Deploy services in separate service clusters¶
Note
The provided instruction is based on the presumption that certain prerequisites have been met:
You have an operational MKE cluster with at least two worker nodes (
mke-node-0
andmke-node-1
), to use as dedicated proxy servers for two independent Interlock service clusters.You have enabled Interlock with
80
as an HTTP port and8443
as an HTTPS port.
With your service clusters configured, you can now deploy services, routing
to them with your new proxy services using the service_cluster
label.
Create two example services:
docker service create --name demoeast \ --network eastnet \ --label com.docker.lb.hosts=demo.A \ --label com.docker.lb.port=8000 \ --label com.docker.lb.service_cluster=east \ training/whoami:latest docker service create --name demowest \ --network westnet \ --label com.docker.lb.hosts=demo.B \ --label com.docker.lb.port=8000 \ --label com.docker.lb.service_cluster=west \ training/whoami:latest
Ping your
whoami
service on themke-node-0
proxy server:curl -H "Host: demo.A" http://<mke-node-0 public IP>
The response contains the container ID of the
whoami
container declared by thedemoeast
service.The same
curl
command onmke-node-1
fails because that Interlock proxy only routes traffic to services with theservice_cluster=west
label, which are connected to thewestnet
Docker network that you listed in the configuration for that service cluster.Ping your
whoami
service on themke-node-1
proxy server:curl -H "Host: demo.B" http://<mke-node-1 public IP>
The service routed by
Host: demo.B
is only reachable through the Interlock proxy mapped to port 80 onmke-node-1
.