networks that Interlock can connect to. If this option is not specified, the proxy service can connect to all networks.

ContainerLabels

map[string]string

Labels for the extension service tasks.

Constraints

[]string

One or more constraints to use when scheduling the extension service.

PlacementPreferences

[]string

One of more placement preferences.

ServiceName

string

Name of the extension service.

ProxyImage

string

Name of the Docker image to use for the proxy service.

ProxyArgs

[]string

Arguments to pass to the proxy service.

ProxyLabels

map[string]string

Labels to add to the proxy service.

ProxyContainerLabels

map[string]string

Labels to add to the proxy service tasks.

ProxyServiceName

string

Name of the proxy service.

ProxyConfigPath

string

Path in the service for the generated proxy configuration.

ProxyReplicas

unit

Number or proxy service replicas.

ProxyStopSignal

string

Stop signal for the proxy service. For example, SIGQUIT.

ProxyStopGracePeriod

string

Stop grace period for the proxy service in seconds. For example, 5s.

ProxyConstraints

[]string

One or more constraints to use when scheduling the proxy service. Set the variable to false, as it is currently set to true by default.

ProxyPlacementPreferences

[]string

One or more placement preferences to use when scheduling the proxy service.

ProxyUpdateDelay

string

Delay between rolling proxy container updates.

ServiceCluster

string

Name of the cluster that this extension serves.

PublishMode

string (ingress or host)

Publish mode that the proxy service uses.

PublishedPort

int

Port on which the proxy service serves non-SSL traffic.

PublishedSSLPort

int

Port on which the proxy service serves SSL traffic.

Template

int

Docker configuration object that is used as the extension template.

Config

config

Proxy configuration used by the extensions as described in this section.

HitlessServiceUpdate

bool

When set to true, services can be updated without restarting the proxy container.

ConfigImage

config

Name for the config service used by hitless service updates. For example, mirantis/ucp-interlock-config:3.2.1.

ConfigServiceName

config

Name of the config service. This name is equivalent to ProxyServiceName. For example, ucp-interlock-config.

Proxy configuration

Options are available to the extensions, and the extensions use the options needed for proxy service configuration. This provides overrides to the extension configuration.

Because Interlock passes the extension configuration directly to the extension, each extension has different configuration options available.

The default proxy service used by MKE to provide Layer 7 routing is NGINX. If users try to access a route that has not been configured, they will see the default NGINX 404 page.

You can customize this by labeling a service with com.docker.lb.default_backend=true. If users try to access a route that is not configured, they will be redirected to the custom service.

For details, see Create a proxy service.

See also

NGINX