Deploy services in separate service clusters

Note

The provided instruction is based on the presumption that certain prerequisites have been met:

• You have an operational MKE cluster with at least two worker nodes (mke-node-0 and mke-node-1), to use as dedicated proxy servers for two independent Interlock service clusters.

• You have enabled Interlock with 80 as an HTTP port and 8443 as an HTTPS port.

With your service clusters configured, you can now deploy services, routing to them with your new proxy services using the service_cluster label.

1. Create two example services:

   docker service create --name demoeast \
   --network eastnet \
   --label com.docker.lb.hosts=demo.A \
   --label com.docker.lb.port=8000 \
   --label com.docker.lb.service_cluster=east \
   training/whoami:latest
   
   docker service create --name demowest \
   --network westnet \
   --label com.docker.lb.hosts=demo.B \
   --label com.docker.lb.port=8000 \
   --label com.docker.lb.service_cluster=west \
   training/whoami:latest
   

2. Ping your whoami service on the mke-node-0 proxy server:

   curl -H "Host: demo.A" http://<mke-node-0 public IP>
   

   The response contains the container ID of the whoami container declared by the demoeast service.

   The same curl command on mke-node-1 fails because that Interlock proxy only routes traffic to services with the service_cluster=west label, which are connected to the westnet Docker network that you listed in the configuration for that service cluster.

3. Ping your whoami service on the mke-node-1 proxy server:

   curl -H "Host: demo.B" http://<mke-node-1 public IP>
   

   The service routed by Host: demo.B is only reachable through the Interlock proxy mapped to port 80 on mke-node-1.