Load Balancing on worker node

Traefik Traefik v2
1

Hi all, currently learning Traefik, so maybe is a silly question.
I have a Swarm with 1 manager and 2 worker nodes, with floating ip (a vip address) that work without issue, if I create a service on master node it work fine, but if i constraint the replica over worker i cannot reach the service with the "floating" ip.
This is my conf so far (i know there are security issue but i'm trying to do a simple config with no https/tls):
traefik.yml

version: "3.2"

services:
  app:
    image: traefik:v2.9
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
      - target: 8080
        published: 8080
        protocol: tcp
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /mnt/docker_data/volumes/traefik/traefik.toml:/traefik.toml
      - /mnt/docker_data/volumes/traefik/traefik_dynamic.toml:/traefik_dynamic.toml
      - /mnt/docker_data/volumes/traefik/traefik.log:/traefik.log
    networks:
      - traefik_public
    deploy:
      mode: global
      labels:
        - "traefik.docker.network=traefik_public"
        - "traefik.http.routers.api.rule=Host(`docker-cl-vip.local`)"
        - "traefik.http.routers.api.entrypoints=http"
        - "traefik.http.routers.api.service=api@internal"
        - "traefik.http.services.dummy.loadbalancer.server.port=9999"
      placement:
        constraints: [node.role == manager]
networks:
  traefik_public:
    external: true

traefik.toml

[global]
  checkNewVersion = true

# Enable the Dashboard
[api]
  dashboard = true

# Write out Traefik logs
[log]
  level = "DEBUG"
  filePath = "/traefik.log"

[entryPoints.http]
  address = ":80"
  
[entryPoints.nginx]
  address = ":8092"

#[metrics]
[metrics.prometheus]
  entryPoint = "traefik" 
  buckets = [0.1,0.3,1.2,5.0]
  addEntryPointsLabels = true
  addServicesLabels = true
  addRoutersLabels = true

# Docker Traefik provider
[providers.docker]
  endpoint = "unix:///var/run/docker.sock"
  swarmMode = true
  watch = true

[providers.file]
  filename = "traefik_dynamic.toml"

nginx.yml

version: '3.2'

services: 
  nginx: 
    image: nginx:latest 
    networks:
      - traefik_public
    ports:
      - "8092:80"

    deploy:
      labels:
      - traefik.enable=true
      - traefik.docker.network=traefik_public

      - "traefik.tcp.routers.nginx.entrypoints=nginx"
      - "traefik.tcp.services.nginx.loadbalancer.server.port=8092"
      - "traefik.tcp.routers.nginx.rule=HostSNI(`*`)"
      - "providers.docker.useBindPortIP=true"

      mode: replicated
      replicas: 2

      placement:
        constraints: [node.role == worker]

networks:
  traefik_public:
    external: true

By the dashboards it seems everything ok

Screenshot_20230124_110954
Screenshot_20230124_1109541414×820 53.9 KB

Screenshot_20230124_110927
Screenshot_20230124_1109271436×800 43.8 KB

EDIT: firewall is disabled between the nodes

How I'm wrong?
Thanks in advance

2

Have you setup the floating IP on all nodes? Our hoster provides a floating IP and it has a GUI and API to assign it to different servers. Each server must be setup with the IP to be able to receive packets once the floating IP points to it.

It does not work to move the Traefik instance away from a Docker Swarm manager node, as the Traefik Docker Swarm Configuration Discovery only works on manager nodes.

docker service create \
  --constraint=node.role==manager \

Be aware that your Swarm is not fail-save when using only a single manager node, you should probably promote your two workers to managers, too.

Our hoster provides a load balancing service which we use instead of a floating IP. We have 3 Traefik instances running on 3 manager nodes, the LB forwards plain TCP/IP ports 80 and 443 to all Traefik nodes. With ProxyProtocol you still get the client IP, only LetsEncrypt is more complicated with multiple Traefik nodes.

3

Nice suggestion!
At the moment i have the floating ip configured with keepalived so the floating is assigned to 1 node only.
I will try to promote the node to manager and also figure out how to implement a different way to manage the floating.