Moby: docker swarm ๋ชจ๋“œ์—์„œ ์‚ฌ์šฉ์ž์˜ IP ์ฃผ์†Œ๋ฅผ ๊ฒ€์ƒ‰ํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค.

์— ๋งŒ๋“  2016๋…„ 08์›” 09์ผ  ยท  324์ฝ”๋ฉ˜ํŠธ  ยท  ์ถœ์ฒ˜: moby/moby

docker version ์ถœ๋ ฅ:

Client:
 Version:      1.12.0
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   8eab29e
 Built:        Thu Jul 28 22:00:36 2016
 OS/Arch:      linux/amd64

Server:
 Version:      1.12.0
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   8eab29e
 Built:        Thu Jul 28 22:00:36 2016
 OS/Arch:      linux/amd64

docker info ์ถœ๋ ฅ:

Containers: 155
 Running: 65
 Paused: 0
 Stopped: 90
Images: 57
Server Version: 1.12.0
Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 868
 Dirperm1 Supported: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: host overlay null bridge
Swarm: active
 NodeID: 0ddz27v59pwh2g5rr1k32d9bv
 Is Manager: true
 ClusterID: 32c5sn0lgxoq9gsl1er0aucsr
 Managers: 1
 Nodes: 1
 Orchestration:
  Task History Retention Limit: 5
 Raft:
  Snapshot interval: 10000
  Heartbeat tick: 1
  Election tick: 3
 Dispatcher:
  Heartbeat period: 5 seconds
 CA configuration:
  Expiry duration: 3 months
 Node Address: 172.31.24.209
Runtimes: runc
Default Runtime: runc
Security Options: apparmor
Kernel Version: 3.13.0-92-generic
Operating System: Ubuntu 14.04.4 LTS
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 31.42 GiB
Name: ip-172-31-24-209
ID: 4LDN:RTAI:5KG5:KHR2:RD4D:MV5P:DEXQ:G5RE:AZBQ:OPQJ:N4DK:WCQQ
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Username: panj
Registry: https://index.docker.io/v1/
WARNING: No swap limit support
Insecure Registries:
 127.0.0.0/8

์ถ”๊ฐ€ ํ™˜๊ฒฝ ์„ธ๋ถ€ ์ •๋ณด(AWS, VirtualBox, ๋ฌผ๋ฆฌ์  ๋“ฑ):

๋ฌธ์ œ๋ฅผ ์žฌํ˜„ํ•˜๋Š” ๋‹จ๊ณ„:

  1. ํฌํŠธ 80์„ ๊ฒŒ์‹œํ•˜๋Š” ๋‹ค์Œ ์„œ๋น„์Šค๋ฅผ ์‹คํ–‰ํ•˜์‹ญ์‹œ์˜ค.
docker service create \
--name debugging-simple-server \
--publish 80:3000 \
panj/debugging-simple-server
  1. http://<public-ip>/ ์—ฐ๊ฒฐํ•ด ๋ณด์„ธ์š”.

๋ฐ›์€ ๊ฒฐ๊ณผ๋ฅผ ์„ค๋ช…ํ•˜์‹ญ์‹œ์˜ค.
ip ๋„ header.x-forwarded-for ๋„ ์˜ฌ๋ฐ”๋ฅธ ์‚ฌ์šฉ์ž์˜ IP ์ฃผ์†Œ๊ฐ€ ์•„๋‹™๋‹ˆ๋‹ค.

์˜ˆ์ƒํ•œ ๊ฒฐ๊ณผ๋ฅผ ์„ค๋ช…ํ•˜์„ธ์š”.
ip ๋˜๋Š” header.x-forwarded-for ๋Š” ์‚ฌ์šฉ์ž์˜ IP ์ฃผ์†Œ์—ฌ์•ผ ํ•ฉ๋‹ˆ๋‹ค. ์˜ˆ์ƒ ๊ฒฐ๊ณผ๋Š” ๋…๋ฆฝํ˜• ๋„์ปค ์ปจํ…Œ์ด๋„ˆ docker run -d -p 80:3000 panj/debugging-simple-server ์‚ฌ์šฉํ•˜์—ฌ ๋ณด๊ด€ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๋‹ค์Œ ๋งํฌ๋ฅผ ํ†ตํ•ด ๋‘ ๊ฒฐ๊ณผ๋ฅผ ๋ชจ๋‘ ๋ณผ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
http://swarm.issue-25526.docker.takemetour.com :81/
http://container.issue-25526.docker.takemetour.com :82/

์ค‘์š”ํ•˜๋‹ค๊ณ  ์ƒ๊ฐํ•˜๋Š” ์ถ”๊ฐ€ ์ •๋ณด(์˜ˆ: ๋ฌธ์ œ๊ฐ€ ๊ฐ€๋” ๋ฐœ์ƒํ•จ):
์ด๊ฒƒ์€ global ๋ชจ๋“œ์™€ replicated ๋ชจ๋“œ ๋ชจ๋‘์—์„œ ๋ฐœ์ƒํ•ฉ๋‹ˆ๋‹ค.

์ด ๋ฌธ์ œ๋ฅผ ์‰ฝ๊ฒŒ ํ•ด๊ฒฐํ•  ์ˆ˜ ์žˆ๋Š” ๊ฒƒ์„ ๋†“์ณค๋Š”์ง€ ์ž˜ ๋ชจ๋ฅด๊ฒ ์Šต๋‹ˆ๋‹ค.

๊ทธ ๋™์•ˆ Swarm ๋ชจ๋“œ ์™ธ๋ถ€์—์„œ ํ”„๋ก์‹œ ์ปจํ…Œ์ด๋„ˆ๋ฅผ ์‹คํ–‰ํ•˜๋Š” ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์„ ์ˆ˜ํ–‰ํ•˜๊ณ  Swarm ๋ชจ๋“œ์—์„œ ๊ฒŒ์‹œ๋œ ํฌํŠธ๋กœ ์ „๋‹ฌํ•ด์•ผ ํ•œ๋‹ค๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค(SSL ์ข…๋ฃŒ๋„ ์ด ์ปจํ…Œ์ด๋„ˆ์—์„œ ์ˆ˜ํ–‰๋˜์–ด์•ผ ํ•จ). ์ด๋Š” Swarm์˜ ๋ชฉ์ ์„ ๊นจ๋œจ๋ฆฝ๋‹ˆ๋‹ค. ์ž๊ฐ€ ์น˜์œ  ๋ฐ ์˜ค์ผ€์ŠคํŠธ๋ ˆ์ด์…˜์„ ์œ„ํ•œ ๋ชจ๋“œ์ž…๋‹ˆ๋‹ค.

arenetworking areswarm kinenhancement statuneeds-attention versio1.12

๊ฐ€์žฅ ์œ ์šฉํ•œ ๋Œ“๊ธ€

๋˜ํ•œ ์—ฌ๋Ÿฌ ํ˜ธ์ŠคํŠธ์—์„œ syslog ๋ฉ”์‹œ์ง€๋ฅผ ์ˆ˜์ง‘ํ•˜๊ธฐ ์œ„ํ•ด swarm ๋ชจ๋“œ์—์„œ logstash๋ฅผ ์‹คํ–‰ํ•˜๋ ค๊ณ  ํ•  ๋•Œ ๋ฌธ์ œ๊ฐ€ ๋ฐœ์ƒํ–ˆ์Šต๋‹ˆ๋‹ค. logstash "ํ˜ธ์ŠคํŠธ" ํ•„๋“œ๋Š” ์—ฐ๊ฒฐ ํ˜ธ์ŠคํŠธ์˜ ์‹ค์ œ IP ๋Œ€์‹  ํ•ญ์ƒ 10.255.0.x๋กœ ๋‚˜ํƒ€๋‚ฉ๋‹ˆ๋‹ค. ์ด๊ฒƒ์€ ๋กœ๊ทธ ๋ฉ”์‹œ์ง€๊ฐ€ ์–ด๋Š ํ˜ธ์ŠคํŠธ์—์„œ ์˜ค๋Š”์ง€ ์•Œ ์ˆ˜ ์—†๊ธฐ ๋•Œ๋ฌธ์— ์™„์ „ํžˆ ์‚ฌ์šฉํ•  ์ˆ˜ ์—†๊ฒŒ ๋งŒ๋“ญ๋‹ˆ๋‹ค. ์†Œ์Šค IP ๋ณ€ํ™˜์„ ํ”ผํ•  ์ˆ˜ ์žˆ๋Š” ๋ฐฉ๋ฒ•์ด ์žˆ์Šต๋‹ˆ๊นŒ?

๋ชจ๋“  324 ๋Œ“๊ธ€

/ cc @aluzzardi @mrjana๊ฐ€ ๋ฌผ์—ˆ๋‹ค

@PanJ debug-simple-server๊ฐ€ ip ๊ฒฐ์ •ํ•˜๋Š” ๋ฐฉ๋ฒ•์— ๋Œ€ํ•œ ์„ธ๋ถ€ ์ •๋ณด๋ฅผ ๊ณต์œ ํ•ด ์ฃผ์‹œ๊ฒ ์Šต๋‹ˆ๊นŒ? ๋˜ํ•œ ์„œ๋น„์Šค๊ฐ€ ์—ฌ๋Ÿฌ ํ˜ธ์ŠคํŠธ(๋˜๋Š” ์ „์—ญ ๋ชจ๋“œ)์—์„œ 2๊ฐœ ์ด์ƒ์˜ ๋ณต์ œ๋ณธ์œผ๋กœ ํ™•์žฅ๋˜๋Š” ๊ฒฝ์šฐ ์˜ˆ์ƒ๋˜๋Š” ์‚ฌํ•ญ์€ ๋ฌด์—‡์ž…๋‹ˆ๊นŒ?

@mavenugo net ๋ชจ๋“ˆ์—์„œ ๋…ธ๋“œ์˜ remoteAddress ๋ฅผ ์‚ฌ์šฉํ•˜๋Š” koa ์˜ ์š”์ฒญ ๊ฐ์ฒด์ž…๋‹ˆ๋‹ค. ๊ฒฐ๊ณผ๋Š” ์›๊ฒฉ ์ฃผ์†Œ๋ฅผ ๊ฒ€์ƒ‰ํ•  ์ˆ˜ ์žˆ๋Š” ๋‹ค๋ฅธ ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ์— ๋Œ€ํ•ด ๋™์ผํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

ip ํ•„๋“œ๋Š” ๊ตฌ์„ฑ์— ๊ด€๊ณ„์—†์ด ํ•ญ์ƒ ์›๊ฒฉ ์ฃผ์†Œ์—ฌ์•ผ ํ•ฉ๋‹ˆ๋‹ค.

@PanJ ์—ฌ์ „ํžˆ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์„ ์‚ฌ์šฉํ•˜๊ฑฐ๋‚˜ ๋” ๋‚˜์€ ์†”๋ฃจ์…˜์„ ์ฐพ์•˜์Šต๋‹ˆ๊นŒ?

@PanJ ์•ฑ์„ ๋…๋ฆฝ ์‹คํ–‰ํ˜• ์ปจํ…Œ์ด๋„ˆ๋กœ ์‹คํ–‰ํ•  ๋•Œ..

docker run -it --rm -p 80:3000 --name test panj/debugging-simple-server

๋‹ค๋ฅธ ํ˜ธ์ŠคํŠธ์—์„œ ๊ฒŒ์‹œ๋œ ํฌํŠธ์— ์•ก์„ธ์Šคํ•ฉ๋‹ˆ๋‹ค.

vagrant@net-1:~$ curl 192.168.33.12
{"method":"GET","url":"/","header":{"user-agent":"curl/7.38.0","host":"192.168.33.12","accept":"*/*"},"ip":"::ffff:192.168.33.11","ips":[]}
vagrant@net-1:~$

192.168.33.11์€ ๋‚ด๊ฐ€ curl์„ ์‹คํ–‰ ์ค‘์ธ ํ˜ธ์ŠคํŠธ์˜ IP์ž…๋‹ˆ๋‹ค. ์ด๊ฒƒ์ด ์˜ˆ์ƒ๋œ ๋™์ž‘์ž…๋‹ˆ๊นŒ?

@sanimej ์˜ˆ, ์Šค์›œ ๋ชจ๋“œ์—์„œ๋„ ์˜ˆ์ƒ๋˜๋Š” ๋™์ž‘์ž…๋‹ˆ๋‹ค.

@marech ์ €๋Š” ์—ฌ์ „ํžˆ ๋…๋ฆฝ ์‹คํ–‰ํ˜• ์ปจํ…Œ์ด๋„ˆ๋ฅผ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์œผ๋กœ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ๋Š”๋ฐ ์ž˜ ์ž‘๋™ํ•ฉ๋‹ˆ๋‹ค.

์ œ ๊ฒฝ์šฐ์—๋Š” 2๊ฐœ์˜ nginx ์ธ์Šคํ„ด์Šค, ๋…๋ฆฝ ์‹คํ–‰ํ˜• ๋ฐ Swarm ์ธ์Šคํ„ด์Šค๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค. SSL ์ข…๋ฃŒ ๋ฐ ์—ญ๋ฐฉํ–ฅ ํ”„๋ก์‹œ๋Š” ๋…๋ฆฝ ์‹คํ–‰ํ˜• nginx์—์„œ ์ˆ˜ํ–‰๋ฉ๋‹ˆ๋‹ค. Swarm ์ธ์Šคํ„ด์Šค๋Š” ์š”์ฒญ ํ˜ธ์ŠคํŠธ๋ฅผ ๊ธฐ๋ฐ˜์œผ๋กœ ๋‹ค๋ฅธ ์„œ๋น„์Šค๋กœ ๋ผ์šฐํŒ…ํ•˜๋Š” ๋ฐ ์‚ฌ์šฉ๋ฉ๋‹ˆ๋‹ค.

@PanJ ์ปจํ…Œ์ด๋„ˆ์˜ ๊ฒŒ์‹œ๋œ ํฌํŠธ์— ์•ก์„ธ์Šคํ•˜๋Š” ๋ฐฉ์‹์€ swarm ๋ชจ๋“œ์—์„œ ๋‹ค๋ฆ…๋‹ˆ๋‹ค. Swarm ๋ชจ๋“œ์—์„œ๋Š” ํด๋Ÿฌ์Šคํ„ฐ์˜ ๋ชจ๋“  ๋…ธ๋“œ์—์„œ ์„œ๋น„์Šค์— ์—ฐ๊ฒฐํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์ด๋ฅผ ์šฉ์ดํ•˜๊ฒŒ ํ•˜๊ธฐ ์œ„ํ•ด ์šฐ๋ฆฌ๋Š” ingress ๋„คํŠธ์›Œํฌ๋ฅผ ํ†ตํ•ด ๋ผ์šฐํŒ…ํ•ฉ๋‹ˆ๋‹ค. 10.255.0.x ๋Š” ๊ฒŒ์‹œ๋œ ํฌํŠธ์— ์—ฐ๊ฒฐํ•˜๋ ค๋Š” ํด๋Ÿฌ์Šคํ„ฐ์˜ ํ˜ธ์ŠคํŠธ์— ์žˆ๋Š” ingress ๋„คํŠธ์›Œํฌ ์ธํ„ฐํŽ˜์ด์Šค์˜ ์ฃผ์†Œ์ž…๋‹ˆ๋‹ค.

@sanimej ๋ฌธ์ œ๋ฅผ ํŒŒํ—ค

์ˆ˜์ • ์‚ฌํ•ญ์„ ๊ตฌํ˜„ํ•˜๋Š” ๋ฐฉ๋ฒ•์— ๋Œ€ํ•œ ์ง€์‹์ด ์ œํ•œ์ ์ž…๋‹ˆ๋‹ค. ์†Œ์Šค IP ์ฃผ์†Œ๋ฅผ ๋ณ€๊ฒฝํ•˜์ง€ ์•Š๋Š” ํŠน์ˆ˜ํ•œ ์œ ํ˜•์˜ ๋„คํŠธ์›Œํฌ์ผ ์ˆ˜ ์žˆ์Šต๋‹ˆ๊นŒ?

Rancher๋Š” Docker swarm ๋ชจ๋“œ์™€ ์œ ์‚ฌํ•˜๋ฉฐ ์˜ˆ์ƒ๋˜๋Š” ๋™์ž‘์ด ์žˆ๋Š” ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. ์–ด์ฉŒ๋ฉด ์‹œ์ž‘ํ•˜๊ธฐ์— ์ข‹์€ ๊ณณ์ผ ์ˆ˜๋„ ์žˆ์Šต๋‹ˆ๋‹ค.

@sanimej ์ข‹์€ ์•„์ด๋””์–ด๋Š” ๊ฐ€๋Šฅํ•œ ๊ฒฝ์šฐ ๋ชจ๋“  IP๋ฅผ X-Forwarded-For ํ—ค๋”์— ์ถ”๊ฐ€ํ•  ์ˆ˜ ์žˆ์œผ๋ฉด ๋ชจ๋“  ์ฒด์ธ์„ ๋ณผ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

@PanJ ํ , ๊ทธ๋ฆฌ๊ณ  nignx ๋…๋ฆฝ ์‹คํ–‰ํ˜• ์ปจํ…Œ์ด๋„ˆ๊ฐ€ ์„œ๋น„์Šค ์ด๋ฆ„ ๋˜๋Š” IP๋ฅผ ํ†ตํ•ด swarm ์ธ์Šคํ„ด์Šค์™€ ํ†ต์‹ ํ•˜๋Š” ๋ฐฉ๋ฒ•์€ ๋ฌด์—‡์ž…๋‹ˆ๊นŒ? ์Šค์›œ ์ธ์Šคํ„ด์Šค์— ์ „๋‹ฌํ•˜๋Š” nginx ๊ตฌ์„ฑ ๋ถ€๋ถ„์„ ๊ณต์œ ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

@marech ๋…๋ฆฝ ์‹คํ–‰ํ˜• ์ปจํ…Œ์ด๋„ˆ๋Š” 80 ํฌํŠธ๋ฅผ ์ˆ˜์‹  ๋Œ€๊ธฐํ•œ ๋‹ค์Œ localhost:8181 ๋กœ ํ”„๋ก์‹œํ•ฉ๋‹ˆ๋‹ค.

server {
  listen 80 default_server;
  location / {
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_pass          http://localhost:8181;
    proxy_read_timeout  90;
  }
}

SSL ์ข…๋ฃŒ๋ฅผ ์ˆ˜ํ–‰ํ•ด์•ผ ํ•˜๋Š” ๊ฒฝ์šฐ 443 ํฌํŠธ๋ฅผ ์ˆ˜์‹ ํ•˜๋Š” ๋‹ค๋ฅธ ์„œ๋ฒ„ ๋ธ”๋ก์„ ์ถ”๊ฐ€ํ•œ ๋‹ค์Œ SSL ์ข…๋ฃŒ ๋ฐ ํ”„๋ก์‹œ๋„ localhost:8181 ๋กœ ์ˆ˜ํ–‰ํ•ฉ๋‹ˆ๋‹ค.

Swarm ๋ชจ๋“œ์˜ nginx๋Š” 8181:80 ๊ฒŒ์‹œํ•˜๊ณ  ์š”์ฒญ ํ˜ธ์ŠคํŠธ๋ฅผ ๊ธฐ๋ฐ˜์œผ๋กœ ๋‹ค๋ฅธ ์„œ๋น„์Šค๋กœ ๋ผ์šฐํŒ…ํ•ฉ๋‹ˆ๋‹ค.

server {
  listen 80;
  server_name your.domain.com;
  location / {
    proxy_pass          http://your-service:80;
    proxy_set_header Host $host;
    proxy_read_timeout  90;
  }
}

server {
  listen 80;
  server_name another.domain.com;
  location / {
    proxy_pass          http://another-service:80;
    proxy_set_header Host $host;
    proxy_read_timeout  90;
  }
}

์šฐ๋ฆฌ์˜ ๊ฒฝ์šฐ API RateLimit ๋ฐ ๊ธฐํƒ€ ๊ธฐ๋Šฅ์€ ์‚ฌ์šฉ์ž์˜ IP ์ฃผ์†Œ์— ๋”ฐ๋ผ ๋‹ค๋ฆ…๋‹ˆ๋‹ค. ์Šค์›œ ๋ชจ๋“œ์—์„œ ๋ฌธ์ œ๋ฅผ ๊ฑด๋„ˆ๋›ธ ์ˆ˜ ์žˆ๋Š” ๋ฐฉ๋ฒ•์ด ์žˆ์Šต๋‹ˆ๊นŒ?

๋˜ํ•œ ์—ฌ๋Ÿฌ ํ˜ธ์ŠคํŠธ์—์„œ syslog ๋ฉ”์‹œ์ง€๋ฅผ ์ˆ˜์ง‘ํ•˜๊ธฐ ์œ„ํ•ด swarm ๋ชจ๋“œ์—์„œ logstash๋ฅผ ์‹คํ–‰ํ•˜๋ ค๊ณ  ํ•  ๋•Œ ๋ฌธ์ œ๊ฐ€ ๋ฐœ์ƒํ–ˆ์Šต๋‹ˆ๋‹ค. logstash "ํ˜ธ์ŠคํŠธ" ํ•„๋“œ๋Š” ์—ฐ๊ฒฐ ํ˜ธ์ŠคํŠธ์˜ ์‹ค์ œ IP ๋Œ€์‹  ํ•ญ์ƒ 10.255.0.x๋กœ ๋‚˜ํƒ€๋‚ฉ๋‹ˆ๋‹ค. ์ด๊ฒƒ์€ ๋กœ๊ทธ ๋ฉ”์‹œ์ง€๊ฐ€ ์–ด๋Š ํ˜ธ์ŠคํŠธ์—์„œ ์˜ค๋Š”์ง€ ์•Œ ์ˆ˜ ์—†๊ธฐ ๋•Œ๋ฌธ์— ์™„์ „ํžˆ ์‚ฌ์šฉํ•  ์ˆ˜ ์—†๊ฒŒ ๋งŒ๋“ญ๋‹ˆ๋‹ค. ์†Œ์Šค IP ๋ณ€ํ™˜์„ ํ”ผํ•  ์ˆ˜ ์žˆ๋Š” ๋ฐฉ๋ฒ•์ด ์žˆ์Šต๋‹ˆ๊นŒ?

์ด ๋ฌธ์ œ์— ๋Œ€ํ•œ ์†”๋ฃจ์…˜์€ +1์ž…๋‹ˆ๋‹ค.

์‚ฌ์šฉ์ž์˜ IP๋ฅผ ๊ฒ€์ƒ‰ํ•  ์ˆ˜ ์žˆ๋Š” ๊ธฐ๋Šฅ์ด ์—†์œผ๋ฉด Prometheus์™€ ๊ฐ™์€ ๋ชจ๋‹ˆํ„ฐ๋ง ์†”๋ฃจ์…˜์„ ์‚ฌ์šฉํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค.

์•„๋งˆ๋„ ์—ฌ๊ธฐ์„œ ๋ฆฌ๋ˆ…์Šค ์ปค๋„ IPVS ๊ธฐ๋Šฅ์ด ์œ ์šฉํ•  ๊ฒƒ์ž…๋‹ˆ๋‹ค. ์‚ฌ์šฉ์ž ๊ณต๊ฐ„์—์„œ ์—ฐ๊ฒฐ์ด ํ”„๋ก์‹œ๋˜๊ธฐ ๋•Œ๋ฌธ์— IP ๋ณ€๊ฒฝ์ด ๋ฐœ์ƒํ•˜๊ณ  ์žˆ๋‹ค๊ณ  ์ถ”์ธกํ•ฉ๋‹ˆ๋‹ค. ๋ฐ˜๋ฉด์— IPVS๋Š” ์†Œ์Šค IP ์ฃผ์†Œ๋ฅผ ๋ณ€๊ฒฝํ•˜์ง€ ์•Š๊ณ  ์ปค๋„ ๊ณต๊ฐ„์—์„œ ์š”์ฒญ์„ ๋ฆฌ๋””๋ ‰์…˜ํ•˜๊ณ  ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. IPVS๋Š” ๋‹ค๋ฅธ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑ ์•Œ๊ณ ๋ฆฌ์ฆ˜, ์œ ๋™ IP ์ฃผ์†Œ ๋ฐ ์ง์ ‘ ๋ผ์šฐํŒ…๊ณผ ๊ฐ™์€ ๊ณ ๊ธ‰ ๊ธฐ๋Šฅ์„ ๊ตฌ์ถ•ํ•˜๋Š” ๋ฐ์—๋„ ์œ ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

์ €์—๊ฒŒ๋Š” ๊ฐ€์ƒ IP์™€ ์—”๋“œํฌ์ธํŠธ๊ฐ€ ์†ํ•œ ์„œ๋ฒ„์˜ IP ์‚ฌ์ด์˜ ๊ด€๊ณ„๋ฅผ ์–ด๋–ป๊ฒŒ๋“  ์•Œ ์ˆ˜ ์žˆ๋‹ค๋ฉด ์ถฉ๋ถ„ํ•  ๊ฒƒ์ž…๋‹ˆ๋‹ค. ์ด๋ ‡๊ฒŒ ํ•˜๋ฉด Prometheus๊ฐ€ ์ผ๋ถ€ ๊ฐ€์ƒ IP์™€ ๊ด€๋ จ๋œ ๊ฒฝ๊ณ ๋ฅผ ๋ณด๋‚ผ ๋•Œ ์˜ํ–ฅ์„ ๋ฐ›๋Š” ์„œ๋ฒ„๊ฐ€ ๋ฌด์—‡์ธ์ง€ ์•Œ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์ข‹์€ ํ•ด๊ฒฐ์ฑ…์€ ์•„๋‹ˆ์ง€๋งŒ ์—†๋Š” ๊ฒƒ๋ณด๋‹ค๋Š” ๋‚˜์„ ๊ฒƒ์ž…๋‹ˆ๋‹ค.

@vfarcic ๋‚˜๋Š” ๊ทธ๊ฒƒ์ด ์ง€๊ธˆ ์ž‘๋™ํ•˜๋Š” ๋ฐฉ์‹์œผ๋กœ ๊ฐ€๋Šฅํ•˜๋‹ค๊ณ  ์ƒ๊ฐํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ๋ชจ๋“  ํด๋ผ์ด์–ธํŠธ ์—ฐ๊ฒฐ์€ ๋™์ผํ•œ IP์—์„œ ๋‚˜์˜ค๋ฏ€๋กœ ๋‹ค์‹œ ๋ณ€ํ™˜ํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค. ์ž‘๋™ํ•˜๋Š” ์œ ์ผํ•œ ๋ฐฉ๋ฒ•์€ ์—ฐ๊ฒฐ์˜ ํ”„๋ก์‹œ/nat๋ฅผ ์ˆ˜ํ–‰ํ•˜๋Š” ๊ฒƒ์ด ํƒ€์ž„์Šคํƒฌํ”„, ์†Œ์Šค IP ๋ฐ ์†Œ์Šค ํฌํŠธ์™€ ํ•จ๊ป˜ ์—ฐ๊ฒฐ ๋กœ๊ทธ๋ฅผ ์ €์žฅํ•œ ๊ฒฝ์šฐ์ž…๋‹ˆ๋‹ค. ๊ทธ๋ ‡๋”๋ผ๋„ ์†Œ์Šค IP๊ฐ€ ํ•„์š”ํ•œ ๋Œ€๋ถ€๋ถ„์˜ ์‚ฌ์šฉ ์‚ฌ๋ก€์—์„œ๋Š” ๋ณ„๋กœ ๋„์›€์ด ๋˜์ง€ ์•Š์„ ๊ฒƒ์ž…๋‹ˆ๋‹ค.

์‚ฌ์šฉ ์‚ฌ๋ก€๋ฅผ ์ž˜ ์„ค๋ช…ํ•˜์ง€ ๋ชปํ–ˆ์„ ๊ฒƒ์ž…๋‹ˆ๋‹ค.

Swarm ๊ธ€๋กœ๋ฒŒ ์„œ๋น„์Šค๋กœ ์‹คํ–‰๋˜๋Š” ๋‚ด๋ณด๋‚ด๊ธฐ๋ฅผ ์Šคํฌ๋žฉํ•˜๋„๋ก ๊ตฌ์„ฑ๋œ Prometheus๋ฅผ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค. ์ž‘์—…์„ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค.๋ชจ๋“  ๋ณต์ œ๋ณธ์˜ IP๋ฅผ ๊ฐ€์ ธ์˜ต๋‹ˆ๋‹ค. ๋”ฐ๋ผ์„œ ์„œ๋น„์Šค๋ฅผ ์‚ฌ์šฉํ•˜์ง€ ์•Š๊ณ  ๋ณต์ œ๋ณธ ๋์ (๋ถ€ํ•˜ ๋ถ„์‚ฐ ์—†์Œ)์„ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค. ๋‚ด๊ฐ€ ํ•„์š”ํ•œ ๊ฒƒ์€ ๊ฐ๊ฐ์˜ ๋ณต์ œ IP๊ฐ€ ๋‚˜์˜ค๋Š” ๋…ธ๋“œ์˜ IP๋ฅผ ์–ด๋–ป๊ฒŒ๋“  ์•Œ์•„๋‚ด๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.

๋ฐฉ๊ธˆ "๋„์ปค ๋„คํŠธ์›Œํฌ ๊ฒ€์‚ฌ"๋Š” ๋‹จ์ผ ๋…ธ๋“œ์˜ ์ปจํ…Œ์ด๋„ˆ ๋ฐ IPv4 ์ฃผ์†Œ์— ๋Œ€ํ•œ ์ •๋ณด๋ฅผ ์ œ๊ณตํ•ฉ๋‹ˆ๋‹ค. ๋…ธ๋“œ์™€ ํ•จ๊ป˜ ๋„คํŠธ์›Œํฌ์˜ ํด๋Ÿฌ์Šคํ„ฐ ์ „์ฒด ์ •๋ณด๊ฐ€ ์žˆ๋„๋ก ํ™•์žฅํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๊นŒ?

๋‹ค์Œ๊ณผ ๊ฐ™์€ ๊ฒƒ:

       "Containers": {
            "57bc4f3d826d4955deb32c3b71550473e55139a86bef7d5e584786a3a5fa6f37": {
                "Name": "cadvisor.0.8d1s6qb63xdir22xyhrcjhgsa",
                "EndpointID": "084a032fcd404ae1b51f33f07ffb2df9c1f9ec18276d2f414c2b453fc8e85576",
                "MacAddress": "02:42:0a:00:00:1e",
                "IPv4Address": "10.0.0.30/24",
                "IPv6Address": "",
                "Node": "swarm-4"
            },
...

"๋…ธ๋“œ"์˜ ์ถ”๊ฐ€์— ์œ ์˜ํ•˜์‹ญ์‹œ์˜ค.

--filter ์ธ์ˆ˜๊ฐ€ ์ถ”๊ฐ€๋œ ๋‹จ์ผ ๋…ธ๋“œ๋ฟ๋งŒ ์•„๋‹ˆ๋ผ ์ „์ฒด ํด๋Ÿฌ์Šคํ„ฐ์— ๋Œ€ํ•ด ์ด๋Ÿฌํ•œ ์ •๋ณด๋ฅผ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋‹ค๋ฉด ์ปจํ…Œ์ด๋„ˆ IPv4 ์ฃผ์†Œ์™€ ๋งˆ๋””. ๊ทธ๊ฒƒ์€ ํ›Œ๋ฅญํ•œ ํ•ด๊ฒฐ์ฑ…์€ ์•„๋‹ˆ์ง€๋งŒ ์—ฌ์ „ํžˆ ์—†๋Š” ๊ฒƒ๋ณด๋‹ค ๋‚ซ์Šต๋‹ˆ๋‹ค. ํ˜„์žฌ Prometheus๊ฐ€ ๋ฌธ์ œ๋ฅผ ๊ฐ์ง€ํ•˜๋ฉด ์ฃผ์†Œ์˜ ์œ„์น˜๋ฅผ โ€‹โ€‹์ฐพ์„ ๋•Œ๊นŒ์ง€ ๊ฐ ๋…ธ๋“œ์—์„œ "docker network inspect"๋ฅผ ์‹คํ–‰ํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

์ˆ˜์‹  ๋„คํŠธ์›Œํฌ๊ฐ€ IPVS๋ฅผ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ๋‹ค๋Š” ์  ์„ ๊ฐ์•ˆํ•  ๋•Œ

์†”๋ฃจ์…˜์€ HTTP๋ฅผ ๊ธฐ๋ฐ˜์œผ๋กœ ํ•˜์ง€ ์•Š๋Š” ๋ชจ๋“  ์„œ๋น„์Šค๊ฐ€ ์—ฌ์ „ํžˆ ์ œ๋Œ€๋กœ ์ž‘๋™ํ•  ์ˆ˜ ์žˆ๋„๋ก IP ์ˆ˜์ค€์—์„œ ์ž‘๋™ํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค(http ํ—ค๋”์— ์˜์กดํ•  ์ˆ˜ ์—†์Œ...).

๊ทธ๋ฆฌ๊ณ  ์ด๊ฒƒ์ด ์–ผ๋งˆ๋‚˜ ์ค‘์š”ํ•œ์ง€ ๊ฐ•์กฐํ•˜์ง€ ์•Š์„ ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค. ๊ทธ๊ฒƒ ์—†์ด๋Š” ์Šค์›œ ๋ชจ๋“œ์—์„œ ์ „ํ˜€ ์ž‘๋™ํ•  ์ˆ˜ ์—†๋Š” ๋งŽ์€ ์„œ๋น„์Šค๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.

์ด๊ฒƒ์ด HaProxy๊ฐ€ ์ด ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜๋Š” ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค. http://blog.haproxy.com/2012/06/05/preserve-source-ip-address-despite-reverse-proxys/

@kobolog ๋Š” ๋ฐํž ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

๋ชฉ๋ก์— ๋‚˜๋ฅผ ์ถ”๊ฐ€ํ•˜๋Š” ๊ฒƒ๋ฟ์ž…๋‹ˆ๋‹ค. ์ €๋Š” logstash๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ syslog ๋ฉ”์‹œ์ง€๋ฅผ ์ˆ˜๋ฝํ•˜๊ณ  ์žˆ์œผ๋ฉฐ ํ˜ธ์ŠคํŠธ IP๊ฐ€ 10.255.0.4๋กœ ์„ค์ •๋œ Elasticsearch๋กœ ๋ชจ๋‘ ํ‘ธ์‹œ๋˜์–ด ์‚ฌ์šฉํ•  ์ˆ˜ ์—†๊ฒŒ ๋˜๋ฉฐ ์ปจํ…Œ์ด๋„ˆํ™”๋˜์ง€ ์•Š์€ logstash ๋ฐฐํฌ๋กœ ๋˜๋Œ๋ ค์•ผ ํ•ฉ๋‹ˆ๋‹ค. ์ด์— ๋Œ€ํ•œ ์ˆ˜์ • ์‚ฌํ•ญ์ด ์—†๋Š” ๊ฒฝ์šฐ.

@mrjana ๋‹น์‹ ์ด ์ด ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•ด์•ผ ํ–ˆ๋˜ ์ œ์•ˆ์„ ์ถ”๊ฐ€ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๊นŒ?

IPVS๋Š” HTTP ๊ณ„์ธต์—์„œ ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•  ์ˆ˜ ์žˆ๋Š” ์‚ฌ์šฉ์ž ๊ณต๊ฐ„ ์—ญ๋ฐฉํ–ฅ ํ”„๋ก์‹œ๊ฐ€ ์•„๋‹™๋‹ˆ๋‹ค. ์ด๊ฒƒ์ด HAProxy์™€ ๊ฐ™์€ ์‚ฌ์šฉ์ž ๊ณต๊ฐ„ ํ”„๋ก์‹œ์™€ ์ด๊ฒƒ์˜ ์ฐจ์ด์ ์ž…๋‹ˆ๋‹ค. HAProxy๋ฅผ ์‚ฌ์šฉํ•˜๋ ค๋ฉด ํด๋Ÿฌ์Šคํ„ฐ์— HAProxy๋ฅผ ๋ฐฐ์น˜ํ•˜๊ณ  ๋ชจ๋“  ์„œ๋น„์Šค ์ธ์Šคํ„ด์Šค์™€ HAProxy๊ฐ€ ๋™์ผํ•œ ๋„คํŠธ์›Œํฌ์— ์ฐธ์—ฌํ•˜๋„๋ก ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋ ‡๊ฒŒ ํ•˜๋ฉด HAProxy๊ฐ€ HTTP header.x-forwarded-for ์ˆ˜์ •ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๋˜๋Š” L7 ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๊ฐ€ ํด๋Ÿฌ์Šคํ„ฐ ์™ธ๋ถ€์— ์žˆ๋Š” ๊ฒฝ์šฐ ์„œ๋น„์Šค์˜ ๊ฐœ๋ณ„ ์ธ์Šคํ„ด์Šค๋ฅผ ๊ฐ๊ฐ ๋…ธ์ถœํ•˜๋Š” Host PublishMode๋ผ๋Š” ์ƒˆ๋กœ์šด PublishMode ๋Œ€ํ•ด ์˜ˆ์ •๋œ(1.13์˜) ๊ธฐ๋Šฅ์„ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์ž์ฒด ๊ฐœ๋ณ„ ํฌํŠธ์— ์žˆ์œผ๋ฉฐ ์™ธ๋ถ€ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๊ฐ€ ํ•ด๋‹น ํฌํŠธ๋ฅผ ๊ฐ€๋ฆฌํ‚ค๋„๋ก ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

@mrjana IPVS๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ์ „์ฒด ์•„์ด๋””์–ด(ํ˜„์žฌ ๋„์ปค๊ฐ€ Swarm ๋ชจ๋“œ์—์„œ ์ˆ˜ํ–‰ํ•˜๋Š” ์ž‘์—… ๋Œ€์‹ )๋Š”

@dack ๋‚ด ์ดํ•ด๋Š” Docker ์ˆ˜์‹  ๋„คํŠธ์›Œํฌ๊ฐ€ ์ด๋ฏธ IPVS๋ฅผ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ๋‹ค๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.

HAProxy๋ฅผ ์‚ฌ์šฉํ•˜๋ ค๋ฉด ํด๋Ÿฌ์Šคํ„ฐ์— HAProxy๋ฅผ ๋ฐฐ์น˜ํ•˜๊ณ  ๋ชจ๋“  ์„œ๋น„์Šค ์ธ์Šคํ„ด์Šค์™€ HAProxy๊ฐ€ ๋™์ผํ•œ ๋„คํŠธ์›Œํฌ์— ์ฐธ์—ฌํ•˜๋„๋ก ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋ ‡๊ฒŒ ํ•˜๋ฉด HAProxy๊ฐ€ HTTP header.x-forwarded-for๋ฅผ ์ˆ˜์ •ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

@mrjana๋„ ์ž‘๋™ํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. HAProxy๊ฐ€ ํด๋ผ์ด์–ธํŠธ IP๋ฅผ ์–ป๋Š” ์œ ์ผํ•œ ๋ฐฉ๋ฒ•์€ docker run์„ ์‚ฌ์šฉํ•˜์—ฌ ์ˆ˜์‹  ๋„คํŠธ์›Œํฌ ์™ธ๋ถ€์—์„œ ์‹คํ–‰ํ•˜๊ฑฐ๋‚˜ ํ˜ธ์ŠคํŠธ์—์„œ ์ง์ ‘ ์‹คํ–‰ํ•˜๋Š” ๊ฒƒ์ด์ง€๋งŒ ๋‹ค๋ฅธ ๋„คํŠธ์›Œํฌ์— ์žˆ๊ธฐ ๋•Œ๋ฌธ์— ์„œ๋น„์Šค๋ฅผ ์‚ฌ์šฉํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค. ์•ก์„ธ์Šคํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค.

๊ฐ„๋‹จํžˆ ๋งํ•ด์„œ, ๋‚ด๊ฐ€ ์•„๋Š” ํ•œ ๋„์ปค ์„œ๋น„์Šค์™€ ์Šค์›œ ๋ชจ๋“œ๋ฅผ ์‚ฌ์šฉํ•˜์ž๋งˆ์ž ์ด๋ฅผ ์ฒ˜๋ฆฌํ•  ๋ฐฉ๋ฒ•์ด ์ „ํ˜€ ์—†์Šต๋‹ˆ๋‹ค.

docker ingress ๋„คํŠธ์›Œํฌ์˜ ์ž‘์„ฑ์ž๊ฐ€ IPVS๊ฐ€ ๋‚ด๋ถ€์—์„œ ์–ด๋–ป๊ฒŒ ๊ตฌ์„ฑ/์ž‘๋™๋˜๋Š”์ง€(IPVS์— ๋Œ€ํ•œ ๋งŽ์€ ๋ชจ๋“œ๊ฐ€ ์žˆ์Œ) ๋ฐ ์šฐ๋ฆฌ๊ฐ€ ์ˆ˜์ •ํ•  ์ˆ˜ ์žˆ๋Š” ๋ฐฉ๋ฒ•์— ๋Œ€ํ•œ ํ†ต์ฐฐ๋ ฅ์„ ๊ฐ€์งˆ ์ˆ˜ ์žˆ์œผ๋ฏ€๋กœ ํ† ๋ก ์— ์ฐธ์—ฌํ•  ์ˆ˜ ์žˆ๋‹ค๋ฉด ํฅ๋ฏธ๋กœ์šธ ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๋ฌธ์ œ.

@tlvenn ์ด๊ฒƒ์ด ์†Œ์Šค ์ฝ”๋“œ์˜ ์–ด๋””์— ์žˆ๋Š”์ง€ ์•Œ๊ณ  ์žˆ์Šต๋‹ˆ๊นŒ? ๋‚ด๊ฐ€ ํ‹€๋ฆด ์ˆ˜ ์žˆ์ง€๋งŒ ๋‚ด๊ฐ€ ๊ด€์ฐฐ ํ•œ ๋ช‡ ๊ฐ€์ง€ ์‚ฌํ•ญ์„ ๊ธฐ๋ฐ˜์œผ๋กœ IPVS๋ฅผ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ๋‹ค๊ณ  ์ƒ๊ฐํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

  • ์†Œ์Šค ํฌํŠธ๊ฐ€ ๋ฒˆ์—ญ๋˜์—ˆ์Šต๋‹ˆ๋‹ค(์ด ๋ฌธ์ œ์˜ ์ „์ฒด ์ด์œ ). IPVS๋Š” ์ด๊ฒƒ์„ ํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. NAT ๋ชจ๋“œ์—์„œ๋„ ๋ชฉ์ ์ง€ ์ฃผ์†Œ๋งŒ ๋ณ€ํ™˜ํ•ฉ๋‹ˆ๋‹ค. ๊ธฐ๋ณธ ๊ฒฝ๋กœ ๋˜๋Š” ์ •์ฑ… ๋ผ์šฐํŒ…์„ ์‚ฌ์šฉํ•˜์—ฌ ๋ฐ˜ํ™˜ ํŒจํ‚ท์„ IPVS ํ˜ธ์ŠคํŠธ๋กœ ๋‹ค์‹œ ๋ณด๋‚ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.
  • ํฌํŠธ๊ฐ€ Swarm ๋ชจ๋“œ๋กœ ๊ฒŒ์‹œ๋˜๋ฉด Swarm์˜ ๋ชจ๋“  dockerd ์ธ์Šคํ„ด์Šค๊ฐ€ ๊ฒŒ์‹œ๋œ ํฌํŠธ์—์„œ ์ˆ˜์‹  ๋Œ€๊ธฐํ•ฉ๋‹ˆ๋‹ค. IPVS๊ฐ€ ์‚ฌ์šฉ๋œ ๊ฒฝ์šฐ ์ปค๋„ ๊ณต๊ฐ„์—์„œ ๋ฐœ์ƒํ•˜๊ณ  dockerd๋Š” ํฌํŠธ์—์„œ ์ˆ˜์‹  ๋Œ€๊ธฐํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

์•ˆ๋…•ํ•˜์„ธ์š” @dack ๋‹˜

๋ธ”๋กœ๊ทธ์—์„œ:

๋‚ด๋ถ€์ ์œผ๋กœ ์šฐ๋ฆฌ๋Š” 15๋…„ ์ด์ƒ Linux ์ปค๋„์— ์žˆ์—ˆ๋˜ ์ปค๋„ ๋‚ด Layer 4 ๋‹ค์ค‘ ํ”„๋กœํ† ์ฝœ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ์ธ Linux IPVS๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ์ด ์ž‘์—…์„ ์ˆ˜ํ–‰ํ•ฉ๋‹ˆ๋‹ค. ์ปค๋„ ๋‚ด๋ถ€์˜ IPVS ๋ผ์šฐํŒ… ํŒจํ‚ท์„ ํ†ตํ•ด swarm์˜ ๋ผ์šฐํŒ… ๋ฉ”์‹œ๋Š” ๊ณ ์„ฑ๋Šฅ ์ปจํ…Œ์ด๋„ˆ ์ธ์‹ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑ์„ ์ œ๊ณตํ•ฉ๋‹ˆ๋‹ค.

๋‚ด๊ฐ€ ํ‹€๋ฆฌ์ง€ ์•Š๋‹ค๋ฉด ์ฝ”๋“œ ์†Œ์Šค๋Š” swarmkit ํ”„๋กœ์ ํŠธ์— ์žˆ์–ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

@stevvooe ๊ฐ€ ์—ฌ๊ธฐ์„œ ๊ทผ๋ณธ์ ์ธ ๋ฌธ์ œ๊ฐ€ ๋ฌด์—‡์ธ์ง€ ์ดํ•ดํ•˜๋Š” ๋ฐ ๋„์›€์ด ๋  ์ˆ˜ ์žˆ๋Š”์ง€ ๊ถ๊ธˆํ•ฉ๋‹ˆ๋‹ค.

์ข‹์Šต๋‹ˆ๋‹ค. ์ฝ”๋“œ๋ฅผ ๊ฐ„๋žตํ•˜๊ฒŒ ์‚ดํŽด๋ณด์•˜๊ณ  ์ด์ œ ์ข€ ๋” ์ž˜ ์ดํ•ดํ•  ์ˆ˜ ์žˆ์„ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. ์‹ค์ œ๋กœ ๋ธ”๋กœ๊ทธ์— ๋ช…์‹œ๋œ ๋ฐ”์™€ ๊ฐ™์ด IPVS๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ์œผ๋กœ ๋ณด์ž…๋‹ˆ๋‹ค. SNAT๋Š” service_linux.go์— ์„ค์ •๋œ iptables ๊ทœ์น™์„ ํ†ตํ•ด ์ˆ˜ํ–‰๋ฉ๋‹ˆ๋‹ค. ๋‚ด๊ฐ€ ์˜ฌ๋ฐ”๋ฅด๊ฒŒ ์ดํ•ดํ•œ๋‹ค๋ฉด ๊ทธ ๋’ค์— ์žˆ๋Š” ๋…ผ๋ฆฌ๋Š” ๋‹ค์Œ๊ณผ ๊ฐ™์„ ๊ฒƒ์ž…๋‹ˆ๋‹ค(๋…ธ๋“œ A๊ฐ€ ๋…ธ๋“œ B์—์„œ ์‹คํ–‰ ์ค‘์ธ ์„œ๋น„์Šค์— ๋Œ€ํ•œ ํด๋ผ์ด์–ธํŠธ ํŒจํ‚ท์„ ์ˆ˜์‹ ํ•œ๋‹ค๊ณ  ๊ฐ€์ •).

  • Swarm ๋…ธ๋“œ A๋Š” ํด๋ผ์ด์–ธํŠธ ํŒจํ‚ท์„ ์ˆ˜์‹ ํ•ฉ๋‹ˆ๋‹ค. IPVS/iptables๋Š” (src ip)->(node โ€‹โ€‹a ip) ๋ฐ (dst ip)->(node โ€‹โ€‹B ip)๋กœ ๋ณ€ํ™˜ํ•ฉ๋‹ˆ๋‹ค.
  • ํŒจํ‚ท์€ ๋…ธ๋“œ B๋กœ ์ „๋‹ฌ๋ฉ๋‹ˆ๋‹ค.
  • ๋…ธ๋“œ B๋Š” ๋…ธ๋“œ A์— ์‘๋‹ต์„ ๋ณด๋ƒ…๋‹ˆ๋‹ค(src ip๋กœ ํ‘œ์‹œ๋จ).
  • ๋…ธ๋“œ A๋Š” src ๋ฐ dst๋ฅผ ๋‹ค์‹œ ์›๋ž˜ ๊ฐ’์œผ๋กœ ๋ณ€ํ™˜ํ•˜๊ณ  ์‘๋‹ต์„ ํด๋ผ์ด์–ธํŠธ์— ์ „๋‹ฌํ•ฉ๋‹ˆ๋‹ค.

SNAT ๋’ค์— ์žˆ๋Š” ์ถ”๋ก ์€ ์‘๋‹ต์ด ์›๋ž˜ ์š”์ฒญ์ด ๋ฐœ์ƒํ•œ ๋™์ผํ•œ ๋…ธ๋“œ๋ฅผ ํ†ต๊ณผํ•ด์•ผ ํ•œ๋‹ค๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค(NAT/IPVS ์ƒํƒœ๊ฐ€ ์ €์žฅ๋˜๋Š” ๊ณณ์ด๋ฏ€๋กœ). ์š”์ฒญ์ด ๋ชจ๋“  ๋…ธ๋“œ๋ฅผ ํ†ตํ•ด ์˜ฌ ์ˆ˜ ์žˆ์œผ๋ฏ€๋กœ ์„œ๋น„์Šค ๋…ธ๋“œ๊ฐ€ ์š”์ฒญ์„ ๋‹ค์‹œ ๋ผ์šฐํŒ…ํ•  ๋…ธ๋“œ๋ฅผ ์•Œ ์ˆ˜ ์žˆ๋„๋ก SNAT๊ฐ€ ์‚ฌ์šฉ๋ฉ๋‹ˆ๋‹ค. ๋‹จ์ผ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑ ๋…ธ๋“œ๊ฐ€ ์žˆ๋Š” IPVS ์„ค์ •์—์„œ๋Š” ๋ฌธ์ œ๊ฐ€ ๋˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

๋”ฐ๋ผ์„œ ๋ฌธ์ œ๋Š” ๋ชจ๋“  ๋…ธ๋“œ๊ฐ€ ๋“ค์–ด์˜ค๋Š” ํด๋ผ์ด์–ธํŠธ ์š”์ฒญ์„ ์ฒ˜๋ฆฌํ•˜๋„๋ก ํ—ˆ์šฉํ•˜๋ฉด์„œ SNAT๋ฅผ ํ”ผํ•˜๋Š” ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค. ๊ฐ€์žฅ ์ข‹์€ ๋ฐฉ๋ฒ•์ด ๋ฌด์—‡์ธ์ง€ ์™„์ „ํžˆ ํ™•์‹ ํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค. SNAT์— ์˜์กดํ•˜๋Š” ๋Œ€์‹  ์ •์ฑ… ๋ผ์šฐํŒ…์„ ์‚ฌ์šฉํ•˜์—ฌ ์‘๋‹ต์„ ์ง€์‹œํ•  ์ˆ˜ ์žˆ๋„๋ก ์„œ๋น„์Šค ๋…ธ๋“œ์— ์ƒํƒœ ํ…Œ์ด๋ธ”์„ ๊ฐ–๋Š” ๋ฐฉ๋ฒ•์ด ์žˆ์„ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๋˜๋Š” ์–ด๋–ค ์ข…๋ฅ˜์˜ ์บก์Šํ™”๊ฐ€ ๋„์›€์ด ๋  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค(VXLAN?). ๋˜๋Š” IPVS์˜ ์ง์ ‘ ๋ผ์šฐํŒ… ๋ฐฉ๋ฒ•์„ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์ด๋ ‡๊ฒŒ ํ•˜๋ฉด ์„œ๋น„์Šค ๋…ธ๋“œ๊ฐ€ (์›๋ž˜ ์š”์ฒญ์„ ๋ฐ›์€ ๋…ธ๋“œ๋ฅผ ํ†ตํ•˜์ง€ ์•Š๊ณ ) ํด๋ผ์ด์–ธํŠธ์— ์ง์ ‘ ์‘๋‹ตํ•  ์ˆ˜ ์žˆ๊ณ  ์„œ๋น„์Šค์— ๋Œ€ํ•œ ์ƒˆ๋กœ์šด ์œ ๋™ IP๋ฅผ ์ถ”๊ฐ€ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋Ÿฌ๋‚˜ ๊ฐœ๋ณ„ ๋…ธ๋“œ IP๊ฐ€ ์•„๋‹Œ ์œ ๋™ IP๋ฅผ ํ†ตํ•ด์„œ๋งŒ ์„œ๋น„์Šค์— ์—ฐ๊ฒฐํ•  ์ˆ˜ ์žˆ์Œ์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค(์‚ฌ์šฉ ์‚ฌ๋ก€์— ๋ฌธ์ œ๊ฐ€ ์žˆ๋Š”์ง€ ํ™•์‹คํ•˜์ง€ ์•Š์Œ).

๊ฝค ํฅ๋ฏธ๋กœ์šด ๋ฐœ๊ฒฌ @dack !

๋ฐ”๋ผ๊ฑด๋Œ€ SNAT๋ฅผ ๋ชจ๋‘ ๊ฑด๋„ˆ ๋›ฐ๋Š” ์†”๋ฃจ์…˜์ด ๋ฐœ๊ฒฌ๋˜๊ธฐ๋ฅผ ๋ฐ”๋ž๋‹ˆ๋‹ค.

๊ทธ๋™์•ˆ PublishMode ํ•˜์—ฌ ํ˜ธ์ŠคํŠธ ์ˆ˜์ค€ ํฌํŠธ ๊ฒŒ์‹œ๋ฅผ ๋„์ž…ํ•˜์—ฌ ์ˆ˜์‹  ๋„คํŠธ์›Œํฌ๋ฅผ ํšจ๊ณผ์ ์œผ๋กœ ์šฐํšŒํ•˜๋Š” ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด ์–ผ๋งˆ ์ „์— ์ปค๋ฐ‹๋˜์—ˆ์„ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

https://github.com/docker/swarmkit/pull/1645

๋งŽ์€ ํ”ผ๋“œ๋ฐฑ์„ ์ฃผ์…”์„œ ๊ฐ์‚ฌํ•ฉ๋‹ˆ๋‹ค. ์ฃผ๋ง ์ดํ›„์— ์ด ๋ฌธ์ œ์— ๋Œ€ํ•ด ์ž์„ธํžˆ ์‚ดํŽด๋ณด๊ฒ ์Šต๋‹ˆ๋‹ค.

๊ทธ ๋™์•ˆ ๋ช‡ ๊ฐ€์ง€ ์ •๋ณด:

@tlvenn : @mrjana ๋Š” ์ธ๊ทธ๋ ˆ์Šค ๋„คํŠธ์›Œํฌ ๊ธฐ๋Šฅ์˜ ์ฃผ์š” ์ž‘์„ฑ์ž์ž…๋‹ˆ๋‹ค. ์†Œ์Šค๋Š” ๋Œ€๋ถ€๋ถ„ docker/libnetwork์— ์žˆ๊ณ  ์ผ๋ถ€๋Š” SwarmKit์— ์žˆ์Šต๋‹ˆ๋‹ค.

@dack : ์‹ค์ œ๋กœ IPVS๊ฐ€ ์ง€์›ํ•ฉ๋‹ˆ๋‹ค.

@tlvenn ๋‚ด๊ฐ€ ์•„๋Š” ํ•œ, Docker Swarm์€ ๊ฐ€์žฅ ๊ฐ„๋‹จํ•œ ๋ฐฉ๋ฒ•์ด๊ณ  ๋Œ€๋ถ€๋ถ„์˜ ๊ตฌ์„ฑ์—์„œ ์ž‘๋™ํ•˜๋„๋ก ๋ณด์žฅํ•˜๊ธฐ ๋•Œ๋ฌธ์— ๊ฐ€์žฅ์„ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค. ๊ฒŒ๋‹ค๊ฐ€ ์ด๊ฒƒ์€ [re: @dack] ํฌํŠธ๋„ ์‹ค์ œ๋กœ ๊ฐ€์žฅํ•  ์ˆ˜ ์žˆ๋Š” ์œ ์ผํ•œ ๋ชจ๋“œ์ด๋ฏ€๋กœ ํŽธ๋ฆฌํ•ฉ๋‹ˆ๋‹ค. ์ด๋ก ์ ์œผ๋กœ ์ด ๋ฌธ์ œ๋Š” IPIP ์บก์Šํ™” ๋ชจ๋“œ๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ํ•ด๊ฒฐํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ํŒจํ‚ท ํ๋ฆ„์€ ๋‹ค์Œ๊ณผ ๊ฐ™์Šต๋‹ˆ๋‹ค.

  • ํŒจํ‚ท์ด ๊ฒŒ์ดํŠธ์›จ์ด ์„œ๋ฒ„(์šฐ๋ฆฌ์˜ ๊ฒฝ์šฐ ๋ฌด๋ฆฌ์˜ ๋ชจ๋“  ๋…ธ๋“œ)์— ๋„์ฐฉํ•˜๊ณ  ํ•ด๋‹น ๋…ธ๋“œ์˜ IPVS๋Š” ๋Œ€์ƒ IP ์ฃผ์†Œ ๋ฐ ํฌํŠธ๋ฅผ ๊ธฐ๋ฐ˜์œผ๋กœ ์‹ค์ œ๋กœ ๊ฐ€์ƒ ์„œ๋น„์Šค์šฉ ํŒจํ‚ท์ธ์ง€ ํ™•์ธํ•ฉ๋‹ˆ๋‹ค.
  • ํŒจํ‚ท์€ ๋‹ค๋ฅธ IP ํŒจํ‚ท์œผ๋กœ ์บก์Šํ™”๋˜์–ด ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑ ์•Œ๊ณ ๋ฆฌ์ฆ˜์— ๋”ฐ๋ผ ์„ ํƒ๋œ ์‹ค์ œ ์„œ๋ฒ„๋กœ ์ „์†ก๋ฉ๋‹ˆ๋‹ค.
  • ์‹ค์ œ ์„œ๋ฒ„๋Š” ์—”ํด๋กœ์ง• ํŒจํ‚ท์„ ์ˆ˜์‹ ํ•˜๊ณ  ์บก์Šํ™”๋ฅผ ํ•ด์ œํ•˜๊ณ  ์‹ค์ œ ํด๋ผ์ด์–ธํŠธ IP ๋ฅผ ์†Œ์Šค๋กœ, ๊ฐ€์ƒ ์„œ๋น„์Šค IP ๋ฅผ ๋ชฉ์ ์ง€๋กœ ๋ด…๋‹ˆ๋‹ค. ๋ชจ๋“  ์‹ค์ œ ์„œ๋ฒ„๋Š” ๊ฐ€์ƒ ์„œ๋น„์Šค IP์™€ ARP ๊ฐ€๋Šฅํ•˜์ง€ ์•Š์€ ์ธํ„ฐํŽ˜์ด์Šค ๋ณ„๋ช…์„ ๊ฐ–๊ณ  ์žˆ์–ด์•ผ ์ด ํŒจํ‚ท์ด ์‹ค์ œ๋กœ ๋ชฉ์ ์ง€๋กœ ํ–ฅํ•˜๋Š” ๊ฒƒ์œผ๋กœ ๊ฐ€์ •ํ•ฉ๋‹ˆ๋‹ค.
  • ์‹ค์ œ ์„œ๋ฒ„๋Š” ํŒจํ‚ท์„ ์ฒ˜๋ฆฌํ•˜๊ณ  ์‘๋‹ต์„ ํด๋ผ์ด์–ธํŠธ๋กœ ์ง์ ‘ ๋ณด๋ƒ…๋‹ˆ๋‹ค. ์ด ๊ฒฝ์šฐ ์†Œ์Šค IP๋Š” ๊ฐ€์ƒ ์„œ๋น„์Šค IP ์ด๋ฏ€๋กœ ํ™”์„ฑ ์‘๋‹ต์ด ํฌํ•จ๋˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

๋ฌผ๋ก  ๋งŽ์€ ์ฃผ์˜ ์‚ฌํ•ญ๊ณผ ์ž˜๋ชป๋  ์ˆ˜ ์žˆ๋Š” ์‚ฌํ•ญ์ด ์žˆ์ง€๋งŒ ์ผ๋ฐ˜์ ์œผ๋กœ ์ด๊ฒƒ์€ ๊ฐ€๋Šฅํ•˜๋ฉฐ IPIP ๋ชจ๋“œ๋Š” ํ”„๋กœ๋•์…˜์—์„œ ๋„๋ฆฌ ์‚ฌ์šฉ๋ฉ๋‹ˆ๋‹ค.

IP ๊ณ ์ • ๋ฐ ๊ธฐํƒ€ ๋ณด์•ˆ ๊ฒ€์‚ฌ๊ฐ€ ์˜ฌ๋ฐ”๋ฅธ ์™ธ๋ถ€ IP๋ฅผ ์ˆ˜์‹ ํ•  ์ˆ˜ ์žˆ์–ด์•ผ ํ•˜๋ฏ€๋กœ ์ด์— ๋Œ€ํ•œ ์†”๋ฃจ์…˜์ด ๊ณง ๋ฐœ๊ฒฌ๋˜๊ธฐ๋ฅผ ๋ฐ”๋ž๋‹ˆ๋‹ค.

๋ณด๊ณ ์žˆ๋‹ค. ๋‹น์‚ฌ ์ œํ’ˆ์€ ๋ณด์•ˆ ๋ฐ ๋ถ„์„์„ ์œ„ํ•ด ์†Œ์Šค IP ์ •๋ณด๋ฅผ ํ™œ์šฉํ•ฉ๋‹ˆ๋‹ค.

@aluzzardi ์—…๋ฐ์ดํŠธ๊ฐ€ ์žˆ์Šต๋‹ˆ๊นŒ?

๋ฒ”ํ”„, ์šฐ๋ฆฌ๋Š” ๋‚ด๋…„ ์ดˆ์— ์‹œ์ž‘ํ•˜๋Š” ๋งค์šฐ ํฐ ํ”„๋กœ์ ํŠธ๋ฅผ ์œ„ํ•ด ์ด๊ฒƒ์ด ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค.

ํ๋ฆ„์„ ๊ฒ€์‚ฌํ•˜๋ฉด ํ˜„์žฌ ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์ž‘๋™ํ•˜๋Š” ๊ฒƒ์œผ๋กœ ๋ณด์ž…๋‹ˆ๋‹ค(์ด ์˜ˆ์—์„œ ๋…ธ๋“œ A๋Š” ์ˆ˜์‹  ํŠธ๋ž˜ํ”ฝ์„ ์ˆ˜์‹ ํ•˜๊ณ  ๋…ธ๋“œ B๋Š” ์„œ๋น„์Šค ์ปจํ…Œ์ด๋„ˆ๋ฅผ ์‹คํ–‰ ์ค‘์ž…๋‹ˆ๋‹ค).

  • ๋…ธ๋“œ A๋Š” DNAT๋ฅผ ์ˆ˜ํ–‰ํ•˜์—ฌ ํŒจํ‚ท์„ ingress_sbox ๋„คํŠธ์›Œํฌ ๋„ค์ž„์ŠคํŽ˜์ด์Šค(/var/run/docker/netns/ingress_sbox)๋กœ ๋ณด๋ƒ…๋‹ˆ๋‹ค.
  • ๋…ธ๋“œ A์˜ ingress_sbox๋Š” NAT ๋ชจ๋“œ์—์„œ IPVS๋ฅผ ์‹คํ–‰ํ•˜๋ฉฐ, DNAT๋ฅผ ์ˆ˜ํ–‰ํ•˜์—ฌ ํŒจํ‚ท์„ ๋…ธ๋“œ B์˜ ์ปจํ…Œ์ด๋„ˆ(์ธ๊ทธ๋ ˆ์Šค ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ๋ฅผ ํ†ตํ•ด)๋กœ ๋ณด๋‚ด๊ณ  SNAT๋ฅผ ์ˆ˜ํ–‰ํ•˜์—ฌ ์†Œ์Šค IP๋ฅผ ๋…ธ๋“œ A๋กœ ๋ณ€๊ฒฝํ•ฉ๋‹ˆ๋‹ค.
  • ํŒจํ‚ท์€ ์˜ค๋ฒ„๋ ˆ์ด๋ฅผ ํ†ตํ•ด ์‹ค์ œ ์„œ๋ฒ„๋กœ ๋ผ์šฐํŒ…๋ฉ๋‹ˆ๋‹ค.
  • ๋ฐ˜ํ™˜ ํŒจํ‚ท์€ ์—ญ์œผ๋กœ ๋™์ผํ•œ ๊ฒฝ๋กœ๋ฅผ ๋”ฐ๋ผ ์›๋ณธ/๋Œ€์ƒ ์ฃผ์†Œ๋ฅผ ์›๋ž˜ ๊ฐ’์œผ๋กœ ๋‹ค์‹œ ์ž‘์„ฑํ•ฉ๋‹ˆ๋‹ค.

๋‹ค์Œ๊ณผ ๊ฐ™์ด SNAT๋ฅผ ํ”ผํ•  ์ˆ˜ ์žˆ๋‹ค๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค.

  • ๋…ธ๋“œ A๋Š” NAT ์—†์ด ํŒจํ‚ท์„ ingress_sbox๋กœ ์ „๋‹ฌํ•ฉ๋‹ˆ๋‹ค(iptables/policy route?).
  • ๋…ธ๋“œ A ingress_sbox๋Š” IPVS๋ฅผ ์ง์ ‘ ๋ผ์šฐํŒ… ๋ชจ๋“œ๋กœ ์‹คํ–‰ํ•˜์—ฌ ํŒจํ‚ท์„ ์ˆ˜์‹  ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ๋ฅผ ํ†ตํ•ด ๋…ธ๋“œ B๋กœ ๋ณด๋ƒ…๋‹ˆ๋‹ค.
  • ๋…ธ๋“œ B์˜ ์ปจํ…Œ์ด๋„ˆ๋Š” ๋ณ€๊ฒฝ๋˜์ง€ ์•Š์€ ํŒจํ‚ท์„ ์ˆ˜์‹ ํ•ฉ๋‹ˆ๋‹ค(์ปจํ…Œ์ด๋„ˆ๋Š” ๋ชจ๋“  ๊ณต์šฉ IP์— ๋Œ€ํ•œ ํŒจํ‚ท์„ ์ˆ˜๋ฝํ•ด์•ผ ํ•˜์ง€๋งŒ ARP๋ฅผ ๋ณด๋‚ด์ง€ ์•Š์•„์•ผ ํ•ฉ๋‹ˆ๋‹ค. ์ด๋ฅผ ์ˆ˜ํ–‰ํ•˜๋Š” ๋ฐฉ๋ฒ•์—๋Š” ์—ฌ๋Ÿฌ ๊ฐ€์ง€๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค. IPVS ๋ฌธ์„œ ์ฐธ์กฐ).
  • ๋ฆฌํ„ด ํŒจํ‚ท์€ ๋…ธ๋“œ B์—์„œ ํด๋ผ์ด์–ธํŠธ๋กœ ์ง์ ‘ ์ „์†ก๋ฉ๋‹ˆ๋‹ค(์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ ๋˜๋Š” ๋…ธ๋“œ A๋ฅผ ํ†ตํ•ด ๋Œ์•„๊ฐˆ ํ•„์š”๊ฐ€ ์—†์Œ).

์ถ”๊ฐ€ ๋ณด๋„ˆ์Šค๋กœ NAT ์ƒํƒœ๋ฅผ ์ €์žฅํ•  ํ•„์š”๊ฐ€ ์—†์œผ๋ฉฐ ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ ํŠธ๋ž˜ํ”ฝ์ด ๊ฐ์†Œํ•ฉ๋‹ˆ๋‹ค.

@aluzzardi @mrjana ์ด์— ๋Œ€ํ•œ ์—…๋ฐ์ดํŠธ๊ฐ€ ์žˆ์Šต๋‹ˆ๊นŒ? Docker์˜ ์•ฝ๊ฐ„์˜ ํ”ผ๋“œ๋ฐฑ์€ ๋งค์šฐ ๊ฐ์‚ฌํ•  ๊ฒƒ์ž…๋‹ˆ๋‹ค.

๋ณด๊ณ ์žˆ๋‹ค. ์†Œ์Šค IP ์ •๋ณด๊ฐ€ ์—†์œผ๋ฉด ๋Œ€๋ถ€๋ถ„์˜ ์„œ๋น„์Šค๊ฐ€ ์˜ˆ์ƒ๋Œ€๋กœ ์ž‘๋™ํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

์–ด๋–ป๊ฒŒ ๋œ๊ฑฐ์•ผ?
unassign_bug

@tlvenn ์€ Github์˜ ๋ฒ„๊ทธ์ฒ˜๋Ÿผ ๋ณด์ž…๋‹ˆ๊นŒ?

@PanJ @tlvenn @vfarcic @dack ์™ธ, PTAL #27917. ์„œ๋น„์Šค ๊ฒŒ์‹œ ๋ชจ๋“œ = host ๋ฅผ ํ™œ์„ฑํ™”ํ•˜๋Š” ๊ธฐ๋Šฅ์„ ๋„์ž…ํ–ˆ์Šต๋‹ˆ๋‹ค. ์ด ๊ธฐ๋Šฅ์€ ์„œ๋น„์Šค๊ฐ€ IPVS๋ฅผ ์šฐํšŒํ•˜๊ณ  docker run -p ์™€ ๊ฐ™์€ ๋™์ž‘์„ ๋‹ค์‹œ ๊ฐ€์ ธ์˜ค๋Š” ๋ฐฉ๋ฒ•์„ ์ œ๊ณตํ•˜๋ฉฐ ๋‹ค์Œ๊ณผ ๊ฐ™์€ ๊ฒฝ์šฐ์— ์†Œ์Šค IP๋ฅผ ์œ ์ง€ํ•ฉ๋‹ˆ๋‹ค. ํ•„์š”ํ•ด.

Pls๋Š” 1.13.0-rc2๋ฅผ ์‹œ๋„ํ•˜๊ณ  ํ”ผ๋“œ๋ฐฑ์„ ์ œ๊ณตํ•ฉ๋‹ˆ๋‹ค.

์•ผ ์ง„์งœ ์ด์ƒํ•ด

๊ฒŒ์‹œ ๋ชจ๋“œ์™€ ๊ด€๋ จํ•˜์—ฌ ์œ„์˜ swarm kit์—์„œ ์ด๋ฏธ ์—ฐ๊ฒฐํ–ˆ์Šต๋‹ˆ๋‹ค. ์ด๊ฒƒ์ด ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด ๋  ์ˆ˜ ์žˆ์ง€๋งŒ ์ด ๋ฌธ์ œ๋ฅผ ์˜์›ํžˆ ํ•ด๊ฒฐํ•  ์ˆ˜ ์žˆ๋Š” ์ ์ ˆํ•œ ์†”๋ฃจ์…˜์ด Docker 1.13๊ณผ ํ•จ๊ป˜ ์ œ๊ณต๋˜๊ธฐ๋ฅผ ์ง„์‹ฌ์œผ๋กœ ๋ฐ”๋ž๋‹ˆ๋‹ค.

์ด ๋ฌธ์ œ๋Š” ์†Œ์Šค IP๋ฅผ ์œ ์ง€ํ•˜๋Š” ๊ฒƒ์ด ์‚ฌ์šฉ์ž๊ฐ€ ์˜ˆ์ƒํ•˜๋Š” ๋™์ž‘์ด๊ณ  ํ˜„์žฌ ๋„์ปค ์„œ๋น„์Šค์˜ ๋งค์šฐ ์‹ฌ๊ฐํ•œ ์ œํ•œ์ด๊ธฐ ๋•Œ๋ฌธ์— ๋ฒ„๊ทธ๋กœ ๋ถ„๋ฅ˜๋  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

@kobolog ์™€ @dack ๋ชจ๋‘ ์ด ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜๋Š” ๋ฐฉ๋ฒ•์— ๋Œ€ํ•œ ์ž ์žฌ์ ์ธ ๋‹จ์„œ๋ฅผ ์ œ์‹œํ–ˆ์œผ๋ฉฐ Docker ์ธก์˜ ํ›„์† ์กฐ์น˜ ์—†์ด ๊ฑฐ์˜ 2์ฃผ๊ฐ€ ์ง€๋‚ฌ์Šต๋‹ˆ๋‹ค.

๋ˆ„๊ฐ€ ์ด ๋ฌธ์ œ๋ฅผ Docker ๋ฐ ์ƒํƒœ ์—…๋ฐ์ดํŠธ์—์„œ ์กฐ์‚ฌํ•˜๊ณ  ์žˆ๋Š”์ง€์— ๋Œ€ํ•œ ๊ฐ€์‹œ์„ฑ์„ ์ œ๊ณตํ•ด ์ฃผ์‹œ๊ฒ ์Šต๋‹ˆ๊นŒ? ๋ฏธ๋ฆฌ ๊ฐ์‚ฌ๋“œ๋ฆฝ๋‹ˆ๋‹ค.

#27917 ์™ธ์— 1.13์— ๋Œ€ํ•œ ๋‹ค๋ฅธ ์†”๋ฃจ์…˜์€ ์—†์Šต๋‹ˆ๋‹ค. ์ง์ ‘ ๋ฐ˜ํ™˜ ๊ธฐ๋Šฅ์€ ๋‹ค์–‘ํ•œ ์‚ฌ์šฉ ์‚ฌ๋ก€์— ๋Œ€ํ•ด ๋ถ„์„ํ•ด์•ผ ํ•˜๋ฉฐ ๋ฒ„๊ทธ ์ˆ˜์ •์œผ๋กœ ๊ฐ€๋ณ๊ฒŒ ์—ฌ๊ฒจ์ ธ์„œ๋Š” ์•ˆ ๋ฉ๋‹ˆ๋‹ค. ์šฐ๋ฆฌ๋Š” 1.14์—์„œ ์ด๊ฒƒ์„ ์กฐ์‚ฌํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋Ÿฌ๋‚˜ ์ด๊ฒƒ์€ ๋˜ํ•œ ์•Œ๊ณ ๋ฆฌ์ฆ˜(rr ๋Œ€ 10๊ฐœ์˜ ๋‹ค๋ฅธ ๋ฐฉ๋ฒ•), ๋ฐ์ดํ„ฐ ๊ฒฝ๋กœ(LVS-DR, LVS-NAT ๋ฐ LVS-TUN)๋ฅผ ํฌํ•จํ•˜๋Š” ๊ตฌ์„ฑ ๊ฐ€๋Šฅํ•œ LB ๋™์ž‘ ๋ฒ”์ฃผ์— ์†ํ•ฉ๋‹ˆ๋‹ค. ๋ˆ„๊ตฐ๊ฐ€๊ฐ€ ์ด๊ฒƒ์— ๊ธฐ๊บผ์ด ๊ธฐ์—ฌํ•œ๋‹ค๋ฉด pls๋Š” PR์„ ์ถ”์ง„ํ•˜๊ณ  ์šฐ๋ฆฌ๋Š” ๊ทธ ์›€์ง์ž„์„ ์–ป์„ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

์ถฉ๋ถ„ํžˆ ๊ณต์ •ํ•˜๋‹ค๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค. @mavenugo ๋Š” ์ด์ œ ๋Œ€์•ˆ์ด ์žˆ์Šต๋‹ˆ๋‹ค.

์ตœ์†Œํ•œ 1.13์— ๋Œ€ํ•œ ๋ฌธ์„œ๋ฅผ ์ˆ˜์ •ํ•˜์—ฌ ๊ธฐ๋ณธ ์ธ๊ทธ๋ ˆ์Šค ๊ฒŒ์‹œ ๋ชจ๋“œ๋กœ ๋„์ปค ์„œ๋น„์Šค๋ฅผ ์‚ฌ์šฉํ•  ๋•Œ ์†Œ์Šค IP๊ฐ€ ๋ณด์กด๋˜์ง€ ์•Š๊ณ  ์ด๊ฒƒ์ด ์„œ๋น„์Šค๋ฅผ ์‹คํ–‰ํ•˜๊ธฐ ์œ„ํ•œ ์š”๊ตฌ ์‚ฌํ•ญ์ธ ๊ฒฝ์šฐ ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ ์‚ฌ์šฉ์— ๋Œ€ํ•œ ํžŒํŠธ๋ฅผ ๋ช…ํ™•ํ•˜๊ฒŒ ๋ช…์‹œํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๊นŒ? ?

์„œ๋น„์Šค๋กœ ์ด๋™ํ•˜๋Š” ์‚ฌ๋žŒ๋“ค์ด ์ด๋Ÿฌํ•œ ์˜ˆ๊ธฐ์น˜ ์•Š์€ ํ–‰๋™์œผ๋กœ ์ธํ•ด ํ™”์ƒ์„ ์ž…์ง€ ์•Š๋„๋ก ํ•˜๋Š” ๋ฐ ๋„์›€์ด ๋  ๊ฒƒ์ด๋ผ๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค.

๋ฌผ๋ก  ๊ทธ๋ ‡์Šต๋‹ˆ๋‹ค. ์ด ๋™์ž‘์„ ๋‚˜ํƒ€๋‚ด๋Š” ๋ฌธ์„œ ์—…๋ฐ์ดํŠธ์™€ mode=host ๊ฒŒ์‹œ๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์€ LVS-NAT ๋ชจ๋“œ์—์„œ ์‹คํŒจํ•˜๋Š” ์ด๋Ÿฌํ•œ ์‚ฌ์šฉ ์‚ฌ๋ก€์— ์œ ์šฉํ•  ๊ฒƒ์ž…๋‹ˆ๋‹ค.

์ด ์‹ค์ œ ์ƒํ™ฉ์„ ํŒŒ์•…ํ•˜๋Š” ๋ฐ ์ƒˆ๋กœ์šด ๊ฐœ๋ฐœ ์‚ฌํ•ญ์ด ์—†๋Š”์ง€ ํ™•์ธํ•˜๊ธฐ ์œ„ํ•ด ๋‹ค์‹œ ํ™•์ธํ•˜์‹œ๊ฒ ์Šต๋‹ˆ๊นŒ? ์šฐ๋ฆฌ์—๊ฒŒ๋„ ๋ถ„๋ช… ํฐ ํ•œ๊ณ„๋‹ค.

docker 1.14 ๋กœ๋“œ๋งต์— ์†”๋ฃจ์…˜์ด ์žˆ์Šต๋‹ˆ๊นŒ? ๋ถ€๋ถ„์ ์œผ๋กœ ์ด ๋ฌธ์ œ๋กœ ์ธํ•ด docker๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ์†”๋ฃจ์…˜ ๋ฐฐํฌ๊ฐ€ ์ง€์—ฐ๋˜์—ˆ์Šต๋‹ˆ๋‹ค.

client-ip๋ฅผ ๋ณด์กดํ•˜๋Š” http/https ์š”์ฒญ์— ์ถ”๊ฐ€๋œ ์‚ฌ์šฉ์ž ์ •์˜ ํ—ค๋”๋ฅผ ๋ณด๊ณ  ์‹ถ์Šต๋‹ˆ๋‹ค. ์ด๊ฒƒ์€ ๊ฐ€๋Šฅํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๋ ‡์ง€ ์•Š์Šต๋‹ˆ๊นŒ? X_Forwarded_for๋ฅผ ๋ฎ์–ด์จ๋„ ์ƒ๊ด€ ์—†์Šต๋‹ˆ๋‹ค. ์š”์ฒญ์ด ๋–ผ์— ์ฒ˜์Œ ๋“ค์–ด๊ฐˆ ๋•Œ๋งŒ ์„ค์ •๋˜๋Š” ์‚ฌ์šฉ์ž ์ •์˜ ํ•„๋“œ๋ฅผ ๊ฐ–๊ณ  ์‹ถ์Šต๋‹ˆ๋‹ค.

client-ip๋ฅผ ๋ณด์กดํ•˜๋Š” http/https ์š”์ฒญ์— ์ถ”๊ฐ€๋œ ์‚ฌ์šฉ์ž ์ •์˜ ํ—ค๋”๋ฅผ ๋ณด๊ณ  ์‹ถ์Šต๋‹ˆ๋‹ค. ์ด๊ฒƒ์€ ๊ฐ€๋Šฅํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๋ ‡์ง€ ์•Š์Šต๋‹ˆ๊นŒ? X_Forwarded_for๋ฅผ ๋ฎ์–ด์จ๋„ ์ƒ๊ด€ ์—†์Šต๋‹ˆ๋‹ค. ์š”์ฒญ์ด ๋–ผ์— ์ฒ˜์Œ ๋“ค์–ด๊ฐˆ ๋•Œ๋งŒ ์„ค์ •๋˜๋Š” ์‚ฌ์šฉ์ž ์ •์˜ ํ•„๋“œ๋ฅผ ๊ฐ–๊ณ  ์‹ถ์Šต๋‹ˆ๋‹ค.

๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑ์€ L3/4์—์„œ ์ˆ˜ํ–‰๋ฉ๋‹ˆ๋‹ค. http ํ—ค๋”๋ฅผ ์ถ”๊ฐ€ํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค.

์ˆ˜์ •์—๋Š” ์†Œ์Šค ์ฃผ์†Œ์˜ ๋‹ค์‹œ ์“ฐ๊ธฐ๋ฅผ ์ œ๊ฑฐํ•˜๋Š” ์ž‘์—…์ด ํฌํ•จ๋ฉ๋‹ˆ๋‹ค.

@mavenugo ์˜ค๋Š˜ docker 1.13์œผ๋กœ ์—…๋ฐ์ดํŠธํ•˜๊ณ  ํ”„๋ก์‹œ ์„œ๋น„์Šค์—์„œ mode=host ํ–ˆ์Šต๋‹ˆ๋‹ค. ํ˜„์žฌ๋Š” ์ž‘๋™ ์ค‘์ด๋ฉฐ ํด๋ผ์ด์–ธํŠธ IP๋Š” ์œ ์ง€๋˜์ง€๋งŒ ๋” ๋‚˜์€ ์†”๋ฃจ์…˜์ด ๋˜์—ˆ์œผ๋ฉด ํ•ฉ๋‹ˆ๋‹ค. :) ์ˆ˜๊ณ ํ•ด์ฃผ์…”์„œ ๊ฐ์‚ฌํ•ฉ๋‹ˆ๋‹ค!

์ด์ค‘๊ธ€ ์ฃ„์†กํ•ฉ๋‹ˆ๋‹ค...
์Šคํƒ ํŒŒ์ผ(yml v3)์„ ์‚ฌ์šฉํ•˜์—ฌ docker service create๋ฅผ ํ†ตํ•ด --publish mode=host,target=80,published=80 ๋ฅผ ์‚ฌ์šฉํ•  ๋•Œ์™€ ๋™์ผํ•œ ๋™์ž‘์„ ์–ป์œผ๋ ค๋ฉด ์–ด๋–ป๊ฒŒ ํ•ด์•ผ ํ•ฉ๋‹ˆ๊นŒ?

๋‚˜๋Š” ์‹œ๋„ํ–ˆ๋‹ค

...
services:
  proxy:
    image: vfarcic/docker-flow-proxy:1.166
    ports:
      - "80:80/host"
      - "443:443/host" 
...

ํ•˜์ง€๋งŒ ์ž‘๋™ํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค(https://docs.docker.com/docker-cloud/apps/stack-yaml-reference/#/ports์—์„œ์™€ ๋™์ผํ•œ ํŒจํ„ด ์‚ฌ์šฉ)

์Šคํƒ ํŒŒ์ผ(yml v3)์„ ์‚ฌ์šฉํ•˜์—ฌ docker service create๋ฅผ ํ†ตํ•ด --publish mode=host,target=80,published=80์„ ์‚ฌ์šฉํ•  ๋•Œ์™€ ๋™์ผํ•œ ๋™์ž‘์„ ์–ป์œผ๋ ค๋ฉด ์–ด๋–ป๊ฒŒ ํ•ด์•ผ ํ•ฉ๋‹ˆ๊นŒ?

@hamburml - https://github.com/docker/docker/issues/30447 ๋ฏธํ•ด๊ฒฐ ๋ฌธ์ œ/๊ธฐ๋Šฅ์„ ์ฃผ์‹œ

๋ถˆํ–‰ํžˆ๋„ mode=host ๋ฅผ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์œผ๋กœ ์‚ฌ์šฉํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค. ์„œ๋น„์Šค๊ฐ€ Swarm ๋„คํŠธ์›Œํฌ์™€ ํ†ต์‹ ํ•˜๊ณ  ํ˜ธ์ŠคํŠธ ์ธํ„ฐํŽ˜์ด์Šค๋ฟ๋งŒ ์•„๋‹ˆ๋ผ ๋ชจ๋“  ๋…ธ๋“œ์—์„œ ์ˆ˜์‹  ๋Œ€๊ธฐํ•ด์•ผ ํ•˜๊ธฐ ๋•Œ๋ฌธ์ž…๋‹ˆ๋‹ค...

@tkeeler33 ์„œ๋น„์Šค๋ฅผ global ์„œ๋น„์Šค๋กœ ๋ฐฐํฌํ•  ์ˆ˜ ์žˆ์–ด์•ผ ํ•œ๋‹ค๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค(Swarm์˜ ๊ฐ ๋…ธ๋“œ์— ์ธ์Šคํ„ด์Šค๋ฅผ ๋ฐฐํฌํ•จ). ๊ทธ๋ฆฌ๊ณ  Swarm ๋„คํŠธ์›Œํฌ์— ์—ฐ๊ฒฐํ•˜์—ฌ Swarm์˜ ๋‹ค๋ฅธ ์„œ๋น„์Šค์™€ ํ†ต์‹ ํ•  ์ˆ˜ ์žˆ์–ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

@thaJeztah - ์˜ˆ, ํ•˜์ง€๋งŒ ์ปจํ…Œ์ด๋„ˆ๋ฅผ ์˜ค๋ฒ„๋ ˆ์ด/๊ตฐ์ง‘ ๋„คํŠธ์›Œํฌ์™€ ํ˜ธ์ŠคํŠธ mode=host ์— ๋™์‹œ์— ์—ฐ๊ฒฐํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค. ๊ทธ๊ฒƒ์ด ํ˜„์žฌ ์ €์˜ ๊ฐ€์žฅ ํฐ ํ•œ๊ณ„์ž…๋‹ˆ๋‹ค.

@ tkeeler33 ์ด ์ €์—๊ฒŒ

$ docker network create -d overlay swarm-net

$ docker service create \
  --name web \
  --publish mode=host,published=80,target=80 \
  --network swarm-net \
  --mode=global \
  nginx:alpine

$ docker service create --name something --network swarm-net nginx:alpine

web ์„œ๋น„์Šค๊ฐ€ ๋™์ผํ•œ ๋„คํŠธ์›Œํฌ์˜ something ์„œ๋น„์Šค์™€ ์—ฐ๊ฒฐํ•  ์ˆ˜ ์žˆ๋Š”์ง€ ํ…Œ์ŠคํŠธํ•ฉ๋‹ˆ๋‹ค.

docker exec -it web.xczrerg6yca1f8ruext0br2ow.kv8iqp0wdzj3bw7325j9lw8qe sh -c 'ping -c3 -w1 something'
PING something (10.0.0.4): 56 data bytes
64 bytes from 10.0.0.4: seq=0 ttl=64 time=0.251 ms

--- something ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.251/0.251/0.251 ms

@thaJeztah - ๊ฐ์‚ฌํ•ฉ๋‹ˆ๋‹ค! ๋” ๊นŠ์ด ํŒŒ๊ณ  ๋“  ํ›„์— ๋‚˜๋Š” ๋‚ด ๋ฌธ์ œ๊ฐ€ --opt encrypted ์˜ต์…˜์„ ์‚ฌ์šฉํ•˜์—ฌ ๋„์ปค ๋„คํŠธ์›Œํฌ๋ฅผ ์ƒ์„ฑํ•˜์—ฌ ์ปจํ…Œ์ด๋„ˆ๊ฐ€ ํ˜ธ์ŠคํŠธ์—์„œ ์—ฐ๊ฒฐ์— ์‹คํŒจํ–ˆ๋‹ค๋Š” ๊ฒƒ์„ ๊นจ๋‹ฌ์•˜์Šต๋‹ˆ๋‹ค. ๊ท€ํ•˜์˜ ๋‹จ๊ณ„๋ฅผ ์‹œ๋„ํ•œ ํ›„์—๋Š” ๊ทผ๋ณธ ์›์ธ์„ ๋น ๋ฅด๊ฒŒ ์ขํž ์ˆ˜ ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ์ด ์˜ต์…˜์€ ์ข‹์€ ์ž„์‹œ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ผ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๋ณด์•ˆ ๊ด€๋ จ ์‚ฌํ•ญ์— ๋Œ€ํ•ด ๋จธ๋ฆฌ๋ฅผ ์‹ธ๋งค๊ณ ๋งŒ ์žˆ์œผ๋ฉด ๋ฉ๋‹ˆ๋‹ค.

์ •๋ณด๋ฅผ ์ฃผ์…”์„œ ๊ฐ์‚ฌํ•ฉ๋‹ˆ๋‹ค!

@tkeeler33 --opt encrypted ๋Š” ํ˜ธ์ŠคํŠธ-ํฌํŠธ ๋งคํ•‘์— ์˜ํ–ฅ์„ ๋ฏธ์น˜์ง€ ์•Š์•„์•ผ ํ•ฉ๋‹ˆ๋‹ค. ์•”ํ˜ธํ™”๋œ ์˜ต์…˜์˜ ์œ ์ผํ•œ ๋ชฉ์ ์€ ๋…ธ๋“œ ๊ฐ„์˜ vxlan ํ„ฐ๋„ ํŠธ๋ž˜ํ”ฝ์„ ์•”ํ˜ธํ™”ํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๋ฌธ์„œ์—์„œ : "์•”ํ˜ธํ™”(--opt ์•”ํ˜ธํ™”)๋กœ ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ๋ฅผ ๋งŒ๋“ค ๊ณ„ํš์ด๋ผ๋ฉด ํ”„๋กœํ† ์ฝœ 50(ESP) ํŠธ๋ž˜ํ”ฝ์ด ํ—ˆ์šฉ๋˜๋Š”์ง€ ํ™•์ธํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค." ESP๊ฐ€ ํ—ˆ์šฉ๋˜๋Š”์ง€ ํ™•์ธํ•˜๊ธฐ ์œ„ํ•ด ๊ตฌ์„ฑ์„ ํ™•์ธํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๊นŒ?
๋˜ํ•œ --opt encrypted ์˜ต์…˜์€ ์ˆœ์ˆ˜ํ•œ ๋ฐ์ดํ„ฐ ํ‰๋ฉด ์•”ํ˜ธํ™”์ž…๋‹ˆ๋‹ค. ๋ชจ๋“  ์ œ์–ด ํ‰๋ฉด ํŠธ๋ž˜ํ”ฝ(๋ผ์šฐํŒ… ๊ตํ™˜, ์„œ๋น„์Šค ๊ฒ€์ƒ‰ ๋ฐฐํฌ ๋“ฑ)์€ ์˜ต์…˜์ด ์—†์–ด๋„ ๊ธฐ๋ณธ์ ์œผ๋กœ ๋ชจ๋‘ ์•”ํ˜ธํ™”๋ฉ๋‹ˆ๋‹ค.

@mavenugo ๋งž์Šต๋‹ˆ๋‹ค. --opt encrypted ๋กœ ์ƒˆ ๋„คํŠธ์›Œํฌ๋ฅผ "Internal": true ๊ฐ€ ์„ค์ •๋˜์—ˆ์Œ์„ ์•Œ์•˜์Šต๋‹ˆ๋‹ค. ๊ทธ๊ฒƒ์€ ๋ฌธ์ œ์ผ ๊ฐ€๋Šฅ์„ฑ์ด ์žˆ์œผ๋ฉฐ ์ดˆ๊ธฐ ๋„คํŠธ์›Œํฌ ์ƒ์„ฑ ์ค‘์— ์‹ค์ˆ˜์˜€์Šต๋‹ˆ๋‹ค... ๋„์›€๊ณผ ์„ค๋ช…์— ๊ฐ์‚ฌ๋“œ๋ฆฝ๋‹ˆ๋‹ค. ๊ธด ํ•˜๋ฃจ์˜€์Šต๋‹ˆ๋‹ค...

@dack @kobolog LVS-Tunnel ๋ฐ LVS-DR ๋ชจ๋“œ์˜ ์ผ๋ฐ˜์ ์ธ ๋ฐฐํฌ์—์„œ ๋“ค์–ด์˜ค๋Š” ํŒจํ‚ท์˜ ๋Œ€์ƒ IP๋Š” ์‹ค์ œ ์„œ๋ฒ„์—์„œ๋„ ARP๊ฐ€ ์•„๋‹Œ IP๋กœ ํ”„๋กœ๊ทธ๋ž˜๋ฐ๋œ ์„œ๋น„์Šค VIP๊ฐ€ ๋ฉ๋‹ˆ๋‹ค. ๋ผ์šฐํŒ… ๋ฉ”์‹œ๋Š” ๊ทผ๋ณธ์ ์œผ๋กœ ๋‹ค๋ฅธ ๋ฐฉ์‹์œผ๋กœ ์ž‘๋™ํ•˜๋ฉฐ ๋“ค์–ด์˜ค๋Š” ์š”์ฒญ์€ ํ˜ธ์ŠคํŠธ ์ค‘ ํ•˜๋‚˜์ผ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์‹ค์ œ ์„œ๋ฒ„๊ฐ€ ํŒจํ‚ท์„ ์ˆ˜๋ฝํ•˜๋ ค๋ฉด(๋ชจ๋“  LVS ๋ชจ๋“œ์—์„œ) ๋Œ€์ƒ IP๊ฐ€ ๋กœ์ปฌ IP๋กœ ๋ณ€๊ฒฝ๋˜์–ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ๋ฐฑ์—”๋“œ ์ปจํ…Œ์ด๋„ˆ์˜ ์‘๋‹ต ํŒจํ‚ท์ด ์˜ฌ๋ฐ”๋ฅธ ์†Œ์Šค ์ฃผ์†Œ๋กœ ๋Œ์•„๊ฐˆ ๋ฐฉ๋ฒ•์ด ์—†์Šต๋‹ˆ๋‹ค. ์ง์ ‘ ๋ฐ˜ํ™˜ ๋Œ€์‹ ์— ์‘๋‹ต ํŒจํ‚ท์„ ์ˆ˜์‹  ํ˜ธ์ŠคํŠธ๋กœ ๋˜๋Œ๋ฆฌ๋ ค๊ณ  ์‹œ๋„ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋Ÿฌ๋‚˜ ์šฐ๋ฆฌ๋ฅผ ๋‹ค์‹œ 1๋กœ ๋˜๋Œ๋ฆฌ๋Š” ์†Œ์Šค IP๋ฅผ ๋ณ€๊ฒฝํ•˜๋Š” ๊ฒƒ ์™ธ์—๋Š” ๊นจ๋—ํ•œ ๋ฐฉ๋ฒ•์ด ์—†์Šต๋‹ˆ๋‹ค.

@thaJeztah ๋ฌธ์„œ์—์„œ ์ด๊ฒƒ์„ ๋ช…ํ™•ํžˆ ํ•ด์•ผ ํ•œ๋‹ค๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค. ํด๋ผ์ด์–ธํŠธ IP๊ฐ€ ๋ณด์กด๋˜์–ด์•ผ ํ•˜๋Š” ๊ฒฝ์šฐ ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ๋ฅผ ์‚ฌ์šฉํ•˜๊ณ  ์ด ๋ฌธ์ œ๋ฅผ ์ข…๋ฃŒํ•˜๋Š” ๊ฒƒ์ด ์ข‹์Šต๋‹ˆ๋‹ค.

@sanimej ๋‚˜๋Š” ์—ฌ์ „ํžˆ NAT ์—†์ด ์ด๊ฒƒ์„ ํ•  ์ˆ˜ ์—†๋Š” ์ด์œ ๋ฅผ ์•Œ์ง€ ๋ชปํ•ฉ๋‹ˆ๋‹ค. ์˜ˆ๋ฅผ ๋“ค์–ด ์ผ๋ฐ˜ LVS-DR ํ๋ฆ„์„ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋Š” ์˜ต์…˜์ด ์—†์„๊นŒ์š”? Docker๋Š” ์ ์ ˆํ•œ ๋…ธ๋“œ์— ๋น„ arp vip๋ฅผ ์ถ”๊ฐ€ํ•˜๊ณ  LVS๋Š” ๋“ค์–ด์˜ค๋Š” ํŒจํ‚ท์„ ๋…ธ๋“œ๋กœ ๋ณด๋‚ด๊ณ  ๋‚˜๊ฐ€๋Š” ํŒจํ‚ท์€ ์ง์ ‘ ๋ฐ˜ํ™˜ํ•ฉ๋‹ˆ๋‹ค. ๋“ค์–ด์˜ค๋Š” ํŒจํ‚ท์ด ๋ชจ๋“  ํ˜ธ์ŠคํŠธ์— ๋„๋‹ฌํ•  ์ˆ˜ ์žˆ๋‹ค๋Š” ๊ฒƒ์ด ์™œ ์ค‘์š”ํ•ฉ๋‹ˆ๊นŒ? ์ด๋Š” ๋‹ค์ค‘ ํ”„๋ก ํŠธ์—”๋“œ ๋ฐ ๋‹ค์ค‘ ๋ฐฑ์—”๋“œ ์„œ๋ฒ„๊ฐ€ ์žˆ๋Š” ํ‘œ์ค€ LVS์™€ ๋‹ค๋ฅด์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

@thaJeztah ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์— ๊ฐ์‚ฌ๋“œ๋ฆฝ๋‹ˆ๋‹ค :)
์ž‘์„ฑ ๋ฒ„์ „ 3์œผ๋กœ ํ”„๋ก์‹œ๋ฅผ ๋ฐฐํฌํ•˜๋Š” ๊ฒฝ์šฐ ์ƒˆ ๊ฒŒ์‹œ ๊ตฌ๋ฌธ์ด ์ง€์›๋˜์ง€ ์•Š์œผ๋ฏ€๋กœ ์ด ๋ช…๋ น์„ ์‚ฌ์šฉํ•˜์—ฌ ๋ฐฐํฌ๋œ ์„œ๋น„์Šค๋ฅผ ํŒจ์น˜ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค( nginx_proxy ๋ฅผ ์„œ๋น„์Šค ์ด๋ฆ„์œผ๋กœ ๊ต์ฒด).

docker service update nginx_proxy \
    --publish-rm 80 \
    --publish-add "mode=host,published=80,target=80" \
    --publish-rm 443 \
    --publish-add "mode=host,published=443,target=443"

@dack ์ผ๋ฐ˜ LVS-DR ํ๋ฆ„์—์„œ ๋Œ€์ƒ IP๋Š” ์„œ๋น„์Šค VIP๊ฐ€ ๋ฉ๋‹ˆ๋‹ค. ๋”ฐ๋ผ์„œ LB๋Š” ๋Œ€์ƒ IP ๋ณ€๊ฒฝ ์—†์ด ๋ฐฑ์—”๋“œ๋กœ ํŒจํ‚ท์„ ๋ณด๋‚ผ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๋“ค์–ด์˜ค๋Š” ํŒจํ‚ท์˜ ๋Œ€์ƒ IP๊ฐ€ ํ˜ธ์ŠคํŠธ์˜ IP ์ค‘ ํ•˜๋‚˜๊ฐ€ ๋˜๊ธฐ ๋•Œ๋ฌธ์— ๋ผ์šฐํŒ… ๋ฉ”์‹œ์˜ ๊ฒฝ์šฐ๋Š” ๊ทธ๋ ‡์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

@sanimej ์ด ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜๊ธฐ ์œ„ํ•ด IPIP ์บก์Šํ™” ๋ชจ๋“œ๋ฅผ ์‚ฌ์šฉํ•˜๊ธฐ ์œ„ํ•œ ์œ„ ์˜ ์ œ์•ˆ์— ๋Œ€ํ•œ ํ”ผ๋“œ๋ฐฑ์ด ์žˆ์Šต๋‹ˆ๊นŒ?

@tlvenn LVS-IP ํ„ฐ๋„์€ ๋ฐฑ์—”๋“œ๊ฐ€ mac-rewrite๊ฐ€ ์•„๋‹Œ IP ํ„ฐ๋„์˜ IP๋ฅผ ํ†ตํ•ด ํŒจํ‚ท์„ ๊ฐ€์ ธ์˜ค๋Š” ๊ฒƒ์„ ์ œ์™ธํ•˜๊ณ ๋Š” LVS-DR๊ณผ ๋งค์šฐ ์œ ์‚ฌํ•˜๊ฒŒ ์ž‘๋™ํ•ฉ๋‹ˆ๋‹ค. ๋”ฐ๋ผ์„œ ๋ผ์šฐํŒ… ๋ฉ”์‹œ ์‚ฌ์šฉ ์‚ฌ๋ก€์— ๋Œ€ํ•ด์„œ๋„ ๋™์ผํ•œ ๋ฌธ์ œ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.

๋‹น์‹ ์ด ์–ธ๊ธ‰ ํ•œ ์ œ์•ˆ์—์„œ..
The real server receives the enclosing packet, decapsulates it and sees real client IP as source and virtual service IP as destination.

ํŒจํ‚ท์˜ ๋Œ€์ƒ IP๋Š” VIP๊ฐ€ ์•„๋‹ˆ๋ผ ํด๋ผ์ด์–ธํŠธ๊ฐ€ ํŒจํ‚ท์„ ๋ณด๋‚ธ ํ˜ธ์ŠคํŠธ์˜ IP์ž…๋‹ˆ๋‹ค. ๋‹ค์‹œ ์ž‘์„ฑํ•˜์ง€ ์•Š์œผ๋ฉด ์‹ค์ œ ์„œ๋ฒ„๋Š” ์™ธ๋ถ€ IP ํ—ค๋”๋ฅผ ์ œ๊ฑฐํ•œ ํ›„ ์ด๋ฅผ ์‚ญ์ œํ•ฉ๋‹ˆ๋‹ค. ๋Œ€์ƒ IP๋ฅผ ๋‹ค์‹œ ์ž‘์„ฑํ•˜๋ฉด ํด๋ผ์ด์–ธํŠธ์— ๋Œ€ํ•œ ์‹ค์ œ ์„œ๋ฒ„์˜ ์‘๋‹ต์ด ์ž˜๋ชป๋œ ์†Œ์Šค IP๋ฅผ ๊ฐ€์ง€๋ฏ€๋กœ ์—ฐ๊ฒฐ์ด ์‹คํŒจํ•ฉ๋‹ˆ๋‹ค.

@sanimej์— ๋Œ€ํ•œ ์„ค๋ช… ๊ฐ์‚ฌํ•ฉ๋‹ˆ๋‹ค. PROXY ํ”„๋กœํ† ์ฝœ์„ ๊ตฌํ˜„ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๊นŒ? ์›ํ™œํ•œ ์†”๋ฃจ์…˜์„ ์ œ๊ณตํ•˜์ง€๋Š” ์•Š๊ฒ ์ง€๋งŒ ์ตœ์†Œํ•œ ์‚ฌ์šฉ์ž IP๋ฅผ ํ•ด๊ฒฐํ•˜๋Š” ์†”๋ฃจ์…˜์„ ์„œ๋น„์Šค์— ์ œ๊ณตํ•  ๊ฒƒ์ž…๋‹ˆ๋‹ค.

์†Œ์Šค ํฌํŠธ ๋ฒ”์œ„๋ฅผ ๋ธ”๋ก์œผ๋กœ ๋ถ„ํ• ํ•˜๊ณ  ํด๋Ÿฌ์Šคํ„ฐ์˜ ๊ฐ ํ˜ธ์ŠคํŠธ์— ๋Œ€ํ•ด ๋ธ”๋ก์„ ํ• ๋‹นํ•˜์—ฌ ์†Œ์Šค IP ๋ณด์กด์„ ๋‹ฌ์„ฑํ•˜๋Š” ๊ฐ„๋‹จํ•œ ๋ฐฉ๋ฒ•์ด ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋Ÿฐ ๋‹ค์Œ ์ˆ˜์‹  ํ˜ธ์ŠคํŠธ๊ฐ€ ์ผ๋ฐ˜์ ์ธ SNAT๋ฅผ ์ˆ˜ํ–‰ํ•˜๊ณ  ํŒจํ‚ท์„ ์‹ค์ œ ์„œ๋ฒ„๋กœ ๋ณด๋‚ด๋Š” ํ•˜์ด๋ธŒ๋ฆฌ๋“œ NAT+DR ์ ‘๊ทผ ๋ฐฉ์‹์„ ์ˆ˜ํ–‰ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์‹ค์ œ ์„œ๋ฒ„๊ฐ€ ์‹คํ–‰ ์ค‘์ธ ํ˜ธ์ŠคํŠธ์—์„œ ์†Œ์Šค IP๋ฅผ ๊ธฐ๋ฐ˜์œผ๋กœ SNAT๋ฅผ ์ˆ˜ํ–‰ํ•˜์—ฌ ์†Œ์Šค ํฌํŠธ๋ฅผ ์ˆ˜์‹  ํ˜ธ์ŠคํŠธ์— ํ• ๋‹น๋œ ๋ฒ”์œ„์˜ ํฌํŠธ๋กœ ๋ณ€๊ฒฝํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๋Ÿฐ ๋‹ค์Œ ์ปจํ…Œ์ด๋„ˆ์˜ ๋ฐ˜ํ™˜ ํŒจํ‚ท์—์„œ ์†Œ์Šค ํฌํŠธ ๋ฒ”์œ„(๋ฐ ๋Œ€์ƒ ํฌํŠธ)์™€ ์ผ์น˜ํ•˜๊ณ  ์†Œ์Šค IP๋ฅผ ์ˆ˜์‹  ํ˜ธ์ŠคํŠธ์˜ IP๋กœ ๋ณ€๊ฒฝํ•ฉ๋‹ˆ๋‹ค.

๊ธฐ์ˆ ์ ์œผ๋กœ ์ด๊ฒƒ์€ ์ž‘๋™ ํ•˜์ง€๋งŒ ํด๋Ÿฌ์Šคํ„ฐ ๊ตฌ์„ฑ์›์ด ๋น ๋ฅด๊ฒŒ ์ถ”๊ฐ€ ๋ฐ ์ œ๊ฑฐ๋˜๋Š” ์‹ค์ œ ๋ฐฐํฌ์—์„œ๋Š” ๋น„ํ˜„์‹ค์ ์ด๊ณ  ์ทจ์•ฝํ•ฉ๋‹ˆ๋‹ค. ์ด๊ฒƒ์€ ๋˜ํ•œ ํฌํŠธ ๊ณต๊ฐ„์„ ํฌ๊ฒŒ ์ค„์ž…๋‹ˆ๋‹ค.

๋‚ด๊ฐ€ ์–ธ๊ธ‰ํ•œ NAT+DR ์ ‘๊ทผ ๋ฐฉ์‹์€ ์ˆ˜์‹  ํ˜ธ์ŠคํŠธ์—์„œ ์†Œ์Šค IP๋ฅผ ๋ณ€๊ฒฝํ•  ์ˆ˜ ์—†๊ธฐ ๋•Œ๋ฌธ์— ์ž‘๋™ํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ์†Œ์Šค ํฌํŠธ๋งŒ ํ•ด๋‹น ํŠน์ • ํ˜ธ์ŠคํŠธ์˜ ๋ฒ”์œ„์— ์žˆ๋Š” ํฌํŠธ๋กœ ๋ณ€๊ฒฝํ•˜๊ณ  ๋ฐฑ์—”๋“œ ํ˜ธ์ŠคํŠธ์˜ ๋ผ์šฐํŒ… ์ •์ฑ…์„ ์‚ฌ์šฉํ•˜์—ฌ ํŒจํ‚ท์„ ์ˆ˜์‹  ํ˜ธ์ŠคํŠธ๋กœ ๋‹ค์‹œ ๊ฐ€์ ธ์˜ค๋Š” ๊ฒƒ์ด ์˜ต์…˜์ด ๋  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์—ฌ๊ธฐ์—๋Š” ์ด์ „์— ์–ธ๊ธ‰ํ•œ ๋‹ค๋ฅธ ๋ฌธ์ œ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.

@tajeztah
Nginx ์ปจํ…Œ์ด๋„ˆ์—์„œ ์›น ์ปจํ…Œ์ด๋„ˆ๋กœ ์‹ค์ œ IP ์ฃผ์†Œ๋ฅผ ์ „๋‹ฌํ•˜๋Š” ํ˜„์žฌ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด ์žˆ์Šต๋‹ˆ๊นŒ?
๋‚˜๋Š”์— Nginx์— ์ปจํ…Œ์ด๋„ˆ ์‹คํ–‰์ด global ๋ชจ๋“œ ๋ฐ ๊ฒŒ์‹œ host Nginx์— ์ปจํ…Œ์ด๋„ˆ๊ฐ€ ์˜ฌ๋ฐ”๋ฅธ IP ์ฃผ์†Œ๋ฅผ ์–ป์„ ์ˆ˜ ์žˆ๋„๋ก. ๋‘ ์ปจํ…Œ์ด๋„ˆ๋Š” ์„œ๋กœ๋ฅผ ์ž˜ ๋ณผ ์ˆ˜ ์žˆ์ง€๋งŒ ์›น ์ปจํ…Œ์ด๋„ˆ๋Š” ํด๋ผ์ด์–ธํŠธ๊ฐ€ ์•„๋‹Œ Nginx ์ปจํ…Œ์ด๋„ˆ IP ์ฃผ์†Œ๋ฅผ ์–ป์Šต๋‹ˆ๋‹ค.
Nginx๋Š” ์›น์šฉ ๋ฆฌ๋ฒ„์Šค ํ”„๋ก์‹œ์ด๋ฉฐ ์›น์€ ํฌํŠธ 8000์—์„œ uwsgi๋ฅผ ์‹คํ–‰ํ•ฉ๋‹ˆ๋‹ค.

server {
    resolver 127.0.0.11;
    set $web_upstream http://web:8000;

    listen 80;
    server_name domain.com;
    location / {
        proxy_pass $web_upstream;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;
        proxy_buffering off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

@pi0 ๋‹ต๋ณ€ ๊ฐ์‚ฌํ•ฉ๋‹ˆ๋‹ค

๋งํฌ์—์„œ nginx ๊ตฌ์„ฑ์„ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ์ง€๋งŒ IP ์ฃผ์†Œ๊ฐ€ ์—ฌ์ „ํžˆ ์ž˜๋ชป๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ๊ตฌ์„ฑ์— ๋ˆ„๋ฝ๋œ ํ•ญ๋ชฉ์ด ์žˆ์–ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ์™€ ๋‘ ๊ฐœ์˜ ์„œ๋น„์Šค๊ฐ€ ์žˆ๋Š” ๋„์ปค( 17.03.0-ce ) ๋ฌด๋ฆฌ ํด๋Ÿฌ์Šคํ„ฐ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.

    docker service create --name nginx --network overlay_network --mode=global \
        --publish mode=host,published=80,target=80 \
        --publish mode=host,published=443,target=443 \
        nginx:1.11.10

    docker service create --name web --network overlay_network \
        --replicas 1 \
        web:newest

Nginx ์ปจํ…Œ์ด๋„ˆ๋Š” ์ตœ์‹  ๊ณต์‹ ์ปจํ…Œ์ด๋„ˆ https://hub.docker.com/_/nginx/๋ฅผ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค.
์›น ์ปจํ…Œ์ด๋„ˆ๋Š” ํฌํŠธ 8000์—์„œ uwsgi ์„œ๋ฒ„๋ฅผ ์‹คํ–‰ํ•ฉ๋‹ˆ๋‹ค.

๋งํฌ์—์„œ ์ „์—ญ nginx.conf ์„ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ์œผ๋ฉฐ conf.d/default.conf ๋Š” ๋‹ค์Œ๊ณผ ๊ฐ™์Šต๋‹ˆ๋‹ค.

   server {
       resolver 127.0.0.11;
       set $web_upstream http://web:8000;

       listen 80;
       server_name domain.com;
       location / {
        proxy_pass $web_upstream;
      }
  }

๊ทธ๋Ÿฐ ๋‹ค์Œ nginx ์ปจํ…Œ์ด๋„ˆ ๋กœ๊ทธ:

  194.168.X.X - - [17/Mar/2017:12:25:08 +0000] "GET / HTTP/1.1" 200

์›น ์ปจํ…Œ์ด๋„ˆ ๋กœ๊ทธ:

  10.0.0.47 - - [17/Mar/2017 12:25:08] "GET / HTTP/1.1" 200 -

๊ฑฐ๊ธฐ์— ๋ฌด์—‡์ด ๋น ์ ธ ์žˆ์Šต๋‹ˆ๊นŒ?

IP ์ฃผ์†Œ๋Š” ์—ฌ์ „ํžˆ ํ‹€๋ฆด ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๊ทธ๋Ÿฌ๋‚˜ HTTP ํ—ค๋”๋ฅผ ์ถ”๊ฐ€ํ•ฉ๋‹ˆ๋‹ค.
์‹ค์ œ IP ์ฃผ์†Œ๋ฅผ ํฌํ•จํ•ฉ๋‹ˆ๋‹ค. ์›ํ•˜๋Š” ์›น ์„œ๋ฒ„๋ฅผ ๊ตฌ์„ฑํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.
ํ”„๋ก์‹œ๋ฅผ ์‹ ๋ขฐํ•˜๋ ค๋ฉด(์†Œ์Šค IP ๋Œ€์‹  ํ—ค๋” ์‚ฌ์šฉ)
2560๋…„ 3์›” 17์ผ ๊ธˆ์š”์ผ ์˜คํ›„ 7์‹œ 36๋ถ„ Lukasz Pakula [email protected]
์ผ๋‹ค:

@pi0 https://github.com/pi0 ๋‹ต๋ณ€ ๊ฐ์‚ฌํ•ฉ๋‹ˆ๋‹ค

๋งํฌ์—์„œ nginx ๊ตฌ์„ฑ์„ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ์ง€๋งŒ IP ์ฃผ์†Œ๋Š” ์—ฌ์ „ํžˆ
์ž˜๋ชป, ๋‚ด ๊ตฌ์„ฑ์— ๋ˆ„๋ฝ๋œ ๊ฒƒ์ด ์žˆ์–ด์•ผ ํ•ฉ๋‹ˆ๋‹ค

์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ์™€ ๋‘ ๊ฐœ์˜ ๋„์ปค( 17.03.0-ce ) ๋ฌด๋ฆฌ ํด๋Ÿฌ์Šคํ„ฐ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.
์„œ๋น„์Šค

docker service create --name nginx --network overlay_network --mode=global \
    --publish mode=host,published=80,target=80 \
    --publish mode=host,published=443,target=443 \
    nginx:1.11.10

docker service create --name web --network overlay_network \
    --replicas 1 \
    web:newest

Nginx ์ปจํ…Œ์ด๋„ˆ๋Š” ์ตœ์‹  ๊ณต์‹ ์ปจํ…Œ์ด๋„ˆ๋ฅผ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค.
https://hub.docker.com/_/nginx/ http://url
์›น ์ปจํ…Œ์ด๋„ˆ๋Š” ํฌํŠธ 8000์—์„œ uwsgi ์„œ๋ฒ„๋ฅผ ์‹คํ–‰ํ•ฉ๋‹ˆ๋‹ค.

๋งํฌ์—์„œ ์ „์—ญ nginx.conf๋ฅผ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ์œผ๋ฉฐ conf.d/default.conf๊ฐ€ ๋ณด์ž…๋‹ˆ๋‹ค.
๋‹ค์Œ๊ณผ ๊ฐ™์ด:

์„œ๋ฒ„ {
๋ฆฌ์กธ๋ฒ„ 127.0.0.11;
$web_upstream ์„ค์ • http://web :8000;

   listen 80;
   server_name domain.com;
   location / {
    proxy_pass $web_upstream;
  }

}

๊ทธ๋Ÿฐ ๋‹ค์Œ nginx ์ปจํ…Œ์ด๋„ˆ ๋กœ๊ทธ:

194.168.XX - - [17/Mar/2017:12:25:08 +0000] "GET / HTTP/1.1" 200

์›น ์ปจํ…Œ์ด๋„ˆ ๋กœ๊ทธ:

10.0.0.47 - - [17/Mar/2017 12:25:08] "GET / HTTP/1.1" 200 -

๊ฑฐ๊ธฐ์— ๋ฌด์—‡์ด ๋น ์ ธ ์žˆ์Šต๋‹ˆ๊นŒ?

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/docker/docker/issues/25526#issuecomment-287342795 ,
๋˜๋Š” ์Šค๋ ˆ๋“œ ์Œ์†Œ๊ฑฐ
https://github.com/notifications/unsubscribe-auth/ABtu97EFaCmLwAZiOrYT4nXi4oXPCbLQks5rmn43gaJpZM4Jf2WK
.

>

ํŒฌ์ œ์ด,
ํŒ์ž๋งˆํ ์„ธ๋ฆ„์‚ฌ์™€์ธ ๋ฆฌ
์ „ํ™” (+66)869761168

@lpakula ์•„ web:newest ์ด๋ฏธ์ง€๊ฐ€ X-Real-IP ํ—ค๋”๋ฅผ ์กด์ค‘ํ•ด์•ผ ํ•˜๋Š” ๋˜ ๋‹ค๋ฅธ ๊ฒƒ์ด ์žˆ์Šต๋‹ˆ๋‹ค. nginx๋Š” ๋ฐœ์‹ ์ž IP๋ฅผ ์ž๋™์œผ๋กœ ๋ณ€๊ฒฝํ•˜์ง€ ์•Š๊ณ  ํžŒํŠธ ํ—ค๋”๋งŒ ๋ณด๋ƒ…๋‹ˆ๋‹ค.

@ pi0 @PanJ
๊ทธ๊ฒƒ์€ ๋ฉ”์ดํฌ์—… ๊ฐ๊ฐ, ๊ณ ๋งˆ์›Œ ์•Š์Šต๋‹ˆ๋‹ค!

ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ํฌํŠธ๋ฅผ ๋ฐ”์ธ๋”ฉํ•ฉ๋‹ˆ๋‹ค.

nginx๋Š” TPROXY ์ปค๋„ ๋ชจ๋“ˆ์„ ์‚ฌ์šฉํ•˜์—ฌ IP ํˆฌ๋ช…์„ฑ ์„ ์ง€์› ํ•ฉ๋‹ˆ๋‹ค .

@stevvooe Docker๋„ ๊ทธ๋Ÿฐ ์ผ์„ ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๊นŒ?

nginx๋Š” TPROXY ์ปค๋„ ๋ชจ๋“ˆ์„ ์‚ฌ์šฉํ•˜์—ฌ IP ํˆฌ๋ช…์„ฑ์„ ์ง€์›ํ•ฉ๋‹ˆ๋‹ค.
@stevvooe Docker๋„ ๊ทธ๋Ÿฐ ์ผ์„ ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๊นŒ?

ํ•ญ๋ชฉ์ด ๋…ธ๋“œ ์ „์ฒด์—์„œ ์ถ”์ ๋˜์–ด์•ผ ํ•˜๋ฏ€๋กœ ๊ฑฐ์˜ ์—†์Šต๋‹ˆ๋‹ค. @sanimej ๋˜๋Š” @mavenugo๋กœ ํ•˜๊ฒ ์Šต๋‹ˆ๋‹ค.

Swarm์€ ํด๋ผ์ด์–ธํŠธ IP ์ฃผ์†Œ๋ฅผ ์–ป๊ธฐ ์œ„ํ•ด REST API๋ฅผ ์ œ๊ณตํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๊นŒ?

@tonysongtl ์ด ๋ฌธ์ œ์™€ ๊ด€๋ จ์ด ์—†์Šต๋‹ˆ๋‹ค

๊ณ ๋ คํ•ด์•ผ ํ•  ๋˜ ๋‹ค๋ฅธ ์‚ฌํ•ญ์€ ๊ณ ๊ฐ€์šฉ์„ฑ ์„ค์ •์—์„œ ํŠธ๋ž˜ํ”ฝ์ด ๋…ธ๋“œ๋กœ ์ „๋‹ฌ๋˜๋Š” ๋ฐฉ์‹์ž…๋‹ˆ๋‹ค. ๋…ธ๋“œ๋Š” ํด๋ผ์ด์–ธํŠธ์— ๋Œ€ํ•œ ์˜ค๋ฅ˜๋ฅผ ์ƒ์„ฑํ•˜์ง€ ์•Š๊ณ  ๋‹ค์šด๋  ์ˆ˜ ์žˆ์–ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ํ˜„์žฌ ๊ถŒ์žฅ ์‚ฌํ•ญ์€ ์™ธ๋ถ€ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ(ELB, F5 ๋“ฑ)๋ฅผ ์‚ฌ์šฉํ•˜๊ณ  ๊ฐ„๋‹จํ•œ ๋ ˆ์ด์–ด 4 ์ƒํƒœ ํ™•์ธ๊ณผ ํ•จ๊ป˜ ๋ ˆ์ด์–ด 4์—์„œ ๊ฐ Swarm ๋…ธ๋“œ๋กœ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค. F5๋Š” SNAT๋ฅผ ์‚ฌ์šฉํ•˜๋ฏ€๋กœ ์ด ๊ตฌ์„ฑ์—์„œ ๊ฐ€์žฅ ์ข‹์€ ๊ฒฝ์šฐ๋Š” ์‹ค์ œ ํด๋ผ์ด์–ธํŠธ IP๊ฐ€ ์•„๋‹Œ F5์˜ ๋‹จ์ผ IP๋ฅผ ์บก์ฒ˜ํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.

์ฐธ์กฐ:
https://docs.docker.com/engine/swarm/ingress/#configure -an-external-load-balancer
https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Docker_EE_Best_Practices_and_Design_Considerations
https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Universal_Control_Plane_2.0_Service_Discovery_and_Load_Balancing

์œ„ ์˜ ์ฃผ์„ ๋ฏธ๋Ÿฌ๋ง - ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์„ ์‚ฌ์šฉํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๊นŒ? ๋ชจ๋“  ํด๋ผ์šฐ๋“œ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ ๋ฐ haproxy๋Š” ์†Œ์Šค IP ๋ณด์กด์„ ์œ„ํ•ด ์ด๊ฒƒ์„ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค.

Calico์—๋Š” ipip ๋ชจ๋“œ( https://docs.projectcalico.org/v2.2/usage/configuration/ip-in-ip) ๋„ ์žˆ์Šต๋‹ˆ๋‹ค. ์ด๊ฒƒ์ด github์—์„œ ์‚ฌ์šฉํ•˜๋Š” ์ด์œ  ์ค‘ ํ•˜๋‚˜์ž…๋‹ˆ๋‹ค. https://githubengineering.com/kubernetes-at-github/

์•ˆ๋…•ํ•˜์„ธ์š”.

์ดํ•ด์™€ ์™„์ „์„ฑ์„ ์œ„ํ•ด ์š”์•ฝํ•˜๊ณ  ๋‚ด๊ฐ€ ํ‹€๋ ธ๋‹ค๋ฉด ์ •์ •ํ•ด ์ฃผ์‹ญ์‹œ์˜ค.

์ฃผ์š” ๋ฌธ์ œ๋Š” ์ปจํ…Œ์ด๋„ˆ๊ฐ€ ์›๋ž˜ src-IP๊ฐ€ ์•„๋‹ˆ๋ผ swarm VIP๋ฅผ ์ˆ˜์‹ ํ•œ๋‹ค๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๋‹ค์Œ ์‹œ๋‚˜๋ฆฌ์˜ค์—์„œ ์ด ๋ฌธ์ œ๋ฅผ ๋ณต์ œํ–ˆ์Šต๋‹ˆ๋‹ค.

create docker swarm
docker service create --name web --publish 80:80 nginx
access.log source IP is 10.255.0.7 instead of client's browser IP

๊ทธ๊ฒƒ์€ ๋ณด์ธ๋‹ค:

Swarm ๋‚ด์˜ ์„œ๋น„์Šค๊ฐ€ (๊ธฐ๋ณธ) ๋ฉ”์‹œ๋ฅผ ์‚ฌ์šฉํ•  ๋•Œ Swarm์€ ๋™์ผํ•œ ์ถœ์ฒ˜์˜ ํŠธ๋ž˜ํ”ฝ์ด ํ•ญ์ƒ ๋™์ผํ•œ ํ˜ธ์ŠคํŠธ ์‹คํ–‰ ์„œ๋น„์Šค๋กœ ์ „์†ก๋˜๋„๋ก NAT
๋”ฐ๋ผ์„œ ์›๋ž˜ src-IP๋ฅผ ์žƒ๊ณ  Swarm์˜ ์„œ๋น„์Šค VIP๋กœ ๋Œ€์ฒด๋ฉ๋‹ˆ๋‹ค.

@kobolog https://github.com/moby/moby/issues/25526#issuecomment -258660348 ๋ฐ @dack https://github.com/moby/moby/issues/25526#issuecomment -260813865 ์ œ์•ˆ์ด @sanimej์— ์˜ํ•ด ๋ฐ˜๋ฐ•๋œ ๊ฒƒ https://github.com/moby/moby/issues/25526#issuecomment -280722179 https://github.com/moby/moby/issues/25526#issuecomment -281289906 ๊ทธ๋Ÿฌ๋‚˜ TBH, ๊ทธ์˜ ์ฃผ์žฅ์€ ๋ช…ํ™•ํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ๋‚˜๋Š” ์•„์ง ์ด๊ฒƒ์ด ํ™•์‹คํžˆ ๋ถˆ๊ฐ€๋Šฅํ•œ ๊ฒฝ์šฐ ์Šค๋ ˆ๋“œ๊ฐ€ ๋‹ซํžˆ์ง€ ์•Š์€ ์ด์œ ๋ฅผ ์ดํ•ดํ•˜์ง€ ๋ชปํ•ฉ๋‹ˆ๋‹ค.

@sanimej ๊ฐ€ ์ž‘๋™ํ•˜์ง€

  1. Swarm์€ src-IP=A ๋ฐ destination="my-service-virtual-address" ๋ฉ”์‹œ์ง€๋ฅผ ์ˆ˜์‹ ํ•ฉ๋‹ˆ๋‹ค.
  2. ํŒจํ‚ค์ง€๋Š” ์›๋ณธ ๋ฉ”์‹œ์ง€๋ฅผ ์บก์Šํ™”ํ•˜์—ฌ ํ•ด๋‹น ์„œ๋น„์Šค๋ฅผ ์‹คํ–‰ํ•˜๋Š” ๋–ผ ๋…ธ๋“œ๋กœ ์ „์†ก๋ฉ๋‹ˆ๋‹ค.
  3. ๋…ธ๋“œ๋Š” ์ปจํ…Œ์ด๋„ˆ๋ฅผ ์‹คํ–‰ํ•˜๋Š” ์„œ๋น„์Šค IP๋กœ ๋Œ€์ƒ์„ ๋ณ€๊ฒฝํ•˜๋Š” ์ž‘์—…์œผ๋กœ ์ „๋‹ฌํ•ฉ๋‹ˆ๋‹ค.
    Swarm๊ณผ ๋…ธ๋“œ๋Š” ๊ฐ€๋Šฅํ•œ ํ•œ ๋™์ผํ•œ ์ถœ์ฒ˜์˜ ํŠธ๋ž˜ํ”ฝ์ด ๋™์ผํ•œ ๋…ธ๋“œ๋กœ ์ „๋‹ฌ๋˜๋„๋ก ํ…Œ์ด๋ธ”์„ ์œ ์ง€ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

ํŠน์ • ์„œ๋น„์Šค์— ๋Œ€ํ•ด "NAT ๋Œ€์‹  ์—ญ๋ฐฉํ–ฅ ํ”„๋ก์‹œ"๋ฅผ ํ™œ์„ฑํ™”ํ•˜๋Š” ์˜ต์…˜์ด ๋ชจ๋“  ์‚ฌ๋žŒ์„ ๋งŒ์กฑ์‹œํ‚ค๋Š” ์ด ๋ชจ๋“  ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜์ง€ ์•Š์„๊นŒ์š”?

๋ฐ˜๋ฉด IIUC๋Š” https://docs.docker.com/engine/swarm/services/#publish -a-services-ports-directly-on-the-swarm-node๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ์œ ์ผํ•œ ์˜ต์…˜์ž…๋‹ˆ๋‹ค. -๋‹ค์‹œ IIUC-๋Š” ๋ฉ”์‹œ๋ฅผ ์ „ํ˜€ ์‚ฌ์šฉํ•˜์ง€ ์•Š๋Š” ๊ฒƒ์ฒ˜๋Ÿผ ๋ณด์ด๋ฏ€๋กœ ์Šค์›œ ๋ชจ๋“œ (vs compose)

๋„์™€์ฃผ์…”์„œ ๊ฐ์‚ฌํ•ฉ๋‹ˆ๋‹ค.
๋ฌธ์•ˆ ์ธ์‚ฌ

@sanimej
๋”์šฑ์ด... Docker๊ฐ€ NAT(๋ชฉ์ ์ง€ IP/ํฌํŠธ๋งŒ ๋ณ€๊ฒฝ) ํฌ์›Œ๋”ฉ๋งŒ ํ•˜์ง€ ์•Š๋Š” ์ด์œ ๋Š” ๋ฌด์—‡์ž…๋‹ˆ๊นŒ?

  1. Swarm ์ˆ˜์‹  ๋ฉ”์‹œ์ง€ "A์—์„œ myservice๋กœ"
  2. Swarm์€ dest=node1์„ ์„ค์ •ํ•˜์—ฌ ํ•ด๋‹น ์„œ๋น„์Šค๋ฅผ ์‹คํ–‰ํ•˜๋Š” ํ˜ธ์ŠคํŠธ์— ๋ฉ”์‹œ์ง€๋ฅผ ์ „๋‹ฌํ•ฉ๋‹ˆ๋‹ค.
  3. Node1์€ "A์—์„œ node1์œผ๋กœ" ๋ฉ”์‹œ์ง€๋ฅผ ์ˆ˜์‹ ํ•˜๊ณ  dest=container1 ์„ค์ •์„ ์ „๋‹ฌํ•ฉ๋‹ˆ๋‹ค.
  4. Container1์€ "A์—์„œ container1๋กœ" ๋ฉ”์‹œ์ง€๋ฅผ ์ˆ˜์‹ ํ•ฉ๋‹ˆ๋‹ค.
  5. ์‘๋‹ตํ•˜๋ ค๋ฉด ์ปจํ…Œ์ด๋„ˆ๊ฐ€ ๊ธฐ๋ณธ ๊ฒŒ์ดํŠธ์›จ์ด ๊ฒฝ๋กœ๋ฅผ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค.

๋‚˜๋Š” ์ฐจ์ž„๋ฒจ์„ ์šธ๋ฆฌ๊ณ  ์‹ถ์Šต๋‹ˆ๋‹ค. ์ด ์ž‘์—…์„ ์ˆ˜ํ–‰ํ•˜๋Š” ์‰ฌ์šด ๋ฐฉ๋ฒ•์ด ์—†๋‹ค๋Š” ๊ฒƒ์„ ์ดํ•ดํ•˜์ง€๋งŒ ์›๋ž˜ IP ์ฃผ์†Œ๋ฅผ ์–ด๋–ค ๋ฐฉ์‹์œผ๋กœ๋“  ๋ณด์กดํ•˜์ง€ ์•Š์œผ๋ฉด ์—ฌ๋Ÿฌ ์‘์šฉ ํ”„๋กœ๊ทธ๋žจ ์‚ฌ์šฉ ์‚ฌ๋ก€๋ฅผ ์‹ฌ๊ฐํ•˜๊ฒŒ ๋ฐฉํ•ดํ•ฉ๋‹ˆ๋‹ค. ๋‚ด ๋จธ๋ฆฌ ๊ผญ๋Œ€๊ธฐ์—์„œ ์ƒ๊ฐํ•  ์ˆ˜์žˆ๋Š” ๋ช‡ ๊ฐ€์ง€๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.

  • ๋„คํŠธ์›Œํฌ/์„œ๋น„์Šค ์—”์ง€๋‹ˆ์–ด๋ง์— ์žˆ์–ด ์‚ฌ์šฉ์ž์˜ ์ถœ์ฒ˜๋ฅผ ์ž์„ธํžˆ ์„ค๋ช…ํ•˜๋Š” ๋ฉ”ํŠธ๋ฆญ์„ ๊ฐ€์งˆ ์ˆ˜ ์žˆ๋‹ค๋Š” ๊ฒƒ์€ ๋งค์šฐ ์ค‘์š”ํ•ฉ๋‹ˆ๋‹ค.

  • ๋งŽ์€ ๋ณด์•ˆ ์‘์šฉ ํ”„๋กœ๊ทธ๋žจ์—์„œ ์„œ๋น„์Šค ๋‚จ์šฉ์„ ๊ธฐ๋ฐ˜์œผ๋กœ ํ•œ ๋™์  ๋ธ”๋ž™๋ฆฌ์ŠคํŠธ๋ฅผ ํ—ˆ์šฉํ•˜๋ ค๋ฉด ์›๋ž˜ IP ์ฃผ์†Œ์— ์•ก์„ธ์Šคํ•  ์ˆ˜ ์žˆ์–ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

  • ์œ„์น˜ ์ธ์‹ ์„œ๋น„์Šค๋Š” ๋‹ค๋ฅธ ๋ฐฉ๋ฒ•์ด ์‹คํŒจํ•  ๋•Œ ์‚ฌ์šฉ์ž์˜ ์ผ๋ฐ˜์ ์ธ ์œ„์น˜๋ฅผ ์ฐพ๊ธฐ ์œ„ํ•ด IP ์ฃผ์†Œ์— ์•ก์„ธ์Šคํ•  ์ˆ˜ ์žˆ์–ด์•ผ ํ•˜๋Š” ๊ฒฝ์šฐ๊ฐ€ ๋งŽ์Šต๋‹ˆ๋‹ค.

์ด ๋ฌธ์ œ ์Šค๋ ˆ๋“œ๋ฅผ ์ฝ์€ ๊ฒฐ๊ณผ Docker Swarm ๋‚ด์—์„œ ํ™•์žฅ ๊ฐ€๋Šฅํ•œ ์„œ๋น„์Šค๋ฅผ ์›ํ•  ๋•Œ ์ฃผ์–ด์ง„ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด ์ž˜ ์ž‘๋™ํ•˜์ง€ ์•Š๋Š” ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. ์ž‘์—…์ž ๋…ธ๋“œ๋‹น ํ•˜๋‚˜์˜ ์ธ์Šคํ„ด์Šค๋กœ ์ œํ•œํ•˜๋ฉด ์˜คํผ๋ง์˜ ์œ ์—ฐ์„ฑ์ด ํฌ๊ฒŒ ์ค„์–ด๋“ญ๋‹ˆ๋‹ค. ๋˜ํ•œ Swarm ์˜ค์ผ€์ŠคํŠธ๋ ˆ์ด์…˜ ์ปจํ…Œ์ด๋„ˆ์— ๊ณต๊ธ‰ํ•˜๊ธฐ ์ „์— ๋น„ Swarm ์˜ค์ผ€์ŠคํŠธ๋ ˆ์ด์…˜ ์ปจํ…Œ์ด๋„ˆ๋กœ ์‹คํ–‰๋˜๋Š” ์—์ง€์—์„œ LB/ํ”„๋ก์‹œ๋ฅผ ์œ ์ง€ํ•˜๋Š” ํ•˜์ด๋ธŒ๋ฆฌ๋“œ ์ ‘๊ทผ ๋ฐฉ์‹์„ ์œ ์ง€ํ•˜๋Š” ๊ฒƒ์€ ๊ณผ๊ฑฐ๋กœ ๋Œ์•„๊ฐ€๋Š” ๊ฒƒ์ฒ˜๋Ÿผ ๋ณด์ž…๋‹ˆ๋‹ค. ์‚ฌ์šฉ์ž๊ฐ€ ์„œ๋น„์Šค ์˜ค์ผ€์ŠคํŠธ๋ ˆ์ด์…˜์„ ์œ„ํ•ด ๋‘ ๊ฐ€์ง€ ๋‹ค๋ฅธ ํŒจ๋Ÿฌ๋‹ค์ž„์„ ์œ ์ง€ํ•ด์•ผ ํ•˜๋Š” ์ด์œ ๋Š” ๋ฌด์—‡์ž…๋‹ˆ๊นŒ? ์—์ง€์—์„œ LB/ํ”„๋ก์‹œ๋ฅผ ๋™์ ์œผ๋กœ ํ™•์žฅํ•  ์ˆ˜ ์žˆ๋Š” ๊ฒƒ์€ ์–ด๋–ป์Šต๋‹ˆ๊นŒ? ์ˆ˜๋™์œผ๋กœ ํ•ด์•ผ๊ฒ ์ฃ ?

Docker ํŒ€์ด ์ด๋Ÿฌํ•œ ์˜๊ฒฌ์„ ๊ณ ๋ คํ•˜๊ณ  Docker ์—์ฝ”์‹œ์Šคํ…œ์— ์žˆ๋Š” ํ’ˆ์งˆ๊ณผ ์œ ์—ฐ์„ฑ์„ ์œ ์ง€ํ•˜๋ฉด์„œ ์ด ๊ธฐ๋Šฅ์„ ๋„์ž…ํ•  ์ˆ˜ ์žˆ๋Š” ๋ฐฉ๋ฒ•์ด ์žˆ๋Š”์ง€ ํ™•์ธํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๊นŒ?

๋” ๋‚˜์•„๊ฐ€, ๋‚˜๋Š” ํ˜„์žฌ ์ด๊ฒƒ์— ์˜ํ•ด ํƒ€๊ฒฉ์„ ๋ฐ›๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ์Šน์ธ/์ธ์ฆ๋œ ์š”์ฒญ์„ ๋‹ค์šด์ŠคํŠธ๋ฆผ ์›น ์„œ๋ฒ„๋กœ ์ „๋‹ฌํ•˜๋Š” ์›น ์‘์šฉ ํ”„๋กœ๊ทธ๋žจ์ด ์žˆ์Šต๋‹ˆ๋‹ค. ์šฐ๋ฆฌ ์„œ๋น„์Šค ๊ธฐ์ˆ ์ž๋Š” ์‚ฌ๋žŒ๋“ค์ด ์›น ์•ก์„ธ์Šค ๋กœ๊ทธ๋ฅผ ์‚ฌ์šฉํ•˜๊ณ  ์‹ถ์–ดํ•˜๋Š” ๋‹ค์šด์ŠคํŠธ๋ฆผ ์„œ๋ฒ„์— ๋„๋‹ฌํ–ˆ๋Š”์ง€ ํ™•์ธํ•  ์ˆ˜ ์žˆ์–ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ํ˜„์žฌ ์‹œ๋‚˜๋ฆฌ์˜ค์—์„œ๋Š” ํ”„๋ก์‹œ ์„œ๋ฒ„๊ฐ€ ์›๋ž˜ IP ์ฃผ์†Œ๋ฅผ ๋ณผ ์ˆ˜ ์—†๊ธฐ ๋•Œ๋ฌธ์— ํ•ด๋‹น ๊ธฐ๋Šฅ์„ ์ œ๊ณตํ•  ๋ฐฉ๋ฒ•์ด ์—†์Šต๋‹ˆ๋‹ค. ๋‚ด ์‘์šฉ ํ”„๋กœ๊ทธ๋žจ์„ ์‰ฝ๊ฒŒ ํ™•์žฅํ•  ์ˆ˜ ์žˆ๊ธฐ๋ฅผ ์›ํ•˜๋ฉฐ ์ตœ์†Œํ•œ ๊ฐ ํ™•์žฅ๋œ ์ธ์Šคํ„ด์Šค์— ๋Œ€ํ•ด ์ƒˆ VM์„ ๋˜์ง€์ง€ ์•Š๊ณ ๋Š” ์ œ์‹œ๋œ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์œผ๋กœ ์ด ์ž‘์—…์„ ์ˆ˜ํ–‰ํ•  ์ˆ˜ ์—†๋Š” ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.

@Jitsusama ๊ฐ€ Kubernetes๋กœ ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๊นŒ?

@thaJeztah docker-compose๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ํ•ด๊ฒฐํ•˜๋Š” ๋ฐฉ๋ฒ•์ด ์žˆ์Šต๋‹ˆ๊นŒ?

๋‚˜๋Š” ์‹œ๋„ํ–ˆ๋‹ค

`services:
  math:
    build: ./math
    restart: always
    ports:
    - target: 12555
      published: 12555
      mode: host

ํ•˜์ง€๋งŒ ์†Œ์Šค IP๋กœ 172.xx1์„ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.

@trajano , ๋‚˜๋Š” ๋‹จ์„œ๊ฐ€ ์—†์Šต๋‹ˆ๋‹ค. Kubernetes๋Š” ์–ด๋–ป๊ฒŒ๋“  ์ด ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๊นŒ?

@์ง“์“ฐ์‚ฌ๋งˆ
์˜ˆ, ์†Œ์Šค IP๋ฅผ ๋ณด์กดํ•˜๋Š” ๋ฐฉ๋ฒ•์— ๋Œ€ํ•œ ๋ฌธ์„œ ๊ฐ€ ํ˜„์žฌ ์•„์ง ์ง€์›ํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค .

@trajano

ํ•˜์ง€๋งŒ ์†Œ์Šค IP๋กœ 172.xx1์„ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.

์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์— ๋กœ์ปฌ๋กœ ์•ก์„ธ์Šคํ•˜๋Š” ๊ฒฝ์šฐ docker_gwbridge ๊ฐ€ ํ”„๋ก์‹œ ์ปจํ…Œ์ด๋„ˆ์™€ ์ƒํ˜ธ ์ž‘์šฉํ•˜๋Š” ์ธํ„ฐํŽ˜์ด์Šค์ด๋ฏ€๋กœ ํ•ด๋‹น IP๊ฐ€ ์ •ํ™•ํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค(swarm์„ ์‚ฌ์šฉํ•˜๋Š” ๊ฒฝ์šฐ). IP ๋„คํŠธ์›Œํฌ ๋‚ด์˜ ๋‹ค๋ฅธ ์‹œ์Šคํ…œ์—์„œ ์•ฑ์— ์•ก์„ธ์Šคํ•˜์—ฌ ์˜ฌ๋ฐ”๋ฅธ ์ฃผ์†Œ๋ฅผ ํฌ์ฐฉํ•˜๋Š”์ง€ ํ™•์ธํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

์ž‘์„ฑ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์€ ๊ฐ€๋Šฅํ•ฉ๋‹ˆ๋‹ค. ์—ฌ๊ธฐ์—์„œ๋Š” jwilder/nginx-proxy ์˜ ๊ณต์‹ ๋นŒ๋“œ ์ด๋ฏธ์ง€์™€ ํ•จ๊ป˜ ๋ฐฑ์—”๋“œ ์„œ๋น„์Šค๋กœ nginx ์ด๋ฏธ์ง€๋ฅผ ํ”„๋ก ํŠธ์—”๋“œ ์—ญ ํ”„๋ก์‹œ(๊ฐœ๋… ๋‹จ์ˆœํ™”)๋กœ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค. Docker Swarm ๋ชจ๋“œ์—์„œ ์Šคํƒ์„ ๋ฐฐํฌํ•ฉ๋‹ˆ๋‹ค.

version: '3.3'

services:

  nginx-proxy:
    image: 'jwilder/nginx-proxy:alpine'
    deploy:
      mode: global
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro

  nginx:
    image: 'nginx:1.13.5-alpine'
    deploy:
      replicas: 3
    ports:
      - 80
      - 443
    environment:
      - VIRTUAL_HOST=website.local
$ echo '127.0.0.1 website.local' | sudo tee -a /etc/hosts
$ docker stack deploy --compose-file docker-compose.yml website

๊ทธ๋Ÿฌ๋ฉด ์Šคํƒ์— ๋Œ€ํ•œ website_default ๋„คํŠธ์›Œํฌ๊ฐ€ ์ƒ์„ฑ๋ฉ๋‹ˆ๋‹ค. ๋‚ด ์—”๋“œํฌ์ธํŠธ๋Š” VIRTUAL_HOST ํ™˜๊ฒฝ ๋ณ€์ˆ˜์— ์ •์˜๋˜์–ด ์žˆ์œผ๋ฉฐ http://website.local ์•ก์„ธ์Šคํ•˜๋ฉด ๋‹ค์Œ์ด ์ œ๊ณต๋ฉ๋‹ˆ๋‹ค.

website_nginx-proxy.0.ny152x5l9sh7<strong i="30">@Sherry</strong>    | nginx.1    | website.local 172.18.0.1 - - [08/Sep/2017:21:33:36 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36"
website_nginx.1.vskh5941kgkb<strong i="33">@Sherry</strong>    | 10.0.1.3 - - [08/Sep/2017:21:33:36 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36" "172.18.0.1"

website_nginx.1.vskh5941kgkb ํ—ค๋”์˜ ๋์—๋Š” ์›๋ž˜ IP( 172.18.0.1 )์— ๋Œ€ํ•œ ํžŒํŠธ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค. X๋Š”-์ „๋‹ฌ-๋ฅผ ๋“ค์–ด & X-์‹ค์‹œ๊ฐ„ IP๊ฐ€ ์„ค์ •๋˜์–ด nginx.tmpl ์˜ jwilder/nginx-proxy ๊ธฐ๋ณธ์ ์œผ๋กœ.

ํฌํŠธ 443 ๊ฒฝ์šฐ docker-compose ํŒŒ์ผ์— ๋‘ ํฌํŠธ๋ฅผ ๋ชจ๋‘ ์ถ”๊ฐ€ํ•  ์ˆ˜ ์—†์œผ๋ฏ€๋กœ ๋‹ค์Œ์„ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค.

docker service update website_nginx-proxy \
    --publish-rm 80 \
    --publish-add "mode=host,published=80,target=80" \
    --publish-rm 443 \
    --publish-add "mode=host,published=443,target=443" \
    --network-add "<network>"

๋˜ํ•œ VIRTUAL_HOST ํ™˜๊ฒฝ ๋ณ€์ˆ˜๊ฐ€ ํฌํ•จ๋œ ์•ฑ์œผ๋กœ ์—ญ ํ”„๋ก์‹œํ•˜๋ ค๋Š” ๋„คํŠธ์›Œํฌ๋ฅผ ์ถ”๊ฐ€ํ•ฉ๋‹ˆ๋‹ค. jwilder/nginx-proxy ์— ๋Œ€ํ•œ ๋ฌธ์„œ์—์„œ ๋” ์„ธ๋ถ„ํ™”๋œ ์˜ต์…˜์ด ๊ฐ€๋Šฅํ•˜๊ฑฐ๋‚˜ ๊ณ ์œ ํ•œ ์„ค์ •์„ ๋งŒ๋“ค ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Kubernetes์˜ ์ˆ˜์‹  ์ปจํŠธ๋กค๋Ÿฌ๋Š” ๊ธฐ๋ณธ์ ์œผ๋กœ ์ˆ˜์‹  ์ฐจํŠธ๊ฐ€ X-Forwarded-For ๋ฐ X-Real-IP ๋ฅผ ์ง€์›ํ•˜๊ธฐ ๋•Œ๋ฌธ์— ๊ธฐ๋ณธ์ ์œผ๋กœ ๋™์ผํ•œ ์ž‘์—…์„ ์ˆ˜ํ–‰ํ•˜๋ฉฐ ์ˆ˜์‹ ์˜ ์„ ํƒ ๋ฐ ์œ ํ˜•๊ณผ ๋ฐฐํฌ ๋ณต์ œ๋ณธ์— ์•ฝ๊ฐ„์˜ ์œ ์—ฐ์„ฑ์„ ์ œ๊ณตํ•ฉ๋‹ˆ๋‹ค.

๋”ฐ๋ผ์„œ kubernetes ๋ฌธ์„œ๊ฐ€ ์™„์ „ํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ์กด์žฌํ•˜๋Š” ๋˜ ๋‹ค๋ฅธ ๋ฐฉ๋ฒ•
๊ฝค ์ผ๋ฐ˜์ ์œผ๋กœ ์‹ค์ œ๋กœ ingress+proxy ํ”„๋กœํ† ์ฝœ์ž…๋‹ˆ๋‹ค.

https://www.haproxy.com/blog/haproxy/proxy-protocol/

ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์€ ์†Œ์Šค๋ฅผ ๋ณด์กดํ•˜๋Š” ๋„๋ฆฌ ์‚ฌ์šฉ๋˜๋Š” ํ”„๋กœํ† ์ฝœ์ž…๋‹ˆ๋‹ค.
์ •๋ณด. Haproxy์—๋Š” ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์— ๋Œ€ํ•œ ์ง€์›์ด ๋‚ด์žฅ๋˜์–ด ์žˆ์Šต๋‹ˆ๋‹ค. ์—”์ง„์—‘์Šค
ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์„ ์ฝ์„ ์ˆ˜๋Š” ์žˆ์ง€๋งŒ ์ฃผ์ž…ํ•  ์ˆ˜๋Š” ์—†์Šต๋‹ˆ๋‹ค.

ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์ด ์„ค์ •๋˜๋ฉด ๋ชจ๋“  ์œ„์น˜์—์„œ ํ•ด๋‹น ์ •๋ณด์— ์•ก์„ธ์Šคํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
๋‹ค์Œ๊ณผ ๊ฐ™์€ ๋‹ค์šด์ŠคํŠธ๋ฆผ ์„œ๋น„์Šค
https://github.com/nginxinc/kubernetes-ingress/blob/master/examples/proxy-protocol/README.md

Openshift์—์„œ๋„ ์ด๋ฅผ ์†Œ์Šค IP ์ •๋ณด์— ํ™œ์šฉ
https://docs.openshift.org/latest/install_config/router/proxy_protocol.html

์ด๊ฒƒ์€ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์„ ์ฃผ์ž…ํ•˜๋Š” k8์— ๋Œ€ํ•œ ์ตœ์‹  haproxy ์ˆ˜์‹ ์ž…๋‹ˆ๋‹ค.

IMHO ๋–ผ์—์„œ ์ด ์ž‘์—…์„ ์ˆ˜ํ–‰ํ•˜๋Š” ๋ฐฉ๋ฒ•์€ ์ˆ˜์‹ ์ด ํ”„๋ก์‹œ๋ฅผ ์ฝ์„ ์ˆ˜ ์žˆ๋„๋ก ํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
ํ”„๋กœํ† ์ฝœ(์ด๋ฅผ ๊ฐ€์ง„ ์—…์ŠคํŠธ๋ฆผ LB์—์„œ ํŠธ๋ž˜ํ”ฝ์„ ์ˆ˜์‹ ํ•˜๋Š” ๊ฒฝ์šฐ
์ด๋ฏธ ์ฃผ์ž…๋œ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ) ๋ฐ ์ฃผ์ž… ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ
์ •๋ณด(๋ชจ๋“  ํŠธ๋ž˜ํ”ฝ์ด ์‹ค์ œ๋กœ ์ธ๊ทธ๋ ˆ์Šค์— ๋จผ์ € ๋„๋‹ฌํ•˜๋Š” ๊ฒฝ์šฐ).

๋‚˜๋Š” ํŠนํžˆ ๋‹ค์Œ์ด ์žˆ์„ ๋•Œ ๋‹ค๋ฅธ ๋ฐฉ๋ฒ•์œผ๋กœ ํ•˜๋Š” ๊ฒƒ์— ์ฐฌ์„ฑํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.
์ด๋ฅผ ์ˆ˜ํ–‰ํ•˜๊ธฐ ์œ„ํ•ด ์ผ๋ฐ˜์ ์œผ๋กœ ํ—ˆ์šฉ๋˜๋Š” ํ‘œ์ค€์ž…๋‹ˆ๋‹ค.

Traefik์€ ๋ช‡ ์ฃผ ์ „์— proxy_protocol ์ง€์›์„ ์ถ”๊ฐ€ํ–ˆ์œผ๋ฉฐ v1.4.0-rc1๋ถ€ํ„ฐ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

์ด๊ฒƒ์€ docker swarm ingress ์ˆ˜์ค€์—์„œ ์ˆ˜ํ–‰ํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ์นจ์ž…ํ•˜๋Š” ๊ฒฝ์šฐ
ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ ๋ฐ์ดํ„ฐ๋ฅผ ์ฃผ์ž…ํ•˜์ง€ ์•Š์Œ, ๋‹ค์šด์ŠคํŠธ๋ฆผ ์„œ๋น„์Šค ์—†์Œ
(traefix, nginx ๋“ฑ ํฌํ•จ)์—์„œ ์ฝ์„ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

2017๋…„ 9์›” 10์ผ 21์‹œ 42๋ถ„์— "monotykamary" [email protected]์—์„œ ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์ผ์Šต๋‹ˆ๋‹ค.

Traefik์€ proxy_protocol ์ง€์›์„ ์ถ”๊ฐ€ํ–ˆ์Šต๋‹ˆ๋‹ค.
https://github.com/containous/traefik/pull/2004 ๋ช‡ ์ฃผ ์ „์—
v1.4.0-rc1๋ถ€ํ„ฐ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

โ€”
๋‹น์‹ ์ด ๋Œ“๊ธ€์„ ๋‹ฌ์•˜๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-328352805 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAEsU3jj5dJcpMDysjIyGQK7SGx8GwWbks5shApqgaJpZM4Jf2WK
.

๋‚˜๋Š” ๋˜ํ•œ ์ด ๋ฒ„๊ทธ์™€ infrakit์˜ ๊ด€๊ณ„์— ๋Œ€ํ•ด ํ˜ผ๋ž€์Šค๋Ÿฌ์›Œํ•ฉ๋‹ˆ๋‹ค. ์˜ˆ: https://github.com/docker/infrakit/pull/601 ๋ˆ„๊ตฐ๊ฐ€ ๋„์ปค ๋–ผ๊ฐ€ ๋‚˜์•„๊ฐˆ ๋ฐฉํ–ฅ์— ๋Œ€ํ•ด ์–ธ๊ธ‰ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๊นŒ?

๋–ผ๊ฐ€ ์ธํ”„๋ผํ‚ท์œผ๋กœ ๋กค์—…๋ฉ๋‹ˆ๊นŒ? ๋‚˜๋Š” ๊ทธ๊ฒƒ์˜ ์œ ์ž… ์ธก๋ฉด์— ํŠนํžˆ ๊ด€์‹ฌ์ด ์žˆ์Šต๋‹ˆ๋‹ค.

์šฐ๋ฆฌ๋„ ์ด ๋ฌธ์ œ๋ฅผ ๊ฒช๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ์ธ๋ฐ”์šด๋“œ ์—ฐ๊ฒฐ์„ ์œ„ํ•ด ํด๋ผ์ด์–ธํŠธ IP์™€ ์š”์ฒญํ•œ IP๋ฅผ ์•Œ๊ณ  ์‹ถ์Šต๋‹ˆ๋‹ค. ์˜ˆ๋ฅผ ๋“ค์–ด ์‚ฌ์šฉ์ž๊ฐ€ ์šฐ๋ฆฌ ์„œ๋ฒ„์— ๋Œ€ํ•œ ์›์‹œ TCP ์—ฐ๊ฒฐ์„ ์ˆ˜ํ–‰ํ•˜๋Š” ๊ฒฝ์šฐ ์šฐ๋ฆฌ๋Š” ๊ทธ๋“ค์˜ IP๊ฐ€ ๋ฌด์—‡์ธ์ง€, ์šฐ๋ฆฌ ์ปดํ“จํ„ฐ์—์„œ ๊ทธ๋“ค์ด ์—ฐ๊ฒฐํ•œ IP๋ฅผ ์•Œ๊ณ  ์‹ถ์–ดํ•ฉ๋‹ˆ๋‹ค.

@blazdd ์ด์ „์— ์–ธ๊ธ‰ํ–ˆ๊ณ  ๋‹ค๋ฅธ ์Šค๋ ˆ๋“œ์—์„œ ์ด๊ฒƒ์€ ์‹ค์ œ๋กœ publishMode๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ๊ฐ€๋Šฅํ•ฉ๋‹ˆ๋‹ค. ์ฆ‰, ๋ฉ”์‹œ ๋„คํŠธ์›Œํฌ์—์„œ ์„œ๋น„์Šค๋ฅผ ์ฒ˜๋ฆฌํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

IIUC, ์ธ๊ทธ๋ ˆ์Šค๊ฐ€ ์ด๋ฅผ ์ฒ˜๋ฆฌํ•˜๋Š” ๋ฐฉ๋ฒ•์„ ๊ฐœ์„ ํ•˜๊ธฐ ์œ„ํ•œ ์ผ๋ถ€ ์ง„ํ–‰์ด ์žˆ์ง€๋งŒ ์‹ค์ œ๋กœ๋Š” ์ด๊ฒƒ์ด ์œ ์ผํ•œ ์†”๋ฃจ์…˜์ž…๋‹ˆ๋‹ค.

์™ธ๋ถ€ LB ๊ตฌ์„ฑ์„ ํ”ผํ•˜๊ธฐ ์œ„ํ•ด publishmode ๋ฐ mode:global ์„ ์‚ฌ์šฉํ•˜์—ฌ nginx ์„œ๋น„์Šค๋ฅผ ๋ฐฐํฌํ–ˆ์Šต๋‹ˆ๋‹ค

@mosolog ๋‹ต๋ณ€ ๊ฐ์‚ฌํ•ฉ๋‹ˆ๋‹ค. ๋ช‡ ๊ฐ€์ง€ ์ฐธ๊ณ  ์‚ฌํ•ญ:

  1. publishMode ๋Š” ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ์ธ๋ฐ”์šด๋“œ ์†Œ์ผ“ ์—ฐ๊ฒฐ์€ ์—ฌ์ „ํžˆ โ€‹โ€‹๋–ผ๊ฐ€ ์„ค์ •ํ•œ ๋กœ์ปฌ ๋„คํŠธ์›Œํฌ๋กœ ํ™•์ธ๋ฉ๋‹ˆ๋‹ค. ์ ์–ด๋„ ํฌํŠธ ๋ชฉ๋ก์„ ์‚ฌ์šฉํ•  ๋•Œ mode: host
  2. nginx ๋Š” ์ •๋ง ์ข‹์€ ์†”๋ฃจ์…˜์ด ์•„๋‹™๋‹ˆ๋‹ค. ์šฐ๋ฆฌ ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์€ TCP ๊ธฐ๋ฐ˜์ด์ง€๋งŒ ์›น ์„œ๋ฒ„๋Š” ์•„๋‹™๋‹ˆ๋‹ค. ์ˆ˜๋™์œผ๋กœ ์ฝ”๋”ฉํ•˜์ง€ ์•Š๊ณ  ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋Š” ํ—ค๋”๋Š” ์—†์Šต๋‹ˆ๋‹ค.
  3. docker run --net=host ... ํ•˜๋ฉด ๋ชจ๋“  ๊ฒƒ์ด ์ž˜ ์ž‘๋™ํ•ฉ๋‹ˆ๋‹ค.
  4. ์ง€๊ธˆ๊นŒ์ง€ ์ž‘๋™ํ•˜๋Š” ์œ ์ผํ•œ ์†”๋ฃจ์…˜์€ https://github.com/moby/moby/issues/25873#issuecomment -319109840์„ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.

@blazdd ์Šคํƒ์—๋Š” ๋‹ค์Œ์ด ์žˆ์Šต๋‹ˆ๋‹ค.

    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host

๋”ฐ๋ผ์„œ ๋กœ๊ทธ์—์„œ ์‹ค์ œ IP๋ฅผ ์–ป์„ ์ˆ˜ ์žˆ์„ ๊ฒƒ์ž…๋‹ˆ๋‹ค.

@mostolog ์ ์–ด๋„ Windows์—์„œ๋Š” ์ž‘๋™ํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ๋‚˜๋Š” ์—ฌ์ „ํžˆ 172.0.0.x ์ฃผ์†Œ๋ฅผ ์†Œ์Šค๋กœ ๋ฐ›๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.

@mosolog mode: host ๋Š” ์ปจํ…Œ์ด๋„ˆ๋ฅผ ํ˜ธ์ŠคํŠธ ๋„คํŠธ์›Œํฌ์— ๋…ธ์ถœํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ์ปจํ…Œ์ด๋„ˆ๋ฅผ ์‹คํ–‰ํ•  ๋•Œ Docker๊ฐ€ ์ผ๋ฐ˜์ ์œผ๋กœ ์ž‘๋™ํ•˜๋Š” ๋ฐฉ์‹์ธ ์ˆ˜์‹  ๋„คํŠธ์›Œํฌ์—์„œ ์ปจํ…Œ์ด๋„ˆ๋ฅผ ์ œ๊ฑฐํ•ฉ๋‹ˆ๋‹ค. ๋„์ปค ์‹คํ–‰ ๋ช…๋ น์— ์‚ฌ์šฉ๋œ --publish 8080:8080 ๋ณต์ œํ•ฉ๋‹ˆ๋‹ค. nginx๊ฐ€ ์‹ค์ œ IP๋ฅผ ์–ป๋Š” ๊ฒฝ์šฐ ์†Œ์ผ“์ด ํ•ด๋‹น IP์— ์ง์ ‘ ์—ฐ๊ฒฐ๋œ ๊ฒฐ๊ณผ๊ฐ€ ์•„๋‹™๋‹ˆ๋‹ค. ์ด๋ฅผ ํ…Œ์ŠคํŠธํ•˜๋ ค๋ฉด ํ”„๋ ˆ์ž„์›Œํฌ ์—†์ด ์›์‹œ TCP ๊ตฌํ˜„ ๋˜๋Š” HTTP ์„œ๋ฒ„๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ์„ ์‹ฌ๊ฐํ•˜๊ฒŒ ๊ณ ๋ คํ•˜๊ณ  ๋ณด๊ณ ๋œ ์ฃผ์†Œ๋ฅผ ํ™•์ธํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

IPVS ๋ผ์šฐํŠธ ๋„คํŠธ์›Œํฌ๋ฅผ ์ปจํ…Œ์ด๋„ˆ์— ์ง์ ‘ ์‚ฌ์šฉํ•˜์ง€ ์•Š๋Š” ์ด์œ ๋Š” ๋ฌด์—‡์ž…๋‹ˆ๊นŒ? ๋ชจ๋“  Swarm ๋…ธ๋“œ์˜ ์˜ค๋ฒ„๋ ˆ์ด ์ธํ„ฐํŽ˜์ด์Šค IP๋ฅผ ๊ฐ€์ƒ IP๋กœ ๋ฐ”์ธ๋”ฉํ•˜๊ณ  ip rule from xxx table xxx ๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ๋‹ค์ค‘ ๊ฒŒ์ดํŠธ์›จ์ด๋ฅผ ๋งŒ๋“  ๋‹ค์Œ Swarm ๋…ธ๋“œ๋Š” ์‚ฌ์šฉ์ž ๊ณต๊ฐ„ ๋„คํŠธ์›Œํฌ ํ”„๋ก์‹œ ๋ฐ๋ชฌ(dockerd) ์—†์ด ํด๋ผ์ด์–ธํŠธ๋ฅผ ์ปจํ…Œ์ด๋„ˆ๋กœ ์ง์ ‘(DNAT) ๋ผ์šฐํŒ…ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

@blazdd ํ•ด๋ดค์–ด? @mosolog ์˜ ์˜ˆ๋ฅผ

๋‚˜๋Š” ์ด ๋ฌธ์ œ์— ๋Œ€ํ•ด ๋‹ค์‹œ ๋„์ „ํ•˜๊ณ  ์žˆ๋‹ค.

๋‚ด ์„ค์ •์€ ๋‹ค์Œ๊ณผ ๊ฐ™์Šต๋‹ˆ๋‹ค.

  • DR ๋ชจ๋“œ์˜ ipvs ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ(docker swarm ์™ธ๋ถ€)
  • ๋ชจ๋“  ๋…ธ๋“œ์— ๋Œ€์ƒ IP๊ฐ€ ์ถ”๊ฐ€๋˜๊ณ  IPVS DR ๋ผ์šฐํŒ…์— ์ ์ ˆํ•˜๊ฒŒ ๊ตฌ์„ฑ๋œ arp๊ฐ€ ์žˆ๋Š” 3๊ฐœ์˜ ๋„์ปค ๋…ธ๋“œ

์Šคํƒ์„ ๋ฌด๋ฆฌ์— ๋ฐฐํฌํ•˜๊ณ  ์ฃผ์†Œ๋ฅผ ๋งน๊ธ€๋งํ•˜์ง€ ์•Š๊ณ  ๊ฐ€์ƒ IP์˜ ํฌํŠธ 80์—์„œ ์ˆ˜์‹ ํ•˜๋„๋ก ํ•˜๊ณ  ์‹ถ์Šต๋‹ˆ๋‹ค.

๋‹ค์Œ๊ณผ ๊ฐ™์ด ํ•˜๋ฉด ๊ฑฐ์˜ ๋„๋‹ฌํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
ํฌํŠธ:
- ๋ชฉํ‘œ: 80
์ถœํŒ: 80
ํ”„๋กœํ† ์ฝœ: TCP
๋ชจ๋“œ: ํ˜ธ์ŠคํŠธ

์—ฌ๊ธฐ์„œ ๋ฌธ์ œ๋Š” ๋ฐ”์ธ๋”ฉํ•  IP ์ฃผ์†Œ๋ฅผ ์ง€์ •ํ•  ์ˆ˜ ์—†๋‹ค๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๋ชจ๋“  IP ์ฃผ์†Œ์—๋งŒ ๋ฐ”์ธ๋”ฉ๋ฉ๋‹ˆ๋‹ค. ํ•ด๋‹น ํฌํŠธ๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ํ•˜๋‚˜ ์ด์ƒ์˜ ์„œ๋น„์Šค๋ฅผ ์‹คํ–‰ํ•˜๋ ค๋Š” ๊ฒฝ์šฐ ๋ฌธ์ œ๊ฐ€ ๋ฐœ์ƒํ•ฉ๋‹ˆ๋‹ค. ํ•˜๋‚˜์˜ IP์—๋งŒ ๋ฐ”์ธ๋”ฉํ•˜๋ฉด ๋ฉ๋‹ˆ๋‹ค. ๋‹ค๋ฅธ ํฌํŠธ๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ์€ DR ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑ์—์„œ ์˜ต์…˜์ด ์•„๋‹™๋‹ˆ๋‹ค. DR ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ๊ฒฝ์šฐ์—๋Š” ๊ทธ๋ ‡์ง€ ์•Š์€๋ฐ, ๊ฐœ๋ฐœ์ž๋“ค์€ ๋™์ผํ•œ IP๊ฐ€ ์—ฌ๋Ÿฌ ๋…ธ๋“œ์— ์กด์žฌํ•˜์ง€ ์•Š์„ ๊ฒƒ์ด๋ผ๊ณ  ๊ฐ€์ •ํ•œ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.

๋˜ํ•œ ์งง์€ ๊ตฌ๋ฌธ์„ ์‚ฌ์šฉํ•˜๋ฉด ๋ฐ”์ธ๋“œ IP๋ฅผ ๋ฌด์‹œํ•˜๊ณ  ์—ฌ์ „ํžˆ ๋ชจ๋“  ์ฃผ์†Œ์— ๋ฐ”์ธ๋“œ๋ฉ๋‹ˆ๋‹ค. ๋‹จ์ผ IP์— ๋ฐ”์ธ๋”ฉํ•˜๋Š” ์œ ์ผํ•œ ๋ฐฉ๋ฒ•์€ ํด๋Ÿฌ์Šคํ„ฐ๋˜์ง€ ์•Š์€ ์ปจํ…Œ์ด๋„ˆ(์„œ๋น„์Šค ๋˜๋Š” ์Šคํƒ์ด ์•„๋‹˜)๋ฅผ ์‹คํ–‰ํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.

์ด์ œ ๋…๋ฆฝ ์‹คํ–‰ํ˜• ์ปจํ…Œ์ด๋„ˆ๋ฅผ ์‚ฌ์šฉํ•˜๊ณ  ์ด๋ฅผ ์ˆ˜ํ–‰ํ•˜๊ธฐ ์œ„ํ•ด ์„œ๋น„์Šค/์Šคํƒ ๊ธฐ๋Šฅ์— ์˜์กดํ•˜๋Š” ๋Œ€์‹  ์ง์ ‘ ์ปจํ…Œ์ด๋„ˆ๋ฅผ ๊ด€๋ฆฌํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

๊ฐ™์€ ๋ฌธ์ œ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.
๋‚˜๋Š” ๋ชจ๋“  ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜(์ผ๋ถ€๋Š” ์›์‹œ UDP/TCP ์‚ฌ์šฉ, ํŠนํžˆ HTTP๋Š” ์•„๋‹˜)์ด ์˜ˆ์ƒ๋Œ€๋กœ ์ž‘๋™ํ•˜๋„๋ก ํ—ˆ์šฉํ•˜๋Š” ๋„์ปค ์ˆ˜์‹  ๋‚ด์˜ ํˆฌ๋ช…ํ•œ ์†”๋ฃจ์…˜์— ํˆฌํ‘œํ•  ๊ฒƒ์ž…๋‹ˆ๋‹ค.

๋‚ด ์„œ๋น„์Šค๊ฐ€ ์ „์—ญ์œผ๋กœ ๋ฐฐํฌ๋˜๋ฏ€๋กœ "mode=host port ๊ฒŒ์‹œ" ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์„ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
๊ทธ๋Ÿฌ๋‚˜ ์ด๊ฒƒ์€ ๋‹ค๋ฅธ ์ด์œ ๋กœ ํ•„์š”ํ•œ macvlan ๋„คํŠธ์›Œํฌ ๋“œ๋ผ์ด๋ฒ„์˜ ์‚ฌ์šฉ๊ณผ ํ˜ธํ™˜๋˜์ง€ ์•Š๋Š” ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.
"macvlan ๋“œ๋ผ์ด๋ฒ„๊ฐ€ ํฌํŠธ ๋งคํ•‘์„ ์ง€์›ํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค"์™€ ๊ฐ™์€ ๋กœ๊ทธ๊ฐ€ ํ‘œ์‹œ๋ฉ๋‹ˆ๋‹ค.
์—ฌ๋Ÿฌ ๋„คํŠธ์›Œํฌ๋ฅผ ์‚ฌ์šฉํ•ด ๋ณด์•˜์ง€๋งŒ ๋„์›€์ด ๋˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

์—ฌ๊ธฐ์—์„œ ํŠน์ • ํ‹ฐ์ผ“์„ ๋งŒ๋“ค์—ˆ์Šต๋‹ˆ๋‹ค. https://github.com/docker/libnetwork/issues/2050
์ง€๊ธˆ์€ ํ•ด๊ฒฐ์ฑ…์ด ์—†์Šต๋‹ˆ๋‹ค.'(

์•ˆ๋…• ์–˜๋“ค์•„
ํ˜„์žฌ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด ์žˆ์Šต๋‹ˆ๊นŒ? ํ˜ธ์ŠคํŠธ ํฌํŠธ๋กœ ๊ฒŒ์‹œํ•˜์ง€ ์•Š๊ณ 
ํฌํŠธ ?

2018๋…„ 1์›” 11์ผ 00:03์— "Olivier Voortman" [email protected]์ด ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์ผ์Šต๋‹ˆ๋‹ค.

๊ฐ™์€ ๋ฌธ์ œ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.
๋‚˜๋Š” ๋ชจ๋“  ๊ฒƒ์„ ํ—ˆ์šฉํ•˜๋Š” docker ingress ๋‚ด์˜ ํˆฌ๋ช…ํ•œ ์†”๋ฃจ์…˜์— ํˆฌํ‘œํ•  ๊ฒƒ์ž…๋‹ˆ๋‹ค.
(ํŠนํžˆ HTTP๊ฐ€ ์•„๋‹Œ ์›์‹œ UDP/TCP๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ์ผ๋ถ€)
์˜ˆ์ƒ๋˜๋Š”.

๋‚ด ์„œ๋น„์Šค๊ฐ€ ๋‹ค์Œ๊ณผ ๊ฐ™์„ ๋•Œ "๋ชจ๋“œ=ํ˜ธ์ŠคํŠธ ํฌํŠธ ๊ฒŒ์‹œ" ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์„ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
์ „ ์„ธ๊ณ„์ ์œผ๋กœ ๋ฐฐํฌ๋ฉ๋‹ˆ๋‹ค.
๊ทธ๋Ÿฌ๋‚˜ ์ด๊ฒƒ์€ macvlan์˜ ์‚ฌ์šฉ๊ณผ ํ˜ธํ™˜๋˜์ง€ ์•Š๋Š” ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.
๋‹ค๋ฅธ ์ด์œ ๋กœ ํ•„์š”ํ•œ ๋„คํŠธ์›Œํฌ ๋“œ๋ผ์ด๋ฒ„.
"macvlan ๋“œ๋ผ์ด๋ฒ„๊ฐ€ ํฌํŠธ ๋งคํ•‘์„ ์ง€์›ํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค"์™€ ๊ฐ™์€ ๋กœ๊ทธ๊ฐ€ ํ‘œ์‹œ๋ฉ๋‹ˆ๋‹ค.
์—ฌ๋Ÿฌ ๋„คํŠธ์›Œํฌ๋ฅผ ์‚ฌ์šฉํ•ด ๋ณด์•˜์ง€๋งŒ ๋„์›€์ด ๋˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

์—ฌ๊ธฐ์—์„œ ํŠน์ • ํ‹ฐ์ผ“์„ ๋งŒ๋“ค์—ˆ์Šต๋‹ˆ๋‹ค. docker/libnetwork#2050
https://github.com/docker/libnetwork/issues/2050
์ง€๊ธˆ์€ ํ•ด๊ฒฐ์ฑ…์ด ์—†์Šต๋‹ˆ๋‹ค.'(

โ€”
๋‹น์‹ ์ด ๋Œ“๊ธ€์„ ๋‹ฌ์•˜๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-356693751 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAEsUzlM-BMbEsDYAiYH6hKLha-aRqerks5tJQJngaJpZM4Jf2WK
.

ํด๋ผ์ด์–ธํŠธ์˜ IP๋ฅผ ์–ป์„ ์ˆ˜ ์—†๋Š” ๊ฒƒ์ด ์ •๋ง ์•ˆํƒ€๊น์Šต๋‹ˆ๋‹ค. ์ด๋กœ ์ธํ•ด ๋Œ€๋ถ€๋ถ„์˜ docker swarm ๋ฉ‹์ง„ ๊ธฐ๋Šฅ์„ ์‚ฌ์šฉํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค.

๋‚ด ์„ค์ •์—์„œ ํด๋ผ์ด์–ธํŠธ์˜ IP๋ฅผ ์–ป๋Š” ์œ ์ผํ•œ ๋ฐฉ๋ฒ•์€ network_mode:host ๋ฅผ ์‚ฌ์šฉํ•˜๊ณ  swarm์„ ์ „ํ˜€ ์‚ฌ์šฉํ•˜์ง€ ์•Š๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.

mode=host port publishing ๋˜๋Š” ๊ธฐ์กด docker run -p "80:80" ... ์ด ์ž‘๋™ํ•˜์ง€ ์•Š์Œ

์ผ๋ถ€ ์†”๋ฃจ์…˜์€ https://github.com/moby/moby/issues/15086 ์—์„œ ์ œ์•ˆ๋˜์—ˆ์ง€๋งŒ ์ €์—๊ฒŒ ๋„์›€์ด ๋œ ์œ ์ผํ•œ ์†”๋ฃจ์…˜์€ "ํ˜ธ์ŠคํŠธ" ๋„คํŠธ์›Œํ‚น์ด์—ˆ์Šต๋‹ˆ๋‹ค...

์˜ฌ๋ฐ”๋ฅธ IP๊ฐ€ ์—†์„ ๋•Œ์˜ ๋˜ ๋‹ค๋ฅธ ๋ฌธ์ œ๋Š” nginx ์†๋„ ์ œํ•œ์ด ์˜ฌ๋ฐ”๋ฅด๊ฒŒ ์ž‘๋™ํ•˜์ง€ ์•Š์•„ docker swarm ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ์™€ ํ•จ๊ป˜ ์‚ฌ์šฉํ•  ์ˆ˜ ์—†๋‹ค๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค. ์š”์ฒญ์ด ์†๋„๊ฐ€ ์ œํ•œ๋˜๊ณ  ๋‹จ์ผ ์‚ฌ์šฉ์ž/IP์—์„œ ์˜จ ๊ฒƒ์ฒ˜๋Ÿผ nginx๊ฐ€ ๋ชจ๋“  ์š”์ฒญ์„ ๊ณ„์‚ฐํ•˜๊ธฐ ๋•Œ๋ฌธ์— ๊ฑฐ๋ถ€๋˜๊ธฐ ๋•Œ๋ฌธ์ž…๋‹ˆ๋‹ค. ๋”ฐ๋ผ์„œ ์œ ์ผํ•œ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์€ mode=host๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค. ํ•˜์ง€๋งŒ ์ด๋ ‡๊ฒŒ ํ•˜๋ฉด ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑ ๊ธฐ๋Šฅ์ด ๋Š์Šจํ•ด์ง€๊ณ  DNS๊ฐ€ ํŠน์ • ์ธ์Šคํ„ด์Šค๋ฅผ ๊ฐ€๋ฆฌํ‚ค๋„๋ก ํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

์•„๋งˆ๋„ docker๋Š” ์ด ์ž‘์—…์— ์ด์ƒ์ ์ธ ๋„๊ตฌ๊ฐ€ ์•„๋‹ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์ €๋Š” ์ „๋ฉด HTTP ์„œ๋ฒ„๋ฅผ ์„ค์ •ํ•˜๊ณ  ํด๋ผ์ด์–ธํŠธ IP๋ฅผ HTTP ์š”์ฒญ ํ—ค๋”์˜ ์ผ๋ถ€๋กœ ๋ฐฐ์น˜ํ•˜๊ธฐ ์œ„ํ•ด vagrant๋ฅผ ์ฐพ๊ณ  ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค.

Docker๊ฐ€ ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ๋ฅผ ํ†ตํ•ด ํด๋ผ์ด์–ธํŠธ ์ •๋ณด๋ฅผ ์ „๋‹ฌํ•  ์ˆ˜ ์žˆ์„ ๋•Œ๊นŒ์ง€ Docker Flow Proxy ๋˜๋Š” Traefik๊ณผ ๊ฐ™์€ ํ”„๋ก์‹œ๋ฅผ ์‚ฌ์šฉํ•˜๊ณ  ํ•ด๋‹น ์„œ๋น„์Šค์˜ ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ์—์„œ ์›ํ•˜๋Š” ํฌํŠธ๋ฅผ ๊ฒŒ์‹œํ•˜๊ณ  ์—ฌ๊ธฐ์— ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜ ์„œ๋น„์Šค๋ฅผ ์—ฐ๊ฒฐํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์™„์ „ํ•œ ์†”๋ฃจ์…˜์€ ์•„๋‹ˆ์ง€๋งŒ ๊ฝค ์ž˜ ์ž‘๋™ํ•˜๋ฉฐ ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜ ์„œ๋น„์Šค์˜ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑ/ํด๋ผ์ด์–ธํŠธ IP ๊ฒ€์ƒ‰์„ ํ—ˆ์šฉํ•ฉ๋‹ˆ๋‹ค.

@deeky666 Traefik ๋ฐ ์ด์™€ ์œ ์‚ฌํ•œ ์ž‘์—…์€ ๋„ํ‚น๋˜์ง€ ์•Š์€ ๊ฒฝ์šฐ์—๋งŒ ์ž‘๋™ํ•ฉ๋‹ˆ๋‹ค.

traefik์—์„œ udo ์ง€์›์ด ๋ณด์ด์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

๋‚ด iPhone์—์„œ ๋ณด๋‚ธ

๋งˆ์นจ๋‚ด ์šฐ๋ฆฌ๋Š” ๋„์ปค ์ปจํ…Œ์ด๋„ˆ๋ฅผ ํฌ๊ธฐํ–ˆ์Šต๋‹ˆ๋‹ค. ์ƒ์‚ฐ ์ค€๋น„๊ฐ€ ๋˜์ง€ ์•Š์•˜์Šต๋‹ˆ๋‹ค!

2018๋…„ 1์›” 24์ผ ์ˆ˜์š”์ผ ์˜ค์ „ 5์‹œ 43๋ถ„์— Efrain [email protected]์—์„œ ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์ผ์Šต๋‹ˆ๋‹ค.

traefik์—์„œ udo ์ง€์›์ด ๋ณด์ด์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

๋‚ด iPhone์—์„œ ๋ณด๋‚ธ

>

โ€”
์ด ์Šค๋ ˆ๋“œ์— ๊ฐ€์ž…ํ–ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด ๋ฉ”์‹œ์ง€๋ฅผ ๋ฐ›๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-360091189 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AHf7rvMcH2iFBxcExfO_Ol0UttCspuTnks5tNwlkgaJpZM4Jf2WK
.

17.12.0-ce ๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ mode=host 17.12.0-ce ์—์„œ ๋ฌธ์ œ๊ฐ€ ๋ถ€๋ถ„์ ์œผ๋กœ ํ•ด๊ฒฐ๋œ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.

docker service create --publish mode=host,target=80,published=80 --name=nginx nginx

๋ช‡ ๊ฐ€์ง€ ์ œํ•œ ์‚ฌํ•ญ(๋ผ์šฐํŒ… ๋ฉ”์‹œ ์—†์Œ)์ด ์žˆ์ง€๋งŒ ์ž‘๋™ํ•ฉ๋‹ˆ๋‹ค!

@goetas mode=host ์ž ์‹œ ๋™์•ˆ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์œผ๋กœ ์ผํ–ˆ๊ธฐ ๋•Œ๋ฌธ์— ๋ฌธ์ œ๊ฐ€ ์–ด๋–ป๊ฒŒ๋“  ํ•ด๊ฒฐ๋˜์—ˆ๋‹ค๊ณ  ๋งํ•˜์ง€๋Š” ์•Š์Šต๋‹ˆ๋‹ค. mode=host๋ฅผ ์‚ฌ์šฉํ•˜๋ฉด ๋งŽ์€ ์ œํ•œ์ด ์žˆ๊ณ , ํฌํŠธ๊ฐ€ ๋…ธ์ถœ๋˜๊ณ , ์Šค์›œ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑ์„ ์‚ฌ์šฉํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค.

@darklow ์ œํ•œ ์‚ฌํ•ญ์„ ์•Œ๊ณ  ์žˆ์ง€๋งŒ ๋‚ด ์‚ฌ์šฉ 17.09.1-ce ์—์„œ๋Š” ์ „ํ˜€ ์ž‘๋™ํ•˜์ง€ ์•Š์•˜์œผ๋ฏ€๋กœ ์ด๋ฏธ ๊ฐœ์„ ๋˜์—ˆ์Šต๋‹ˆ๋‹ค!

์ด ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์˜ ํฐ ๋‹จ์ ์€ ์—…๋ฐ์ดํŠธ ์ค‘ ๋‹ค์šด ํƒ€์ž„์„ ํ”ผํ•  ์ˆ˜ ์—†๋‹ค๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
ํ˜„์žฌ ์šฐ๋ฆฌ๋Š” ์•ˆ์ •์„ฑ์„ ํฌ๊ธฐํ• ์ง€, ์•„๋‹ˆ๋ฉด ์ถœ๋ฐœ์ง€ IP ์ฃผ์†Œ๋ฅผ ํฌ๊ธฐํ• ์ง€ ์„ ํƒํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

๋‚˜๋Š” ๋™์˜ํ•œ๋‹ค. Swarm์€ ์†Œ์Šค IP๋ฅผ ๋ณด์กดํ•˜๊ธฐ ์œ„ํ•ด ๊ณ ๊ฐ€์šฉ์„ฑ ๋ฐฉ๋ฒ•์ด ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค.

์•„๋งˆ๋„ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์„ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. ์ถ”๊ฐ€ํ•˜๋Š” ๊ฒƒ์ด ํฐ ๋…ธ๋ ฅ์ด๋ผ๊ณ  ์ƒ๊ฐํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค
docker swarm์— ๋Œ€ํ•œ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ ์ง€์›.

๋ˆ„๊ตฌ๋“ ์ง€ ์ด๊ฒƒ ์„ ์กฐ์‚ฌ ํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๊นŒ ?

2018๋…„ 1์›” 28์ผ 22:39์— "Genki Takiuchi" [email protected]์ด ์ผ์Šต๋‹ˆ๋‹ค.

์ด ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์˜ ํฐ ๋‹จ์ ์€ ๋‹ค์šด์„ ํ”ผํ•  ์ˆ˜ ์—†๋‹ค๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์—…๋ฐ์ดํŠธ ์ค‘ ์‹œ๊ฐ„.
ํ˜„์žฌ ์šฐ๋ฆฌ๋Š” ์•ˆ์ •์„ฑ์„ ํฌ๊ธฐํ• ์ง€ ์•„๋‹ˆ๋ฉด ์†Œ์Šค IP๋ฅผ ํฌ๊ธฐํ• ์ง€ ์„ ํƒํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.
์ฃผ์†Œ.

โ€”
๋‹น์‹ ์ด ๋Œ“๊ธ€์„ ๋‹ฌ์•˜๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-361078416 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAEsU-or7fnhKTg7fhjtZYjGYHBFRE7Dks5tPKnYgaJpZM4Jf2WK
.

@sandy ๋™์˜ํ•ฉ๋‹ˆ๋‹ค. ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์€ ์ข‹์€ ์•„์ด๋””์–ด๊ฐ€ ๋  ๊ฒƒ์ž…๋‹ˆ๋‹ค.
@thaJeztah @aluzzardi @mrjana ์ด ๋ฌธ์ œ๊ฐ€ ์ฃผ๋ชฉ์„ ๋ฐ›์„ ์ˆ˜ ์žˆ์„๊นŒ์š”? ํ•œ๋™์•ˆ ํŒ€์—์„œ ์•„๋ฌด๋Ÿฐ ์‘๋‹ต์ด ์—†์—ˆ์Šต๋‹ˆ๋‹ค. ๊ฐ์‚ฌํ•ฉ๋‹ˆ๋‹ค.

ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์€ ๋‚˜์—๊ฒŒ ์ตœ๊ณ ์˜ ์†”๋ฃจ์…˜์ฒ˜๋Ÿผ ๋“ค๋ฆฝ๋‹ˆ๋‹ค. ํŒ€์—์„œ ๊ณ ๋ คํ•˜๊ธฐ๋ฅผ ๋ฐ”๋ž๋‹ˆ๋‹ค.

@goetas ์ ์–ด๋„ ํ•œ ์ง€์ ์—์„œ ์ž‘๋™ํ–ˆ์ง€๋งŒ ์ž‘๋™ํ•˜๋Š” ๊ฒƒ์„ ๋ณด์•˜์ง€๋งŒ docker 1.12.6์—์„œ ๋‹ค์‹œ 172.xxx ๋™์ž‘์œผ๋กœ ๋˜๋Œ์•„๊ฐ„ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.

์ด๊ฒƒ์€ ๋งค์šฐ ๋‚˜์ฉ๋‹ˆ๋‹ค. ์†๋„ ์ œํ•œ, ์‚ฌ๊ธฐ ๋ฐฉ์ง€, ๋กœ๊น…, ๋ณด์•ˆ ๋กœ๊ทธ์ธ, ์„ธ์…˜ ๋ชจ๋‹ˆํ„ฐ๋ง ๋“ฑ์„ ์™„ํ™”ํ•ฉ๋‹ˆ๋‹ค!
๋ชจ๋“œ:ํ˜ธ์ŠคํŠธ๋ฅผ ์‚ฌ์šฉ ํ•˜์—ฌ ์ˆ˜์‹ ํ•˜๋ฉด ์ž‘๋™ํ•˜์ง€๋งŒ ๋ฉ”์‹œ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑ์ด ์†์‹ค๋˜๊ณ  ๊ณต์šฉ IP๊ฐ€ ์žˆ๋Š” ํ˜ธ์ŠคํŠธ์˜ ์†Œํ”„ํŠธ์›จ์–ด ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๋งŒ ๋ชจ๋“  ํŠธ๋ž˜ํ”ฝ์„ ๋‹จ๋…์œผ๋กœ ์ฒ˜๋ฆฌํ•ด์•ผ ํ•˜๋ฏ€๋กœ ์‹ค์ œ ์†”๋ฃจ์…˜์ด ์•„๋‹™๋‹ˆ๋‹ค.

์ด๊ฒƒ์€ ์šฐ๋ฆฌ์—๊ฒŒ ๋งค์šฐ ์ค‘์š”ํ•˜๊ณ  ์ค‘์š”ํ•œ ๋ฒ„๊ทธ์ด๋ฉฐ Swarm๊ณผ์˜ ๋ผ์ด๋ธŒ๋ฅผ ์ฐจ๋‹จํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ์šฐ๋ฆฌ๋Š” ๋˜ํ•œ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์ด ์ด์— ๋Œ€ํ•œ ์˜ฌ๋ฐ”๋ฅธ ์†”๋ฃจ์…˜์ด๋ผ๊ณ  ๋ฏฟ์Šต๋‹ˆ๋‹ค. Docker ์ˆ˜์‹ ์€ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์—์„œ ์†Œ์Šค IP๋ฅผ ์ „๋‹ฌํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

ํŠธ์œ„ํ„ฐ์—์„œ ์ œ์•ˆ๋œ ์†”๋ฃจ์…˜ ์ค‘ ํ•˜๋‚˜๋Š” Traefik ์„ Swarm ์™ธ๋ถ€์—์„œ ๊ด€๋ฆฌ๋˜๋Š” ์ง„์ž…์œผ๋กœ ์‚ฌ์šฉ

Swarm ๊ฐœ๋ฐœ์ž๊ฐ€ Swarm-ingress์—์„œ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์„ ๊ตฌํ˜„ํ•˜๋Š” ๋ฐฉ๋ฒ•์„ ํ™•์ธํ•˜๋ ค๋ฉด Traefik์—์„œ ๋…ผ์˜๋˜๋Š” ๋ชจ๋“  ๋ฒ„๊ทธ๋ฅผ ํ™•์ธํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค(์˜ˆ: https://github.com/containous/traefik/issues/2619).

์Šค์›œ ๋ชจ๋“œ๊ฐ€ ์•„๋‹Œ "์ž‘์„ฑ"์„ ์‚ฌ์šฉํ•˜์—ฌ ์ผ๊ด€๋˜๊ฒŒ ์ž‘๋™ํ•˜๋„๋ก ํ–ˆ์Šต๋‹ˆ๋‹ค. ์•„๋งˆ๋„ ์ƒ๊ฐํ•ด์•ผ ํ•  ๊ฒƒ์ด ์žˆ์Šต๋‹ˆ๋‹ค.

ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์— ๋Œ€ํ•œ ๋ช‡ ๊ฐ€์ง€ ์šฐ๋ ค ์‚ฌํ•ญ:

๋„์ปค ์ž์ฒด์—์„œ ๋””์ฝ”๋”ฉํ•ฉ๋‹ˆ๊นŒ, ์•„๋‹ˆ๋ฉด ์‘์šฉ ํ”„๋กœ๊ทธ๋žจ์—์„œ ๋””์ฝ”๋”ฉํ•ฉ๋‹ˆ๊นŒ? ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์„ ๊ตฌํ˜„ํ•˜๊ธฐ ์œ„ํ•ด ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์— ์˜์กดํ•˜๋Š” ๊ฒฝ์šฐ ์ด๋Š” ๋ชจ๋“  ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์— ๋Œ€ํ•œ ์ผ๋ฐ˜์ ์ธ ์†”๋ฃจ์…˜์ด ์•„๋‹ˆ๋ฉฐ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์„ ๊ตฌํ˜„ํ•˜๋Š” ์›น ์„œ๋ฒ„ ๋˜๋Š” ๊ธฐํƒ€ ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์—์„œ๋งŒ ์ž‘๋™ํ•ฉ๋‹ˆ๋‹ค. ๋„์ปค๊ฐ€ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์„ ํ’€๊ณ  ์ฃผ์†Œ๋ฅผ ๋ณ€ํ™˜ํ•˜๋ฉด ์—ฐ๊ฒฐ ์ƒํƒœ๋„ ์ถ”์ ํ•˜๊ณ  ๋‚˜๊ฐ€๋Š” ํŒจํ‚ท์— ๋Œ€ํ•ด ์—ญ๋ณ€ํ™˜์„ ์ˆ˜ํ–‰ํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ๋„์ปค๋Š” ์›น์ด ์•„๋‹Œ ๋งŽ์€ ์‘์šฉ ํ”„๋กœ๊ทธ๋žจ์—๋„ ์œ ์šฉํ•˜๊ธฐ ๋•Œ๋ฌธ์— ์›น ์ „์šฉ ์†”๋ฃจ์…˜(์‘์šฉ ํ”„๋กœ๊ทธ๋žจ์˜ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์— ์˜์กด)์„ ์„ ํ˜ธํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ์ด ๋ฌธ์ œ๋Š” ๋ชจ๋“  TCP/UDP ์‘์šฉ ํ”„๋กœ๊ทธ๋žจ์˜ ์ผ๋ฐ˜์ ์ธ ๊ฒฝ์šฐ์— ํ•ด๊ฒฐํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. docker์˜ ๋‹ค๋ฅธ ์–ด๋–ค ๊ฒƒ๋„ ์›น ์ „์šฉ์ด ์•„๋‹™๋‹ˆ๋‹ค.

๋‹ค๋ฅธ ์บก์Šํ™” ๋ฐฉ๋ฒ•๊ณผ ๋งˆ์ฐฌ๊ฐ€์ง€๋กœ ํŒจํ‚ท ํฌ๊ธฐ/MTU ๋ฌธ์ œ์— ๋Œ€ํ•œ ์šฐ๋ ค๋„ ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋Ÿฌ๋‚˜ ์ด๊ฒƒ์€ ์•„๋งˆ๋„ ์ด ๋ฌธ์ œ์— ๋Œ€ํ•œ ๋ชจ๋“  ์†”๋ฃจ์…˜์— ๋Œ€ํ•œ ์šฐ๋ ค ์‚ฌํ•ญ์ด ๋  ๊ฒƒ์ด๋ผ๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค. ์ด์— ๋Œ€ํ•œ ๋Œ€๋‹ต์€ ์Šค์›œ ๋„คํŠธ์›Œํฌ๊ฐ€ ์˜ค๋ฒ„ํ—ค๋“œ๋ฅผ ํ—ˆ์šฉํ•  ๋งŒํผ ์ถฉ๋ถ„ํžˆ ํฐ MTU๋ฅผ ์ง€์›ํ•˜๋Š”์ง€ ํ™•์ธํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๋Œ€๋ถ€๋ถ„์˜ ์Šค์›œ์€ ๋กœ์ปฌ ๋„คํŠธ์›Œํฌ์—์„œ ์‹คํ–‰๋˜๋ฏ€๋กœ ํฐ ๋ฌธ์ œ๋Š” ์•„๋‹ ๊ฒƒ์ž…๋‹ˆ๋‹ค.

@trajano - ํ˜ธ์ŠคํŠธ ๋„คํŠธ์›Œํ‚น(๊ท€ํ•˜์˜ ์ž‘์„ฑ ์†”๋ฃจ์…˜์ด ์ˆ˜ํ–‰ํ•˜๋Š” ์ž‘์—…์ผ ์ˆ˜ ์žˆ์Œ)๊ณผ ํ•จ๊ป˜ ์ž‘๋™ํ•œ๋‹ค๋Š” ๊ฒƒ์„ ์•Œ๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋Ÿฌ๋‚˜ ์ด๋Š” Swarm์˜ ๋ชจ๋“  ํด๋Ÿฌ์Šคํ„ฐ ๋„คํŠธ์›Œํ‚น ์ด์ (์˜ˆ: ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑ)์„ ํฌ๊ธฐํ•ฉ๋‹ˆ๋‹ค.

@dack ๋ฐฑ์—”๋“œ๋Š” ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์„ ์•Œ์•„์•ผ ํ•ฉ๋‹ˆ๋‹ค.
๋‚˜๋Š” ๊ทธ๊ฒƒ์ด ๋Œ€๋ถ€๋ถ„์˜ ๊ฒฝ์šฐ๋ฅผ ํ•ด๊ฒฐํ•œ๋‹ค๊ณ  ์ƒ๊ฐํ•˜๋ฉฐ ์ตœ์†Œํ•œ ์ปจํ…Œ์ด๋„ˆ ๋‚ด๋ถ€์˜ ๋ฐฑ์—”๋“œ ์•ž์—์„œ ํ”„๋กœํ† ์ฝœ ํ—ค๋”๋ฅผ ์ฒ˜๋ฆฌํ•˜๋Š” ์–‡์€ ํ†ต๊ณผ ๊ฐ™์€ ํ”„๋ก์‹œ๋ฅผ ๋ฐฐ์น˜ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
์ •๋ณด ๋ถ€์กฑ์€ ์น˜๋ช…์ ์ธ ๋ฌธ์ œ์ด๊ธฐ ๋•Œ๋ฌธ์— ๋‹ค๋ฅธ ๊น”๋”ํ•œ ์†”๋ฃจ์…˜์— ์•ž์„œ ์ตœ๋Œ€ํ•œ ๋นจ๋ฆฌ ํ•ด๊ฒฐํ•˜๋Š” ๊ฒƒ์ด ํ•„์š”ํ•˜๋‹ค๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค.

ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์€ ๋„๋ฆฌ ์ˆ˜์šฉ๋ฉ๋‹ˆ๋‹ค. ์ง€์›๋˜๋Š” ๋„๊ตฌ์˜ ์ˆ˜๋ฅผ ํ™•์ธํ•˜์‹ญ์‹œ์˜ค - https://www.haproxy.com/blog/haproxy/proxy-protocol/
ํด๋ผ์šฐ๋“œ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ(ELB, Google LB) ๋ฐ Traefik๊ณผ ๊ฐ™์€ ์ตœ์‹  ๋„๊ตฌ๋„ ๋‹ค๋ฃจ์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

๋˜ํ•œ - ์ด๊ฒƒ์€ kubernetes์˜ ๊ฑฐ์˜ ํ‘œ์ค€์ž…๋‹ˆ๋‹ค : https://github.com/kubernetes/ingress-nginx#proxy -protocol

์ด ์‹œ์ ์—์„œ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์€ ์ด ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜๋Š” ๋ฐ ๊ฐ€์žฅ ๋„๋ฆฌ ์‚ฌ์šฉ๋˜๋Š” ํ‘œ์ค€์ž…๋‹ˆ๋‹ค. ๋‚˜๋Š” ์ด๊ฒƒ์„ ์žฌ๋ฐœ๋ช…ํ•˜๊ณ  ์„ธ๊ณ„์˜ nginx์™€์˜ ํ˜ธํ™˜์„ฑ์„ ๊นจ๋Š” ๋ฐ ๋ง‰๋Œ€ํ•œ ๊ฐ€์น˜๋ฅผ ๋ณด์ง€ ๋ชปํ•ฉ๋‹ˆ๋‹ค.

L7 ํ”„๋กœํ† ์ฝœ์ž…๋‹ˆ๋‹ค. Swarm ์ง„์ž…์€ L4์ž…๋‹ˆ๋‹ค. ์—ฌ๊ธฐ์„œ ์žฌ์ฐฝ์กฐ๋˜๋Š” ๊ฒƒ์€ ์—†์œผ๋ฉฐ DNAT๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ๋ชจ๋“  IPVS์ž…๋‹ˆ๋‹ค.

@cpuguy83์€ ๋ฌด์Šจ ๋ชปํ–ˆ์Šต๋‹ˆ๋‹ค .

ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์€ ๊ณ„์ธต 4์ž…๋‹ˆ๋‹ค.
http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt

PROXY ํ”„๋กœํ† ์ฝœ์˜ ๋ชฉํ‘œ๋Š” ์„œ๋ฒ„์˜ ๋‚ด๋ถ€ ๊ตฌ์กฐ๋ฅผ ๋‹ค์Œ์œผ๋กœ ์ฑ„์šฐ๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์„œ๋ฒ„๊ฐ€ ์–ป์„ ์ˆ˜ ์žˆ์—ˆ๋˜ ํ”„๋ก์‹œ์— ์˜ํ•ด ์ˆ˜์ง‘๋œ ์ •๋ณด
ํด๋ผ์ด์–ธํŠธ๊ฐ€ ์„œ๋ฒ„๋ฅผ ํ†ตํ•˜์ง€ ์•Š๊ณ  ์„œ๋ฒ„์— ์ง์ ‘ ์—ฐ๊ฒฐํ•˜๋Š” ๊ฒฝ์šฐ ์ž์ฒด์ ์œผ๋กœ
๋Œ€๋ฆฌ. ํ”„๋กœํ† ์ฝœ์ด ์ „๋‹ฌํ•˜๋Š” ์ •๋ณด๋Š” ์„œ๋ฒ„๊ฐ€
getsockname() ๋ฐ getpeername() ์‚ฌ์šฉ:

  • ์ฃผ์†Œ ํŒจ๋ฐ€๋ฆฌ(IPv4์šฉ AF_INET, IPv6์šฉ AF_INET6, AF_UNIX)
  • ์†Œ์ผ“ ํ”„๋กœํ† ์ฝœ(TCP์˜ ๊ฒฝ์šฐ SOCK_STREAM, UDP์˜ ๊ฒฝ์šฐ SOCK_DGRAM)
  • ๋ ˆ์ด์–ด 3 ์†Œ์Šค ๋ฐ ๋Œ€์ƒ ์ฃผ์†Œ
  • ๋ ˆ์ด์–ด 4 ์†Œ์Šค ๋ฐ ๋Œ€์ƒ ํฌํŠธ(์žˆ๋Š” ๊ฒฝ์šฐ)

http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.1 -accept-proxy

์ˆ˜๋ฝ ํ”„๋ก์‹œ

๋‹ค์Œ ์ค‘ ํ•˜๋‚˜๊ฐ€ ํ—ˆ์šฉํ•˜๋Š” ๋ชจ๋“  ์—ฐ๊ฒฐ์— ๋Œ€ํ•ด PROXY ํ”„๋กœํ† ์ฝœ ์‚ฌ์šฉ์„ ์‹œํ–‰ํ•ฉ๋‹ˆ๋‹ค.
๊ฐ™์€ ์ค„์— ์„ ์–ธ๋œ ์†Œ์ผ“. PROXY ํ”„๋กœํ† ์ฝœ ๋ฒ„์ „ 1 ๋ฐ 2
์ง€์›๋˜๊ณ  ์˜ฌ๋ฐ”๋ฅด๊ฒŒ ๊ฐ์ง€๋ฉ๋‹ˆ๋‹ค. PROXY ํ”„๋กœํ† ์ฝœ์€ ๊ณ„์ธต์„ ์ง€์‹œํ•ฉ๋‹ˆ๋‹ค.
์ฃผ์†Œ๊ฐ€ ์žˆ๋Š” ๋ชจ๋“  ๊ณณ์—์„œ ์‚ฌ์šฉ๋˜๋Š” ๋“ค์–ด์˜ค๋Š” ์—ฐ๊ฒฐ์˜ 3/4 ์ฃผ์†Œ
"tcp-request ์—ฐ๊ฒฐ" ๊ทœ์น™์„ ์ œ์™ธํ•˜๊ณ  ์‚ฌ์šฉ๋ฉ๋‹ˆ๋‹ค.
์‹ค์ œ ์—ฐ๊ฒฐ ์ฃผ์†Œ๋งŒ ๋ณผ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๋กœ๊ทธ์— ์ฃผ์†Œ๊ฐ€ ๋ฐ˜์˜๋ฉ๋‹ˆ๋‹ค.
์œ„๋ฐ˜๋˜์ง€ ์•Š๋Š” ํ•œ ํ”„๋กœํ† ์ฝœ์— ํ‘œ์‹œ๋œ ์‹ค์ œ
์ฃผ์†Œ๋Š” ๊ณ„์† ์‚ฌ์šฉ๋ฉ๋‹ˆ๋‹ค. ์™ธ๋ถ€ ์ง€์›๊ณผ ๊ฒฐํ•ฉ๋œ ์ด ํ‚ค์›Œ๋“œ
๊ตฌ์„ฑ ์š”์†Œ๋ฅผ ํšจ์œจ์ ์ด๊ณ  ์‹ ๋ขฐํ•  ์ˆ˜ ์žˆ๋Š” ๋Œ€์•ˆ์œผ๋กœ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
X-Forwarded-For ๋ฉ”์ปค๋‹ˆ์ฆ˜์€ ํ•ญ์ƒ ์‹ ๋ขฐํ•  ์ˆ˜ ์—†๊ณ  ํ•ญ์ƒ ๊ทธ๋Ÿฐ ๊ฒƒ๋„ ์•„๋‹™๋‹ˆ๋‹ค.
์“ธ ์ˆ˜ ์žˆ๋Š”. ๋” ์„ธ๋ถ„ํ™”๋œ "tcp-request connection expect-proxy"๋„ ์ฐธ์กฐํ•˜์‹ญ์‹œ์˜ค.
์–ด๋–ค ํด๋ผ์ด์–ธํŠธ๊ฐ€ ํ”„๋กœํ† ์ฝœ์„ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋Š”์ง€ ์„ค์ •ํ•ฉ๋‹ˆ๋‹ค.

ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ๋ณด๋‹ค ๋” ๋‚˜์€ ๋ฐฉ๋ฒ•์ด ์žˆ๋‹ค๋Š” ๋ง์”€์ด์‹ ๊ฐ€์š”? ๊ทธ๊ฒƒ์€ ์ „์ ์œผ๋กœ ๊ฐ€๋Šฅํ•˜๋ฉฐ docker swarm์˜ ์†Œ์Šค IP ๋ณด์กด๊ณผ ๊ด€๋ จํ•˜์—ฌ ๋” ์•Œ๊ณ  ์‹ถ์Šต๋‹ˆ๋‹ค. ๊ทธ๋Ÿฌ๋‚˜ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์€ swarm-ingress๋กœ ๋‹ค์šด์ŠคํŠธ๋ฆผ์ด ๋  ๋‹ค๋ฅธ ๋„๊ตฌ(nginx ๋“ฑ)์™€ swarm-ingress๋กœ ์—…์ŠคํŠธ๋ฆผํ•  AWS ELB์™€ ๊ฐ™์€ ๋„๊ตฌ์—์„œ ๋” ๊ด‘๋ฒ”์œ„ํ•˜๊ฒŒ ์ง€์›๋ฉ๋‹ˆ๋‹ค. ๋‚ด ์œ ์ผํ•œ $0.02

@sandys ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์€ ์บก์Šํ™”(์ ์–ด๋„ ์—ฐ๊ฒฐ ์‹œ์ž‘ ์‹œ)์ฒ˜๋Ÿผ ๋ณด์ด๋ฉฐ, ์Šคํƒ ์•„๋ž˜๊นŒ์ง€ ์ˆ˜์‹ ์ž๋กœ๋ถ€ํ„ฐ ์บก์Šํ™”์— ๋Œ€ํ•œ ์ง€์‹์ด ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค. ์ด ์ ‘๊ทผ ๋ฐฉ์‹์—๋Š” ๋งŽ์€ ์ƒ์ถฉ ๊ด€๊ณ„๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.

๋‚˜๋Š” ์ด๊ฒƒ์„ ํ•ต์‹ฌ์ ์œผ๋กœ ์ง€์›ํ•˜๊ณ  ์‹ถ์ง€๋Š” ์•Š์ง€๋งŒ ์•„๋งˆ๋„ ingress๋ฅผ ํ”Œ๋Ÿฌ๊ทธ ๊ฐ€๋Šฅํ•˜๊ฒŒ ๋งŒ๋“œ๋Š” ๊ฒƒ์€ ๊ฐ€์น˜ ์žˆ๋Š” ์ ‘๊ทผ ๋ฐฉ์‹์ด ๋  ๊ฒƒ์ž…๋‹ˆ๋‹ค.

@sandys https://github.com/sandys ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์€ ๋‹ค์Œ๊ณผ ๊ฐ™์Šต๋‹ˆ๋‹ค.
์ง€์‹์ด ํ•„์š”ํ•œ ์บก์Šํ™”(์ ์–ด๋„ ์—ฐ๊ฒฐ ์‹œ์ž‘ ์‹œ)
์Šคํƒ ์•„๋ž˜๊นŒ์ง€ ์ˆ˜์‹ ๊ธฐ์—์„œ ์บก์Šํ™”. ๊ฑฐ๊ธฐ
์ด ์ ‘๊ทผ ๋ฐฉ์‹์—๋Š” ๋งŽ์€ ์ƒ์ถฉ ๊ด€๊ณ„๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.

๊ทธ๊ฒƒ์€ ์‚ฌ์‹ค์ด๋‹ค. ์ด๊ฒƒ์ด RFC์˜ ํ‘œ์ค€์ธ ์ด์œ ์ž…๋‹ˆ๋‹ค. ๊ฑฐ๊ธฐ
์ด ๋’ค์— ์žˆ๋Š” ๋ชจ๋ฉ˜ํ…€ - ๊ฑฐ์˜ ๋ชจ๋“  ๊ตฌ์„ฑ ์š”์†Œ์˜ ์ค‘์š”์„ฑ
์ง€์›ํ•ฉ๋‹ˆ๋‹ค. IMHO ๊ทธ๊ฒƒ์„ ์ง€์›ํ•˜๋Š” ๊ฒƒ์€ ๋‚˜์œ ๊ฒฐ์ •์ด ์•„๋‹™๋‹ˆ๋‹ค.

๋‚˜๋Š” ์ด๊ฒƒ์„ ํ•ต์‹ฌ์ ์œผ๋กœ ์ง€์›ํ•˜๊ณ  ์‹ถ์ง€๋Š” ์•Š์ง€๋งŒ ์•„๋งˆ๋„
Pluggable์€ ๊ฐ€์น˜ ์žˆ๋Š” ์ ‘๊ทผ ๋ฐฉ์‹์ด ๋  ๊ฒƒ์ž…๋‹ˆ๋‹ค.

์ด๊ฒƒ์€ ๋” ํฐ ํ† ๋ก ์ž…๋‹ˆ๋‹ค. ๊ทธ๋Ÿฌ๋‚˜ ๊ฐ€์žฅ ํฐ ๋‹จ์ผ ํ•ญ๋ชฉ์€
Docker Swarm์˜ ์žฅ์ ์€ ๋ชจ๋“  ๋ฐฐํ„ฐ๋ฆฌ๊ฐ€ ์žˆ๋‹ค๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
๋‚ด์žฅ.

๋‚˜๋Š” ์—ฌ์ „ํžˆ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์„
์—…๊ณ„ ์ง€์›์ด ์žˆ๋Š” ์ด ๋ฌธ์ œ.

Linux ๋ฐ LxC(ํŠนํžˆ docker๊ฐ€ ์•„๋‹˜)์—์„œ L3 ๋ผ์šฐํ„ฐ๋ฅผ ์‹œ๋ฎฌ๋ ˆ์ด์…˜ํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๊นŒ?

@trajano ์‹œ๋ฎฌ๋ ˆ์ด์…˜์€ ํ•„์š”ํ•˜์ง€ ์•Š์ง€๋งŒ ์ด ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜๊ธฐ ์œ„ํ•ด ์บก์Šํ™”๋ฉ๋‹ˆ๋‹ค.
์˜ˆ๋ฅผ ๋“ค์–ด ํด๋ผ์ด์–ธํŠธ IP ์ฃผ์†Œ๊ฐ€ ํ•„์š”ํ•˜๊ณ  nginx์™€ ๊ฐ™์€ ์บก์Šํ™”๋œ ํŒจํ‚ท์„ ์ฒ˜๋ฆฌํ•˜๋Š” ๋ฐฉ๋ฒ•์„ ์•Œ๊ณ  ์žˆ๋Š” ์„œ๋น„์Šค์— ์˜ต์…˜(์˜ˆ: --use-proxy-protocol )์„ ์ œ๊ณตํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

ํ˜„์žฌ ์ž‘๋™ํ•˜๊ณ  ์žˆ๋Š” ๊ฒƒ์ฒ˜๋Ÿผ ํŒจํ‚ท์„ ์ˆ˜์‹ ํ•œ ๋„์ปค ๋…ธ๋“œ๋Š” SNAT๋ฅผ ์ˆ˜ํ–‰ํ•˜๊ณ  ํŒจํ‚ท์„ ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜ ์ปจํ…Œ์ด๋„ˆ๊ฐ€ ์žˆ๋Š” ๋…ธ๋“œ๋กœ ์ „๋‹ฌํ•ฉ๋‹ˆ๋‹ค. SNAT ๋Œ€์‹  ์–ด๋–ค ํ˜•ํƒœ์˜ ํ„ฐ๋„๋ง/์บก์Šํ™”๊ฐ€ ์‚ฌ์šฉ๋œ ๊ฒฝ์šฐ ๋ณ€๊ฒฝ๋˜์ง€ ์•Š์€ ์›๋ž˜ ํŒจํ‚ท์„ ์‘์šฉ ํ”„๋กœ๊ทธ๋žจ์— ์ „๋‹ฌํ•  ์ˆ˜ ์žˆ์–ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

์ด๊ฒƒ์€ ๋‹ค๋ฅธ ํ”„๋กœ์ ํŠธ์—์„œ ํ•ด๊ฒฐ๋œ ๋ฌธ์ œ์ž…๋‹ˆ๋‹ค. ์˜ˆ๋ฅผ ๋“ค์–ด OpenStack์„ ์‚ฌ์šฉํ•˜๋ฉด GRE ๋ฐ VXLAN๊ณผ ๊ฐ™์€ ํ„ฐ๋„์„ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

์ด ์Šค๋ ˆ๋“œ์˜ ์ตœ๊ทผ ๋ถ€๋ถ„์— ๋„์ปค ํŒ€์„ ๋Œ€ํ‘œํ•˜๊ณ  ์ ์–ด๋„ '์šฐ๋ฆฌ๋Š” ๋‹น์‹ ์˜ ๋ง์„ ๋“ฃ๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค'๋ผ๊ณ  ๋งํ•˜๋Š” ์‚ฌ๋žŒ์ด ์žˆ์Šต๋‹ˆ๊นŒ? '์ฆ‰์‹œ ์‚ฌ์šฉ ๊ฐ€๋Šฅ'ํ•  ๊ฒƒ์œผ๋กœ ์˜ˆ์ƒํ•˜๊ณ  ์ปค๋ฎค๋‹ˆํ‹ฐ์— ๊ด€์‹ฌ์ด ์žˆ๋Š” ๊ธฐ๋Šฅ์ด ์•ฝ 18๊ฐœ์›” ์ „์ธ 2016๋…„ 8์›” 9์ผ์— ์ฒ˜์Œ ๋ณด๊ณ ๋œ ํ›„์—๋„ ์—ฌ์ „ํžˆ ํ•ด๊ฒฐ๋˜์ง€ ์•Š์€ ๊ฒƒ์ฒ˜๋Ÿผ ๋ณด์ž…๋‹ˆ๋‹ค.

์ด ์Šค๋ ˆ๋“œ์˜ ์ตœ๊ทผ ๋ถ€๋ถ„์— ๋„์ปค ํŒ€์„ ๋Œ€ํ‘œํ•˜๊ณ  ์ ์–ด๋„ '์šฐ๋ฆฌ๋Š” ๋‹น์‹ ์˜ ๋ง์„ ๋“ฃ๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค'๋ผ๊ณ  ๋งํ•˜๋Š” ์‚ฌ๋žŒ์ด ์žˆ์Šต๋‹ˆ๊นŒ?

/cc @GordonTheTurtle @thaJeztah @riyazdf @aluzzardi

@bluejaguar @ruudboon ์ €๋Š” Docker์˜ ์ผ์›์ž…๋‹ˆ๋‹ค. ์ด๊ฒƒ์€ ์ž˜ ์•Œ๋ ค์ง„ ๋ฌธ์ œ์ž…๋‹ˆ๋‹ค. ํ˜„์žฌ ๋„คํŠธ์›Œํฌ ํŒ€์€ ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํ‚น ์•ˆ์ •์„ฑ์ด ์žˆ๋Š” ์˜ค๋žœ ๋ฒ„๊ทธ์— ์ง‘์ค‘ํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ์ด๊ฒƒ์ด ์ง€๋‚œ ๋ช‡ ๋ฒˆ์˜ ๋ฆด๋ฆฌ์Šค์—์„œ ์ƒˆ๋กœ์šด ๋„คํŠธ์›Œํ‚น ๊ธฐ๋Šฅ์ด ์—†์—ˆ๋˜ ์ด์œ ์ž…๋‹ˆ๋‹ค.

์ œ ์ œ์•ˆ์€ ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜๊ธฐ ์œ„ํ•ด ๊ธฐ๊บผ์ด ๋…ธ๋ ฅํ•  ์ˆ˜ ์žˆ๋Š” ๊ตฌ์ฒด์ ์ธ ์ œ์•ˆ์ด๋‚˜ ์ ์–ด๋„ ๋ˆ„๊ตฌ๋‚˜ ์ฑ„ํƒํ•˜๊ณ  ์‹คํ–‰ํ•  ์ˆ˜ ์žˆ์„ ๋งŒํผ ์ถฉ๋ถ„ํžˆ ์ข‹์€ ์ œ์•ˆ์„ ์ œ์‹œํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.

@ cpuguy83 ์ €๋Š” https://github.com/kubernetes/kubernetes/issues/42616(PS ํฅ๋ฏธ๋กญ๊ฒŒ๋„ ์—ฌ๊ธฐ์—์„œ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์€ HTTPS ๋ชจ๋“œ์—์„œ ๊ธฐ๋ณธ์ ์œผ๋กœ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์„ ์ง€์›ํ•˜๋Š” Google Kubernetes Engine์—์„œ ์œ ์ž…๋ฉ๋‹ˆ๋‹ค).

๋˜ํ•œ ELB๋Š” 2017๋…„ 11์›”์— Proxy Protocol v2์— ๋Œ€ํ•œ ์ง€์›์„ ์ถ”๊ฐ€ํ–ˆ์Šต๋‹ˆ๋‹ค(https://docs.aws.amazon.com/elasticloadbalancing/latest/network/doc-history.html).

OpenStack์€ ์˜ฅํƒ€ ๋น„์•„ LB ์„œ๋น„์Šค๋กœ์„œ์˜ (์šฐ๋ฆฌ์˜ ์œ ์ž…๊ณผ ์œ ์‚ฌ)์ด ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์„ ํ•ฉ๋ณ‘ ์ง€๋‚œ 4 ์›” - http://git.openstack.org/cgit/openstack/octavia/commit/?id=bf7693dfd884329f7d1169eec33eb03d2ae81ace

๋‹ค์Œ์€ openstack์˜ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ ๊ด€๋ จ ๋ฌธ์„œ์ž…๋‹ˆ๋‹ค. https://docs.openshift.com/container-platform/3.5/install_config/router/proxy_protocol.html
์•ฝ๊ฐ„์˜ ๋‰˜์•™์Šค๋Š” https์šฉ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ๊ณผ ๊ด€๋ จ์ด ์žˆ์Šต๋‹ˆ๋‹ค(๋‘˜ ๋‹ค ์ˆ˜์‹  ์‹œ ์ธ์ฆ์„œ๋ฅผ ์ข…๋ฃŒํ•˜๋Š” ๊ฒฝ์šฐ).

์ด ๋ฌธ์ œ์™€ ๊ด€๋ จ๋œ ์—…๋ฐ์ดํŠธ/ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด ์žˆ์Šต๋‹ˆ๊นŒ? docker swarm ๋ชจ๋“œ์—์„œ ํด๋ผ์ด์–ธํŠธ IP๋ฅผ ์•Œ์•„์•ผ ํ•ฉ๋‹ˆ๋‹ค.
๋„์›€์„ ์ฃผ์‹œ๋ฉด ๊ฐ์‚ฌํ•˜๊ฒ ์Šต๋‹ˆ๋‹ค.

๋‚ด ๋ฒ„์ „:

๊ณ ๊ฐ:
๋ฒ„์ „: 18.02.0-ce
API ๋ฒ„์ „: 1.36
์ด๋™ ๋ฒ„์ „: go1.9.3
ํž˜๋‚ด ์ปค๋ฐ‹: fc4de44
์ž‘์„ฑ์ผ: 2018๋…„ 2์›” 7์ผ ์ˆ˜์š”์ผ 21:16:33
OS/์•„์น˜: linux/amd64
์‹คํ—˜์ : ๊ฑฐ์ง“
์˜ค์ผ€์ŠคํŠธ๋ ˆ์ดํ„ฐ: ๋ฌด๋ฆฌ

์„ฌ๊ธฐ๋Š” ์‚ฌ๋žŒ:
์—”์ง„:
๋ฒ„์ „: 18.02.0-ce
API ๋ฒ„์ „: 1.36(์ตœ์†Œ ๋ฒ„์ „ 1.12)
์ด๋™ ๋ฒ„์ „: go1.9.3
ํž˜๋‚ด ์ปค๋ฐ‹: fc4de44
์ž‘์„ฑ์ผ: 2018๋…„ 2์›” 7์ผ ์ˆ˜์š”์ผ 21:15:05
OS/์•„์น˜: linux/amd64
์‹คํ—˜์ : ๊ฑฐ์ง“

@adijes ๋ฐ ์ด ๋ฌธ์ œ์— ์ง๋ฉดํ•œ ๋‹ค๋ฅธ ์‚ฌ์šฉ์ž. ์ปจํ…Œ์ด๋„ˆ๋ฅผ bridge ๋„คํŠธ์›Œํฌ์— ๋ฐ”์ธ๋”ฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค(์ด ์Šค๋ ˆ๋“œ์—์„œ ์–ธ๊ธ‰ํ•œ ๋Œ€๋กœ).

version: "3.4"

services:
  frontend:
    image: nginx
    deploy:
      placement:
        constraints:
          - node.hostname == "prod1"
    networks:
      - default
      - bridge
  # backed services...
  # ...

networks:
  bridge:
    external:
      name: bridge

์šฐ๋ฆฌ์˜ frontend ๋Š” bridge ๋ฐ”์ธ๋“œ๋˜๊ณ  ํ•ญ์ƒ ์ •ํ™•ํ•œ ํ˜ธ์ŠคํŠธ์— ๋จธ๋ฌผ๋ฉฐ, ๊ทธ์˜ IP๋Š” ์šฐ๋ฆฌ์˜ ๊ณต๊ฐœ ๋„๋ฉ”์ธ์— ๋ฐ”์ธ๋“œ๋ฉ๋‹ˆ๋‹ค. ์ด๋ฅผ ํ†ตํ•ด ์‹ค์ œ ์‚ฌ์šฉ์ž IP๋ฅผ ์ˆ˜์‹ ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋ฆฌ๊ณ  default ๋„คํŠธ์›Œํฌ์—๋„ ๋ฐ”์ธ๋”ฉ๋˜์–ด ์žˆ๊ธฐ ๋•Œ๋ฌธ์— ์ง€์›๋˜๋Š” ์„œ๋น„์Šค์— ์—ฐ๊ฒฐํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

ํ•ด๋‹น ํ˜ธ์ŠคํŠธ์—์„œ๋งŒ ๋ผ์ด๋ธŒ๋กœ ์œ ์ง€ํ•˜๋Š” ํ•œ frontend ํ™•์žฅํ•  ์ˆ˜๋„ ์žˆ์Šต๋‹ˆ๋‹ค. ์ด๊ฒƒ์€ ํ˜ธ์ŠคํŠธ๋ฅผ ๋‹จ์ผ ์‹คํŒจ ์ง€์ ์œผ๋กœ ๋งŒ๋“ค์ง€๋งŒ (์ œ ์ƒ๊ฐ์—๋Š”) ์†Œ๊ทœ๋ชจ ์‚ฌ์ดํŠธ์—์„œ๋Š” ๊ดœ์ฐฎ์Šต๋‹ˆ๋‹ค.

๋” ๋งŽ์€ ์ •๋ณด๋ฅผ ์ถ”๊ฐ€ํ•˜๊ธฐ ์œ„ํ•ด ์ˆ˜์ •:

๋‚ด nginx ์ปจํ…Œ์ด๋„ˆ๋Š” https://github.com/jwilder/nginx-proxy ๋’ค์— ์žˆ์œผ๋ฉฐ https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion ์„ ์‚ฌ์šฉํ•˜์—ฌ SSL์„ ํ™œ์„ฑํ™”ํ•ฉ๋‹ˆ๋‹ค. nginx-proxy๋Š” docker swarm ์„œ๋น„์Šค๊ฐ€ ์•„๋‹Œ docker run ๋ช…๋ น์„ ํ†ตํ•ด ์‹คํ–‰๋ฉ๋‹ˆ๋‹ค. ์•„๋งˆ๋„ ๊ทธ๋ž˜์„œ ํด๋ผ์ด์–ธํŠธ๋กœ๋ถ€ํ„ฐ ์‹ค์ œ IP๋ฅผ ์–ป์—ˆ์Šต๋‹ˆ๋‹ค. ๋‚ด nginx ์ปจํ…Œ์ด๋„ˆ๊ฐ€ nginx-proxy์™€ ํ†ต์‹ ํ•˜๋ ค๋ฉด bridge ๋„คํŠธ์›Œํฌ๊ฐ€ ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค.

FWIW, ๋‚˜๋Š” ์‚ฌ์šฉํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค :

Client:
 Version:      17.09.1-ce
 API version:  1.32
 Go version:   go1.8.3
 Git commit:   19e2cf6
 Built:        Thu Dec  7 22:23:40 2017
 OS/Arch:      linux/amd64

Server:
 Version:      17.09.1-ce
 API version:  1.32 (minimum version 1.12)
 Go version:   go1.8.3
 Git commit:   19e2cf6
 Built:        Thu Dec  7 22:25:03 2017
 OS/Arch:      linux/amd64
 Experimental: false

์œ„์˜ ์„ค์ •์€ ์‹คํ–‰ ์ค‘์ธ ๋‹ค๋ฅธ ์„ค์ •์—์„œ๋„ ์ž‘๋™ํ•ฉ๋‹ˆ๋‹ค.

Client:
 Version:      17.09.1-ce
 API version:  1.32
 Go version:   go1.8.3
 Git commit:   19e2cf6
 Built:        Thu Dec  7 22:23:40 2017
 OS/Arch:      linux/amd64

Server:
 Version:      17.09.1-ce
 API version:  1.32 (minimum version 1.12)
 Go version:   go1.8.3
 Git commit:   19e2cf6
 Built:        Thu Dec  7 22:25:03 2017
 OS/Arch:      linux/amd64
 Experimental: false

@letientai299 ์ €ํ•œํ…Œ ์•ˆ

๋„คํŠธ์›Œํฌ "๋ธŒ๋ฆฌ์ง€"๊ฐ€ ์™ธ๋ถ€๋กœ ์„ ์–ธ๋˜์—ˆ์ง€๋งŒ ์˜ฌ๋ฐ”๋ฅธ ๋ฒ”์œ„์— ์žˆ์ง€ ์•Š์Šต๋‹ˆ๋‹ค: "๊ตฐ์ง‘" ๋Œ€์‹  "๋กœ์ปฌ"

๋งˆ์Šคํ„ฐ์™€ 3๊ฐœ์˜ ์ž‘์—…์ž ๋…ธ๋“œ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.

@trajano , ๋‚ด ์—…๋ฐ์ดํŠธ๋ฅผ ์ฐธ์กฐํ•˜์‹ญ์‹œ์˜ค.

@letientai299 ์‚ฌ์‹ค ์–ด๋–ป๊ฒŒ bridge ์„ ์Šค์›œ ๋ชจ๋“œ์—์„œ ์ž‘๋™ํ•˜๊ฒŒ ํ–ˆ๋Š”์ง€ ๊ถ๊ธˆํ•ฉ๋‹ˆ๋‹ค. ์ฆ‰, ๋‹น์‹ ์€ ๋‚ด๊ฐ€ ๊ฐ€์ง„ ์˜ค๋ฅ˜๋ฅผ ์–ป์ง€ ๋ชปํ–ˆ์Šต๋‹ˆ๋‹ค.

@dack ํ˜ธ์ŠคํŠธ ๋„คํŠธ์›Œํ‚น์ด๋ผ๊ณ  ํ•  ๋•Œ ๋‹ค์Œ์„ ์˜๋ฏธํ•œ๋‹ค๊ณ  ๊ฐ€์ •ํ•ฉ๋‹ˆ๋‹ค.

ports:
- target: 12555
  published: 12555
  protocol: tcp
  mode: host

๋ถˆํ–‰ํžˆ๋„ docker stack deploy ๋ชจ๋“œ์—์„œ ์‹คํ–‰ํ•˜๋ฉด ์ž‘๋™ํ•˜์ง€ ์•Š๊ณ  ์—ฌ์ „ํžˆ ์†Œ์Šค IP๊ฐ€ ์†์‹ค๋˜์ง€๋งŒ docker-compose up์€ ์˜ฌ๋ฐ”๋ฅด๊ฒŒ ์ž‘๋™ํ•ฉ๋‹ˆ๋‹ค.

๋‚˜๋Š” ๋˜ํ•œ @goetas๋ฅผ ๊ธฐ๋ฐ˜์œผ๋กœ ๋‹ค์Œ์„ ์‹œ๋„ํ–ˆ์Šต๋‹ˆ๋‹ค.

docker service create --constraint node.hostname==exposedhost \
  --publish published=12555,target=12555,mode=host \
  trajano.net/myimage

์—ฌ์ „ํžˆ Server Version: 17.12.0-ce ์— ์žˆ๋Š” ์†Œ์Šค IP๋ฅผ ์–ป๋Š” ๋ฐ ์šด์ด ์—†์Šต๋‹ˆ๋‹ค.

๋ˆ„๊ตฌ๋‚˜ ํ•œ ๋ฒˆ์ฏค์€ ์›ํ•  ๊ฒƒ ๊ฐ™์ง€๋งŒ, ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ๋ฅผ ๋ธŒ๋ฆฌ์ง€/ํ˜ธ์ŠคํŠธ ๋„คํŠธ์›Œํ‚น๊ณผ ํ•จ๊ป˜ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ์€ ์‹ค์ œ๋กœ ๋ถˆ๊ฐ€๋Šฅํ•˜๊ธฐ ๋•Œ๋ฌธ์— ์—ฌ๋Ÿฌ ๊ฐ€์ง€ ์ด์œ ๋กœ ํด๋ผ์ด์–ธํŠธ IP๊ฐ€ ์ •๋ง๋กœ ํ•„์š”ํ•œ ๊ฒฝ์šฐ์— ์ฐจ๋‹จ๊ธฐ๊ฐ€ ๋ฉ๋‹ˆ๋‹ค.

๊ณ ๊ฐ:
๋ฒ„์ „: 17.12.0-ce
API ๋ฒ„์ „: 1.35
์ด๋™ ๋ฒ„์ „: go1.9.2
ํž˜๋‚ด ์ปค๋ฐ‹: c97c6d6
์ž‘์„ฑ์ผ: 2017๋…„ 12์›” 27์ผ ์ˆ˜์š”์ผ 20:03:51
OS/์•„์น˜: darwin/amd64

์„ฌ๊ธฐ๋Š” ์‚ฌ๋žŒ:
์—”์ง„:
๋ฒ„์ „: 17.12.1-ce
API ๋ฒ„์ „: 1.35(์ตœ์†Œ ๋ฒ„์ „ 1.12)
์ด๋™ ๋ฒ„์ „: go1.9.4
ํž˜๋‚ด ์ปค๋ฐ‹: 7390fc6
์ž‘์„ฑ์ผ: 2018๋…„ 2์›” 27์ผ ํ™” 22:17:54
OS/์•„์น˜: linux/amd64
์‹คํ—˜์ : ์‚ฌ์‹ค

2018๋…„์ž…๋‹ˆ๋‹ค. ์ด ๋ฌธ์ œ์— ๋Œ€ํ•ด ๋” ์ƒˆ๋กœ์šด ๊ฒƒ์ด ์žˆ์Šต๋‹ˆ๊นŒ?
์Šค์›œ ๋ชจ๋“œ์—์„œ๋Š” nginx req ์ œํ•œ์„ ์‚ฌ์šฉํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค. $remote_addr์€ ํ•ญ์ƒ 10.255.0.2๋ฅผ ํฌ์ฐฉํ–ˆ์Šต๋‹ˆ๋‹ค.
์ด๊ฒƒ์€ docker swarm์— ๋Œ€ํ•œ ์ •๋ง ์‹ฌ๊ฐํ•œ ๋ฌธ์ œ์ž…๋‹ˆ๋‹ค.
์•„๋งˆ๋„ ์˜ค๋Š˜๋ถ€ํ„ฐ kubernetes๋ฅผ ์‹œ๋„ํ•ด์•ผ ํ•  ๊ฒƒ์ž…๋‹ˆ๋‹ค.

@Maslow ์œ„์˜ ๋ช‡ ๊ฐ€์ง€ ์˜๊ฒฌ์ด ์žˆ๋Š” ๊ณณ์— ๊ฒŒ์‹œํ–ˆ์Šต๋‹ˆ๋‹ค.

์ˆ˜ํ‘œ๋ฅผ ์™„ํ™”ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๊นŒ?

networks:
  bridge:
    external:
      name: bridge

๋˜๋Š” ๊ทธ๊ฒƒ์„ ํ™•์žฅ

networks:
  bridge:
    external:
      name: bridge
      scope: local

๋ฐ scope: local ๋„คํŠธ์›Œํฌ๋Š” ๋„คํŠธ์›Œํฌ ๋ชจ๋“œ๊ฐ€ host ๊ฒฝ์šฐ์—๋งŒ ํ—ˆ์šฉ๋ฉ๋‹ˆ๋‹ค.

๋„คํŠธ์›Œํฌ "๋ธŒ๋ฆฌ์ง€"๊ฐ€ ์™ธ๋ถ€๋กœ ์„ ์–ธ๋˜์—ˆ์ง€๋งŒ ์˜ฌ๋ฐ”๋ฅธ ๋ฒ”์œ„์— ์žˆ์ง€ ์•Š์Šต๋‹ˆ๋‹ค: "๊ตฐ์ง‘" ๋Œ€์‹  "๋กœ์ปฌ"

๋˜๋Š” ํ—ˆ์šฉ

networks:
  bridge:
    driver: bridge

์‹คํŒจํ•˜์ง€ ์•Š๊ธฐ ์œ„ํ•ด

์„œ๋น„์Šค trajano_serv ์ƒ์„ฑ ์‹คํŒจ: ๋ฐ๋ชฌ์˜ ์˜ค๋ฅ˜ ์‘๋‹ต: ๋„คํŠธ์›Œํฌ trajano_bridge๋Š” ์„œ๋น„์Šค์™€ ํ•จ๊ป˜ ์‚ฌ์šฉํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค. ์˜ค๋ฒ„๋ ˆ์ด ๋“œ๋ผ์ด๋ฒ„๋กœ ์ƒ์„ฑ๋œ ๋„คํŠธ์›Œํฌ์™€ ๊ฐ™์ด ๋–ผ๋กœ ๋ฒ”์œ„๊ฐ€ ์ง€์ •๋œ ๋„คํŠธ์›Œํฌ๋งŒ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

๊ฒŒ์‹œ๋œ ํฌํŠธ์— mode: host ๊ฐ€ ์žˆ๋Š” ๊ฒฝ์šฐ.

ports:
- target: 32555
  published: 32555
  protocol: tcp
  mode: host

@trajano ์ด๋ฏธ swarm๊ณผ ํ•จ๊ป˜ non-swarm ๋ฒ”์œ„ ๋„คํŠธ์›Œํฌ๋ฅผ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์˜ˆ๋ฅผ ๋“ค์–ด ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์ž‘๋™ํ•ฉ๋‹ˆ๋‹ค.

version: '3.4'

services:
  test:
    image: alpine
    command: top
    ports:
      - target: 32555
        published: 32555
        protocol: tcp
        mode: host
    networks:
      - bridge

networks:
  bridge:
    external:
      name: bridge

๋„์ปค ์Šคํƒ ๋ฐฐํฌ๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ๋‘˜ ์ด์ƒ์˜ ์ž‘์—…์ž๊ฐ€ ์žˆ๋Š” ๋ฌด๋ฆฌ์—์„œ ์ด๊ฒƒ์„ ํ…Œ์ŠคํŠธํ–ˆ์Šต๋‹ˆ๊นŒ? ๋‚˜๋Š” ๊ทธ๊ฒƒ์ด ์ž‘์„ฑ๊ณผ ํ•จ๊ป˜ ์ž‘๋™ํ•œ๋‹ค๋Š” ๊ฒƒ์„ ์•Œ๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.

2018๋…„ 3์›” 18์ผ ์˜คํ›„ 8์‹œ 55๋ถ„์— Brian Goff [email protected]์—์„œ ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์ผ์Šต๋‹ˆ๋‹ค.

@trajano ์ด๋ฏธ swarm๊ณผ ํ•จ๊ป˜ non-swarm ๋ฒ”์œ„ ๋„คํŠธ์›Œํฌ๋ฅผ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์˜ˆ๋ฅผ ๋“ค์–ด ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์ž‘๋™ํ•ฉ๋‹ˆ๋‹ค.

๋ฒ„์ „: '3.4'

์„œ๋น„์Šค:
์‹œํ—˜:
์ด๋ฏธ์ง€: ์•ŒํŒŒ์ธ
๋ช…๋ น: ์ƒ๋‹จ
ํฌํŠธ:
- ๋Œ€์ƒ: 32555
์ถœํŒ: 32555
ํ”„๋กœํ† ์ฝœ: TCP
๋ชจ๋“œ: ํ˜ธ์ŠคํŠธ
๋„คํŠธ์›Œํฌ:
- ๋‹ค๋ฆฌ

๋„คํŠธ์›Œํฌ:
๋‹ค๋ฆฌ:
์™ธ๋ถ€์˜:
์ด๋ฆ„: ๋‹ค๋ฆฌ
โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ฑฐ๋‚˜ GitHub์—์„œ ๋ณด๊ฑฐ๋‚˜ ์Šค๋ ˆ๋“œ๋ฅผ ์Œ์†Œ๊ฑฐํ•˜์„ธ์š”.

๋„ค, ์Šค์›œ์œผ๋กœ ํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค...

2018๋…„ 3์›” 19์ผ ์›”์š”์ผ ์˜ค์ „ 9์‹œ 12๋ถ„, Archimedes Trajano <
[email protected]>์€ ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์ผ์Šต๋‹ˆ๋‹ค.

๋„์ปค ์Šคํƒ์ด ์žˆ๋Š” ๋‘ ๋ช… ์ด์ƒ์˜ ์ž‘์—…์ž๊ฐ€ ์žˆ๋Š” ๋ฌด๋ฆฌ์—์„œ ์ด๊ฒƒ์„ ํ…Œ์ŠคํŠธํ–ˆ์Šต๋‹ˆ๊นŒ?
๋ฐฐํฌํ•ฉ๋‹ˆ๋‹ค. ๋‚˜๋Š” ๊ทธ๊ฒƒ์ด ์ž‘์„ฑ๊ณผ ํ•จ๊ป˜ ์ž‘๋™ํ•œ๋‹ค๋Š” ๊ฒƒ์„ ์•Œ๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.

2018๋…„ 3์›” 18์ผ ์˜คํ›„ 8์‹œ 55๋ถ„, Brian Goff ์•Œ๋ฆผ @github.com
์ผ๋‹ค:

@trajano ์ด๋ฏธ Swarm๊ณผ ํ•จ๊ป˜ ๋น„ Swarm ๋ฒ”์œ„ ๋„คํŠธ์›Œํฌ๋ฅผ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค ...
์˜ˆ๋ฅผ ๋“ค์–ด ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์ž‘๋™ํ•ฉ๋‹ˆ๋‹ค.

๋ฒ„์ „: '3.4'

์„œ๋น„์Šค:
์‹œํ—˜:
์ด๋ฏธ์ง€: ์•ŒํŒŒ์ธ
๋ช…๋ น: ์ƒ๋‹จ
ํฌํŠธ:

  • ๋Œ€์ƒ: 32555
    ์ถœํŒ: 32555
    ํ”„๋กœํ† ์ฝœ: TCP
    ๋ชจ๋“œ: ํ˜ธ์ŠคํŠธ
    ๋„คํŠธ์›Œํฌ:
  • ๋‹ค๋ฆฌ

๋„คํŠธ์›Œํฌ:
๋‹ค๋ฆฌ:
์™ธ๋ถ€์˜:
์ด๋ฆ„: ๋‹ค๋ฆฌ
โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ฑฐ๋‚˜ GitHub์—์„œ ๋ณด๊ฑฐ๋‚˜ ์Šค๋ ˆ๋“œ๋ฅผ ์Œ์†Œ๊ฑฐํ•˜์„ธ์š”.

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-374206587 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAwxZsm3OohKL0sqUWhlgUNjCrqR0OaVks5tf67YgaJpZM4Jf2WK
.

--

  • ๋ธŒ๋ผ์ด์–ธ ๊ณ ํ”„

+1

3๊ฐœ์˜ ๋…ธ๋“œ๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ๋‹ค์Œ docker swarm ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑ์— ์ด ๋ฌธ์ œ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.

์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ <-> nginx ํ”„๋ก์‹œ jwilder ๋„์ปค <-> nginx ์›น ํ—ค๋“œ ๋„์ปค

๋‚˜๋Š” ์ œ์•ˆ์„ ๋”ฐ๋ž๊ณ  ๋กœ๊ทธ๋Š” ์‹ค์ œ ํด๋ผ์ด์–ธํŠธ IP ๋Œ€์‹  ๋„์ปค ๋„คํŠธ์›Œํฌ IP 10.255.0.3์„ ๊ณ„์† ๋ฐ˜ํ™˜ํ•ฉ๋‹ˆ๋‹ค.

+1

@cpuguy83 ์ด๊ฒƒ์€ ์šฐ๋ฆฌ์˜ ๋” ํฐ ๋ฌด๋ฆฌ ์„ค์ •์— ๋Œ€ํ•œ ์ฐจ๋‹จ๊ธฐ๊ฐ€ ๋˜๊ธฐ ์‹œ์ž‘ํ–ˆ์Šต๋‹ˆ๋‹ค. ๋” ๋งŽ์€ ํด๋ผ์šฐ๋“œ(ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์ด ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ์— ์˜ํ•ด ์‚ฌ์‹ค์ƒ ์‚ฌ์šฉ๋˜๋Š” ๊ณณ)๋ฅผ ํ™œ์šฉํ•˜๊ธฐ ์‹œ์ž‘ํ•˜๋ฉด์„œ ์šฐ๋ฆฌ์—๊ฒŒ ๋งค์šฐ ์ค‘์š”ํ•œ ์ด ์ •๋ณด๋ฅผ ์žƒ๊ฒŒ ๋ฉ๋‹ˆ๋‹ค.

ETA์— ๋Œ€ํ•ด ์•Œ๊ณ  ์žˆ์Šต๋‹ˆ๊นŒ? ์ด๊ฒƒ์€ ์šฐ๋ฆฌ์—๊ฒŒ ๋งŽ์€ ๋„์›€์ด ๋  ๊ฒƒ์ž…๋‹ˆ๋‹ค.

@sandys ์ •ํ™•ํžˆ ๋ฌด์—‡์„ ์œ„ํ•œ ETA์ž…๋‹ˆ๊นŒ?

@cpuguy83 ์•ˆ๋…•ํ•˜์„ธ์š”, ๋‹ต๋ณ€ํ•ด์ฃผ์…”์„œ ๊ฐ์‚ฌํ•ฉ๋‹ˆ๋‹ค. ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์— ๋Œ€ํ•œ ๊ด‘๋ฒ”์œ„ํ•œ ํ•ฉ์˜๊ฐ€ ์—†๋‹ค๋Š” ๊ฒƒ์„ ์•Œ๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ์ €๋Š” ํŒ€์ด ์–ด๋–ป๊ฒŒ ์•ˆ์ •์„ฑ ๋ฌธ์ œ์— ๋ชฐ๋‘ํ–ˆ๊ณ  ์ด ๋ฌธ์ œ์— ๋Œ€ํ•ด ์ž์œ ๋กœ์›Œ์ง€์ง€ ์•Š์•˜๋Š”์ง€์— ๋Œ€ํ•ด ๋…ผํ‰ํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
์ด ๋ฌธ์ œ๊ฐ€ ์–ธ์ œ ๋‹ค๋ฃจ์–ด์งˆ ๊ฒƒ์ด๋ผ๊ณ  ์ƒ๊ฐํ•˜์‹ญ๋‹ˆ๊นŒ(๋งŒ์•ฝ ์žˆ๋‹ค๋ฉด)?

PublishMode=host๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ๊ธ€๋กœ๋ฒŒ ์„œ๋น„์Šค ๋ฐ ๊ฒŒ์‹œ ํฌํŠธ๋ฅผ ์‹คํ–‰ํ•˜์—ฌ ์ด ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์‚ฌ๋žŒ๋“ค์ด ์—ฐ๊ฒฐํ•  ๋…ธ๋“œ๋ฅผ ์•Œ๊ณ  ์žˆ๋‹ค๋ฉด ๊ทธ๋Ÿด ํ•„์š”๋„ ์—†์Šต๋‹ˆ๋‹ค. ์ œ์•ฝ ์กฐ๊ฑด์„ ์‚ฌ์šฉํ•˜์—ฌ ํ•ด๋‹น ๋…ธ๋“œ์— ๊ณ ์ •ํ•˜๋ฉด ๋ฉ๋‹ˆ๋‹ค.

@kleptog ๋ถ€๋ถ„์ ์œผ๋กœ๋Š” ํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค. ์„œ๋น„์Šค๋ฅผ ์—…๋ฐ์ดํŠธํ•˜๋Š” ๋™์•ˆ ๋‹ค์šดํƒ€์ž„์„ ํ”ผํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค.

ํ…Œ์ŠคํŠธ ์‹œ๋‚˜๋ฆฌ์˜ค - lvs/ipvs๋ฅผ ์ž์„ธํžˆ ์‚ดํŽด๋ณด์„ธ์š”.

  • ์ˆจ๊ฒจ์ง„ ์ธ๊ทธ๋ ˆ์Šค ์ปจํ…Œ์ด๋„ˆ์— nsenter ๋ฐ snat ๊ทœ์น™ ์‚ญ์ œ
  • ๊ฒŒ์‹œ๋œ ํฌํŠธ๊ฐ€ ์žˆ๋Š” ์„œ๋น„์Šค์— nsenter, ๊ธฐ๋ณธ gw๋ฅผ ์‚ญ์ œํ•˜๊ณ  ์ˆ˜์‹  ์ปจํ…Œ์ด๋„ˆ IP์— ๊ธฐ๋ณธ ๊ฒฝ๋กœ๋ฅผ ์ถ”๊ฐ€ํ•ฉ๋‹ˆ๋‹ค.

์ด์ œ ์†Œ์Šค IP๊ฐ€ ๋ณด์กด๋ฉ๋‹ˆ๋‹ค.

๋‚˜๋Š” ์—ฌ์ „ํžˆ ์ธ๊ทธ๋ ˆ์Šค ์ปจํ…Œ์ด๋„ˆ์— snat ๊ทœ์น™๋งŒ ์žˆ๋Š” ๋Œ€์‹  ๊ฐ ์„œ๋น„์Šค ์ปจํ…Œ์ด๋„ˆ ๋‚ด์—์„œ ์ •์ฑ… ๊ธฐ๋ฐ˜ ๋ผ์šฐํŒ…์„ ์œ ์ง€ํ•˜๋ฉด์„œ ์˜ค๋ฒ„ํ—ค๋“œ์˜ ์˜๋ฏธ๋ฅผ ์ดํ•ดํ•˜๋ ค๊ณ  ๋…ธ๋ ฅํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
ํ•˜์ง€๋งŒ ์ด ๊ธฐ๋Šฅ์„ ์‚ฌ์šฉํ•˜๋ฉด ์ •๋ง ์•ˆ๋„๊ฐ์„ ๋Š๋‚„ ๊ฒƒ์ž…๋‹ˆ๋‹ค.

์ˆœ์ง„ํ•œ ์žฅ๋‚œ์„ ์ณ์„œ ์ฃ„์†กํ•˜์ง€๋งŒ ๋ˆ„๊ตฐ๊ฐ€( ์•Œ๋ ค์ค„ ์ˆ˜ ์žˆ์Šต๋‹ˆ๊นŒ?

์•„, ์ด์ œ ์ดํ•ดํ–ˆ์Šต๋‹ˆ๋‹ค. ๋‹ค์ค‘ ๋…ธ๋“œ ๋–ผ์—์„œ IP๋Š” lvs Director์—ฌ์•ผ ํ•ฉ๋‹ˆ๋‹ค. ์š”์ฒญ์ด ๋“ค์–ด์˜จ ์˜ฌ๋ฐ”๋ฅธ ๋…ธ๋“œ๋กœ ๋Œ์•„๊ฐ€๋Š” ๋ฐฉ๋ฒ•์„ ์ฐพ์œผ๋ ค๋ฉด...

์–ด์จŒ๋“  ์ฝ”๋“œ๋ฅผ ๋ณด๋Š” ๊ฒƒ์€ ํฅ๋ฏธ๋กœ์šธ ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๋ˆ„๊ตฐ๊ฐ€ ์ด๋ฏธ ์•Œ๊ณ  ์žˆ๋‹ค๋ฉด ์‹œ๊ฐ„์„ ์ ˆ์•ฝํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๊ฐ์‚ฌํ•ฉ๋‹ˆ๋‹ค

๋‹ค๋ฅธ ๊ตญ๊ฐ€์— 3๊ฐœ์˜ ํด๋Ÿฌ์Šคํ„ฐ๊ฐ€ ์žˆ๊ณ  Azure Traffic Manager๋„ ์‹ค์ œ ์‚ฌ์šฉ์ž IP๊ฐ€ ํ•„์š”ํ•˜์ง€ ์•Š์€ ๊ฒฝ์šฐ ์ด์— ๋Œ€ํ•œ ์—…๋ฐ์ดํŠธ๊ฐ€ ์žˆ์œผ๋ฉด ์‚ฌ์šฉ์ž๋ฅผ ์ข‹์€ ํด๋Ÿฌ์Šคํ„ฐ ๋“ฑ์œผ๋กœ ๋ฆฌ๋””๋ ‰์…˜ํ•˜์ง€ ์•Š์„ ๊ฒƒ์ž…๋‹ˆ๋‹ค. ์กฐ๋งŒ๊ฐ„ ๋ˆ„๊ตฌ๋“ ์ง€ ์ด๋ฅผ ํ™•์ธํ•  ๊ฒƒ์ž…๋‹ˆ๊นŒ? ๊ฐ์‚ฌ ํ•ด์š”

๋˜ํ•œ ์ด๊ฒƒ์— ๋Œ€ํ•œ ์—…๋ฐ์ดํŠธ๊ฐ€ ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค. ์ด๊ฒƒ์€ ์—„์ฒญ๋‚œ ๋ฌธ์ œ์ž…๋‹ˆ๋‹ค. ์ด ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜๋Š” ์œ ์ผํ•œ ๋ฐฉ๋ฒ•์€ ์•ž์— ๋‹ค๋ฅธ ํ”„๋ก์‹œ๋ฅผ ์ถ”๊ฐ€ํ•˜๊ณ  ์Šคํƒ์— x-forwarded-for๋ฅผ ๋ณด๋‚ด๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค. ์ผ์ข…์˜ Swarm์ด ๊ณต๊ฐœ ์˜ต์…˜์ด ์•„๋‹ˆ๋ผ๋Š” ์˜๋ฏธ์ž…๋‹ˆ๋‹ค. ๋งŽ์€ ์‹œ๋‚˜๋ฆฌ์˜ค์—์„œ ํŠธ๋ž˜ํ”ฝ์— ์ง๋ฉดํ•ฉ๋‹ˆ๋‹ค.

@cpuguy83 @trajano
๋‹ค์Œ์ด ์ž‘๋™ํ•˜์ง€ ์•Š๋Š” ๊ฒƒ์„ ํ™•์ธํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค

version: '3.4'
services:
  nginx:
    ports:
      - mode: host
        protocol: tcp
        published: 80
        target: 80
      - mode: host
        protocol: tcp
        published: 443
        target: 81
networks:
  bridge:
    external:
      name: bridge

network "bridge" is declared as external, but it is not in the right scope: "local" instead of "swarm" ์‹คํŒจํ•ฉ๋‹ˆ๋‹ค.

๋„์ปค ๋ฒ„์ „

Client:
 Version:       18.03.0-ce-rc4
 API version:   1.37
 Go version:    go1.9.4
 Git commit:    fbedb97
 Built: Thu Mar 15 07:33:59 2018
 OS/Arch:       windows/amd64
 Experimental:  false
 Orchestrator:  swarm

Server:
 Engine:
  Version:      18.03.0-ce
  API version:  1.37 (minimum version 1.12)
  Go version:   go1.9.4
  Git commit:   0520e24
  Built:        Wed Mar 21 23:08:31 2018
  OS/Arch:      linux/amd64
  Experimental: false

@Mobe91
๋ฌด๋ฆฌ๋ฅผ ์žฌํ˜„ํ•ด ๋ณด์‹ญ์‹œ์˜ค. ์ €๋„ ์˜ค๋ฅ˜๊ฐ€ ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. Swarm์„ ๋‹ค์‹œ ์‹œ์ž‘ํ•œ ํ›„ ๋ชจ๋“  ๊ฒƒ์ด ์ €์—๊ฒŒ ํšจ๊ณผ์ ์ด์—ˆ์Šต๋‹ˆ๋‹ค.
๋‚ด docker-compose.yml ํŒŒ์ผ:

version: "3.6"

services:
    nginx:
        image: nginx:latest
        depends_on:
            - my-app
            - my-admin
        ports: 
            - target: 80
              published: 80
              protocol: tcp
              mode: host
            - target: 443
              published: 443
              protocol: tcp
              mode: host
            - target: 9080
              published: 9080
              protocol: tcp
              mode: host
        volumes:
            - /etc/letsencrypt:/etc/letsencrypt:ro
            - /home/project/data/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
            - /home/project/data/nginx/conf.d:/etc/nginx/conf.d
            - /home/project/public:/var/public
        networks:
            - my-network
            - bridge
        deploy:
            placement:
                constraints: [node.role == manager]

    my-app:
        image: my-app
        ports:
            - 8080:8080
        volumes:
            - /usr/src/app/node_modules
            - /home/project/public:/usr/src/app/public
        networks:
            - my-network

    my-admin:
        image: my-admin
        ports:
            - 9000:9000
        networks:
            - my-network

networks:
    my-network:
    bridge:
        external: true
        name: bridge

๋‚ด docker version :

Client:
 Version:   18.03.0-ce
 API version:   1.37
 Go version:    go1.9.4
 Git commit:    0520e24
 Built: Wed Mar 21 23:10:01 2018
 OS/Arch:   linux/amd64
 Experimental:  false
 Orchestrator:  swarm

Server:
 Engine:
  Version:  18.03.0-ce
  API version:  1.37 (minimum version 1.12)
  Go version:   go1.9.4
  Git commit:   0520e24
  Built:    Wed Mar 21 23:08:31 2018
  OS/Arch:  linux/amd64
  Experimental: false

๋‚ด ์˜์–ด์— ๋Œ€ํ•ด ๋ฏธ์•ˆ ํ•ด์š”.

@Mobe91 ์ด๊ฒƒ์€ ๋‚ด๊ฐ€ ์‚ฌ์šฉํ•œ ๊ฒƒ์ด์ง€๋งŒ "ํฌํ…Œ์ด๋„ˆ" ๋˜๋Š” Linux ์‹œ์Šคํ…œ์—์„œ ๋ฐฐํฌํ•ฉ๋‹ˆ๋‹ค. Windows์—์„œ ์ œ๋Œ€๋กœ ๋ฐฐํฌํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค.

version: '3.4'
services:
  hath:
    image: trajano.net/hath
    deploy:
      placement:
        constraints:
        - node.hostname==docker-engine
    networks:
    - host
    ports:
    - target: 12555
      published: 12555
      protocol: tcp
      mode: host
    secrets:
    - hath_client_login
    volumes:
    - hath:/var/lib/hath
volumes:
  hath:
    name: 'noriko/s/hath'
    driver: cifs
networks:
  host:
    external:
      name: host
secrets:
  hath_client_login:
    external:
      name: hath_client_login

์ฃผ์š” ์ฐจ์ด์ ์€ ๋‚ด๊ฐ€ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค host ๋ณด๋‹ค๋Š” bridge ๋‚ด ๊ฒฝ์šฐ์—๋Š” ๋‚ด๊ฐ€ ๋˜ํ•œ ๋ฒ„์ถ”์–ผ ๋ฐ•์Šค ๊ฐ€์ƒ ๋จธ์‹ ์œผ๋กœ ๋‚ด ํ˜ธ์ŠคํŠธ๋ฅผ ์‹คํ–‰ํ•˜๊ณ  ๋‚˜๋Š”์— NAT ๋ผ์šฐํŒ…๊ณผ ๊ทธ ๋ณด์กด ๋“ค์–ด์˜ค๋Š” IP ๋ชจ๋“  ๋ฐฉ๋ฒ•์„ ์ˆ˜ํ–‰ํ•˜๋Š” ๋ผ์šฐํ„ฐ๋ฅผ ์‚ฌ์šฉ ์ปจํ…Œ์ด๋„ˆ.

๋ฌผ๋ก  ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑ ๊ธฐ๋Šฅ์€ ์—†์Šต๋‹ˆ๋‹ค. ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑ์„ ์›ํ•˜๋ฉด ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑ์„ ์ˆ˜ํ–‰ ํ•˜๋Š”

@trajano ๊ฐ€ ๋งž์Šต๋‹ˆ๋‹ค. Windows ํด๋ผ์ด์–ธํŠธ๊ฐ€ ๋ฌธ์ œ์˜€๊ณ  Linux ํด๋ผ์ด์–ธํŠธ๋ฅผ ์‚ฌ์šฉํ•œ ๋ฐฐํฌ๊ฐ€ ์ž‘๋™ํ–ˆ์Šต๋‹ˆ๋‹ค.

ํ•˜์ง€๋งŒ host ๋˜๋Š” bridge ๋„คํŠธ์›Œํฌ๊ฐ€ ํ•„์š”ํ•œ ์ด์œ ๋ฅผ ๋ชจ๋ฅด๊ฒ ์Šต๋‹ˆ๋‹ค.
๋‹ค์Œ์€ ๋‚˜์—๊ฒŒ ์ž˜ ์ž‘๋™ํ•ฉ๋‹ˆ๋‹ค. ์ฆ‰, nginx์—์„œ ์‹ค์ œ ํด๋ผ์ด์–ธํŠธ IP ์ฃผ์†Œ๋ฅผ ์–ป์Šต๋‹ˆ๋‹ค.

version: '3.4'
services:
  nginx:
    ports:
      - mode: host
        protocol: tcp
        published: 80
        target: 80

@Mobe91 ๊ฐ์‚ฌํ•ฉ๋‹ˆ๋‹ค. ๋ฌธ์ œ๋ฅผ ์ œ๊ธฐํ•˜๋ ค๊ณ  ํ–ˆ์Šต๋‹ˆ๋‹ค. Windows์šฉ 18.03-ce ํด๋ผ์ด์–ธํŠธ์—์„œ ์—ฌ์ „ํžˆ ๋ฐœ์ƒํ•˜๊ธฐ ๋•Œ๋ฌธ์— ๊ธฐ๋ณธ์ ์œผ๋กœ https://github.com/moby/moby/issues/32957 ๊ณผ ์—ฐ๊ฒฐ

๋ˆ„๊ตฐ๊ฐ€ Cilium์„ ์‚ฌ์šฉ ํ–ˆ์Šต๋‹ˆ๊นŒ? http://cilium.readthedocs.io/en/latest/gettingstarted/docker/ .

์„œ๋น„์Šค๋ฅผ ํ˜ธ์ŠคํŠธ์— ์—ฐ๊ฒฐํ•˜์ง€ ์•Š๊ณ ๋„ ์ด ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•  ์ˆ˜ ์žˆ์„ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.

@sandys good find - ํ…Œ์ŠคํŠธ๋ฅผ ์‹œ์ž‘ํ•˜๋ ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค. ํšจ๊ณผ๊ฐ€ ์žˆ์—ˆ๋‚˜์š”? ๋‚ด๊ฐ€ ์ด๊ฒƒ์„ ๊ณ ์น  ์ˆ˜ ์—†๋‹ค๋ฉด ๋‚˜๋Š” ๋‚ด ๋ฌด๋ฆฌ์—์„œ nginx๋ฅผ ๊บผ๋‚ด๋ ค๊ณ ํ•ฉ๋‹ˆ๋‹ค .....

ํ”„๋ก์‹œ๋ฅผ ๊ฐœ๋ณ„ ํ˜ธ์ŠคํŠธ์— ๊ณ ์ •ํ•˜๋Š” ๊ฒƒ์„ ํ”ผํ•˜๊ธฐ ์œ„ํ•ด ๋ฐฐํฌ๋ฅผ ์žฌ์„ค๊ณ„ํ•  ๋•Œ ์ด ๋ฌธ์ œ์— ๋ถ€๋”ช์ณค์Šต๋‹ˆ๋‹ค(ํ”„๋กœ๋•์…˜์—์„œ๋Š” ๋‹ค๋ฅธ ์ด์œ ๋กœ ์ธํ„ฐํŽ˜์ด์Šค์— ๋ฐ”์ธ๋”ฉํ•˜๋ฏ€๋กœ ํด๋ผ์ด์–ธํŠธ IP๋ฅผ ๋ถ€์‚ฐ๋ฌผ๋กœ "์„ ํƒ").

ํ…Œ์ŠคํŠธ ํ™˜๊ฒฝ์—์„œ๋Š” ์ œ์•ฝ ์กฐ๊ฑด์— ๋”ฐ๋ผ ๊ด€๋ฆฌ์ž์—๊ฒŒ ๋ฐฐํฌํ•˜๊ณ  ๊ฐ ๊ด€๋ฆฌ์ž๊ฐ€ ์‹คํ–‰ ์ค‘์ธ ์ธ์Šคํ„ด์Šค๋ฅผ ๊ฐ€์ ธ์˜ค๋„๋ก mode = global ๋ฅผ ์„ค์ •ํ•ด์•ผ๋งŒ ๊ฐœ์„ ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ํŠนํžˆ ๊ด€๋ฆฌ์ž ๋…ธ๋“œ๋ฅผ ์žƒ์–ด๋ฒ„๋ฆฌ๊ณ  ๋ฌด์–ธ๊ฐ€๊ฐ€ ํŠธ๋ž˜ํ”ฝ์„ ํ•ด๋‹น ๋…ธ๋“œ๋กœ ๋ณด๋‚ด๋Š” ๊ฒฝ์šฐ ์ธ์‹ํ•ด์•ผ ํ•˜๋Š” ์ถ”๊ฐ€ ์˜ค๋ฒ„ํ—ค๋“œ์ž…๋‹ˆ๋‹ค. ๊ทธ๋Ÿฌ๋‚˜ ๋‹จ์ผ ํ˜ธ์ŠคํŠธ์— ๊ณ ์ •๋˜๋Š” ๊ฒƒ๋ณด๋‹ค ๋‚ซ์Šต๋‹ˆ๋‹ค.

@sandys Cilium ์„ ์‚ฌ์šฉํ•ด ๋ณด์…จ์Šต๋‹ˆ๊นŒ? ์ ์–ด๋„ k8s์—์„œ ๋™์ผํ•œ ๋ฌธ์ œ๋ฅผ ๊ฒช๋Š” ๊ฒƒ์œผ๋กœ ๋ณด์ด๋Š” Weave์™€ ์œ ์‚ฌํ•ด ๋ณด์ž…๋‹ˆ๋‹ค: https://github.com/kubernetes/kubernetes/issues/51014

Cilium์„ ์‚ฌ์šฉํ•˜์ง€ ๋ชปํ–ˆ๋Š”๋ฐ Cilium์— ์†์„ ๋‚ด๋ฐ€์—ˆ์Šต๋‹ˆ๋‹ค.
devs๋Š” Swarm ๊ตฌ์„ฑ์„ ๋•์Šต๋‹ˆ๋‹ค. ๊ทธ๋Ÿฌ๋‚˜ ๋‚˜๋Š” Cilium์— ๋Œ€ํ•ด ๋งค์šฐ ํฅ๋ถ„ํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
์นจ์ž…์€ ํ•ด๊ฒฐํ•˜๊ณ ์ž ํ•˜๋Š” ๋ช…์‹œ๋œ ๋ฌธ์ œ์ด๊ธฐ ๋•Œ๋ฌธ์—(์ง์กฐ์™€ ๋‹ฌ๋ฆฌ)

2018๋…„ 5์›” 10์ผ ๋ชฉ์š”์ผ 17:24 James Green, [email protected]์ด ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์ผ์Šต๋‹ˆ๋‹ค.

ํ”„๋ก์‹œ๋ฅผ
๊ฐœ๋ณ„ ํ˜ธ์ŠคํŠธ(ํ”„๋กœ๋•์…˜์—์„œ ๋‹ค๋ฅธ ํ˜ธ์ŠคํŠธ์˜ ์ธํ„ฐํŽ˜์ด์Šค์— ๋ฐ”์ธ๋”ฉ
์ด์œ ๊ฐ€ ์žˆ์œผ๋ฏ€๋กœ ํด๋ผ์ด์–ธํŠธ IP๋ฅผ ๋ถ€์‚ฐ๋ฌผ๋กœ "์„ ํƒ"ํ•ฉ๋‹ˆ๋‹ค.

์šฐ๋ฆฌ์˜ ํ…Œ์ŠคํŠธ ํ™˜๊ฒฝ์—์„œ๋Š” ๋‹ค์Œ์„ ํ†ตํ•ด ๊ด€๋ฆฌ์ž์—๊ฒŒ ๋ฐฐํฌํ•จ์œผ๋กœ์จ๋งŒ ๊ฐœ์„ ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
์ œ์•ฝ ๋ฐ ์„ค์ • ๋ชจ๋“œ = ์ „์—ญ์ ์œผ๋กœ ๊ฐ ๊ด€๋ฆฌ์ž๊ฐ€
์‹คํ–‰ ์ค‘์ธ ์ธ์Šคํ„ด์Šค. ๊ทธ๊ฒƒ์€ ์—ฌ์ „ํžˆ โ€‹โ€‹์•Œ์•„์•ผ ํ•  ์ถ”๊ฐ€ ์˜ค๋ฒ„ ํ—ค๋“œ์ž…๋‹ˆ๋‹ค.
ํŠนํžˆ ๊ด€๋ฆฌ์ž ๋…ธ๋“œ๋ฅผ ์žƒ๊ณ  ๋ฌด์–ธ๊ฐ€๊ฐ€ ์šฐ๋ฆฌ๋ฅผ ์ง€์‹œํ•˜๋Š” ๊ฒฝ์šฐ
ํŠธ๋ž˜ํ”ฝ. ๊ทธ๋Ÿฌ๋‚˜ ๋‹จ์ผ ํ˜ธ์ŠคํŠธ์— ๊ณ ์ •๋˜๋Š” ๊ฒƒ๋ณด๋‹ค ๋‚ซ์Šต๋‹ˆ๋‹ค.

@sandys https://github.com/sandys Cilium ์„ ์‚ฌ์šฉํ•ด ๋ณด์…จ์Šต๋‹ˆ๊นŒ? ์™€ ๋น„์Šทํ•ด ๋ณด์ž…๋‹ˆ๋‹ค.
์ ์–ด๋„ k8์—์„œ ๋™์ผํ•œ ๋ฌธ์ œ๋ฅผ ๊ฒช๋Š” ๊ฒƒ์œผ๋กœ ๋ณด์ด๋Š” Weave:
์ฟ ๋ฒ„๋„คํ‹ฐ์Šค/์ฟ ๋ฒ„๋„คํ‹ฐ์Šค#51014
https://github.com/kubernetes/kubernetes/issues/51014

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-388032011 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAEsUzQCgIeTenQIHIERxOfHKCzn1O6Aks5txCpogaJpZM4Jf2WK
.

2018๋…„ 5์›” 10์ผ 17์‹œ 24๋ถ„์— "James Green" [email protected]์ด ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์ผ์Šต๋‹ˆ๋‹ค.

ํ”„๋ก์‹œ๋ฅผ
๊ฐœ๋ณ„ ํ˜ธ์ŠคํŠธ(ํ”„๋กœ๋•์…˜์—์„œ ๋‹ค๋ฅธ ํ˜ธ์ŠคํŠธ์˜ ์ธํ„ฐํŽ˜์ด์Šค์— ๋ฐ”์ธ๋”ฉ
์ด์œ ๊ฐ€ ์žˆ์œผ๋ฏ€๋กœ ํด๋ผ์ด์–ธํŠธ IP๋ฅผ ๋ถ€์‚ฐ๋ฌผ๋กœ "์„ ํƒ"ํ•ฉ๋‹ˆ๋‹ค.

์šฐ๋ฆฌ์˜ ํ…Œ์ŠคํŠธ ํ™˜๊ฒฝ์—์„œ๋Š” ๋‹ค์Œ์„ ํ†ตํ•ด ๊ด€๋ฆฌ์ž์—๊ฒŒ ๋ฐฐํฌํ•จ์œผ๋กœ์จ๋งŒ ๊ฐœ์„ ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
์ œ์•ฝ ๋ฐ ์„ค์ • ๋ชจ๋“œ = ๊ฐ ๊ด€๋ฆฌ์ž๊ฐ€ ์‹คํ–‰๋˜๋„๋ก ํ•˜๋Š” ์ „์—ญ
์‚ฌ๋ก€. ํŠนํžˆ ๋‹ค์Œ๊ณผ ๊ฐ™์€ ๊ฒฝ์šฐ ์•Œ์•„์•ผ ํ•  ์ถ”๊ฐ€ ์˜ค๋ฒ„ํ—ค๋“œ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.
์šฐ๋ฆฌ๋Š” ๊ด€๋ฆฌ์ž ๋…ธ๋“œ๋ฅผ ์žƒ๊ณ  ๋ฌด์–ธ๊ฐ€๊ฐ€ ์šฐ๋ฆฌ์˜ ํŠธ๋ž˜ํ”ฝ์„ ๊ทธ๊ณณ์œผ๋กœ ๋ณด๋‚ด๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
๊ทธ๋Ÿฌ๋‚˜ ๋‹จ์ผ ํ˜ธ์ŠคํŠธ์— ๊ณ ์ •๋˜๋Š” ๊ฒƒ๋ณด๋‹ค ๋‚ซ์Šต๋‹ˆ๋‹ค.

@sandys https://github.com/sandys Cilium ์„ ์‚ฌ์šฉํ•ด ๋ณด์…จ์Šต๋‹ˆ๊นŒ? ์™€ ๋น„์Šทํ•ด ๋ณด์ž…๋‹ˆ๋‹ค.
์ ์–ด๋„ k8์—์„œ ๋™์ผํ•œ ๋ฌธ์ œ๋ฅผ ๊ฒช๋Š” ๊ฒƒ์œผ๋กœ ๋ณด์ด๋Š” Weave:
์ฟ ๋ฒ„๋„คํ‹ฐ์Šค/์ฟ ๋ฒ„๋„คํ‹ฐ์Šค#51014
https://github.com/kubernetes/kubernetes/issues/51014

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-388032011 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAEsUzQCgIeTenQIHIERxOfHKCzn1O6Aks5txCpogaJpZM4Jf2WK
.

  • 1

์•ˆ๋…• ์–˜๋“ค์•„,
Cilium์—์„œ Docker Swarm ์ง€์›์„ ์›ํ•˜๋Š” ๊ฒฝ์šฐ(ํŠนํžˆ Ingress ๋ฐ
์ด ํŠน์ • ๋ฌธ์ œ์™€ ๊ด€๋ จํ•˜์—ฌ), ์ด ๋ฒ„๊ทธ์— ๋Œ€ํ•ด ๋Œ“๊ธ€/์ข‹์•„์š” -
https://github.com/cilium/cilium/issues/4159

2018๋…„ 5์›” 11์ผ ๊ธˆ์š”์ผ ์˜ค์ „ 12์‹œ 59๋ถ„์— McBacker [email protected]์—์„œ ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์ผ์Šต๋‹ˆ๋‹ค.

>

  • 1

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-388159466 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAEsU_18F_cNttRUaAwaRF3gVpMZ-3qSks5txJUfgaJpZM4Jf2WK
.

ํ˜„์žฌ ๋ฒ„์ „์—์„œ๋Š” ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์ž‘๋™ํ•ฉ๋‹ˆ๋‹ค.
๊ทธ๋Ÿฐ ๋‹ค์Œ '๊ธฐ๋ณธ' ๋„คํŠธ์›Œํฌ์— ์žˆ๋Š” ๊ฒƒ์ฒ˜๋Ÿผ ๋ฌด๋ฆฌ์˜ ๋‹ค๋ฅธ ๋…ธ๋“œ์— ์•ก์„ธ์Šคํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

  web-server:
    image: blabla:7000/something/nginx:latest
    #ports:
    #  - "80:80"
    #  - "443:443"
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host        
    deploy:
      mode: global
      restart_policy:
        condition: any
      update_config:
        parallelism: 1
        delay: 30s

ํ•ต์‹ฌ์€ ports.mode: host ๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ์ž„์„ ํ™•์ธํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๋ฌธ์„œ(https://docs.docker.com/compose/compose-file/#long-syntax-1)์—์„œ:

๋ชจ๋“œ: ๊ฐ ๋…ธ๋“œ์— ํ˜ธ์ŠคํŠธ ํฌํŠธ๋ฅผ ๊ฒŒ์‹œํ•˜๊ธฐ ์œ„ํ•œ ํ˜ธ์ŠคํŠธ ๋˜๋Š” ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑํ•  ์Šค์›œ ๋ชจ๋“œ ํฌํŠธ๋ฅผ ์œ„ํ•œ ์ธ๊ทธ๋ ˆ์Šค.

๊ทธ๋Ÿฐ ๋‹ค์Œ mode: host ํ•˜๋ฉด ingress์— ์˜ํ•œ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑ์ด ์ค‘์ง€๋˜๊ณ  ์‹ค์ œ IP๊ฐ€ ๋‚˜ํƒ€๋‚ฉ๋‹ˆ๋‹ค. ์˜ˆ๋ฅผ ๋“ค์–ด ๋‹ค์Œ์€ ๋‚ด nginx ๋กœ๊ทธ์ž…๋‹ˆ๋‹ค.

  • mode: host ์™€ ํ•จ๊ป˜
    metrics-agents_nginx.1.pip12ztq3y1h<strong i="14">@xxxxxxxx</strong> | 62.4.X.X - - [12/Jun/2018:08:46:04 +0000] "GET /metrics HTTP/1.1" 200 173979 "-" "Prometheus/2.2.1" "-" [CUSTOM] "request_time: 0.227" remote_addr: 62.4.X.X proxy_add_x_forwarded_for: 62.4.X.X
  • mode: host
    metrics-agents_nginx.1.q1eosiklkgac<strong i="20">@xxxxxxxx</strong> | 10.255.0.2 - - [12/Jun/2018:08:50:04 +0000] "GET /metrics HTTP/1.1" 403 162 "-" "Prometheus/2.2.1" "-" [CUSTOM] "request_time: 0.000" remote_addr: 10.255.0.2 proxy_add_x_forwarded_for: 10.255.0.2

๋งˆ์ง€๋ง‰ ๋กœ๊ทธ๊ฐ€ 403 Forbidden ์‘๋‹ต์ธ ์ด์œ ๊ฐ€ ๊ถ๊ธˆํ•˜๋‹ค๋ฉด nginx( allow 62.4.X.X ๋ฐ deny all )์—์„œ ํ™”์ดํŠธ๋ฆฌ์ŠคํŠธ๋ฅผ ์‚ฌ์šฉํ•˜๊ธฐ ๋•Œ๋ฌธ์ž…๋‹ˆ๋‹ค.

๋ฌธ๋งฅ:
Description: Debian GNU/Linux 9.4 (stretch)
Docker version 18.03.0-ce, build 0520e24

@nperron์ด ๋งํ•œ ๊ฒƒ์„ ํ™•์ธํ•ฉ๋‹ˆ๋‹ค.
ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ๋ฅผ ์‚ฌ์šฉํ•˜๋ฉด ํด๋ผ์ด์–ธํŠธ IP๋ฅผ ์–ป์„ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Docker ๋ฒ„์ „ 18.03.1-ce, ๋นŒ๋“œ 9ee9f40
์šฐ๋ถ„ํˆฌ 16.04.4 LTS

์ž‘๋™ํ•˜๋Š”์ง€ ํ™•์ธํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Docker ๋ฒ„์ „ 18.03.1-ce, ๋นŒ๋“œ 9ee9f40
์šฐ๋ถ„ํˆฌ 16.04.4 LTS

์ฃผ์˜ ์‚ฌํ•ญ: IPTABLES=FALSE๋กœ ์„ค์ •ํ•œ ๊ฒฝ์šฐ ์ž‘๋™ํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค!
UFW๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ํฌํŠธ๋ฅผ ๋ณดํ˜ธํ•˜๊ณ  docker swarm์ด ํ•ด๋‹น UFW ์„ค์ •์„ ์žฌ์ •์˜ํ•˜๋Š” ๊ฒฝ์šฐ ์ด ์ž‘์—…์„ ์ˆ˜ํ–‰ํ–ˆ์„ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค(๋˜๋Š” ์ ์–ด๋„ ์ €๋Š” ์ˆ˜ํ–‰ํ–ˆ์Šต๋‹ˆ๋‹ค).

๋ช…๋ น์„ ํ†ตํ•ด ๋˜๋Š” /etc/docker/daemon.json์—์„œ iptables = false ์„ค์ •์„ ์ œ์•ˆํ•˜๋Š” ๋ช‡ ๊ฐ€์ง€ ์ž์Šต์„œ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.

๋ฐ”๋ผ๊ฑด๋Œ€ ์ด๊ฒƒ์€ ๋‚ด๊ฐ€ ๋ฐฉ๊ธˆ ๊ฒช์—ˆ๋˜ ์ขŒ์ ˆ๊ฐ์„ ๋ˆ„๊ตฐ๊ฐ€์—๊ฒŒ ์ €์žฅํ•ฉ๋‹ˆ๋‹ค!

Ingress๋ฅผ ์‚ฌ์šฉํ•˜์ง€ ์•Š๊ธฐ ๋•Œ๋ฌธ์— ์‚ฌ๋žŒ๋“ค์€ "Mode: host" = working์ด๋ผ๊ณ  ๋งํ•˜๋Š” ๊ฒƒ์„ ์ค‘๋‹จํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ๋”ฐ๋ผ์„œ Swarm์—์„œ ์‹คํ–‰๋˜๋Š” ์„œ๋น„์Šค์™€ ํ•จ๊ป˜ ํ•˜๋‚˜์˜ ์ปจํ…Œ์ด๋„ˆ๋งŒ ๊ฐ€์งˆ ์ˆ˜๋Š” ์—†์ง€๋งŒ ์—ฌ์ „ํžˆ ๋ชจ๋“  ํ˜ธ์ŠคํŠธ๋ฅผ ํ†ตํ•ด ์•ก์„ธ์Šคํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์„œ๋น„์Šค๋ฅผ "์ „์—ญ"์œผ๋กœ ๋งŒ๋“ค์–ด์•ผ ํ•˜๊ฑฐ๋‚˜ ์‹คํ–‰ ์ค‘์ธ ํ˜ธ์ŠคํŠธ์—์„œ๋งŒ ์•ก์„ธ์Šคํ•  ์ˆ˜ ์žˆ์œผ๋ฏ€๋กœ Swarm์˜ ๋ชฉ์ ์— ์–ด๊ธ‹๋‚ฉ๋‹ˆ๋‹ค.

TLDR: "๋ชจ๋“œ: ํ˜ธ์ŠคํŠธ"๋Š” ํ•ด๊ฒฐ์ฑ…์ด ์•„๋‹ˆ๋ผ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค.

@r3pek ์ด ๊ณค๊ฒฝ์„ ํ•ด๊ฒฐํ•˜๊ธฐ ์œ„ํ•ด ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ๋ฅผ ์‚ฌ์šฉํ•˜๋ฉด Ingress๋ฅผ ์žƒ๊ฒŒ ๋œ๋‹ค๋Š” ๋ฐ ๋™์˜ํ•˜์ง€๋งŒ, Swarm์˜ ์ „์ฒด ๋ชฉ์ ์„ ๊ฑฐ์˜
์ธํŠธ๋ผ๋„ท์„ ํ†ตํ•ด์„œ๋งŒ ์•ก์„ธ์Šคํ•ด์•ผ ํ•˜๋Š” ๋ณต์ œ๋œ ์ปจํ…Œ์ด๋„ˆ ๊ด€๋ฆฌ -> ํ˜ธ์ถœ์ž์˜ IP๊ฐ€ ํ•„์š”ํ•˜์ง€ ์•Š์œผ๋ฏ€๋กœ "์ •์ƒ์ ์œผ๋กœ" ๊ตฌ์„ฑ๋˜๊ณ  ์ˆ˜์‹ ์„ ํ™œ์šฉํ•ฉ๋‹ˆ๋‹ค.
๋…ธ์ถœ๋˜์ง€ ์•Š์€ ์ปจํ…Œ์ด๋„ˆ -> ์ด์— ๋Œ€ํ•ด ํ•  ๋ง์ด ์—†์Šต๋‹ˆ๋‹ค(๋‹น์‹ ์€ ์„œ๋น„์Šค ์ด๋ฆ„์„ ํ†ตํ•ด ์•ก์„ธ์Šคํ•  ์ˆ˜ ์žˆ๋Š” ๋Šฅ๋ ฅ์„ ๊ณผ์†Œํ‰๊ฐ€ํ•˜๊ณ  ์žˆ๋‹ค๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค).
๊ณต๊ฐœ ์„œ๋น„์Šค -> https ๋ฐ url ๊ธฐ๋ฐ˜ ๋ผ์šฐํŒ…์„ ์ˆ˜ํ–‰ํ•˜๋Š” nginx ํ”„๋ก์‹œ์ž…๋‹ˆ๋‹ค. ํด๋ผ์ด์–ธํŠธ์˜ ์‹ค์ œ IP์— ๋Œ€ํ•ด x-forward-forward๊ฐ€ ํ•„์š”ํ•˜๊ธฐ ์ „์—๋„ ์ „์—ญ์ ์œผ๋กœ ์ •์˜๋˜์—ˆ์œผ๋ฏ€๋กœ ์‹ค์ œ ๋ฌธ์ œ๋Š” ์—†์Šต๋‹ˆ๋‹ค.

nginx ์ „์—ญ์ด ์žˆ๊ณ  ์ˆ˜์‹ ์ด ์—†๋‹ค๋Š” ๊ฒƒ์€ ํด๋Ÿฌ์Šคํ„ฐ์˜ ๋ชจ๋“  IP๋ฅผ ํ†ตํ•ด ์—ฐ๊ฒฐํ•  ์ˆ˜ ์žˆ์ง€๋งŒ ๋ถ€ํ•˜ ๋ถ„์‚ฐ ๋˜๋Š” ๋‚ด๊ฒฐํ•จ์„ฑ์ด ์—†์œผ๋ฏ€๋กœ nginx ์•ž์— ๋งค์šฐ ์ €๋ ดํ•˜๊ณ  ์„ค์ •ํ•˜๊ธฐ ์‰ฌ์šด L4 Azure Load Balancer๋ฅผ ์ถ”๊ฐ€ํ–ˆ์Šต๋‹ˆ๋‹ค. ์„œ๋น„์Šค.

๋‹น์‹ ์ด ๋งํ–ˆ๋“ฏ์ด Host๋Š” ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด์ง€๋งŒ ๊ทธ๊ฒƒ์„ ํ™œ์„ฑํ™”ํ•˜๋Š” ๊ฒƒ์ด Docker Swarm์˜ ๋ชฉ์ ์„ ์™„์ „ํžˆ ๋ฌดํšจํ™”ํ•œ๋‹ค๊ณ  ๋งํ•˜๋Š” ๊ฒƒ์€ ์•ฝ๊ฐ„ ๊ณผ์žฅ๋œ imo์ž…๋‹ˆ๋‹ค.

์•ˆ๋…• ๋กœ๋ฒ ๋ฅดํ† 
๋‚˜๋Š” ๊ทธ๊ฒƒ์ด ๊ณผ์žฅ๋˜์—ˆ๋‹ค๊ณ  ์ƒ๊ฐํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ์™œ๋ƒํ•˜๋ฉด ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ๊ฐ€ ๋‹จ์ผ ์ง€์ ์„ ๋…ธ์ถœํ•˜๊ธฐ ๋•Œ๋ฌธ์ž…๋‹ˆ๋‹ค.
์‹คํŒจ์˜. ๋˜ํ•œ ๋ถ€ํ•˜์— ๋Œ€ํ•œ ์ถ”๊ฐ€ ๊ด€๋ฆฌ ๊ณ„์ธต์ด ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค.
๋ฌด๋ฆฌ ์ƒํƒœ๊ณ„ ์™ธ๋ถ€์—์„œ ๊ท ํ˜•์„ ์œ ์ง€ํ•ฉ๋‹ˆ๋‹ค.

azure lb๋ฅผ ์ง์ ‘ ์‚ฌ์šฉํ–ˆ๋‹ค๊ณ  ๋งํ•จ์œผ๋กœ์จ
๋…ผ์Ÿ.

"ํด๋ผ์ด์–ธํŠธ IP ์ „ํŒŒ๋กœ ์Šค์›œ์„ ์‹คํ–‰ํ•˜๋ ค๋ฉด,
์„ค์ •ํ•œ ์™ธ๋ถ€ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๋ฅผ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ๋Š”์ง€ ํ™•์ธํ•˜์‹ญ์‹œ์˜ค...๋˜๋Š”
ํด๋ผ์šฐ๋“œ ์„œ๋น„์Šค ์ค‘ ํ•˜๋‚˜"

์šฐ๋ฆฌ๋Š” ์ด๊ฒƒ์ด ์ผ์‹œ์ ์ธ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด ์•„๋‹ˆ๋ผ๊ณ  ๋งํ•˜๋Š” ๊ฒƒ์ด ์•„๋‹ˆ๋ผ...
์šฐ๋ฆฌ ๋ชจ๋‘๊ฐ€ ๋ฒ”์ฃผ์ ์œผ๋กœ ์ธ์‹ํ•˜์ง€ ์•Š๋Š”๋‹ค๋ฉด Swarm์˜ ์•ฝ์†์„ ๋ฌด์‹œํ•ฉ๋‹ˆ๋‹ค.
๊ฒฐ์ .

2018๋…„ 7์›” 5์ผ ๋ชฉ์š”์ผ 14:16 Roberto Fabrizi, [email protected]
์ผ๋‹ค:

@r3pek https://github.com/r3pek ๋‹น์‹ ์ด ์ง€๋Š” ๊ฒƒ์— ๋™์˜ํ•˜์ง€๋งŒ
์ด ๊ณค๊ฒฝ์„ ํ•ด๊ฒฐํ•˜๊ธฐ ์œ„ํ•ด ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ๊ฒฝ์šฐ Ingress๋Š” ๋‹ค์Œ๊ณผ ๊ฐ™์ด ๋งํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
Swarm์˜ ์ „์ฒด ๋ชฉ์ ์„ ๊ฑฐ์˜ ์ขŒ์ ˆ์‹œํ‚ค์ง€ ์•Š์œผ๋ฉฐ, ๊ทธ ์ด์ƒ์˜ ์—ญํ• ์„ ํ•ฉ๋‹ˆ๋‹ค.
๊ณต๊ฐœ ์ธ๊ทธ๋ ˆ์Šค ๋„คํŠธ์›Œํฌ. ์šฐ๋ฆฌ์˜ ์‚ฌ์šฉ ์‹œ๋‚˜๋ฆฌ์˜ค์—์„œ ์šฐ๋ฆฌ๋Š” ๋™์ผํ•œ
์˜ค๋ฒ„๋ ˆ์ด ๋–ผ:
๋ฅผ ํ†ตํ•ด์„œ๋งŒ ์•ก์„ธ์Šคํ•ด์•ผ ํ•˜๋Š” ๋ณต์ œ๋œ ์ปจํ…Œ์ด๋„ˆ ๊ด€๋ฆฌ
์ธํŠธ๋ผ๋„ท -> ๋ฐœ์‹ ์ž์˜ IP๊ฐ€ ํ•„์š”ํ•˜์ง€ ์•Š์œผ๋ฏ€๋กœ ๊ตฌ์„ฑ๋ฉ๋‹ˆ๋‹ค.
"์ •์ƒ์ ์œผ๋กœ"ํ•˜๊ณ  ์นจ์ž…์„ ์ด์šฉํ•˜์‹ญ์‹œ์˜ค.
๋…ธ์ถœ๋˜์ง€ ์•Š์€ ์šฉ๊ธฐ -> ์ด๊ฒƒ์— ๋Œ€ํ•ด ํ•  ๋ง ์—†์Œ(๋‚˜๋Š” ๋‹น์‹ ์ด
์„œ๋น„์Šค๋ฅผ ํ†ตํ•ด ์•ก์„ธ์Šคํ•  ์ˆ˜ ์žˆ๋Š” ํž˜์„ ๊ณผ์†Œํ‰๊ฐ€
์ด๋ฆ„).
๊ณต๊ฐœ ์ปจํ…Œ์ด๋„ˆ -> https ๋ฐ url์„ ์ˆ˜ํ–‰ํ•˜๋Š” nginx ํ”„๋ก์‹œ์ž…๋‹ˆ๋‹ค.
๊ธฐ๋ฐ˜ ๋ผ์šฐํŒ…. x-forward-for๊ฐ€ ํ•„์š”ํ•˜๊ธฐ ์ „์—๋„ ์ „์—ญ์ ์œผ๋กœ ์ •์˜๋˜์—ˆ์Šต๋‹ˆ๋‹ค.
ํด๋ผ์ด์–ธํŠธ์˜ ์‹ค์ œ IP์ด๋ฏ€๋กœ ์‹ค์ œ ๋ฌธ์ œ๋Š” ์—†์Šต๋‹ˆ๋‹ค.

nginx ์ „์—ญ์ด ์žˆ๊ณ  ์ˆ˜์‹ ์ด ์—†๋‹ค๋Š” ๊ฒƒ์€ ๋‹ค์Œ์„ ํ†ตํ•ด ๋„๋‹ฌํ•  ์ˆ˜ ์žˆ์Œ์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค.
ํด๋Ÿฌ์Šคํ„ฐ์˜ ๋ชจ๋“  IP์ด์ง€๋งŒ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑ๋˜์ง€ ์•Š์•˜์œผ๋ฏ€๋กœ ๋งค์šฐ
nginx ์•ž์— L4 Azure Load Balancer๋ฅผ ์ €๋ ดํ•˜๊ณ  ์‰ฝ๊ฒŒ ์„ค์ •ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
์„œ๋น„์Šค.

๋‹น์‹ ์ด ๋งํ–ˆ๋“ฏ์ด ํ˜ธ์ŠคํŠธ๋Š” ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด์ง€๋งŒ ์™„์ „ํžˆ ํ™œ์„ฑํ™”ํ•œ๋‹ค๊ณ  ๋งํ•ฉ๋‹ˆ๋‹ค.
Docker Swarm์˜ ๋ชฉ์ ์„ ์ด๊ธฐ๋Š” ๊ฒƒ์€ ์กฐ๊ธˆ ๊ณผ์žฅ๋œ ๊ฒƒ์ž…๋‹ˆ๋‹ค.

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-402650066 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAEsU_ogRzwM6X0PMknXxsxmZLLTtfraks5uDdJlgaJpZM4Jf2WK
.

Docker Swarm์˜ ์ˆ˜์‹ ์„ ์œ„ํ•ด ๋ถˆ๋Ÿ‰ํ•œ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ(IPVS)๊ฐ€ ์„ ํƒ๋˜์—ˆ์Œ์„ ์•Œ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์ตœ์†Œํ•œ L4 ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ ์„ ์ง€์›ํ•˜๋Š” ๊ฒฝ์šฐ ๋ฌธ์ œ๊ฐ€ ๋˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. L7 lb๊ฐ€ ์ œ๊ณตํ•  ์ˆ˜ ์žˆ๋Š” ๋ชจ๋“  ์ถ”๊ฐ€ ๊ธฐ๋Šฅ์ด ์—†๋Š” L4(TCP) ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๋ผ๋Š” ์ ๋งŒ ์ œ์™ธํ•˜๊ณ .

Kubernetes์—๋Š” nginx ingress , haproxy ingress ์™€ ๊ฐ™์€ L4(TCP)-L7(HTTP) ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค. ์ด ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๋Š” L4 ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ ๋˜๋Š” L7 HTTP ํ—ค๋”๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ X-Forwarded-For ๊ฐ€ ์‚ฌ์šฉ์ž์˜ ์‹ค์ œ ์ „๋‹ฌ์— ํ™œ์šฉ๋˜๋„๋ก ํ•ฉ๋‹ˆ๋‹ค. ๋ฐฑ์—”๋“œ์— ๋Œ€ํ•œ IP์ž…๋‹ˆ๋‹ค.

Docker Swarm ์ธ๊ทธ๋ ˆ์Šค์˜ ๊ฐœ๋ฐœ์ž๊ฐ€ ๋ญ๋ผ๊ณ  ํ• ์ง€ ๊ถ๊ธˆํ•ฉ๋‹ˆ๋‹ค. ์•„๋งˆ๋„ ๋ˆ„๊ตฐ๊ฐ€ ์ด ์ผ€์ด์Šค๋ฅผ https://github.com/docker/swarmkit/issues ๋กœ ์˜ฎ๊ฒจ์•ผ ํ•ฉ๋‹ˆ๊นŒ?

Kubernetes์—๋Š” nginx ingress, haproxy ingress์™€ ๊ฐ™์€ L4(TCP)-L7(HTTP) ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค. ์ด ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๋Š” L4 ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ ๋˜๋Š” L7 HTTP ํ—ค๋”๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ X-Forwarded-For๊ฐ€ ์‚ฌ์šฉ์ž์˜ ์‹ค์ œ IP๋ฅผ ์ „๋‹ฌํ•˜๋Š” ๋ฐ ํ™œ์šฉ๋˜๋„๋ก ํ•ฉ๋‹ˆ๋‹ค. ๋ฐฑ์—”๋“œ๋กœ.

AFAICS, ์ด๋Ÿฌํ•œ LB ์„œ๋น„์Šค๋Š” K8์— ํฌํ•จ๋˜์ง€ ์•Š๊ณ  ๋ช…์‹œ์ ์œผ๋กœ ๋ฐฐํฌ๋˜์–ด์•ผ ํ•˜๋Š” ์„œ๋น„์Šค์ž…๋‹ˆ๋‹ค. Docker swarm์—์„œ๋„ ๋™์ผํ•œ ์ž‘์—…์„ ์ˆ˜ํ–‰ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๋‚˜๋Š” ์—ฌ๊ธฐ์„œ ์ฐจ์ด๋ฅผ ๋ณด์ง€ ๋ชปํ•œ๋‹ค. (๊ทธ ์™ธ์—๋Š” nginx ์ˆ˜์‹  ์ปจํŠธ๋กค๋Ÿฌ๊ฐ€ "๊ณต์‹"์ธ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.)

๋‚ด๊ฐ€ ์•„๋Š” ํ•œ, ์ฐจ์ด์ ์€ ์ด๋Ÿฌํ•œ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑ ์„œ๋น„์Šค๋ฅผ ๋ฐฐํฌํ•˜๋”๋ผ๋„ swarmkit ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ์—์„œ 'ํ˜ธ์ถœ'๋˜์–ด ์‚ฌ์šฉ์ž IP๋ฅผ ์žƒ๋Š”๋‹ค๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๋”ฐ๋ผ์„œ ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ๋ฅผ ์‚ฌ์šฉํ•˜์ง€ ์•Š๋Š” ๊ฒฝ์šฐ swarmkit ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๋ฅผ ๋น„ํ™œ์„ฑํ™”ํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค.

๊ณตํ‰ํ•˜๊ฒŒ - k8์—์„œ๋Š” ์‚ฌ์šฉ์ž ์ง€์ • ์ธ๊ทธ๋ ˆ์Šค๋ฅผ ๊ฐ€์งˆ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๋ฌด๋ฆฌ์—์„œ
์•„๋‹ˆ๋‹ค.

Swarm์€ ๋ชจ๋“  ๊ฒƒ์ด "๋‚ด์žฅ"๋˜์–ด ์žˆ๋‹ค๋Š” ์ž…์žฅ์„ ์ทจํ•ฉ๋‹ˆ๋‹ค. ์˜ ๊ฒฝ์šฐ๋„ ๋งˆ์ฐฌ๊ฐ€์ง€
๋„คํŠธ์›Œํฌ - k8s์—์„œ๋Š” weave ๋“ฑ์„ ์„ค์ •ํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. swarm์— ๋‚ด์žฅ๋˜์–ด ์žˆ์Šต๋‹ˆ๋‹ค.

๊ทธ๋ž˜์„œ andrey๊ฐ€ ๋งํ•˜๊ณ  ์žˆ๋Š” ์š”์ ์€ (๊ทธ๋ฆฌ๊ณ  ์ €๋„ ์–ด๋Š ์ •๋„ ๋™์˜ํ•ฉ๋‹ˆ๋‹ค) -
Swarm์€ ์ด ๊ธฐ๋Šฅ์„ Ingress์˜ ์ผ๋ถ€๋กœ ๋งŒ๋“ค์–ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.
๊ทธ๊ฒƒ์— ๋Œ€ํ•œ ํ†ต์ œ๊ฐ€ ์—†์Šต๋‹ˆ๋‹ค.

2018๋…„ 7์›” 28์ผ ํ† ์š”์ผ ์˜คํ›„ 5์‹œ 77๋ถ„ Seti [email protected]์—์„œ ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์ž‘์„ฑํ–ˆ์Šต๋‹ˆ๋‹ค.

๋‚ด๊ฐ€ ์•„๋Š” ํ•œ, ์ฐจ์ด์ ์€ ๊ทธ๋Ÿฌํ•œ ๋ฐฐํฌ๋ฅผ
๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑ ์„œ๋น„์Šค Swarmkit ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ์—์„œ 'ํ˜ธ์ถœ'๋ฉ๋‹ˆ๋‹ค.
๊ทธ๋ž˜์„œ ๋‹น์‹ ์€ ์‚ฌ์šฉ์ž IP๋ฅผ ๋Š์Šจํ•˜๊ฒŒํ•ฉ๋‹ˆ๋‹ค. ๋”ฐ๋ผ์„œ Swarmkit์„ ๋น„ํ™œ์„ฑํ™”ํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค.
ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ๋ฅผ ์‚ฌ์šฉํ•˜์ง€ ์•Š๋Š” ๊ฒฝ์šฐ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ.

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-408601274 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAEsU1-Ism_S1Awml8lO8N0Aq6rtrLH4ks5uLEzugaJpZM4Jf2WK
.

๋‚˜๋Š” ์šฐ๋ฆฌ๊ฐ€ ์šฐ๋ฆฌ์˜ ์Šค์›œ ์ฃผ๋ฆ„์„ ๋‹ค๋ค˜๋‹ค๊ณ  ์ƒ๊ฐํ–ˆ์ง€๋งŒ, ์šฐ๋ฆฌ๋Š” ๋ฌด๋Œ€์— ์˜ฌ๋ž๊ณ  ์›น ์„œ๋ฒ„ ์ปจํ…Œ์ด๋„ˆ์— ๋Œ€ํ•œ ๋ชจ๋“  ์™ธ๋ถ€ ์•ก์„ธ์Šค๊ฐ€ ์ธ๊ทธ๋ ˆ์Šค ๋„คํŠธ์›Œํฌ IP๋กœ ๋‚˜ํƒ€๋‚˜๋Š” ๊ฒƒ์„ ์•Œ์•„์ฐจ๋ ธ์Šต๋‹ˆ๋‹ค.

์ €๋Š” ๋‹จ์ผ ๋…ธ๋“œ ๋–ผ์—์„œ ์Šคํƒ์„ ์‹คํ–‰ํ•˜๊ณ  ์žˆ์œผ๋ฉฐ ์ ์–ด๋„ ์•ž์œผ๋กœ ๋ช‡ ๋‹ฌ ๋™์•ˆ์€ ๊ทธ๋ ‡๊ฒŒ ํ•  ๊ฒƒ์ž…๋‹ˆ๋‹ค. ํ˜„์žฌ(๋‹จ์ผ ๋…ธ๋“œ ๋ฌด๋ฆฌ) ์‚ฌ์šฉ ์‚ฌ๋ก€์— ๋Œ€ํ•ด ๊ฐ€์žฅ ๋œ ๋‚˜์œ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์„ ์ถ”์ฒœํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๊นŒ? ํด๋ผ์ด์–ธํŠธ IP ์—†์ด๋Š” ํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค. ๋„ˆ๋ฌด ๋งŽ์ด ์˜์กดํ•ฉ๋‹ˆ๋‹ค.

์šฐ๋ฆฌ์˜ ์ž„์‹œ ์ ‘๊ทผ ๋ฐฉ์‹์€ "๊ธ€๋กœ๋ฒŒ" ๋ชจ๋“œ(IIRC๊ฐ€ ์‹ค์ œ NIC์˜ IP๋ฅผ ์–ป์„ ์ˆ˜ ์žˆ์Œ)์—์„œ ๊ฐ„๋‹จํ•œ ํ”„๋ก์‹œ ์ปจํ…Œ์ด๋„ˆ๋ฅผ ์‹คํ–‰ํ•œ ๋‹ค์Œ ํ”„๋ก์‹œ ํ—ค๋”๊ฐ€ ์ถ”๊ฐ€๋œ ์Šค์›œ ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ์—์„œ ์‹คํ–‰๋˜๋Š” ๋‚ด๋ถ€ ์„œ๋น„์Šค๋กœ ๋ชจ๋“  ์—ฐ๊ฒฐ์„ ์ „๋‹ฌํ•˜๋„๋ก ํ•˜๋Š” ๊ฒƒ์ด์—ˆ์Šต๋‹ˆ๋‹ค.

x-forwarded-for ํ—ค๋”๋ฅผ ์–ป๋Š” ๊ฒƒ์œผ๋กœ ์ถฉ๋ถ„ํ•˜๋‹ค๋ฉด ํ•ด๋‹น ์„ค์ •์ด AFAICT๋ฅผ ์ž‘๋™ํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

@maximelb๋‹˜, ๊ฐ์‚ฌํ•ฉ๋‹ˆ๋‹ค. ๊ฒฐ๊ตญ ๋ฌด์—‡์„ ์‚ฌ์šฉํ•˜๊ฒŒ ๋˜์—ˆ์Šต๋‹ˆ๊นŒ(์˜ˆ: nginx, haproxy)?

@jamiejackson ์ƒํ™ฉ์ด ์กฐ๊ธˆ ๋‹ค๋ฅผ ๊ฒƒ์ž…๋‹ˆ๋‹ค. ์šฐ๋ฆฌ์˜ ๊ฒฝ์šฐ์—๋Š” ์žฅ๊ธฐ ์‹คํ–‰ SSL ์—ฐ๊ฒฐ์„ ํ˜ธ์ŠคํŒ…ํ•˜๋Š” ์„œ๋ฒ„์™€ ๊ทธ ์•„๋ž˜์—์„œ HTTP ํ”„๋ก์‹œ๊ฐ€ ๊ฐ€๋Šฅํ•˜์ง€ ์•Š์€ ์‚ฌ์šฉ์ž ์ง€์ • ๋ฐ”์ด๋„ˆ๋ฆฌ ํ”„๋กœํ† ์ฝœ์„ ์‹คํ–‰ํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋ž˜์„œ ์šฐ๋ฆฌ๋Š” ๊ฐ„๋‹จํ•œ TCP ํฌ์›Œ๋”๋ฅผ ๋งŒ๋“ค๊ณ  ๋‚ด๋ถ€ ์„œ๋ฒ„์—์„œ ์ˆ˜๋™์œผ๋กœ ์••์ถ•์„ ํ’€ ์ˆ˜ ์žˆ๋Š” "msgpack" ํ—ค๋”๋ฅผ ์‚ฌ์šฉํ–ˆ์Šต๋‹ˆ๋‹ค.

๋‚˜๋Š” HTTP ํ”„๋ก์‹œ์— ์ต์ˆ™ํ•˜์ง€ ์•Š์ง€๋งŒ ๋Œ€๋ถ€๋ถ„์ด ๋‹น์‹ ์„ ์œ„ํ•ด ํŠธ๋ฆญ์„ ํ•  ๊ฒƒ์ด๋ผ๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค. :-/

์•ˆ๋…•ํ•˜์„ธ์š” ๋งฅ์‹ฌ์ž…๋‹ˆ๋‹ค.
์ด๊ฒƒ์€ ์šฐ๋ฆฌ์—๊ฒŒ ๋งค์šฐ ํฅ๋ฏธ ๋กญ์Šต๋‹ˆ๋‹ค. docker-compose๋ฅผ ๊ณต์œ ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๊นŒ?
๊ฐ€๋Šฅ์„ฑ ?

๋‚˜๋Š” ์ด๊ฒƒ์ด ์–ด๋–ป๊ฒŒ ์ž‘๋™ํ•˜๋Š”์ง€ ์ดํ•ดํ•˜๋ ค๊ณ  ๋…ธ๋ ฅํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ์˜ค๋Š˜ ์šฐ๋ฆฌ๋Š” nginx๋ฅผ ์—ญ์œผ๋กœ ๊ฐ€์ง€๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
ํ”„๋ก์‹œ(์„œ๋น„์Šค๋กœ) ๋ฐ ๊ทธ ๋’ค์— ์žˆ๋Š” ์—ฌ๋Ÿฌ ๋„์ปค ์„œ๋น„์Šค.

๊ท€ํ•˜์˜ ๊ฒฝ์šฐ - nginx๊ฐ€ "๊ธ€๋กœ๋ฒŒ ๋ชจ๋“œ"ํ”„๋ก์‹œ๊ฐ€๋ฉ๋‹ˆ๊นŒ? ์•„๋‹ˆ๋ฉด ๊ทธ๊ฒƒ์€
ํŠน์ˆ˜ TCP ์ „๋‹ฌ์ž. ๋”ฐ๋ผ์„œ ๋…ธ๋“œ ์ˆ˜๋ฅผ ํ™•์žฅํ•จ์— ๋”ฐ๋ผ ํ”„๋ก์‹œ ์ „๋‹ฌ์ž๋Š”
๊ฐ ๋…ธ๋“œ๋กœ ์ด๋™ํ•ฉ๋‹ˆ๋‹ค. ๋‚˜๋Š” ์–ด๋–ป๊ฒŒ ๋“ ์ด ์ƒํ™ฉ์—์„œ ์ƒ๊ฐํ–ˆ์Šต๋‹ˆ๋‹ค.
์ธ๊ทธ๋ ˆ์Šค ๋„คํŠธ์›Œํฌ๊ฐ€ ์™ธ๋ถ€ IP๋ฅผ ์ฃฝ์ด๊ธฐ ๋•Œ๋ฌธ์— ํ—ค๋”๊ฐ€ ์†์‹ค๋ฉ๋‹ˆ๋‹ค.
(ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์ด ์—†๊ธฐ ๋•Œ๋ฌธ์—).

์ข€ ๋” ์ž์„ธํ•œ ์ •๋ณด๋ฅผ ์•Œ๋ ค์ฃผ์‹œ๋ฉด ์ •๋ง ๊ฐ์‚ฌํ•˜๊ฒ ์Šต๋‹ˆ๋‹ค.

๋ฌธ์•ˆ ์ธ์‚ฌ
์ƒŒ๋””ํ”„

2018๋…„ 8์›” 8์ผ ์ˆ˜์š”์ผ ์˜ค์ „ 7:18 Maxime Lamothe-Brassard <
[email protected]>์€ ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์ผ์Šต๋‹ˆ๋‹ค.

์šฐ๋ฆฌ์˜ ์ž„์‹œ ์ ‘๊ทผ ๋ฐฉ์‹์€ ๋‹ค์Œ์—์„œ ๊ฐ„๋‹จํ•œ ํ”„๋ก์‹œ ์ปจํ…Œ์ด๋„ˆ๋ฅผ ์‹คํ–‰ํ•˜๋Š” ๊ฒƒ์ด์—ˆ์Šต๋‹ˆ๋‹ค.
"๊ธ€๋กœ๋ฒŒ" ๋ชจ๋“œ(IIRC๊ฐ€ ์‹ค์ œ NIC์˜ IP๋ฅผ ์–ป์„ ์ˆ˜ ์žˆ์Œ)
๋ชจ๋“  ์—ฐ๊ฒฐ์„ Swarm์—์„œ ์‹คํ–‰ ์ค‘์ธ ๋‚ด๋ถ€ ์„œ๋น„์Šค๋กœ ์ „๋‹ฌ
ํ”„๋ก์‹œ ํ—ค๋”๊ฐ€ ์ถ”๊ฐ€๋œ ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ.

x-forwarded-for ํ—ค๋”๋ฅผ ์–ป๋Š” ๊ฒƒ์œผ๋กœ ์ถฉ๋ถ„ํ•˜๋‹ค๋ฉด ๊ทธ ์„ค์ •์€
AFAICT๋ฅผ ์ž‘๋™ํ•ฉ๋‹ˆ๋‹ค.

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-411257087 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAEsUx3DOjXb79FNjsuZ-RZVqkkhHAbYks5uOkOHgaJpZM4Jf2WK
.

@sandys ํ™•์‹คํžˆ, ์—ฌ๊ธฐ์— ๊ด€๋ จ ์ปจํ…Œ์ด๋„ˆ๊ฐ€ ํฌํ•จ๋œ docker-compose์—์„œ ๋ฐœ์ทŒํ•œ ๋‚ด์šฉ์ด ์žˆ์Šต๋‹ˆ๋‹ค.

์ด๊ฒƒ์€ ์—ญ๋ฐฉํ–ฅ ํ”„๋ก์‹œ docker-compose ํ•ญ๋ชฉ์ž…๋‹ˆ๋‹ค.

reverseproxy:
    image: yourorg/repo-proxy:latest
    networks:
      - network_with_backend_service
    deploy:
      mode: global
    ports:
      - target: 443
        published: 443
        protocol: tcp
        mode: host

๋‹ค์Œ์€ ๋ฐฑ์—”๋“œ ์„œ๋น„์Šค ํ•ญ๋ชฉ์ž…๋‹ˆ๋‹ค.

backendservice:
    image: yourorg/repo-backend:latest
    networks:
      - network_with_backend_service
    deploy:
      replicas: 2

์—ญ๋ฐฉํ–ฅ ํ”„๋ก์‹œ(๋ฐฑ์—”๋“œ ์ธก)์˜ ๋Œ€์ƒ์€ tasks.backendservice (๋ชจ๋“  ๋ณต์ œ๋ณธ์— ๋Œ€ํ•œ A ๋ ˆ์ฝ”๋“œ๊ฐ€ ์žˆ์Œ)์ž…๋‹ˆ๋‹ค. ๋ฐฑ์—”๋“œ ์„œ๋น„์Šค๊ฐ€ ๊ธฐ๋ณธ ์Šค์›œ ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ์— ์žˆ๋Š” ๊ฒฝ์šฐ networks ๋ถ€๋ถ„์„ โ€‹โ€‹๊ฑด๋„ˆ๋›ธ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

global ๋น„ํŠธ๋Š” "์ด ์ปจํ…Œ์ด๋„ˆ๋ฅผ ๋ชจ๋“  Docker swarm ๋…ธ๋“œ์— ์ •ํ™•ํžˆ ํ•œ ๋ฒˆ ๋ฐฐํฌํ•ฉ๋‹ˆ๋‹ค. mode: host ํฌํŠธ๋Š” "๋…ธ๋“œ์˜ ๊ธฐ๋ณธ NIC์— ๋ฐ”์ธ๋”ฉ"์ด๋ผ๊ณ  ๋งํ•ฉ๋‹ˆ๋‹ค.

๋„์›€์ด ๋˜๊ธฐ๋ฅผ ๋ฐ”๋ž๋‹ˆ๋‹ค.

ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ๋ฅผ ์‚ฌ์šฉ ์ค‘์ž…๋‹ˆ๋‹ค. ๊ทธ๋ž˜์„œ ๊ฑฐ์˜ ์™ธ๋ถ€ ๋ถ€ํ•˜ ๋ถ„์‚ฐ ์žฅ์น˜๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.
๋ชจ๋“  ๊ฒƒ ์•ž์—์„œ.
ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ์— ์žˆ์œผ๋ฏ€๋กœ ๋” ์ด์ƒ Swarm์— ์˜์กดํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค.

๊ทธ๊ฒƒ์ด ์‹ค์ œ๋กœ ์šฐ๋ฆฌ๊ฐ€ ์ž ์‹œ ๋™์•ˆ ์ด์•ผ๊ธฐํ•ด ์™”๋˜ ๋ฌธ์ œ์ž…๋‹ˆ๋‹ค :(

2018๋…„ 8์›” 8์ผ ์ˆ˜์š”์ผ, 20:47 Maxime Lamothe-Brassard, <
[email protected]>์€ ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์ผ์Šต๋‹ˆ๋‹ค.

@sandys https://github.com/sandys ํ™•์‹คํ•ฉ๋‹ˆ๋‹ค. ์—ฌ๊ธฐ์—์„œ ๋ฐœ์ทŒํ•œ ๋‚ด์šฉ์ด ์žˆ์Šต๋‹ˆ๋‹ค.
๊ด€๋ จ ์ปจํ…Œ์ด๋„ˆ๋กœ docker-compose.

์ด๊ฒƒ์€ ์—ญ๋ฐฉํ–ฅ ํ”„๋ก์‹œ docker-compose ํ•ญ๋ชฉ์ž…๋‹ˆ๋‹ค.

์—ญ ํ”„๋ก์‹œ:
์ด๋ฏธ์ง€: yourorg/repo- proxy:latest
๋„คํŠธ์›Œํฌ:
- network_with_backend_service
๋ฐฐํฌ:
๋ชจ๋“œ: ๊ธ€๋กœ๋ฒŒ
ํฌํŠธ:
- ๋Œ€์ƒ: 443
์ถœํŒ: 443
ํ”„๋กœํ† ์ฝœ: TCP
๋ชจ๋“œ: ํ˜ธ์ŠคํŠธ

๋‹ค์Œ์€ ๋ฐฑ์—”๋“œ ์„œ๋น„์Šค ํ•ญ๋ชฉ์ž…๋‹ˆ๋‹ค.

๋ฐฑ์—”๋“œ ์„œ๋น„์Šค:
์ด๋ฏธ์ง€: yourorg/repo- backend:์ตœ์‹ 
๋„คํŠธ์›Œํฌ:
- network_with_backend_service
๋ฐฐํฌ:
๋ณต์ œ๋ณธ: 2

๋ฆฌ๋ฒ„์Šค ํ”„๋ก์‹œ(๋ฐฑ์—”๋“œ ์ธก)์˜ ๋Œ€์ƒ์€ ๋‹ค์Œ๊ณผ ๊ฐ™์Šต๋‹ˆ๋‹ค.
task.backendservice(๋ชจ๋“  ๋ณต์ œ๋ณธ์— ๋Œ€ํ•œ A ๋ ˆ์ฝ”๋“œ๊ฐ€ ์žˆ์Œ). ๋‹น์‹ ์€ ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค
๋ฐฑ์—”๋“œ ์„œ๋น„์Šค๊ฐ€ ๊ธฐ๋ณธ ์Šค์›œ์— ์žˆ๋Š” ๊ฒฝ์šฐ ๋„คํŠธ์›Œํฌ ๋ถ€๋ถ„์„ ๊ฑด๋„ˆ๋œ๋‹ˆ๋‹ค.
์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ.

์ „์—ญ ๋น„ํŠธ๋Š” "์ด ์ปจํ…Œ์ด๋„ˆ๋ฅผ ๋ชจ๋“  Docker์— ์ •ํ™•ํžˆ ํ•œ ๋ฒˆ ๋ฐฐํฌํ•ฉ๋‹ˆ๋‹ค.
๋ฌด๋ฆฌ ๋…ธ๋“œ. ํฌํŠธ ๋ชจ๋“œ: ํ˜ธ์ŠคํŠธ๋Š” "๋„ค์ดํ‹ฐ๋ธŒ์— ๋ฐ”์ธ๋”ฉ
๋…ธ๋“œ์˜ NIC".

๋„์›€์ด ๋˜๊ธฐ๋ฅผ ๋ฐ”๋ž๋‹ˆ๋‹ค.

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-411442155 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAEsU8N7KAFtOp_cPO8wpbBQqzDfpBWOks5uOwEkgaJpZM4Jf2WK
.

๋ฌด์Šจ ๋ง์ธ์ง€ 100% ํ™•์‹ ํ•  ์ˆ˜๋Š” ์—†์ง€๋งŒ ์™ธ๋ถ€์ ์œผ๋กœ๋Š” ํด๋Ÿฌ์Šคํ„ฐ ๋…ธ๋“œ๋‹น A ๋ ˆ์ฝ”๋“œ๊ฐ€ ์žˆ๋Š” DNS๋ฅผ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค. ์ด๊ฒƒ์€ ์™ธ๋ถ€ ๊ฐ€๋™ ๋ถ€ํ’ˆ ์—†์ด ์ €๋ ดํ•œ "๋ฐธ๋Ÿฐ์‹ฑ"์„ ์ œ๊ณตํ•ฉ๋‹ˆ๋‹ค. ํด๋ผ์ด์–ธํŠธ๊ฐ€ ์š”์ฒญํ•  ๋•Œ ์ž„์˜์˜ A ๋ ˆ์ฝ”๋“œ๋ฅผ ์„ ํƒํ•˜๊ณ  ํด๋Ÿฌ์Šคํ„ฐ ๋…ธ๋“œ ์ค‘ ํ•˜๋‚˜์˜ 443์— ์—ฐ๊ฒฐํ•ฉ๋‹ˆ๋‹ค.

๊ฑฐ๊ธฐ์—์„œ ํ•ด๋‹น ํŠน์ • ๋…ธ๋“œ์—์„œ ์‹คํ–‰๋˜๊ณ  443์—์„œ ์ˆ˜์‹  ๋Œ€๊ธฐํ•˜๋Š” ์—ญ๋ฐฉํ–ฅ ํ”„๋ก์‹œ๋Š” ์‹ค์ œ ํด๋ผ์ด์–ธํŠธ IP๋ฅผ ํฌํ•จํ•˜์—ฌ ๊ธฐ๋ณธ ์—ฐ๊ฒฐ์„ ์–ป์Šต๋‹ˆ๋‹ค. ๊ทธ๋Ÿฐ ๋‹ค์Œ ์—ญ๋ฐฉํ–ฅ ํ”„๋ก์‹œ ์ปจํ…Œ์ด๋„ˆ๋Š” ํ—ค๋”๋ฅผ ์ถ”๊ฐ€ํ•˜๊ณ  ์Šค์›œ ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ(tasks.backend)๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ๋‹ค๋ฅธ ๋‚ด๋ถ€ ์ปจํ…Œ์ด๋„ˆ๋กœ ์—ฐ๊ฒฐ์„ ์ „๋‹ฌํ•ฉ๋‹ˆ๋‹ค. task.backend ๋Œ€์ƒ์„ ์‚ฌ์šฉํ•˜๊ธฐ ๋•Œ๋ฌธ์— ๋‚ด๋ถ€ ์„œ๋น„์Šค์— ๋Œ€ํ•œ ์ž„์˜์˜ A ๋ ˆ์ฝ”๋“œ๋„ ์–ป์Šต๋‹ˆ๋‹ค.

๋”ฐ๋ผ์„œ ์—„๊ฒฉํ•œ ์˜๋ฏธ์—์„œ ์—ฐ๊ฒฐ์„ ๋ฆฌ๋””๋ ‰์…˜ํ•˜๋Š” ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ์˜ ๋งˆ๋ฒ•์„ ์šฐํšŒํ•ฉ๋‹ˆ๋‹ค. ๋Œ€์‹  ์—ญ๋ฐฉํ–ฅ ํ”„๋ก์‹œ๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ์ด ๋™์ž‘์„ ๋ณต์ œํ•˜๊ณ  ํ—ค๋”๋ฅผ ์ถ”๊ฐ€ํ•ฉ๋‹ˆ๋‹ค. ์ตœ์ข… ํšจ๊ณผ๋Š” ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ์˜ ๋งˆ๋ฒ•๊ณผ ๋™์ผํ•ฉ๋‹ˆ๋‹ค(๋Š์Šจํ•œ ์˜๋ฏธ์—์„œ). ๋˜ํ•œ Swarm์„ ์‹คํ–‰ํ•˜๋Š” ๊ฒƒ๊ณผ ๋ณ‘๋ ฌ๋กœ ์ˆ˜ํ–‰ํ•ฉ๋‹ˆ๋‹ค. ์ฆ‰, ํด๋ผ์ด์–ธํŠธ IP๊ฐ€ ํ•„์š”ํ•˜์ง€ ์•Š์€ ๋‹ค๋ฅธ ๋ชจ๋“  ์„œ๋น„์Šค๋ฅผ ์œ„ํ•ด ๋‹ค๋ฅธ ์ž‘์—…์„ ์ˆ˜ํ–‰ํ•˜์ง€ ์•Š๊ณ ๋„ ๋™์ผํ•œ ํด๋Ÿฌ์Šคํ„ฐ์—์„œ ์‹คํ–‰ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

์ ˆ๋Œ€ ์™„๋ฒฝํ•œ ์†”๋ฃจ์…˜์€ ์•„๋‹ˆ์ง€๋งŒ ์ˆ˜์ •์ด ์ด๋ฃจ์–ด์งˆ ๋•Œ๊นŒ์ง€๋Š” ์™ธ๋ถ€ ๊ตฌ์„ฑ ์š”์†Œ๋‚˜ ์ฃผ์š” ๋„์ปค ๊ตฌ์„ฑ ์—†์ด ํ•ด๊ฒฐํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

@jamiejackson ์šฐ๋ฆฌ๊ฐ€ ์ฐพ์€ "๊ฐ€์žฅ ๋‚˜์œ" ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์€ Traefik์„ ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ์—์„œ ์ „์—ญ ์„œ๋น„์Šค๋กœ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๊ทธ๋“ค ์€ ๋ฌธ์„œ ์— ์ข‹์€
https://github.com/containous/traefik/issues/1880

๋„์›€์ด ๋˜์—ˆ๊ธฐ๋ฅผ ๋ฐ”๋ž๋‹ˆ๋‹ค. ๋˜ํ•œ ์‹ค์ œ ์š”์ฒญ์ž IP๋ฅผ ํ™•์ธํ•  ์ˆ˜ ์—†๋Š” ์†”๋ฃจ์…˜์„ ์‚ฌ์šฉํ•  ์ˆ˜ ์—†์œผ๋ฏ€๋กœ ๋ฌด์–ธ๊ฐ€๊ฐ€ ๋ณ€๊ฒฝ๋  ๋•Œ๊นŒ์ง€ ์ด kludge ์ˆ˜์ • ์‚ฌํ•ญ์„ ์œ ์ง€ํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ์ตœ์†Œํ•œ ๋ณด์•ˆ์ƒ์˜ ์ด์œ ๋กœ ๋งค์šฐ ์ผ๋ฐ˜์ ์ธ ์š”๊ตฌ ์‚ฌํ•ญ์ธ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.

์ดํ•ดํ–ˆ์Šต๋‹ˆ๋‹ค(๊ทธ๋ฆฌ๊ณ  ์ด๊ฒƒ์˜ ๋Š์Šจํ•œ ๋ฒ„์ „์ด ์šฐ๋ฆฌ๊ฐ€ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค).

๊ทธ๋Ÿฌ๋‚˜ - ์ด ํŠน์ • ๋ฒ„๊ทธ์˜ ์˜์ œ๋Š” ๊ฐœ๋ฐœ์ž์—๊ฒŒ ์š”์ฒญํ•˜๋Š” ๊ฒƒ์ด์—ˆ์Šต๋‹ˆ๋‹ค.
๊ทธ๊ฒƒ์„ ๋งˆ๋ฒ•์˜ ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ์— ๊ตฌ์ถ•ํ•˜๊ธฐ ์œ„ํ•ด (์•„๋งˆ๋„ ํ”„๋ก์‹œ๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ)
ํ”„๋กœํ† ์ฝœ ๋˜๋Š” ๊ธฐํƒ€ ๋ฉ”์ปค๋‹ˆ์ฆ˜)

2018๋…„ 8์›” 8์ผ ์ˆ˜์š”์ผ, 21:22 Maxime Lamothe-Brassard, <
[email protected]>์€ ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์ผ์Šต๋‹ˆ๋‹ค.

๋ฌด์Šจ ๋ง์ธ์ง€ 100% ํ™•์‹ ํ•  ์ˆ˜ ์—†์ง€๋งŒ ์™ธ๋ถ€์ ์œผ๋กœ๋Š” A๊ฐ€ ์žˆ๋Š” DNS๋ฅผ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค.
ํด๋Ÿฌ์Šคํ„ฐ ๋…ธ๋“œ๋‹น ๋ ˆ์ฝ”๋“œ ์ด๊ฒƒ์€ ๋น„์šฉ์ด ๋“ค์ง€ ์•Š๊ณ  ์ €๋ ดํ•œ "๋ฐธ๋Ÿฐ์‹ฑ"์„ ์ œ๊ณตํ•ฉ๋‹ˆ๋‹ค.
์™ธ๋ถ€ ์ด๋™ ๋ถ€ํ’ˆ. ํด๋ผ์ด์–ธํŠธ๊ฐ€ ์š”์ฒญํ•  ๋•Œ ๋ฌด์ž‘์œ„ A๋ฅผ ์„ ํƒํ–ˆ์Šต๋‹ˆ๋‹ค.
๊ธฐ๋กํ•˜๊ณ  ํด๋Ÿฌ์Šคํ„ฐ ๋…ธ๋“œ ์ค‘ ํ•˜๋‚˜์—์„œ 443์— ์—ฐ๊ฒฐํ•ฉ๋‹ˆ๋‹ค.

๊ฑฐ๊ธฐ์—์„œ ํ•ด๋‹น ํŠน์ • ๋…ธ๋“œ์—์„œ ์‹คํ–‰ ์ค‘์ธ ์—ญ๋ฐฉํ–ฅ ํ”„๋ก์‹œ์™€
443์—์„œ ์ˆ˜์‹  ๋Œ€๊ธฐ๋Š” ์‹ค์ œ ํด๋ผ์ด์–ธํŠธ IP๋ฅผ ํฌํ•จํ•˜์—ฌ ๊ธฐ๋ณธ ์—ฐ๊ฒฐ์„ ์–ป์Šต๋‹ˆ๋‹ค.
๊ทธ๋Ÿฐ ๋‹ค์Œ ์—ญ๋ฐฉํ–ฅ ํ”„๋ก์‹œ ์ปจํ…Œ์ด๋„ˆ๋Š” ํ—ค๋”๋ฅผ ์ถ”๊ฐ€ํ•˜๊ณ  ์—ฐ๊ฒฐ์„ ์ „๋‹ฌํ•ฉ๋‹ˆ๋‹ค.
Swarm ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ๋‹ค๋ฅธ ๋‚ด๋ถ€ ์ปจํ…Œ์ด๋„ˆ๋กœ
(tasks.backend). task.backend ๋Œ€์ƒ์„ ์‚ฌ์šฉํ•˜๊ธฐ ๋•Œ๋ฌธ์—
random ๋‚ด๋ถ€ ์„œ๋น„์Šค์— ๋Œ€ํ•œ A ๋ ˆ์ฝ”๋“œ.

๋”ฐ๋ผ์„œ ์—„๊ฒฉํ•œ ์˜๋ฏธ์—์„œ ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ์˜ ๋งˆ๋ฒ•์„ ์šฐํšŒํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์—ฐ๊ฒฐ์„ ๋ฆฌ๋””๋ ‰์…˜ํ•ฉ๋‹ˆ๋‹ค. ๋Œ€์‹  ์ด ๋™์ž‘์„ ๋‹ค์Œ๊ณผ ๊ฐ™์ด ๋ณต์ œํ•ฉ๋‹ˆ๋‹ค.
์—ญ ํ”„๋ก์‹œ ๋ฐ ํ—ค๋”๋ฅผ ์ถ”๊ฐ€ํ•ฉ๋‹ˆ๋‹ค. ์ตœ์ข… ํšจ๊ณผ๋Š” ๋™์ผํ•ฉ๋‹ˆ๋‹ค(
๋Š์Šจํ•œ ์˜๋ฏธ) ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ์˜ ๋งˆ์ˆ ์ฒ˜๋Ÿผ. ๊ทธ๊ฒƒ์€ ๋˜ํ•œ ๊ทธ๊ฒƒ์„ํ•ฉ๋‹ˆ๋‹ค
Swarm์„ ์‹คํ–‰ํ•˜๋Š” ๊ฒƒ๊ณผ ๋ณ‘ํ–‰ํ•˜์—ฌ
์•„๋ฌด ๊ฒƒ๋„ ํ•˜์ง€ ์•Š๊ณ  ๋™์ผํ•œ ํด๋Ÿฌ์Šคํ„ฐ์— ํด๋ผ์ด์–ธํŠธ IP๊ฐ€ ํ•„์š”ํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.
๊ทธ ์™ธ.

์ ˆ๋Œ€ ์™„๋ฒฝํ•œ ์†”๋ฃจ์…˜์€ ์•„๋‹ˆ์ง€๋งŒ ์ˆ˜์ •์ด ์ด๋ฃจ์–ด์งˆ ๋•Œ๊นŒ์ง€(๋งŒ์•ฝ ์žˆ๋‹ค๋ฉด)
์™ธ๋ถ€ ๊ตฌ์„ฑ ์š”์†Œ๋‚˜ ์ฃผ์š” ๋„์ปค ๊ตฌ์„ฑ ์—†์ด๋„ ๊ฐ€๋Šฅํ•ฉ๋‹ˆ๋‹ค.

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-411455384 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAEsU5RKjGc3hEk6bk-doicDa1MbYGAyks5uOwlIgaJpZM4Jf2WK
.

TBH ์ธ๊ทธ๋ ˆ์Šค ๋„คํŠธ์›Œํฌ๊ฐ€ ip๋ฅผ ์ถ”๊ฐ€ํ•˜๊ธฐ ์œ„ํ•ด ํŒจ์น˜๋˜์ง€ ์•Š๋Š” ์ด์œ ๋ฅผ ์ž˜ ๋ชจ๋ฅด๊ฒ ์Šต๋‹ˆ๋‹ค.
ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์˜ ๋ฐ์ดํ„ฐ.

์ ์ง„์ ์ด๋ฉฐ ๊ธฐ์กด ์Šคํƒ์„ ์†์ƒ์‹œํ‚ค์ง€ ์•Š์œผ๋ฉฐ ์ž˜ ์ •์˜๋˜์–ด ์žˆ์Šต๋‹ˆ๋‹ค.
ํ‘œ์ค€์— ๋”ฐ๋ผ ๋Œ€๊ทœ๋ชจ ํด๋ผ์šฐ๋“œ ๊ณต๊ธ‰์—…์ฒด์—์„œ๋„ ๊ด‘๋ฒ”์œ„ํ•˜๊ฒŒ ์ง€์›๋ฉ๋‹ˆ๋‹ค.
์• ํ”Œ๋ฆฌ์ผ€์ด์…˜ ํ”„๋ ˆ์ž„์›Œํฌ์—์„œ ์ง€์›ํ•ฉ๋‹ˆ๋‹ค.

์ƒ๋‹นํ•œ ๊ฐœ๋ฐœ์ž ๋…ธ๋ ฅ์ž…๋‹ˆ๊นŒ?

2018๋…„ 8์›” 8์ผ ์ˆ˜์š”์ผ 21:30 Matt Glaser, [email protected]์—์„œ ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์ผ์Šต๋‹ˆ๋‹ค.

@jamiejackson https://github.com/jamiejackson "๊ฐ€์žฅ ๋‚˜์œ"
์šฐ๋ฆฌ๊ฐ€ ์ฐพ์€ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์€ Traefik์„ ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ์—์„œ ์ „์—ญ ์„œ๋น„์Šค๋กœ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
๊ทธ๋“ค์€ ๋ฌธ์„œ์— ์ข‹์€ ์ผ๋ฐ˜์ ์ธ ์˜ˆ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.
https://docs.traefik.io/user-guide/cluster-docker-consul/#full-docker-compose-file_1 .
์ด ์„ค์ •๊ณผ ๊ด€๋ จ์ด ์žˆ์„ ์ˆ˜๋„ ์žˆ๊ณ  ๊ด€๋ จ์ด ์—†์„ ์ˆ˜๋„ ์žˆ๋Š” ๋ช‡ ๊ฐ€์ง€ ๋ฒ„๊ทธ๋ฅผ ๋ณด์•˜์ง€๋งŒ
Traefik์€ ํ›Œ๋ฅญํ•œ ํ”„๋กœ์ ํŠธ์ด๋ฉฐ Swarm์—์„œ ๊ฝค ์•ˆ์ •์ ์ธ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. ๊ฑฐ๊ธฐ์—
๋ฌธ์ œ ํŽ˜์ด์ง€์˜ ์ „์ฒด ์Šค๋ ˆ๋“œ(์—ฌ๊ธฐ์—์„œ ๋‹ค์‹œ ๋ฐ˜๋ณต๋ฉ๋‹ˆ๋‹ค. :) ),
์œ ์‚ฌํ•œ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•:
์ฝ˜ํ…Œ์ด๋„ˆ์Šค/traefik#1880
https://github.com/containous/traefik/issues/1880

๋„์›€์ด ๋˜์—ˆ๊ธฐ๋ฅผ ๋ฐ”๋ž๋‹ˆ๋‹ค. ์šฐ๋ฆฌ๋Š” ๋˜ํ•œ ์šฐ๋ฆฌ๊ฐ€ ํ—ˆ์šฉํ•˜์ง€ ์•Š๋Š” ์†”๋ฃจ์…˜์„ ์‚ฌ์šฉํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค
์‹ค์ œ ์š”์ฒญ์ž IP๋ฅผ ํ™•์ธํ•˜์—ฌ
๋ญ”๊ฐ€ ๋ณ€๊ฒฝ๋ฉ๋‹ˆ๋‹ค. ๋ณด์•ˆ์ƒ์˜ ์ด์œ ๋กœ ๊ฝค ์ผ๋ฐ˜์ ์ธ ํ•„์š”์ฒ˜๋Ÿผ ๋ณด์ž…๋‹ˆ๋‹ค.
์ ์–ด๋„.

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-411458326 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAEsU7NNbsW44L95VYCvlyL_Bje-h6L9ks5uOwsUgaJpZM4Jf2WK
.

๊ธ€์Ž„, Docker๋Š” ํ˜„์žฌ ์ˆ˜์‹  ํŠธ๋ž˜ํ”ฝ์„ ๊ฑด๋“œ๋ฆฌ์ง€ ์•Š์œผ๋ฏ€๋กœ ์ ์–ด๋„ ์ถ”๊ฐ€ํ•˜๋Š” ๊ฒƒ์ด ์ค‘์š”ํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.
์ด๊ฒƒ์€ ๋˜ํ•œ ์˜คํ”ˆ ์†Œ์Šค ํ”„๋กœ์ ํŠธ๋ผ๋Š” ๊ฒƒ์„ ๋ช…์‹ฌํ•˜์‹ญ์‹œ์˜ค. ์ •๋ง๋กœ ์›ํ•˜๋Š” ๊ฒƒ์ด ์žˆ๋‹ค๋ฉด ์ผ๋ฐ˜์ ์œผ๋กœ ๊ทธ๊ฒƒ์„ ๊ตฌํ˜„ํ•˜๋Š” ๊ฒƒ์€ ๋‹น์‹ ์—๊ฒŒ ๋‹ฌ๋ ค ์žˆ์Šต๋‹ˆ๋‹ค.

+1, ์ด๊ฒƒ์€ ์ •๋ง ์‡ผ์Šคํ† ํผ์ž…๋‹ˆ๋‹ค.
๋Œ€๋ถ€๋ถ„์˜ ์‘์šฉ ํ”„๋กœ๊ทธ๋žจ์— ์‹ค์ œ ํด๋ผ์ด์–ธํŠธ IP๊ฐ€ ํ•„์š”ํ•˜๋‹ค๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค. ๋ฉ”์ผ ์„œ๋ฒ„ ์Šคํƒ์„ ์ƒ๊ฐํ•ด ๋ณด์‹ญ์‹œ์˜ค. ์ž„์˜์˜ ํ˜ธ์ŠคํŠธ์—์„œ ๋ฉ”์ผ์„ ์ˆ˜๋ฝํ•  ์—ฌ์œ ๊ฐ€ ์—†์Šต๋‹ˆ๋‹ค.

์šฐ๋ฆฌ๋Š” proxy_protocol nginx ๊ธ€๋กœ๋ฒŒ ์ŠคํŠธ๋ฆผ ์ธ์Šคํ„ด์Šค ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ๋กœ ์ „ํ™˜ํ–ˆ์œผ๋ฉฐ ์ด๋Š” ๋ณต์ œ๋œ ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜ proxy_nginx๋กœ ์ „๋‹ฌ๋ฉ๋‹ˆ๋‹ค. ์ด๊ฒƒ์€ ํ˜„์žฌ๋กœ์„œ๋Š” ์ถฉ๋ถ„ํžˆ ์ž˜ ์ž‘๋™ํ•ฉ๋‹ˆ๋‹ค.

์„œ๋น„์Šค ๊ธ€๋กœ๋ฒŒ nginx_stream

stream {
    resolver_timeout 5s;
    # 127.0.0.11 is docker swarms dns server
    resolver 127.0.0.11 valid=30s;
    # set does not work in stream module, using map here
    map '' $upstream_endpoint {
        default proxy_nginx:443;
    }

    server {
        listen 443;
        proxy_pass $upstream_endpoint;
        proxy_protocol on;
    }
}

์„œ๋น„์Šค ๋ณต์ œ nginx_proxy

server {
    listen 443 ssl http2 proxy_protocol;
    include /ssl.conf.include;

    ssl_certificate /etc/nginx/certs/main.crt;
    ssl_certificate_key /etc/nginx/certs/main.key;

    server_name example.org;

    auth_basic           "closed site";
    auth_basic_user_file /run/secrets/default.htpasswd;

    # resolver info in nginx.conf
    set $upstream_endpoint app;
    location / {
        # relevant proxy_set_header in nginx.conf
        proxy_pass http://$upstream_endpoint;
    }
}

nginx_stream์— ๋Œ€ํ•œ ์ „์ฒด nginx ๊ตฌ์„ฑ์„ ์ง€๋‚˜์น  ์ˆ˜ ์žˆ์Šต๋‹ˆ๊นŒ?
Swarm ๊ตฌ์„ฑ์ด ์žˆ๋Š” nginx_proxy?

์ด๊ฒƒ์ด ์ž‘๋™ํ•˜๋ฉด ๊ต‰์žฅํ•ฉ๋‹ˆ๋‹ค!

2018๋…„ 9์›” 11์ผ ํ™”์š”์ผ 17:14 rubot, [email protected]์ด(๊ฐ€) ์ž‘์„ฑํ–ˆ์Šต๋‹ˆ๋‹ค.

์šฐ๋ฆฌ๋Š” proxy_protocol nginx ๊ธ€๋กœ๋ฒŒ ์ŠคํŠธ๋ฆผ ์ธ์Šคํ„ด์Šค๋กœ ์ „ํ™˜ํ–ˆ์Šต๋‹ˆ๋‹ค.
๋ณต์ œ๋œ ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜ proxy_nginx๋กœ ์ „๋‹ฌ. ์ด๊ฒƒ์€ ์ถฉ๋ถ„ํžˆ ์ž˜ ์ž‘๋™ํ•ฉ๋‹ˆ๋‹ค
์ˆœ๊ฐ„.

์„œ๋น„์Šค ๊ธ€๋กœ๋ฒŒ nginx_stream

๊ฐœ์šธ {
resolver_timeout 5์ดˆ;
# 127.0.0.11์€ docker swarms dns ์„œ๋ฒ„์ž…๋‹ˆ๋‹ค.
๋ฆฌ์กธ๋ฒ„ 127.0.0.11 ์œ ํšจ=30์ดˆ;
# set์€ ์ŠคํŠธ๋ฆผ ๋ชจ๋“ˆ์—์„œ ์ž‘๋™ํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ์—ฌ๊ธฐ์—์„œ map์„ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค.
์ง€๋„ '' $upstream_endpoint {
๊ธฐ๋ณธ ํ”„๋ก์‹œ_ nginx:443;
}

server {
    listen 443;
    proxy_pass $upstream_endpoint;
    proxy_protocol on;
}

}

์„œ๋น„์Šค ๋ณต์ œ nginx_proxy

์„œ๋ฒ„ {
์ˆ˜์‹  443 SSL http2 proxy_protocol;
ํฌํ•จ /ssl.conf.include;

ssl_certificate /etc/nginx/certs/main.crt;
ssl_certificate_key /etc/nginx/certs/main.key;

server_name example.org;

auth_basic           "closed site";
auth_basic_user_file /run/secrets/default.htpasswd;

# resolver info in nginx.conf
set $upstream_endpoint app;
location / {
    # relevant proxy_set_header in nginx.conf
    proxy_pass http://$upstream_endpoint;
}

}

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-420244262 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAEsU5K-gK09XdI9NxLlT36IrJP7U7_cks5uZ6IrgaJpZM4Jf2WK
.

@sandys ํ™˜๊ฒฝ ๋ณ€์ˆ˜๋ฅผ ํ†ตํ•ด ๊ตฌ์„ฑ๋œ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ ๋ถ€๋ถ„์— ๋Œ€ํ•œ haproxy ๊ธฐ๋ฐ˜ ์†”๋ฃจ์…˜ ์ด ์žˆ์Šต๋‹ˆ๋‹ค.

Swarm ๊ตฌ์„ฑ์„ ์‚ฌ์šฉํ•˜์—ฌ nginx_stream ๋ฐ nginx_proxy์— ๋Œ€ํ•œ ์ „์ฒด nginx ๊ตฌ์„ฑ์„ ์ง€๋‚˜์น  ์ˆ˜ ์žˆ์Šต๋‹ˆ๊นŒ? ์ด๊ฒƒ์ด ์ž‘๋™ํ•˜๋ฉด ๊ต‰์žฅํ•ฉ๋‹ˆ๋‹ค!

@sandys ๋‹ค์Œ ๊ณผ ๊ฐ™์Šต๋‹ˆ๋‹ค.
https://gist.github.com/rubot/10c79ee0086a8a246eb43ab631f3581f

๋™์ผํ•œ ๋ฌธ์ œ๊ฐ€ ๋ฐœ์ƒํ•ฉ๋‹ˆ๋‹ค. ์ด ๋ฌธ์ œ๊ฐ€ ํ•ด๊ฒฐ๋ฉ๋‹ˆ๊นŒ? ์ถœ์‹œ ์˜ˆ์ •์ธ ๊ธฐ๋ณธ ๊ธฐ๋Šฅ์ฒ˜๋Ÿผ ๋ณด์ž…๋‹ˆ๋‹ค.

๋ฐฐํฌ:
๋ชจ๋“œ: ๊ธ€๋กœ๋ฒŒ
ํฌํŠธ:

  • ๋Œ€์ƒ: 443 ๊ฒŒ์‹œ๋จ: 443 ํ”„๋กœํ† ์ฝœ: tcp ๋ชจ๋“œ: ํ˜ธ์ŠคํŠธ

์ด ์กฐ์–ธ์„ ๋”ฐ๋ฅด๋ฉด ๋„์ปค ์Šค์›œ ๋ฐธ๋Ÿฐ์„œ๊ฐ€ ์ด์ œ ๋ฐฉ์ •์‹์—์„œ ๋ฒ—์–ด๋‚ฌ๊ธฐ ๋•Œ๋ฌธ์— ๋ฌธ์ œ๊ฐ€ ํ•ด๊ฒฐ๋ฉ๋‹ˆ๋‹ค.
๋‚˜์—๊ฒŒ๋Š” ์—ฌ์ „ํžˆ HA์ด๊ณ  ์ด๋ฏธ haproxy(๋„์ปค ํ๋ฆ„ ํ”„๋ก์‹œ ์ปจํ…Œ์ด๋„ˆ ๋‚ด๋ถ€)๊ฐ€ ์žˆ๊ธฐ ๋•Œ๋ฌธ์— ์œ ํšจํ•œ ์†”๋ฃจ์…˜์ž…๋‹ˆ๋‹ค.
์œ ์ผํ•œ ๋ฌธ์ œ๋Š” haproxy ํ†ต๊ณ„๊ฐ€ ๋ชจ๋“  ๋ณต์ œ๋ณธ์— ๋ฐฐํฌ๋˜๋ฏ€๋กœ ์ „์ฒด ํด๋Ÿฌ์Šคํ„ฐ์˜ ํŠธ๋ž˜ํ”ฝ์„ ๋ชจ๋‹ˆํ„ฐ๋งํ•  ๋•Œ ํ•ด๋‹น ์ •๋ณด๋ฅผ ์–ด๋–ป๊ฒŒ๋“  ์ง‘๊ณ„ํ•ด์•ผ ํ•œ๋‹ค๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๊ณผ๊ฑฐ์—๋Š” ๋„์ปค ์Šค์›œ ๋ฐธ๋Ÿฐ์„œ ๋’ค์— ์žˆ๋˜ ํ•˜๋‚˜์˜ haproxy ์ธ์Šคํ„ด์Šค๋งŒ ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค.
๊ฑด๋ฐฐ,
์žํฌ

OP์˜ ์š”์ฒญ( @PanJ )์„ ์ฝ์„ ๋•Œ ํ˜„์žฌ ๊ธฐ๋Šฅ์ด ๋ช‡ ๋‹ฌ ๋™์•ˆ ์ œ์•ˆ๋œ ๋Œ€๋กœ ์ด ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜๋Š” ๊ฒƒ์œผ๋กœ ๋ณด์ž…๋‹ˆ๋‹ค. OP๋Š” ์ˆ˜์‹  ๋ผ์šฐํŒ… + ํด๋ผ์ด์–ธํŠธ IP AFAIK๋ฅผ ์š”์ฒญํ•˜์ง€ ์•Š์•˜์œผ๋ฉฐ ๋ณต์ œ๋ณธ/์ „์—ญ์—์„œ ์Šค์›œ ์„œ๋น„์Šค๊ฐ€ ํด๋ผ์ด์–ธํŠธ IP๋ฅผ ์–ป๋Š” ๋ฐฉ๋ฒ•์„ ์š”์ฒญํ–ˆ์œผ๋ฉฐ ์ด์ œ ๊ฐ€๋Šฅํ•ฉ๋‹ˆ๋‹ค. ์ด๋ฅผ ๊ฐ€๋Šฅํ•˜๊ฒŒ ํ•˜๋Š” ๋‘ ๊ฐ€์ง€ ์ฃผ์š” ๊ฐœ์„  ์˜์—ญ:

  1. ์ด์ œ ์ˆ˜์‹  ๋ผ์šฐํŒ… ๊ณ„์ธต์„ ๊ฑด๋„ˆ๋›ฐ๊ณ  ํ˜ธ์ŠคํŠธ IP์— ํฌํŠธ๋ฅผ "๊ฒŒ์‹œ"ํ•˜๋Š” Swarm ์„œ๋น„์Šค๋ฅผ ๋งŒ๋“ค ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
  2. ๋™์ผํ•œ ์„œ๋น„์Šค๋Š” ์˜ค๋ฒ„๋ ˆ์ด์™€ ๊ฐ™์€ ๋‹ค๋ฅธ ๋„คํŠธ์›Œํฌ์— ๋™์‹œ์— ์—ฐ๊ฒฐํ•  ์ˆ˜ ์žˆ์œผ๋ฏ€๋กœ ์˜ค๋ฒ„๋ ˆ์ด ์ด์ ์œผ๋กœ ๋‹ค๋ฅธ ์„œ๋น„์Šค์— ์•ก์„ธ์Šคํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

18.09 ์—”์ง„์„ ์‚ฌ์šฉํ•˜๋Š” ์ €์—๊ฒŒ๋Š” ํ…Œ์ŠคํŠธ์—์„œ ๋‘ ๊ฐ€์ง€ ์žฅ์ ์„ ๋ชจ๋‘ ์–ป์—ˆ์Šต๋‹ˆ๋‹ค. ๋‹จ์ผ ์„œ๋น„์Šค๋Š” ๋ฐฑ์—”๋“œ ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ์— ์—ฐ๊ฒฐํ•˜๊ณ  ํ˜ธ์ŠคํŠธ NIC์— ํฌํŠธ๋ฅผ ๊ฒŒ์‹œํ•˜๊ณ  ํ˜ธ์ŠคํŠธ IP์—์„œ ๋“ค์–ด์˜ค๋Š” ์‹ค์ œ ํด๋ผ์ด์–ธํŠธ IP๋ฅผ ๋ณผ ์ˆ˜๋„ ์žˆ์Šต๋‹ˆ๋‹ค. ๋ฐฑ์—”๋“œ ์„œ๋น„์Šค๋กœ ํ–ฅํ•˜๋Š” ํด๋ผ์ด์–ธํŠธ IP ํŠธ๋ž˜ํ”ฝ์„ traefik์— ๊ธฐ๋กํ•˜๊ธฐ ์œ„ํ•ด traefik ์—ญ ํ”„๋ก์‹œ ์™€ ํ•จ๊ป˜ ์‚ฌ์šฉํ•˜๊ณ 

@PanJ ๊ฐ€ ๋‹น์‹ ์„ ์œ„ํ•ด ๊ทธ๊ฒƒ์„ ํ•ด๊ฒฐํ•ฉ๋‹ˆ๊นŒ?

ํ•ต์‹ฌ์€ mode: ingress (๊ธฐ๋ณธ๊ฐ’)๊ฐ€ ์•„๋‹Œ mode: host ํฌํŠธ๋ฅผ ๊ฒŒ์‹œํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.

์ด ๋ชจ๋“œ์˜ ์žฅ์ ์€ ์‹ค์ œ ํด๋ผ์ด์–ธํŠธ IP์™€ ๊ธฐ๋ณธ ํ˜ธ์ŠคํŠธ NIC ์„ฑ๋Šฅ์„ ์–ป์„ ์ˆ˜ ์žˆ๋‹ค๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค(IPVS ์บก์Šํ™” AFAIK ์™ธ๋ถ€์— ์žˆ๊ธฐ ๋•Œ๋ฌธ์—). ๋‹จ์ ์€ ๋ณต์ œ๋ณธ์„ ์‹คํ–‰ํ•˜๋Š” ๋…ธ๋“œ์—์„œ๋งŒ ์ˆ˜์‹  ๋Œ€๊ธฐํ•œ๋‹ค๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.

๋‚˜์—๊ฒŒ "์ธ๊ทธ๋ ˆ์Šค IPVS ๋ผ์šฐํŒ…์„ ์‚ฌ์šฉํ•˜๊ณ  ํด๋ผ์ด์–ธํŠธ IP๋„ ๋ณด๊ณ  ์‹ถ๋‹ค"๋Š” ์š”์ฒญ์€ libnetwork์˜ ๋‹ค๋ฅธ ๊ธฐ๋Šฅ ์š”์ฒญ์ž…๋‹ˆ๋‹ค.

์—ฌ๊ธฐ์„œ ๋ฌด์—‡์ด ๋ฐ”๋€Œ์—ˆ์Šต๋‹ˆ๊นŒ? ์ด ์ž‘์—…์„ ์ˆ˜ํ–‰ํ•˜๊ธฐ ์œ„ํ•ด ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ๋ฅผ ์‚ฌ์šฉํ–ˆ๊ธฐ ๋•Œ๋ฌธ์—
์˜ค๋žœ๋งŒ์ด๋‹ค. ์‚ฌ์‹ค ์ด๊ฒƒ์ด ์ด ์Šค๋ ˆ๋“œ์—์„œ ์ œ์•ˆํ•œ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค.
์ž˜.

๋ฌธ์ œ๋Š” ๋ฌผ๋ก ์ด ์„œ๋น„์Šค๋ฅผ ํŠน์ •
Swarm์ด ๋‹ค๋ฅธ ๊ณณ์—์„œ ์ผ์ •์„ ์žก์„ ์ˆ˜ ์—†๋„๋ก ํ˜ธ์ŠคํŠธํ•ฉ๋‹ˆ๋‹ค. ์–ด๋–ค ๊ฒƒ์ด ๋ฌธ์ œ์˜€๋‚˜
์ „์ ์œผ๋กœ - ๊ทธ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ/IPVS ๋“ฑ์ด ์ด ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•ฉ๋‹ˆ๋‹ค.

2019๋…„ 1์›” 4์ผ ๊ธˆ์š”์ผ 09:34 Bret Fisher < [email protected] ์ž‘์„ฑ:

OP์˜ ์š”์ฒญ( @PanJ https://github.com/PanJ )์„ ์ฝ์„ ๋•Œ
์— ๋Œ€ํ•ด ์ œ์•ˆ๋œ ๋Œ€๋กœ ํ˜„์žฌ ๊ธฐ๋Šฅ์ด ์ด์ œ ์ด ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜๋Š” ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.
๊ฐœ์›”. OP๋Š” ์ˆ˜์‹  ๋ผ์šฐํŒ… + ํด๋ผ์ด์–ธํŠธ IP AFAIK๋ฅผ ์š”์ฒญํ•˜์ง€ ์•Š์•˜์Šต๋‹ˆ๋‹ค.
๋ ˆํ”Œ๋ฆฌ์นด/๊ธ€๋กœ๋ฒŒ์—์„œ ์Šค์›œ ์„œ๋น„์Šค๊ฐ€ ํด๋ผ์ด์–ธํŠธ IP๋ฅผ ์–ป๋Š” ๋ฐฉ๋ฒ•์„ ์œ„ํ•ด,
์ด์ œ ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์ด๋ฅผ ๊ฐ€๋Šฅํ•˜๊ฒŒ ํ•˜๋Š” ๋‘ ๊ฐ€์ง€ ์ฃผ์š” ๊ฐœ์„  ์˜์—ญ:

  1. ์ด์ œ ํฌํŠธ๋ฅผ "๊ฒŒ์‹œ"ํ•˜๋Š” Swarm ์„œ๋น„์Šค๋ฅผ ๋งŒ๋“ค ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
    ํ˜ธ์ŠคํŠธ IP, ์ˆ˜์‹  ๋ผ์šฐํŒ… ๋ ˆ์ด์–ด ๊ฑด๋„ˆ๋›ฐ๊ธฐ
  2. ๋™์ผํ•œ ์„œ๋น„์Šค๋Š” ์˜ค๋ฒ„๋ ˆ์ด์™€ ๊ฐ™์€ ๋‹ค๋ฅธ ๋„คํŠธ์›Œํฌ์— ์—ฐ๊ฒฐํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
    ๋™์‹œ์— ์˜ค๋ฒ„๋ ˆ์ด ์ด์ ์œผ๋กœ ๋‹ค๋ฅธ ์„œ๋น„์Šค์— ์•ก์„ธ์Šคํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

18.09 ์—”์ง„์„ ์‚ฌ์šฉํ•˜๋Š” ์ €์—๊ฒŒ๋Š” ํ…Œ์ŠคํŠธ์—์„œ ๋‘ ๊ฐ€์ง€ ์žฅ์ ์„ ๋ชจ๋‘ ์–ป์—ˆ์Šต๋‹ˆ๋‹ค. NS
๋‹จ์ผ ์„œ๋น„์Šค๋Š” ๋ฐฑ์—”๋“œ ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ์— ์—ฐ๊ฒฐํ•˜๊ณ  ๊ฒŒ์‹œํ•  ์ˆ˜๋„ ์žˆ์Šต๋‹ˆ๋‹ค.
ํ˜ธ์ŠคํŠธ NIC์˜ ํฌํŠธ๋ฅผ ํ™•์ธํ•˜๊ณ  ํ˜ธ์ŠคํŠธ IP์—์„œ ๋“ค์–ด์˜ค๋Š” ์‹ค์ œ ํด๋ผ์ด์–ธํŠธ IP๋ฅผ ํ™•์ธํ•ฉ๋‹ˆ๋‹ค. ๋‚˜๋Š”
traefik ์—ญ ํ”„๋ก์‹œ์™€ ํ•จ๊ป˜ ์ด๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ traefik์—์„œ ํด๋ผ์ด์–ธํŠธ IP ํŠธ๋ž˜ํ”ฝ์„ ๊ธฐ๋กํ•ฉ๋‹ˆ๋‹ค.
๋ฐฑ์—”๋“œ ์„œ๋น„์Šค๋กœ ํ–ฅํ•˜๋Š”
https://github.com/BretFisher/dogvscat/blob/7e9fe5b998f2cf86951df3f443714beb413d63fb/stack-proxy-global.yml#L75-L83 .
๋‚˜๋Š” ์ด๊ฒƒ์ด ๋‚ด๊ฐ€ ๋ณธ "์‹ค์ œ ๋กœ๊น…"์— ๋Œ€ํ•œ ๋Œ€๋ถ€๋ถ„์˜ ์š”์ฒญ์„ ํ•ด๊ฒฐํ•  ์ˆ˜ ์žˆ๋‹ค๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค.
์•„์ดํ”ผ".

@PanJ https://github.com/PanJ ์ด ๋ฌธ์ œ๊ฐ€ ํ•ด๊ฒฐ๋ฉ๋‹ˆ๊นŒ?

ํ•ต์‹ฌ์€ mode: ingress๊ฐ€ ์•„๋‹Œ mode: host์—์„œ ํฌํŠธ๋ฅผ ๊ฒŒ์‹œํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
๊ธฐ๋ณธ).

์ด ๋ชจ๋“œ์˜ ์žฅ์ ์€ ์‹ค์ œ ํด๋ผ์ด์–ธํŠธ IP์™€ ๊ธฐ๋ณธ ํ˜ธ์ŠคํŠธ NIC๋ฅผ ์–ป๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์„ฑ๋Šฅ(IPVS ์บก์Šํ™” AFAIK ์™ธ๋ถ€์— ์žˆ๊ธฐ ๋•Œ๋ฌธ์—). ๋‹จ์ ์€
๋ณต์ œ๋ณธ์„ ์‹คํ–‰ํ•˜๋Š” ๋…ธ๋“œ์—์„œ๋งŒ ์ˆ˜์‹  ๋Œ€๊ธฐํ•ฉ๋‹ˆ๋‹ค.

๋‚˜์—๊ฒŒ "์ธ๊ทธ๋ ˆ์Šค IPVS ๋ผ์šฐํŒ…์„ ์‚ฌ์šฉํ•˜๊ณ  ์‹ถ์Šต๋‹ˆ๋‹ค.
ํด๋ผ์ด์–ธํŠธ IP"๋Š” libnetwork์˜ ๋‹ค๋ฅธ ๊ธฐ๋Šฅ ์š”์ฒญ์ž…๋‹ˆ๋‹ค.

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-451348906 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAEsUzs15UVWOVl54FLwBJSZJKX-9D0jks5u_tLPgaJpZM4Jf2WK
.

@BretFisher mode: host ๋Š” ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ผ ๋ฟ ์†”๋ฃจ์…˜์€ ์•„๋‹™๋‹ˆ๋‹ค. @sandys ๋Š” ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์— ๋ช‡ ๊ฐ€์ง€ ์ฃผ์˜ ์‚ฌํ•ญ์ด ์žˆ๋‹ค๊ณ  ๋ง

ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด ๋ฐœ๊ฒฌ๋œ ์ดํ›„๋กœ ๊ฐœ์„  ์‚ฌํ•ญ์ด ์žˆ๋Š”์ง€ ํ™•์‹คํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ๋‚˜๋Š” ๊ฝค ์˜ค๋žซ๋™์•ˆ ์ฟ ๋ฒ„๋„คํ‹ฐ์Šค๋กœ ์˜ฎ๊ฒจ์™”์ง€๋งŒ ์—ฌ์ „ํžˆ ์ด ๋ฌธ์ œ๊ฐ€ 2๋…„ ๋„˜๊ฒŒ ์—ด๋ ค ์žˆ๋‹ค๋Š” ์‚ฌ์‹ค์— ๋†€๋ž๋‹ค.

์‚ฌ๋žŒ๋“ค์ด ์ด๊ฒƒ์ด ๋ฒ„๊ทธ๋ผ๊ณ  ์ƒ๊ฐํ•˜๋Š” ์ด์œ ์— ๋Œ€ํ•ด ๋‚˜๋Š” ์—ฌ์ „ํžˆ ์•ฝ๊ฐ„ ๋†€๋ž์Šต๋‹ˆ๋‹ค. ๋‚ด
kubernetes๋กœ ์ด๋™ํ•˜๋Š” ์ง„์ˆ ์กฐ์ฐจ ์ ์ ˆํ•˜์ง€ ์•Š์€ ๊ด€์ 
๋‹ต๋ณ€. ๋‚ด๊ฐ€ ๋ณผ ๋•Œ kubernetes๋Š” ์ •ํ™•ํžˆ ๋™์ผํ•œ ๋ฌธ์ œ/๋™์ž‘์„ ๊ฐ€์ง€๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ๋‹น์‹ ์€
์™ธ๋ถ€ LB๊ฐ€ ์žˆ๊ฑฐ๋‚˜ ๋ฐ˜๋“œ์‹œ nginx ์ˆ˜์‹  ํ”„๋ก์‹œ์™€ ๊ฐ™์€ ๊ฒƒ์„ ์‚ฌ์šฉํ•˜์‹ญ์‹œ์˜ค.
๋ฐ๋ชฌ์…‹์œผ๋กœ ์‹คํ–‰ํ•ฉ๋‹ˆ๋‹ค. ๋‚ด๊ฐ€ ํ‹€๋ ธ๋‹ค๋ฉด ์ €๋ฅผ ์ˆ˜์ •ํ•˜์‹ญ์‹œ์˜ค. ๊ทธ๋Ÿฌ๋‚˜ ์šฐ๋ฆฌ๋Š” ๊ฐ™์€ ๊ฒƒ์„ ๊ฐ€์ง€๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
์—ฌ๊ธฐ์— ์ •ํ™•ํ•œ ์ƒํ™ฉ์ด ์žˆ์ง€๋งŒ ์—ฌ๊ธฐ์—๋Š” ์ค€๋น„๋œ ์ž๋™ ์†”๋ฃจ์…˜์ด ์—†์Šต๋‹ˆ๋‹ค. ๋ˆ„๊ตฐ๊ฐ€ ํ•  ์ˆ˜ ์žˆ์—ˆ๋‹ค
์œ„์—์„œ ์„ค๋ช…ํ•œ ์ œ์•ˆ๋œ tcp ์ŠคํŠธ๋ฆผ ์†”๋ฃจ์…˜์„ ํ™•์ธํ•˜๊ณ  ํฌ์žฅํ•˜์—ฌ
nginx ํ”„๋ก์‹œ ๋™์ž‘๊ณผ ๊ฐ™์€ ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๊ทธ๋ƒฅ ๋ฐ›์•„๋“ค์—ฌ, ๊ทธ ๋ฌด๋ฆฌ๋Š”
์ž์‹ ์— ์˜ํ•ด ์‚ฌ์šฉ์ž ์ •์˜

PanJ [email protected] schrieb am Fr., 2019๋…„ 1์›” 4์ผ, 09:28:

@BretFisher https://github.com/BretFisher ๋ชจ๋“œ: ํ˜ธ์ŠคํŠธ๋Š”
ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด์ง€๋งŒ ์†”๋ฃจ์…˜์€ ์•„๋‹™๋‹ˆ๋‹ค. @sandys๋กœ https://github.com/sandys
ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์— ๋ช‡ ๊ฐ€์ง€ ์ฃผ์˜ ์‚ฌํ•ญ์ด ์žˆ๋‹ค๊ณ  ๋ฐํ˜”์œผ๋ฏ€๋กœ ์ด ๋ฌธ์ œ๋ฅผ ๊ณ ๋ คํ•ด์„œ๋Š” ์•ˆ ๋ฉ๋‹ˆ๋‹ค.
๊ณ ์ •์œผ๋กœ.

ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด ์ ์šฉ๋œ ์ดํ›„๋กœ ๊ฐœ์„  ์‚ฌํ•ญ์ด ์žˆ๋Š”์ง€ ํ™•์‹คํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.
๋ฐœ๊ฒฌ. ๋‚˜๋Š” ๊ฝค ์˜ค๋žซ๋™์•ˆ Kubernetes๋กœ ์ด์‚ฌํ–ˆ๊ณ  ์—ฌ์ „ํžˆ
๋ฌธ์ œ๊ฐ€ 2๋…„ ๋„˜๊ฒŒ ์—ด๋ ค ์žˆ๋‹ค๋Š” ์‚ฌ์‹ค์— ๋†€๋ž์Šต๋‹ˆ๋‹ค.

โ€”
์ด ์Šค๋ ˆ๋“œ์— ๊ฐ€์ž…ํ–ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด ๋ฉ”์‹œ์ง€๋ฅผ ๋ฐ›๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-451382365 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAPgu40OJ-uNKORD-LAD12m1lafxzMiSks5u_xCcgaJpZM4Jf2WK
.

dockerflow ํ”„๋กœ์ ํŠธ๋ฅผ ํ™•์žฅํ•˜๊ณ  nginx ๋ณ€ํ˜•์„ ์ถ”๊ฐ€ํ•˜์—ฌ ์‹œ์ž‘ํ•  ์ˆ˜๋„ ์žˆ์Šต๋‹ˆ๋‹ค.
swarn์šฉ kubernetes-ingressproxy. ํ™•์‹คํžˆ ์ด๊ฒƒ์€ ๋ชจ๋‘ ๋–ผ๋กœ ๊ฐ€๋“ ์ฐจ ์žˆ์Šต๋‹ˆ๋‹ค.
๋‹น์‹ ์ด ์•Œ๊ณ  ์žˆ๋“ฏ์ด ์ถ”๊ฐ€ ์‹œ์Šคํ…œ ์ปจํ…Œ์ด๋„ˆ๋ฅผ ์˜ฌ๋ฆด ๊ฒƒ์ž…๋‹ˆ๋‹ค
๊ทธ๊ฒƒ๋“ค์„ ์ฟ ๋ฒ„๋„คํ‹ฐ์Šค๋กœ. ๋‚ ์”ฌํ•œ ์ž์›์„ ์œ„ํ•œ ๊ตฐ๋‹จ์˜ ํž˜์ด ์•„๋‹๊นŒ์š”?
๋ฆฐ ํ”„๋กœ์ ํŠธ?

Ruben Nicolaides [email protected] schrieb am Fr., 2019๋…„ 1์›” 4์ผ, 09:48:

์‚ฌ๋žŒ๋“ค์ด ์ด๊ฒƒ์ด ๋ฒ„๊ทธ๋ผ๊ณ  ์ƒ๊ฐํ•˜๋Š” ์ด์œ ์— ๋Œ€ํ•ด ๋‚˜๋Š” ์—ฌ์ „ํžˆ ์•ฝ๊ฐ„ ๋†€๋ž์Šต๋‹ˆ๋‹ค. ๋‚ด
kubernetes๋กœ ์ด๋™ํ•˜๋Š” ์ง„์ˆ ์กฐ์ฐจ ์ ์ ˆํ•˜์ง€ ์•Š์€ ๊ด€์ 
๋‹ต๋ณ€. ๋‚ด๊ฐ€ ๋ณผ ๋•Œ kubernetes๋Š” ์ •ํ™•ํžˆ ๋™์ผํ•œ ๋ฌธ์ œ/๋™์ž‘์„ ๊ฐ€์ง€๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ๋‹น์‹ ์€
์™ธ๋ถ€ LB๊ฐ€ ์žˆ๊ฑฐ๋‚˜ ๋ฐ˜๋“œ์‹œ nginx ์ˆ˜์‹  ํ”„๋ก์‹œ์™€ ๊ฐ™์€ ๊ฒƒ์„ ์‚ฌ์šฉํ•˜์‹ญ์‹œ์˜ค.
๋ฐ๋ชฌ์…‹์œผ๋กœ ์‹คํ–‰ํ•ฉ๋‹ˆ๋‹ค. ๋‚ด๊ฐ€ ํ‹€๋ ธ๋‹ค๋ฉด ์ €๋ฅผ ์ˆ˜์ •ํ•˜์‹ญ์‹œ์˜ค. ๊ทธ๋Ÿฌ๋‚˜ ์šฐ๋ฆฌ๋Š” ๊ฐ™์€ ๊ฒƒ์„ ๊ฐ€์ง€๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
์—ฌ๊ธฐ์— ์ •ํ™•ํ•œ ์ƒํ™ฉ์ด ์žˆ์ง€๋งŒ ์—ฌ๊ธฐ์—๋Š” ์ค€๋น„๋œ ์ž๋™ ์†”๋ฃจ์…˜์ด ์—†์Šต๋‹ˆ๋‹ค. ๋ˆ„๊ตฐ๊ฐ€ ํ•  ์ˆ˜ ์žˆ์—ˆ๋‹ค
์œ„์—์„œ ์„ค๋ช…ํ•œ ์ œ์•ˆ๋œ tcp ์ŠคํŠธ๋ฆผ ์†”๋ฃจ์…˜์„ ํ™•์ธํ•˜๊ณ  ํฌ์žฅํ•˜์—ฌ
nginx ํ”„๋ก์‹œ ๋™์ž‘๊ณผ ๊ฐ™์€ ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๊ทธ๋ƒฅ ๋ฐ›์•„๋“ค์—ฌ, ๊ทธ ๋ฌด๋ฆฌ๋Š”
์ž์‹ ์— ์˜ํ•ด ์‚ฌ์šฉ์ž ์ •์˜

PanJ [email protected] schrieb am Fr., 2019๋…„ 1์›” 4์ผ, 09:28:

@BretFisher https://github.com/BretFisher ๋ชจ๋“œ: ํ˜ธ์ŠคํŠธ๋Š”
ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด์ง€๋งŒ ์†”๋ฃจ์…˜์€ ์•„๋‹™๋‹ˆ๋‹ค. @sandys๋กœ https://github.com/sandys
ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์— ๋ช‡ ๊ฐ€์ง€ ์ฃผ์˜ ์‚ฌํ•ญ์ด ์žˆ๋‹ค๊ณ  ๋ฐํ˜”์œผ๋ฏ€๋กœ ์ด ๋ฌธ์ œ๋ฅผ ๊ณ ๋ คํ•ด์„œ๋Š” ์•ˆ ๋ฉ๋‹ˆ๋‹ค.
๊ณ ์ •์œผ๋กœ.

ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด ์ ์šฉ๋œ ์ดํ›„๋กœ ๊ฐœ์„  ์‚ฌํ•ญ์ด ์žˆ๋Š”์ง€ ํ™•์‹คํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.
๋ฐœ๊ฒฌ. ๋‚˜๋Š” ๊ฝค ์˜ค๋žซ๋™์•ˆ Kubernetes๋กœ ์ด์‚ฌํ–ˆ๊ณ  ์—ฌ์ „ํžˆ
๋ฌธ์ œ๊ฐ€ 2๋…„ ๋„˜๊ฒŒ ์—ด๋ ค ์žˆ๋‹ค๋Š” ์‚ฌ์‹ค์— ๋†€๋ž์Šต๋‹ˆ๋‹ค.

โ€”
์ด ์Šค๋ ˆ๋“œ์— ๊ฐ€์ž…ํ–ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด ๋ฉ”์‹œ์ง€๋ฅผ ๋ฐ›๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-451382365 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAPgu40OJ-uNKORD-LAD12m1lafxzMiSks5u_xCcgaJpZM4Jf2WK
.

๊ทธ๊ฒƒ๋“ค์€ ๋ณต์žกํ•œ ์†”๋ฃจ์…˜์ž…๋‹ˆ๋‹ค. ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์€ ์ถ”๊ฐ€ ํ—ค๋”๋ฅผ ์ถ”๊ฐ€ํ•ฉ๋‹ˆ๋‹ค.
์ •๋ณด์ด๋ฉฐ haproxy, nginx, AWS elb,
๋“ฑ์ด ๋ชจ๋‘ ๋”ฐ๋ฆ…๋‹ˆ๋‹ค. https://www.haproxy.com/blog/haproxy/proxy-protocol/

๋ณ€๊ฒฝ์˜ ํ‘œ๋ฉด์ ์€ ๋‚ด์žฅ๋œ Swarm์œผ๋กœ ์ œํ•œ๋ฉ๋‹ˆ๋‹ค.
ingress(์ด ์ง€์›์ด ์ถ”๊ฐ€๋  ์œ„์น˜). ๊ทธ๋ฆฌ๊ณ  ๋ชจ๋“  ์„œ๋น„์Šค๋Š” ๊ทธ๊ฒƒ์„ ๊ฐ€์งˆ ๊ฒƒ์ž…๋‹ˆ๋‹ค
์‚ฌ์šฉ ๊ฐ€๋Šฅ.

2019๋…„ 1์›” 4์ผ ๊ธˆ์š”์ผ 14:36 โ€‹โ€‹rubot < ์•Œ๋ฆผ @github.com ์ž‘์„ฑ:

dockerflow ํ”„๋กœ์ ํŠธ๋ฅผ ํ™•์žฅํ•˜๊ณ  nginx ๋ณ€ํ˜•์„ ์ถ”๊ฐ€ํ•˜์—ฌ ์‹œ์ž‘ํ•  ์ˆ˜๋„ ์žˆ์Šต๋‹ˆ๋‹ค.
swarn์šฉ kubernetes-ingressproxy. ํ™•์‹คํžˆ ์ด๊ฒƒ์€ ๋ชจ๋‘ ๋–ผ๋กœ ๊ฐ€๋“ ์ฐจ ์žˆ์Šต๋‹ˆ๋‹ค.
๋‹น์‹ ์ด ์•Œ๊ณ  ์žˆ๋“ฏ์ด ์ถ”๊ฐ€ ์‹œ์Šคํ…œ ์ปจํ…Œ์ด๋„ˆ๋ฅผ ์˜ฌ๋ฆด ๊ฒƒ์ž…๋‹ˆ๋‹ค
๊ทธ๊ฒƒ๋“ค์„ ์ฟ ๋ฒ„๋„คํ‹ฐ์Šค๋กœ. ๋‚ ์”ฌํ•œ ์ž์›์„ ์œ„ํ•œ ๊ตฐ๋‹จ์˜ ํž˜์ด ์•„๋‹๊นŒ์š”?
๋ฆฐ ํ”„๋กœ์ ํŠธ?

Ruben Nicolaides [email protected] schrieb am Fr., 2019๋…„ 1์›” 4์ผ, 09:48:

์‚ฌ๋žŒ๋“ค์ด ์ด๊ฒƒ์ด ๋ฒ„๊ทธ๋ผ๊ณ  ์ƒ๊ฐํ•˜๋Š” ์ด์œ ์— ๋Œ€ํ•ด ๋‚˜๋Š” ์—ฌ์ „ํžˆ ์•ฝ๊ฐ„ ๋†€๋ž์Šต๋‹ˆ๋‹ค. ๋‚ด
kubernetes๋กœ ์ด๋™ํ•˜๋Š” ์ง„์ˆ ์กฐ์ฐจ ์ ์ ˆํ•˜์ง€ ์•Š์€ ๊ด€์ 
๋‹ต๋ณ€. ๋‚ด๊ฐ€ ๋ณผ ๋•Œ kubernetes๋Š” ์ •ํ™•ํžˆ ๋™์ผํ•œ ๋ฌธ์ œ/๋™์ž‘์„ ๊ฐ€์ง€๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ๋„ˆ
์–ด๋Š ํ•˜๋‚˜
์™ธ๋ถ€ LB๊ฐ€ ์žˆ๊ฑฐ๋‚˜ ๋ฐ˜๋“œ์‹œ nginx ์ˆ˜์‹  ํ”„๋ก์‹œ์™€ ๊ฐ™์€ ๊ฒƒ์„ ์‚ฌ์šฉํ•˜์‹ญ์‹œ์˜ค.
๋ฐ๋ชฌ์…‹์œผ๋กœ ์‹คํ–‰ํ•ฉ๋‹ˆ๋‹ค. ๋‚ด๊ฐ€ ํ‹€๋ ธ๋‹ค๋ฉด ์ €๋ฅผ ์ˆ˜์ •ํ•˜์‹ญ์‹œ์˜ค. ๊ทธ๋Ÿฌ๋‚˜ ์šฐ๋ฆฌ๋Š” ๊ฐ™์€ ๊ฒƒ์„ ๊ฐ€์ง€๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
์—ฌ๊ธฐ์— ์ •ํ™•ํ•œ ์ƒํ™ฉ์ด ์žˆ์ง€๋งŒ ์—ฌ๊ธฐ์—๋Š” ์ค€๋น„๋œ ์ž๋™ ์†”๋ฃจ์…˜์ด ์—†์Šต๋‹ˆ๋‹ค. ๋ˆ„๊ตฐ๊ฐ€ ํ•  ์ˆ˜ ์žˆ์—ˆ๋‹ค
์œ„์—์„œ ์„ค๋ช…ํ•œ ์ œ์•ˆ๋œ tcp ์ŠคํŠธ๋ฆผ ์†”๋ฃจ์…˜์„ ํ™•์ธํ•˜๊ณ  ํฌ์žฅํ•˜์—ฌ
nginx ํ”„๋ก์‹œ ๋™์ž‘๊ณผ ๊ฐ™์€ ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๊ทธ๋ƒฅ ๋ฐ›์•„๋“ค์—ฌ, ๊ทธ ๋ฌด๋ฆฌ๋Š”
์ž์‹ ์— ์˜ํ•ด ์‚ฌ์šฉ์ž ์ •์˜

PanJ [email protected] schrieb am Fr., 2019๋…„ 1์›” 4์ผ, 09:28:

@BretFisher https://github.com/BretFisher ๋ชจ๋“œ: ํ˜ธ์ŠคํŠธ๋Š”
ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด์ง€๋งŒ ์†”๋ฃจ์…˜์€ ์•„๋‹™๋‹ˆ๋‹ค. @sandys๋กœ https://github.com/sandys
ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์—๋Š” ๋ช‡ ๊ฐ€์ง€ ์ฃผ์˜ ์‚ฌํ•ญ์ด ์žˆ์ง€๋งŒ ์ด๋ฅผ ๊ณ ๋ คํ•ด์„œ๋Š” ์•ˆ ๋ฉ๋‹ˆ๋‹ค.
๋ฌธ์ œ
๊ณ ์ •์œผ๋กœ.

ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด ์ ์šฉ๋œ ์ดํ›„๋กœ ๊ฐœ์„  ์‚ฌํ•ญ์ด ์žˆ๋Š”์ง€ ํ™•์‹คํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.
๋ฐœ๊ฒฌ. ๋‚˜๋Š” ๊ฝค ์˜ค๋žซ๋™์•ˆ Kubernetes๋กœ ์˜ฎ๊ฒผ์ง€๋งŒ ์—ฌ์ „ํžˆ
~์ด๋‹ค
๋ฌธ์ œ๊ฐ€ 2๋…„ ๋„˜๊ฒŒ ์—ด๋ ค ์žˆ๋‹ค๋Š” ์‚ฌ์‹ค์— ๋†€๋ž์Šต๋‹ˆ๋‹ค.

โ€”
์ด ์Šค๋ ˆ๋“œ์— ๊ฐ€์ž…ํ–ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด ๋ฉ”์‹œ์ง€๋ฅผ ๋ฐ›๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-451382365 ๋˜๋Š”
์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
<
https://github.com/notifications/unsubscribe-auth/AAPgu40OJ-uNKORD-LAD12m1lafxzMiSks5u_xCcgaJpZM4Jf2WK

.

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-451389574 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAEsU2FCEGFs5v6IOEy6AqjcBMl7IqEiks5u_xmTgaJpZM4Jf2WK
.

๋‚ด๊ฐ€ ๋งํ–ˆ๋“ฏ์ด ์ด๋ฏธ ํ”„๋ก์‹œ๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ์œ„์˜ tcp ์ŠคํŠธ๋ฆผ ์†”๋ฃจ์…˜์„ ํ™•์ธํ•˜์‹ญ์‹œ์˜ค.
๊ทœ์•ฝ.
ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์„ ์ถ”๊ฐ€ํ•˜๋ ค๋ฉด ์ปจํ…Œ์ด๋„ˆ ๋‚ด๋ถ€์˜ ๊ตฌ์„ฑ๋„ ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค.
์ƒ๋ฅ˜ ๋–ผ์— ์ถ”๊ฐ€๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ๋‚˜๋Š” ๋” ๊นจ๋—ํ•˜๊ณ  ์•„๋งˆ๋„ ๋” ๋‚˜์€ ๊ฒƒ ์™ธ์—๋Š” ๊ฐ€์น˜๊ฐ€ ์—†๋‹ค๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค.
๊ท€ํ•˜์˜ ์š”์ฒญ์— ๋ฌธ์„œํ™”๋œ ๋ชฉํ‘œ

Sandeep Srinivasa [email protected] schrieb am Fr., 2019๋…„ 1์›” 4์ผ,
11:37:

๊ทธ๊ฒƒ๋“ค์€ ๋ณต์žกํ•œ ์†”๋ฃจ์…˜์ž…๋‹ˆ๋‹ค. ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์€ ์ถ”๊ฐ€ ํ—ค๋”๋ฅผ ์ถ”๊ฐ€ํ•ฉ๋‹ˆ๋‹ค.
์ •๋ณด์ด๋ฉฐ haproxy, nginx, AWS elb,
๋“ฑ์ด ๋ชจ๋‘ ๋”ฐ๋ฆ…๋‹ˆ๋‹ค. https://www.haproxy.com/blog/haproxy/proxy-protocol/

๋ณ€๊ฒฝ์˜ ํ‘œ๋ฉด์ ์€ ๋‚ด์žฅ๋œ Swarm์œผ๋กœ ์ œํ•œ๋ฉ๋‹ˆ๋‹ค.
ingress(์ด ์ง€์›์ด ์ถ”๊ฐ€๋  ์œ„์น˜). ๊ทธ๋ฆฌ๊ณ  ๋ชจ๋“  ์„œ๋น„์Šค๋Š” ๊ทธ๊ฒƒ์„ ๊ฐ€์งˆ ๊ฒƒ์ž…๋‹ˆ๋‹ค
์‚ฌ์šฉ ๊ฐ€๋Šฅ.

2019๋…„ 1์›” 4์ผ ๊ธˆ์š”์ผ 14:36 โ€‹โ€‹rubot < ์•Œ๋ฆผ @github.com ์ž‘์„ฑ:

dockerflow ํ”„๋กœ์ ํŠธ๋ฅผ ํ™•์žฅํ•˜๊ณ  nginx ๋ณ€ํ˜•์„ ์ถ”๊ฐ€ํ•  ์ˆ˜๋„ ์žˆ์Šต๋‹ˆ๋‹ค.
์‹œ์ž‘
swarn์šฉ kubernetes-ingressproxy. ํ™•์‹คํžˆ ์ด๊ฒƒ์€ ๋ชจ๋‘ ๋–ผ๋กœ ๊ฐ€๋“ ์ฐจ ์žˆ์Šต๋‹ˆ๋‹ค.
๋‹น์‹ ์ด ์•Œ๊ณ  ์žˆ๋“ฏ์ด ์ถ”๊ฐ€ ์‹œ์Šคํ…œ ์ปจํ…Œ์ด๋„ˆ๋ฅผ ์˜ฌ๋ฆด ๊ฒƒ์ž…๋‹ˆ๋‹ค
๊ทธ๊ฒƒ๋“ค์„ ์ฟ ๋ฒ„๋„คํ‹ฐ์Šค๋กœ. ๋‚ ์”ฌํ•œ ์ž์›์„ ์œ„ํ•œ ๊ตฐ๋‹จ์˜ ํž˜์ด ์•„๋‹๊นŒ์š”?
๋ฆฐ ํ”„๋กœ์ ํŠธ?

Ruben Nicolaides [email protected] schrieb am Fr., 2019๋…„ 1์›” 4์ผ, 09:48:

์‚ฌ๋žŒ๋“ค์ด ์ด๊ฒƒ์ด ๋ฒ„๊ทธ๋ผ๊ณ  ์ƒ๊ฐํ•˜๋Š” ์ด์œ ์— ๋Œ€ํ•ด ๋‚˜๋Š” ์—ฌ์ „ํžˆ ์•ฝ๊ฐ„ ๋†€๋ž์Šต๋‹ˆ๋‹ค. ๋‚ด
kubernetes๋กœ ์ด๋™ํ•˜๋Š” ์ง„์ˆ ์กฐ์ฐจ ์ ์ ˆํ•˜์ง€ ์•Š์€ ๊ด€์ 
๋‹ต๋ณ€. ๋‚ด๊ฐ€ ๋ณผ ๋•Œ kubernetes๋Š” ์ •ํ™•ํžˆ ๋™์ผํ•œ ๋ฌธ์ œ/๋™์ž‘์„ ๊ฐ€์ง€๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ๋„ˆ
์–ด๋Š ํ•˜๋‚˜
์™ธ๋ถ€ LB๊ฐ€ ์žˆ๊ฑฐ๋‚˜ nginx ์ˆ˜์‹  ํ”„๋ก์‹œ์™€ ๊ฐ™์€ ๊ฒƒ์„ ์‚ฌ์šฉํ•˜์‹ญ์‹œ์˜ค.
~ํ•ด์•ผํ•˜๋‹ค
๋ฐ๋ชฌ์…‹์œผ๋กœ ์‹คํ–‰ํ•ฉ๋‹ˆ๋‹ค. ๋‚ด๊ฐ€ ํ‹€๋ ธ๋‹ค๋ฉด ์ €๋ฅผ ์ˆ˜์ •ํ•˜์‹ญ์‹œ์˜ค. ๊ทธ๋Ÿฌ๋‚˜ ์šฐ๋ฆฌ๋Š” ๊ฐ™์€ ๊ฒƒ์„ ๊ฐ€์ง€๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
์—ฌ๊ธฐ์— ์ •ํ™•ํ•œ ์ƒํ™ฉ์ด ์žˆ์ง€๋งŒ ์—ฌ๊ธฐ์—๋Š” ์ค€๋น„๋œ ์ž๋™ ์†”๋ฃจ์…˜์ด ์—†์Šต๋‹ˆ๋‹ค. ๋ˆ„๊ตฐ๊ฐ€ ํ•  ์ˆ˜ ์žˆ์—ˆ๋‹ค
์œ„์—์„œ ์„ค๋ช…ํ•œ ์ œ์•ˆ๋œ tcp ์ŠคํŠธ๋ฆผ ์†”๋ฃจ์…˜์„ ํ™•์ธํ•˜๊ณ  ํฌ์žฅํ•˜์—ฌ
nginx ํ”„๋ก์‹œ ๋™์ž‘๊ณผ ๊ฐ™์€ ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๊ทธ๋ƒฅ ๋ฐ›์•„๋“ค์ด์„ธ์š”. ๊ทธ ๋ฌด๋ฆฌ๋Š”
~์ด๋‹ค
์ž์‹ ์— ์˜ํ•ด ์‚ฌ์šฉ์ž ์ •์˜

PanJ [email protected] schrieb am Fr., 2019๋…„ 1์›” 4์ผ, 09:28:

@BretFisher https://github.com/BretFisher ๋ชจ๋“œ: ํ˜ธ์ŠคํŠธ๋Š”
ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด์ง€๋งŒ ์†”๋ฃจ์…˜์€ ์•„๋‹™๋‹ˆ๋‹ค. @sandys <
https://github.com/sandys>
ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์—๋Š” ๋ช‡ ๊ฐ€์ง€ ์ฃผ์˜ ์‚ฌํ•ญ์ด ์žˆ์ง€๋งŒ ์ด๋ฅผ ๊ณ ๋ คํ•ด์„œ๋Š” ์•ˆ ๋ฉ๋‹ˆ๋‹ค.
๋ฌธ์ œ
๊ณ ์ •์œผ๋กœ.

ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด ์ ์šฉ๋œ ์ดํ›„๋กœ ๊ฐœ์„  ์‚ฌํ•ญ์ด ์žˆ๋Š”์ง€ ํ™•์‹คํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.
๋ฐœ๊ฒฌ. ๋‚˜๋Š” ๊ฝค ์˜ค๋žซ๋™์•ˆ Kubernetes๋กœ ์˜ฎ๊ฒผ์ง€๋งŒ ์—ฌ์ „ํžˆ
~์ด๋‹ค
๋ฌธ์ œ๊ฐ€ 2๋…„ ๋„˜๊ฒŒ ์—ด๋ ค ์žˆ๋‹ค๋Š” ์‚ฌ์‹ค์— ๋†€๋ž์Šต๋‹ˆ๋‹ค.

โ€”
์ด ์Šค๋ ˆ๋“œ์— ๊ฐ€์ž…ํ–ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด ๋ฉ”์‹œ์ง€๋ฅผ ๋ฐ›๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-451382365 ,
๋˜๋Š”
์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
<

https://github.com/notifications/unsubscribe-auth/AAPgu40OJ-uNKORD-LAD12m1lafxzMiSks5u_xCcgaJpZM4Jf2WK
>

.

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-451389574 ๋˜๋Š”
์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
<
https://github.com/notifications/unsubscribe-auth/AAEsU2FCEGFs5v6IOEy6AqjcBMl7IqEiks5u_xmTgaJpZM4Jf2WK

.

โ€”
์ด ์Šค๋ ˆ๋“œ์— ๊ฐ€์ž…ํ–ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด ๋ฉ”์‹œ์ง€๋ฅผ ๋ฐ›๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-451409453 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAPgu83fSrSzfopOlDXsDooN1tMboGZaks5u_y8EgaJpZM4Jf2WK
.

์œ„์˜ ์†”๋ฃจ์…˜์—๋Š” ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ ๋ฐ”์ธ๋”ฉ์ด ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๊ฒƒ์ด ํฐ ๋ฌธ์ œ์ž…๋‹ˆ๋‹ค. ๊ทธ๊ฒƒ
์ปจํ…Œ์ด๋„ˆ๋ฅผ ํ• ๋‹นํ•˜๊ธฐ ์œ„ํ•ด ๋„์ปค ์Šค์ผ€์ค„๋Ÿฌ๋ฅผ ์‚ฌ์šฉํ•  ๊ฐ€๋Šฅ์„ฑ์„ ์ œ๊ฑฐํ•ฉ๋‹ˆ๋‹ค.
๋‹ค๋ฅธ ํ˜ธ์ŠคํŠธ๋กœ - ๋” ์ด์ƒ ๋ฉ”์‹œ ๋„คํŠธ์›Œํฌ์˜ ์ผ๋ถ€๊ฐ€ ์•„๋‹™๋‹ˆ๋‹ค.

2019๋…„ 1์›” 4์ผ ๊ธˆ์š”์ผ 17:28 rubot < ์•Œ๋ฆผ @github.com ์ž‘์„ฑ:

๋‚ด๊ฐ€ ๋งํ–ˆ๋“ฏ์ด ์ด๋ฏธ ํ”„๋ก์‹œ๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ์œ„์˜ tcp ์ŠคํŠธ๋ฆผ ์†”๋ฃจ์…˜์„ ํ™•์ธํ•˜์‹ญ์‹œ์˜ค.
๊ทœ์•ฝ.
ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์„ ์ถ”๊ฐ€ํ•˜๋ ค๋ฉด ์ปจํ…Œ์ด๋„ˆ ๋‚ด๋ถ€์˜ ๊ตฌ์„ฑ๋„ ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค.
์ƒ๋ฅ˜ ๋–ผ์— ์ถ”๊ฐ€๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ๋‚˜๋Š” ๋” ๊นจ๋—ํ•˜๊ณ  ์•„๋งˆ๋„ ๋” ๋‚˜์€ ๊ฒƒ ์™ธ์—๋Š” ๊ฐ€์น˜๊ฐ€ ์—†๋‹ค๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค.
๊ท€ํ•˜์˜ ์š”์ฒญ์— ๋ฌธ์„œํ™”๋œ ๋ชฉํ‘œ

Sandeep Srinivasa [email protected] schrieb am Fr., 2019๋…„ 1์›” 4์ผ,
11:37:

๊ทธ๊ฒƒ๋“ค์€ ๋ณต์žกํ•œ ์†”๋ฃจ์…˜์ž…๋‹ˆ๋‹ค. ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์€ ์ถ”๊ฐ€ ํ—ค๋”๋ฅผ ์ถ”๊ฐ€ํ•ฉ๋‹ˆ๋‹ค.
์ •๋ณด์ด๋ฉฐ haproxy, nginx, AWS elb,
๋“ฑ์ด ๋ชจ๋‘ ๋”ฐ๋ฆ…๋‹ˆ๋‹ค. https://www.haproxy.com/blog/haproxy/proxy-protocol/

๋ณ€๊ฒฝ์˜ ํ‘œ๋ฉด์ ์€ ๋‚ด์žฅ๋œ Swarm์œผ๋กœ ์ œํ•œ๋ฉ๋‹ˆ๋‹ค.
ingress(์ด ์ง€์›์ด ์ถ”๊ฐ€๋  ์œ„์น˜). ๊ทธ๋ฆฌ๊ณ  ๋ชจ๋“  ์„œ๋น„์Šค๋Š”
๊ทธ๊ฒƒ
์‚ฌ์šฉ ๊ฐ€๋Šฅ.

2019๋…„ 1์›” 4์ผ ๊ธˆ์š”์ผ 14:36 โ€‹โ€‹rubot < ์•Œ๋ฆผ @github.com ์ž‘์„ฑ:

dockerflow ํ”„๋กœ์ ํŠธ๋ฅผ ํ™•์žฅํ•˜๊ณ  nginx ๋ณ€ํ˜•์„ ์ถ”๊ฐ€ํ•  ์ˆ˜๋„ ์žˆ์Šต๋‹ˆ๋‹ค.
์‹œ์ž‘
swarn์šฉ kubernetes-ingressproxy. ํ™•์‹คํžˆ ์ด ๋ชจ๋“  ๊ฒƒ์ด ๋‹ด๊ฒจ์žˆ๋‹ค.
๊ตฐ๋‹จ
๋ฌด๋ฆฌ๊ฐ€ ์žˆ๋‹ค๋Š” ๊ฒƒ์„ ์•Œ๊ณ  ์žˆ์œผ๋ฏ€๋กœ ์ถ”๊ฐ€ ์‹œ์Šคํ…œ ์ปจํ…Œ์ด๋„ˆ๋ฅผ ๋ฐœ์ƒ์‹œํ‚ต๋‹ˆ๋‹ค.
NS
๊ทธ๊ฒƒ๋“ค์„ ์ฟ ๋ฒ„๋„คํ‹ฐ์Šค๋กœ. ๋‚ ์”ฌํ•œ ์ž์›์„ ์œ„ํ•œ ๊ตฐ๋‹จ์˜ ํž˜์ด ์•„๋‹๊นŒ์š”?
๋ฆฐ ํ”„๋กœ์ ํŠธ?

Ruben Nicolaides [email protected] schrieb am Fr., 2019๋…„ 1์›” 4์ผ, 09:48:

์‚ฌ๋žŒ๋“ค์ด ์ด๊ฒƒ์ด ๋ฒ„๊ทธ๋ผ๊ณ  ์ƒ๊ฐํ•˜๋Š” ์ด์œ ์— ๋Œ€ํ•ด ๋‚˜๋Š” ์—ฌ์ „ํžˆ ์•ฝ๊ฐ„ ๋†€๋ž์Šต๋‹ˆ๋‹ค. ๋‚ด
kubernetes๋กœ ์ด๋™ํ•˜๋Š” ์ง„์ˆ ์กฐ์ฐจ๋„ ๊ด€์ ์ด ์•„๋‹™๋‹ˆ๋‹ค.
์ ๋‹นํ•œ
๋‹ต๋ณ€. ๋‚ด๊ฐ€ ๋ณผ ๋•Œ kubernetes๋Š” ์ •ํ™•ํžˆ ๋™์ผํ•œ ๋ฌธ์ œ/๋™์ž‘์„ ๊ฐ€์ง€๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ๋„ˆ
์–ด๋Š ํ•˜๋‚˜
์™ธ๋ถ€ LB๊ฐ€ ์žˆ๊ฑฐ๋‚˜ nginx ์ˆ˜์‹  ํ”„๋ก์‹œ์™€ ๊ฐ™์€ ๊ฒƒ์„ ์‚ฌ์šฉํ•˜์‹ญ์‹œ์˜ค.
~ํ•ด์•ผํ•˜๋‹ค
๋ฐ๋ชฌ์…‹์œผ๋กœ ์‹คํ–‰ํ•ฉ๋‹ˆ๋‹ค. ๋‚ด๊ฐ€ ํ‹€๋ ธ๋‹ค๋ฉด ์ €๋ฅผ ์ˆ˜์ •ํ•˜์‹ญ์‹œ์˜ค. ๊ทธ๋Ÿฌ๋‚˜ ์šฐ๋ฆฌ๋Š”
๊ฐ™์€
์—ฌ๊ธฐ์— ์ •ํ™•ํ•œ ์ƒํ™ฉ์ด ์žˆ์ง€๋งŒ ์—ฌ๊ธฐ์—๋Š” ์ค€๋น„๋œ ์ž๋™ ์†”๋ฃจ์…˜์ด ์—†์Šต๋‹ˆ๋‹ค. ์–ด๋–ค ์‚ฌ๋žŒ
~ ํ•  ์ˆ˜ ์žˆ์—ˆ๋‹ค
์œ„์—์„œ ์„ค๋ช…ํ•œ ์ œ์•ˆ๋œ tcp ์ŠคํŠธ๋ฆผ ์†”๋ฃจ์…˜์„ ํ™•์ธํ•˜๊ณ  ํฌ์žฅํ•˜์—ฌ
nginx ํ”„๋ก์‹œ ๋™์ž‘๊ณผ ๊ฐ™์€ ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๊ทธ๋ƒฅ ๋ฐ›์•„๋“ค์ด์„ธ์š”. ๊ทธ ๋ฌด๋ฆฌ๋Š”
~์ด๋‹ค
์ž์‹ ์— ์˜ํ•ด ์‚ฌ์šฉ์ž ์ •์˜

PanJ [email protected] schrieb am Fr., 2019๋…„ 1์›” 4์ผ, 09:28:

@BretFisher https://github.com/BretFisher ๋ชจ๋“œ: ํ˜ธ์ŠคํŠธ๋งŒ
NS
ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด์ง€๋งŒ ์†”๋ฃจ์…˜์€ ์•„๋‹™๋‹ˆ๋‹ค. @sandys <
https://github.com/sandys>
ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์—๋Š” ๋ช‡ ๊ฐ€์ง€ ์ฃผ์˜ ์‚ฌํ•ญ์ด ์žˆ์ง€๋งŒ
์ด๊ฒƒ
๋ฌธ์ œ
๊ณ ์ •์œผ๋กœ.

ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด ์žˆ์œผ๋ฏ€๋กœ ๊ฐœ์„  ์‚ฌํ•ญ์ด ์žˆ๋Š”์ง€ ํ™•์‹คํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.
๊ณ„์† ~์ด๋‹ค
๋ฐœ๊ฒฌ. ๋‚˜๋Š” ๊ฝค ์˜ค๋žซ๋™์•ˆ Kubernetes๋กœ ์ด์‚ฌํ–ˆ๊ณ 
์•„์ง
~์ด๋‹ค
๋ฌธ์ œ๊ฐ€ 2๋…„ ๋„˜๊ฒŒ ์—ด๋ ค ์žˆ๋‹ค๋Š” ์‚ฌ์‹ค์— ๋†€๋ž์Šต๋‹ˆ๋‹ค.

โ€”
์ด ์Šค๋ ˆ๋“œ์— ๊ฐ€์ž…ํ–ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด ๋ฉ”์‹œ์ง€๋ฅผ ๋ฐ›๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-451382365 ,
๋˜๋Š”
์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
<

https://github.com/notifications/unsubscribe-auth/AAPgu40OJ-uNKORD-LAD12m1lafxzMiSks5u_xCcgaJpZM4Jf2WK

>

.

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-451389574 ๋˜๋Š”
์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
<

https://github.com/notifications/unsubscribe-auth/AAEsU2FCEGFs5v6IOEy6AqjcBMl7IqEiks5u_xmTgaJpZM4Jf2WK
>

.

โ€”
์ด ์Šค๋ ˆ๋“œ์— ๊ฐ€์ž…ํ–ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด ๋ฉ”์‹œ์ง€๋ฅผ ๋ฐ›๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-451409453 ๋˜๋Š”
์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
<
https://github.com/notifications/unsubscribe-auth/AAPgu83fSrSzfopOlDXsDooN1tMboGZaks5u_y8EgaJpZM4Jf2WK

.

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-451424992 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAEsU-q-I3fXVAP9JcGgTdJJOzI7b575ks5u_0HIgaJpZM4Jf2WK
.

๋‚ด๊ฐ€ ๋งํ–ˆ๋“ฏ์ด kubernetes nginx ingress๋Š” ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ ๋ฐ”์ธ๋”ฉ๋„ ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค.
๋ฐ๋ชฌ์…‹. ์™ธ๋ถ€ LB๋Š” ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ๋„ ํ•„์š”๋กœ ํ•˜๋Š” ๋…ธ๋“œ ํฌํŠธ์— ์—ฐ๊ฒฐํ•ฉ๋‹ˆ๋‹ค.
์„œ๋น„์Šค ์ค‘์ด๊ฑฐ๋‚˜ ์„œ๋น„์Šค ์ค‘์ธ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์„ ์ˆ˜๋™์œผ๋กœ ๊ตฌ์„ฑํ•ฉ๋‹ˆ๋‹ค. ์ฟ ๋ฒ„๋„คํ‹ฐ์Šค
์—ฌ์ „ํžˆ ๊ฐ™์€ ๋ฌธ์ œ๋ฅผ ๋‹ค๋ฃจ๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
Swarm์— ๋Œ€ํ•œ ๋‚ด ๊ด€์ ์—์„œ ๊ฐ€๋Šฅํ•œ ํ•œ ๊ฐ€์ง€ ๊ธฐ๋Šฅ ์š”์ฒญ์€ ๋‹ค์Œ๊ณผ ๊ฐ™์Šต๋‹ˆ๋‹ค.
๋„คํŠธ์›Œํ‚น ๊ณต๊ธ‰์ž๋ฅผ ํ”Œ๋Ÿฌ๊ทธํ˜•์œผ๋กœ ๋งŒ๋“ญ๋‹ˆ๋‹ค. ์ด๊ฒƒ์€ ์‚ฌ์šฉ์„ ๊ฐ€๋Šฅํ•˜๊ฒŒ ํ•  ๊ฒƒ์ž…๋‹ˆ๋‹ค
lvs/iptables ์ด์™ธ์˜ ๋‹ค๋ฅธ ๊ธฐ์ˆ 

Sandeep Srinivasa [email protected] schrieb am Fr., 2019๋…„ 1์›” 4์ผ,
13:05:

์œ„์˜ ์†”๋ฃจ์…˜์—๋Š” ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ ๋ฐ”์ธ๋”ฉ์ด ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๊ฒƒ์ด ํฐ ๋ฌธ์ œ์ž…๋‹ˆ๋‹ค. ๊ทธ๊ฒƒ
์ปจํ…Œ์ด๋„ˆ๋ฅผ ํ• ๋‹นํ•˜๊ธฐ ์œ„ํ•ด ๋„์ปค ์Šค์ผ€์ค„๋Ÿฌ๋ฅผ ์‚ฌ์šฉํ•  ๊ฐ€๋Šฅ์„ฑ์„ ์ œ๊ฑฐํ•ฉ๋‹ˆ๋‹ค.
๋‹ค๋ฅธ ํ˜ธ์ŠคํŠธ๋กœ - ๋” ์ด์ƒ ๋ฉ”์‹œ ๋„คํŠธ์›Œํฌ์˜ ์ผ๋ถ€๊ฐ€ ์•„๋‹™๋‹ˆ๋‹ค.

2019๋…„ 1์›” 4์ผ ๊ธˆ์š”์ผ 17:28 rubot < ์•Œ๋ฆผ @github.com ์ž‘์„ฑ:

๋‚ด๊ฐ€ ๋งํ–ˆ๋“ฏ์ด ์ด๋ฏธ ํ”„๋ก์‹œ๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ์œ„์˜ tcp ์ŠคํŠธ๋ฆผ ์†”๋ฃจ์…˜์„ ํ™•์ธํ•˜์‹ญ์‹œ์˜ค.
๊ทœ์•ฝ.
ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์„ ์ถ”๊ฐ€ํ•˜๋ ค๋ฉด ์ปจํ…Œ์ด๋„ˆ ๋‚ด๋ถ€ ๊ตฌ์„ฑ๋„ ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค.
๋งŒ์•ฝ
์ƒ๋ฅ˜ ๋–ผ์— ์ถ”๊ฐ€๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ๋‚˜๋Š” ์ฒญ์†Œ๋ถ€์™€ ์•„๋งˆ๋„
๋” ๋‚˜์€
๊ท€ํ•˜์˜ ์š”์ฒญ์— ๋ฌธ์„œํ™”๋œ ๋ชฉํ‘œ

Sandeep Srinivasa [email protected] schrieb am Fr., 4. Jan.
2019๋…„,
11:37:

๊ทธ๊ฒƒ๋“ค์€ ๋ณต์žกํ•œ ์†”๋ฃจ์…˜์ž…๋‹ˆ๋‹ค. ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์€ ์ถ”๊ฐ€ ๊ธฐ๋Šฅ์„ ์ถ”๊ฐ€ํ•ฉ๋‹ˆ๋‹ค.
ํ—ค๋”
์ •๋ณด์ด๋ฉฐ ๋งค์šฐ ์ž˜ ์•Œ๋ ค์ง„ ํ‘œ์ค€์ž…๋‹ˆ๋‹ค - haproxy, nginx, AWS
์—˜ํ”„,
๋“ฑ์ด ๋ชจ๋‘ ๋”ฐ๋ฆ…๋‹ˆ๋‹ค.
https://www.haproxy.com/blog/haproxy/proxy-protocol/

๋ณ€๊ฒฝ์˜ ํ‘œ๋ฉด์ ์€ ๋‚ด์žฅ๋œ Swarm์œผ๋กœ ์ œํ•œ๋ฉ๋‹ˆ๋‹ค.
ingress(์ด ์ง€์›์ด ์ถ”๊ฐ€๋  ์œ„์น˜). ๊ทธ๋ฆฌ๊ณ  ๋ชจ๋“  ์„œ๋น„์Šค๋Š”
๊ทธ๊ฒƒ
์‚ฌ์šฉ ๊ฐ€๋Šฅ.

2019๋…„ 1์›” 4์ผ ๊ธˆ์š”์ผ 14:36 โ€‹โ€‹rubot < ์•Œ๋ฆผ @github.com ์ž‘์„ฑ:

dockerflow ํ”„๋กœ์ ํŠธ๋ฅผ ํ™•์žฅํ•˜๊ณ  nginx ๋ณ€ํ˜•์„ ์ถ”๊ฐ€ํ•  ์ˆ˜๋„ ์žˆ์Šต๋‹ˆ๋‹ค.
์‹œ์ž‘
swarn์šฉ kubernetes-ingressproxy. ํ™•์‹คํžˆ ์ด ๋ชจ๋“  ๊ฒƒ์ด ๋‹ด๊ฒจ์žˆ๋‹ค.
๊ตฐ๋‹จ
๋ฌด๋ฆฌ๊ฐ€ ์žˆ๋‹ค๋Š” ๊ฒƒ์„ ์•Œ๊ณ  ์žˆ์œผ๋ฏ€๋กœ ์ถ”๊ฐ€ ์‹œ์Šคํ…œ ์ปจํ…Œ์ด๋„ˆ๋ฅผ ๋ฐœ์ƒ์‹œํ‚ต๋‹ˆ๋‹ค.
NS
๊ทธ๊ฒƒ๋“ค์„ ์ฟ ๋ฒ„๋„คํ‹ฐ์Šค๋กœ. ์Šฌ๋ฆผ์„ ์œ„ํ•œ ๊ตฐ๋‹จ์˜ ํž˜์ด ์•„๋‹๊นŒ์š”?
์ž์›
๋ฆฐ ํ”„๋กœ์ ํŠธ?

Ruben Nicolaides [email protected] schrieb am Fr., 2019๋…„ 1์›” 4์ผ,
09:48:

์‚ฌ๋žŒ๋“ค์ด ์ด๊ฒƒ์ด ๋ฒ„๊ทธ๋ผ๊ณ  ์ƒ๊ฐํ•˜๋Š” ์ด์œ ์— ๋Œ€ํ•ด ๋‚˜๋Š” ์—ฌ์ „ํžˆ ์•ฝ๊ฐ„ ๋†€๋ž์Šต๋‹ˆ๋‹ค. ์—์„œ
๋‚˜์˜
kubernetes๋กœ ์ด๋™ํ•˜๋Š” ์ง„์ˆ ์กฐ์ฐจ๋„ ๊ด€์ ์ด ์•„๋‹™๋‹ˆ๋‹ค.
์ ๋‹นํ•œ
๋‹ต๋ณ€. ๋‚ด๊ฐ€ ๋ณผ ๋•Œ kubernetes๋Š” ์ •ํ™•ํžˆ ๋™์ผํ•œ ๋ฌธ์ œ/๋™์ž‘์„ ๊ฐ€์ง€๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
๋„ˆ
์–ด๋Š ํ•˜๋‚˜
์™ธ๋ถ€ LB๊ฐ€ ์žˆ๊ฑฐ๋‚˜ nginx ์ˆ˜์‹  ํ”„๋ก์‹œ์™€ ๊ฐ™์€ ๊ฒƒ์„ ์‚ฌ์šฉํ•˜์‹ญ์‹œ์˜ค.
์–ด๋Š
~ํ•ด์•ผํ•˜๋‹ค
๋ฐ๋ชฌ์…‹์œผ๋กœ ์‹คํ–‰ํ•ฉ๋‹ˆ๋‹ค. ๋‚ด๊ฐ€ ํ‹€๋ ธ๋‹ค๋ฉด ์ €๋ฅผ ์ˆ˜์ •ํ•˜์‹ญ์‹œ์˜ค. ๊ทธ๋Ÿฌ๋‚˜ ์šฐ๋ฆฌ๋Š”
๊ฐ™์€
์—ฌ๊ธฐ์— ์ •ํ™•ํ•œ ์ƒํ™ฉ์ด ์žˆ์ง€๋งŒ ์—ฌ๊ธฐ์—๋Š” ์ค€๋น„๋œ ์ž๋™ ์†”๋ฃจ์…˜์ด ์—†์Šต๋‹ˆ๋‹ค. ์–ด๋–ค ์‚ฌ๋žŒ
~ ํ•  ์ˆ˜ ์žˆ์—ˆ๋‹ค
์œ„์—์„œ ์„ค๋ช…ํ•œ ์ œ์•ˆ๋œ tcp ์ŠคํŠธ๋ฆผ ์†”๋ฃจ์…˜์„ ํ™•์ธํ•˜๊ณ  ํฌ์žฅํ•˜์‹ญ์‹œ์˜ค.
๊ฐ€์ ธ ์˜ค๊ธฐ
nginx ํ”„๋ก์‹œ ๋™์ž‘๊ณผ ๊ฐ™์€ ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๋ฐ›์•„๋“ค์—ฌ๋ผ, ๊ทธ ๋ฌด๋ฆฌ๊ฐ€ ํ•„์š”๋กœ ํ•˜๋Š”
์—๊ฒŒ
~์ด๋‹ค
์ž์‹ ์— ์˜ํ•ด ์‚ฌ์šฉ์ž ์ •์˜

PanJ [email protected] schrieb am Fr., 2019๋…„ 1์›” 4์ผ,
09:28:

@BretFisher https://github.com/BretFisher ๋ชจ๋“œ: ํ˜ธ์ŠคํŠธ๋Š”
์˜ค์ง
NS
ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด์ง€๋งŒ ์†”๋ฃจ์…˜์€ ์•„๋‹™๋‹ˆ๋‹ค. @sandys <
https://github.com/sandys>
ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์—๋Š” ๋ช‡ ๊ฐ€์ง€ ์ฃผ์˜ ์‚ฌํ•ญ์ด ์žˆ์ง€๋งŒ
์ด๊ฒƒ
๋ฌธ์ œ
๊ณ ์ •์œผ๋กœ.

ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด ์žˆ์œผ๋ฏ€๋กœ ๊ฐœ์„  ์‚ฌํ•ญ์ด ์žˆ๋Š”์ง€ ํ™•์‹คํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.
๊ณ„์† ~์ด๋‹ค
๋ฐœ๊ฒฌ. ๋‚˜๋Š” ๊ฝค ์˜ค๋žซ๋™์•ˆ Kubernetes๋กœ ์ด์‚ฌํ–ˆ๊ณ 
์•„์ง
~์ด๋‹ค
๋ฌธ์ œ๊ฐ€ 2๋…„ ๋„˜๊ฒŒ ์—ด๋ ค ์žˆ๋‹ค๋Š” ์‚ฌ์‹ค์— ๋†€๋ž์Šต๋‹ˆ๋‹ค.

โ€”
์ด ์Šค๋ ˆ๋“œ์— ๊ฐ€์ž…ํ–ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด ๋ฉ”์‹œ์ง€๋ฅผ ๋ฐ›๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
< https://github.com/moby/moby/issues/25526#issuecomment -451382365
,
๋˜๋Š”
์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
<

https://github.com/notifications/unsubscribe-auth/AAPgu40OJ-uNKORD-LAD12m1lafxzMiSks5u_xCcgaJpZM4Jf2WK

>

.

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-451389574 ,
๋˜๋Š”
์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
<

https://github.com/notifications/unsubscribe-auth/AAEsU2FCEGFs5v6IOEy6AqjcBMl7IqEiks5u_xmTgaJpZM4Jf2WK

>

.

โ€”
์ด ์Šค๋ ˆ๋“œ์— ๊ฐ€์ž…ํ–ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด ๋ฉ”์‹œ์ง€๋ฅผ ๋ฐ›๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-451409453 ๋˜๋Š”
์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
<

https://github.com/notifications/unsubscribe-auth/AAPgu83fSrSzfopOlDXsDooN1tMboGZaks5u_y8EgaJpZM4Jf2WK
>

.

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-451424992 ๋˜๋Š”
์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
<
https://github.com/notifications/unsubscribe-auth/AAEsU-q-I3fXVAP9JcGgTdJJOzI7b575ks5u_0HIgaJpZM4Jf2WK

.

โ€”
์ด ์Šค๋ ˆ๋“œ์— ๊ฐ€์ž…ํ–ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด ๋ฉ”์‹œ์ง€๋ฅผ ๋ฐ›๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-451426276 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAPguw88UN68sw_TNTunZpuAGqgvexxMks5u_0NxgaJpZM4Jf2WK
.

๊ทธ๋ฆฌ๊ณ  ๋ช…ํ™•ํžˆํ•˜๊ธฐ ์œ„ํ•ด ์œ„์˜ ์†”๋ฃจ์…˜์—๋Š” ์„œ๋น„์Šค ์•ž์— tcp ์ŠคํŠธ๋ฆผ์ด ์žˆ์Šต๋‹ˆ๋‹ค.
๋Œ€๋ฆฌ. ๋”ฐ๋ผ์„œ ๊ท€ํ•˜์˜ ์š”์ฒญ์€ ๋ถ„๋ช…ํžˆ ๋ฒ„๊ทธ๊ฐ€ ์•„๋‹ˆ๋ผ ๊ธฐ๋Šฅ ์š”์ฒญ์ž…๋‹ˆ๋‹ค. ๊ทธ๋ฆฌ๊ณ 
์ด ๊ธฐ๋Šฅ์€ ๋„คํŠธ์›Œํ‚น ๋ชจ๋“œ๊ฐ€
Nat/host ์ˆ˜์ค€์—์„œ ip ์†์‹ค์ด ์ฃผ์š” ๋ฌธ์ œ๋กœ ๋‚จ์•„ ์žˆ๊ธฐ ๋•Œ๋ฌธ์— ๋ณ€๊ฒฝ

Ruben Nicolaides [email protected] schrieb am Fr., 2019๋…„ 1์›” 4์ผ, 13:11:

๋‚ด๊ฐ€ ๋งํ–ˆ๋“ฏ์ด kubernetes nginx ingress๋Š” ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ ๋ฐ”์ธ๋”ฉ๋„ ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค.
๋ฐ๋ชฌ์…‹. ์™ธ๋ถ€ LB๋Š” ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ๋„ ํ•„์š”๋กœ ํ•˜๋Š” ๋…ธ๋“œ ํฌํŠธ์— ์—ฐ๊ฒฐํ•ฉ๋‹ˆ๋‹ค.
์„œ๋น„์Šค ์ค‘์ด๊ฑฐ๋‚˜ ์„œ๋น„์Šค ์ค‘์ธ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์„ ์ˆ˜๋™์œผ๋กœ ๊ตฌ์„ฑํ•ฉ๋‹ˆ๋‹ค. ์ฟ ๋ฒ„๋„คํ‹ฐ์Šค
์—ฌ์ „ํžˆ ๊ฐ™์€ ๋ฌธ์ œ๋ฅผ ๋‹ค๋ฃจ๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
Swarm์— ๋Œ€ํ•œ ๋‚ด ๊ด€์ ์—์„œ ๊ฐ€๋Šฅํ•œ ํ•œ ๊ฐ€์ง€ ๊ธฐ๋Šฅ ์š”์ฒญ์€ ๋‹ค์Œ๊ณผ ๊ฐ™์Šต๋‹ˆ๋‹ค.
๋„คํŠธ์›Œํ‚น ๊ณต๊ธ‰์ž๋ฅผ ํ”Œ๋Ÿฌ๊ทธํ˜•์œผ๋กœ ๋งŒ๋“ญ๋‹ˆ๋‹ค. ์ด๊ฒƒ์€ ์‚ฌ์šฉ์„ ๊ฐ€๋Šฅํ•˜๊ฒŒ ํ•  ๊ฒƒ์ž…๋‹ˆ๋‹ค
lvs/iptables ์ด์™ธ์˜ ๋‹ค๋ฅธ ๊ธฐ์ˆ 

Sandeep Srinivasa [email protected] schrieb am Fr., 4. Jan.
2019, 13:05:

์œ„์˜ ์†”๋ฃจ์…˜์—๋Š” ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ ๋ฐ”์ธ๋”ฉ์ด ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๊ฒƒ์ด ํฐ ๋ฌธ์ œ์ž…๋‹ˆ๋‹ค. ๊ทธ๊ฒƒ
๋„์ปค ์Šค์ผ€์ค„๋Ÿฌ๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ํ• ๋‹นํ•  ๊ฐ€๋Šฅ์„ฑ ์ œ๊ฑฐ
์ปจํ…Œ์ด๋„ˆ
๋‹ค๋ฅธ ํ˜ธ์ŠคํŠธ๋กœ - ๋” ์ด์ƒ ๋ฉ”์‹œ ๋„คํŠธ์›Œํฌ์˜ ์ผ๋ถ€๊ฐ€ ์•„๋‹™๋‹ˆ๋‹ค.

2019๋…„ 1์›” 4์ผ ๊ธˆ์š”์ผ 17:28 rubot < ์•Œ๋ฆผ @github.com ์ž‘์„ฑ:

๋‚ด๊ฐ€ ๋งํ–ˆ๋“ฏ์ด ์ด๋ฏธ ํ”„๋ก์‹œ๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ์œ„์˜ tcp ์ŠคํŠธ๋ฆผ ์†”๋ฃจ์…˜์„ ํ™•์ธํ•˜์‹ญ์‹œ์˜ค.
๊ทœ์•ฝ.
ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์„ ์ถ”๊ฐ€ํ•˜๋ ค๋ฉด ์ปจํ…Œ์ด๋„ˆ ๋‚ด๋ถ€ ๊ตฌ์„ฑ๋„ ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค.
๋งŒ์•ฝ
์ƒ๋ฅ˜ ๋–ผ์— ์ถ”๊ฐ€๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ๋‚˜๋Š” ์ฒญ์†Œ๋ถ€์™€ ์•„๋งˆ๋„
๋” ๋‚˜์€
๊ท€ํ•˜์˜ ์š”์ฒญ์— ๋ฌธ์„œํ™”๋œ ๋ชฉํ‘œ

Sandeep Srinivasa [email protected] schrieb am Fr., 4. Jan.
2019๋…„,
11:37:

๊ทธ๊ฒƒ๋“ค์€ ๋ณต์žกํ•œ ์†”๋ฃจ์…˜์ž…๋‹ˆ๋‹ค. ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์€ ์ถ”๊ฐ€ ๊ธฐ๋Šฅ์„ ์ถ”๊ฐ€ํ•ฉ๋‹ˆ๋‹ค.
ํ—ค๋”
์ •๋ณด์ด๋ฉฐ ๋งค์šฐ ์ž˜ ์•Œ๋ ค์ง„ ํ‘œ์ค€์ž…๋‹ˆ๋‹ค - haproxy, nginx, AWS
์—˜ํ”„,
๋“ฑ์ด ๋ชจ๋‘ ๋”ฐ๋ฆ…๋‹ˆ๋‹ค.
https://www.haproxy.com/blog/haproxy/proxy-protocol/

๋ณ€๊ฒฝ์˜ ํ‘œ๋ฉด์ ์€ ๋‚ด์žฅ๋œ Swarm์œผ๋กœ ์ œํ•œ๋ฉ๋‹ˆ๋‹ค.
ingress(์ด ์ง€์›์ด ์ถ”๊ฐ€๋  ์œ„์น˜). ๊ทธ๋ฆฌ๊ณ  ๋ชจ๋“  ์„œ๋น„์Šค๋Š”
๊ฐ€์ง€๋‹ค
๊ทธ๊ฒƒ
์‚ฌ์šฉ ๊ฐ€๋Šฅ.

2019๋…„ 1์›” 4์ผ ๊ธˆ์š”์ผ 14:36 โ€‹โ€‹rubot < ์•Œ๋ฆผ @github.com ์ž‘์„ฑ:

dockerflow ํ”„๋กœ์ ํŠธ๋ฅผ ํ™•์žฅํ•˜๊ณ  nginx ๋ณ€ํ˜•์„ ์ถ”๊ฐ€ํ•  ์ˆ˜๋„ ์žˆ์Šต๋‹ˆ๋‹ค.
์‹œ์ž‘
swarn์šฉ kubernetes-ingressproxy. ํ™•์‹คํžˆ ์ด ๋ชจ๋“  ๊ฒƒ์ด ๋‹ด๊ฒจ์žˆ๋‹ค.
๊ตฐ๋‹จ
๋‹น์‹ ์ด ์•Œ๊ณ  ์žˆ๋“ฏ์ด ์ถ”๊ฐ€ ์‹œ์Šคํ…œ ์ปจํ…Œ์ด๋„ˆ๋ฅผ ๋ฐœ์ƒ์‹œํ‚ฌ ๊ฒƒ์ž…๋‹ˆ๋‹ค
๋‹ค๋ฐœ
NS
๊ทธ๊ฒƒ๋“ค์„ ์ฟ ๋ฒ„๋„คํ‹ฐ์Šค๋กœ. ์Šฌ๋ฆผ์„ ์œ„ํ•œ ๊ตฐ๋‹จ์˜ ํž˜์ด ์•„๋‹๊นŒ์š”?
์ž์›
๋ฆฐ ํ”„๋กœ์ ํŠธ?

Ruben Nicolaides [email protected] schrieb am Fr., 2019๋…„ 1์›” 4์ผ,
09:48:

์‚ฌ๋žŒ๋“ค์ด ์ด๊ฒƒ์ด ๋ฒ„๊ทธ๋ผ๊ณ  ์ƒ๊ฐํ•˜๋Š” ์ด์œ ์— ๋Œ€ํ•ด ๋‚˜๋Š” ์—ฌ์ „ํžˆ ์•ฝ๊ฐ„ ๋†€๋ž์Šต๋‹ˆ๋‹ค. ์—์„œ
๋‚˜์˜
kubernetes๋กœ ์ด๋™ํ•˜๋Š” ์ง„์ˆ ์กฐ์ฐจ๋„ ๊ด€์ ์ด ์•„๋‹™๋‹ˆ๋‹ค.
์ ๋‹นํ•œ
๋‹ต๋ณ€. ๋‚ด๊ฐ€ ๋ณผ ๋•Œ kubernetes๋Š” ์ •ํ™•ํžˆ ๋™์ผํ•œ ๋ฌธ์ œ/๋™์ž‘์„ ๊ฐ€์ง€๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
๋„ˆ
์–ด๋Š ํ•˜๋‚˜
์™ธ๋ถ€ LB๊ฐ€ ์žˆ๊ฑฐ๋‚˜ nginx ์ˆ˜์‹  ํ”„๋ก์‹œ์™€ ๊ฐ™์€ ๊ฒƒ์„ ์‚ฌ์šฉํ•˜์‹ญ์‹œ์˜ค.
์–ด๋Š
~ํ•ด์•ผํ•˜๋‹ค
๋ฐ๋ชฌ์…‹์œผ๋กœ ์‹คํ–‰ํ•ฉ๋‹ˆ๋‹ค. ๋‚ด๊ฐ€ ํ‹€๋ ธ๋‹ค๋ฉด ์ €๋ฅผ ์ˆ˜์ •ํ•˜์‹ญ์‹œ์˜ค. ๊ทธ๋Ÿฌ๋‚˜ ์šฐ๋ฆฌ๋Š”
๊ฐ™์€
์—ฌ๊ธฐ์— ์ •ํ™•ํ•œ ์ƒํ™ฉ์ด ์žˆ์ง€๋งŒ ์—ฌ๊ธฐ์—๋Š” ์ค€๋น„๋œ ์ž๋™ ์†”๋ฃจ์…˜์ด ์—†์Šต๋‹ˆ๋‹ค. ์–ด๋–ค ์‚ฌ๋žŒ
~ ํ•  ์ˆ˜ ์žˆ์—ˆ๋‹ค
์œ„์—์„œ ์„ค๋ช…ํ•œ ์ œ์•ˆ๋œ tcp ์ŠคํŠธ๋ฆผ ์†”๋ฃจ์…˜์„ ํ™•์ธํ•˜๊ณ  ํฌ์žฅํ•˜์‹ญ์‹œ์˜ค.
๊ฐ€์ ธ ์˜ค๊ธฐ
nginx ํ”„๋ก์‹œ ๋™์ž‘๊ณผ ๊ฐ™์€ ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๋ฐ›์•„์ค˜ ๊ทธ ๋ฌด๋ฆฌ
ํ•  ํ•„์š”๊ฐ€์žˆ๋‹ค
~์ด๋‹ค
์ž์‹ ์— ์˜ํ•ด ์‚ฌ์šฉ์ž ์ •์˜

PanJ [email protected] schrieb am Fr., 2019๋…„ 1์›” 4์ผ,
09:28:

@BretFisher https://github.com/BretFisher ๋ชจ๋“œ: ํ˜ธ์ŠคํŠธ๋Š”
์˜ค์ง
NS
ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด์ง€๋งŒ ์†”๋ฃจ์…˜์€ ์•„๋‹™๋‹ˆ๋‹ค. @sandys <
https://github.com/sandys>
ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์—๋Š” ๋ช‡ ๊ฐ€์ง€ ์ฃผ์˜ ์‚ฌํ•ญ์ด ์žˆ์ง€๋งŒ
์ด๊ฒƒ
๋ฌธ์ œ
๊ณ ์ •์œผ๋กœ.

ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด ์žˆ์œผ๋ฏ€๋กœ ๊ฐœ์„  ์‚ฌํ•ญ์ด ์žˆ๋Š”์ง€ ํ™•์‹คํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.
๊ณ„์† ~์ด๋‹ค
๋ฐœ๊ฒฌ. ๋‚˜๋Š” ๊ฝค ์˜ค๋žซ๋™์•ˆ Kubernetes๋กœ ์ด์‚ฌํ–ˆ๊ณ 
์•„์ง
~์ด๋‹ค
๋ฌธ์ œ๊ฐ€ 2๋…„ ๋„˜๊ฒŒ ์—ด๋ ค ์žˆ๋‹ค๋Š” ์‚ฌ์‹ค์— ๋†€๋ž์Šต๋‹ˆ๋‹ค.

โ€”
์ด ์Šค๋ ˆ๋“œ์— ๊ฐ€์ž…ํ–ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด ๋ฉ”์‹œ์ง€๋ฅผ ๋ฐ›๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
<
https://github.com/moby/moby/issues/25526#issuecomment-451382365>,
๋˜๋Š”
์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
<

https://github.com/notifications/unsubscribe-auth/AAPgu40OJ-uNKORD-LAD12m1lafxzMiSks5u_xCcgaJpZM4Jf2WK

>

.

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-451389574 ,
๋˜๋Š”
์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
<

https://github.com/notifications/unsubscribe-auth/AAEsU2FCEGFs5v6IOEy6AqjcBMl7IqEiks5u_xmTgaJpZM4Jf2WK

>

.

โ€”
์ด ์Šค๋ ˆ๋“œ์— ๊ฐ€์ž…ํ–ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด ๋ฉ”์‹œ์ง€๋ฅผ ๋ฐ›๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-451409453 ,
๋˜๋Š”
์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
<

https://github.com/notifications/unsubscribe-auth/AAPgu83fSrSzfopOlDXsDooN1tMboGZaks5u_y8EgaJpZM4Jf2WK
>

.

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-451424992 ๋˜๋Š”
์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
<
https://github.com/notifications/unsubscribe-auth/AAEsU-q-I3fXVAP9JcGgTdJJOzI7b575ks5u_0HIgaJpZM4Jf2WK

.

โ€”
์ด ์Šค๋ ˆ๋“œ์— ๊ฐ€์ž…ํ–ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด ๋ฉ”์‹œ์ง€๋ฅผ ๋ฐ›๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-451426276 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAPguw88UN68sw_TNTunZpuAGqgvexxMks5u_0NxgaJpZM4Jf2WK
.

  1. ๊ทธ๋Ÿฐ ๊ธด ์Šค๋ ˆ๋“œ ํ›„์— ์™„์ „ํ•œ ์˜ˆ์ œ๋กœ ํ˜„์žฌ ๊ธฐ๋Šฅ ์„ธํŠธ๋ฅผ ๋ฌธ์„œํ™”ํ•˜๋ ค๊ณ  ํ–ˆ์Šต๋‹ˆ๋‹ค.
  2. OP์˜ ์š”์ฒญ์— ๊ท€ํ•˜์˜ ํŠน์ • ์š”๊ตฌ ์‚ฌํ•ญ์ด ํ‘œ์‹œ๋˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. @PanJ ๋Š” 2018๋…„ ์ค‘๋ฐ˜๋ถ€ํ„ฐ ํด๋ผ์ด์–ธํŠธ IP๋ฅผ ์žˆ๋„๋ก ์š”์ฒญํ–ˆ์Šต๋‹ˆ๋‹ค. ์ธ๊ทธ๋ ˆ์Šค ๋ผ์šฐํŒ… ๋ฉ”์‹œ๋„ ์‚ฌ์šฉํ•˜๋„๋ก ์š”๊ตฌํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

๋ฒ„๊ทธ๋ผ๊ณ  ๋ถ€๋ฅด๋“  ๊ธฐ๋Šฅ ์š”์ฒญ์ด๋ผ๊ณ  ๋ถ€๋ฅด๋“  ๊ฐ„์— ์†Œ์Šค nat๊ฐ€ ์—†๋Š” ์ธ๊ทธ๋ ˆ์Šค ๋ฉ”์‹œ๋Š” (์ œ ์ƒ๊ฐ์—๋Š”) ํ•„์ˆ˜์ž…๋‹ˆ๋‹ค. ์‹ค์ œ ์†Œ์Šค IP๋ฅผ ๋ณผ ์ˆ˜ ์—†์„ ๋•Œ ์ค‘๋‹จ๋˜๋Š” ์‘์šฉ ํ”„๋กœ๊ทธ๋žจ์ด ๋งŽ์ด ์žˆ์Šต๋‹ˆ๋‹ค. ๋ฌผ๋ก  ์›น ์„œ๋ฒ„์˜ ๊ฒฝ์šฐ ํ˜ธ์ŠคํŠธ ๋…ธ๋“œ๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ํ”„๋ก์‹œ๋ฅผ ๋ฆฌ๋ฒ„์Šคํ•˜๊ณ  ํด๋ผ์ด์–ธํŠธ IP ํ—ค๋”๋ฅผ ์ถ”๊ฐ€ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋Ÿฌ๋‚˜ ์ด๊ฒƒ์€ ์˜ค๋ฒ„ํ—ค๋“œ๋ฅผ ์ถ”๊ฐ€ํ•˜๊ณ  ์›น ๊ธฐ๋ฐ˜์ด ์•„๋‹Œ ์‘์šฉ ํ”„๋กœ๊ทธ๋žจ์— ๋Œ€ํ•œ ์˜ต์…˜์ด ์•„๋‹ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์‹ค์ œ๋กœ ํŒจํ‚ท์˜ ์‹ค์ œ ์†Œ์Šค IP๊ฐ€ ์ •ํ™•ํ•ด์•ผ ํ•˜๋Š” ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์˜ ๊ฒฝ์šฐ ์œ ์ผํ•œ ์˜ต์…˜์€ ์ธ๊ทธ๋ ˆ์Šค ๋ฉ”์‹œ๋ฅผ ์‚ฌ์šฉํ•˜์ง€ ์•Š๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค. ์ด๋Š” ์ฒ˜์Œ์— swarm์„ ์‚ฌ์šฉํ•˜๋Š” ์ด์ ์˜ ์ƒ๋‹น ๋ถ€๋ถ„์„ ์•—์•„๊ฐ‘๋‹ˆ๋‹ค.

์ด ๋ฌธ์ œ๊ฐ€ ์ˆ˜์ •๋˜์—ˆ๋Š”์ง€ ์—ฌ๋ถ€๋ฅผ ์•Œ๋ ค์ฃผ์‹ญ์‹œ์˜ค!
๋Œ€์‹  kuberneties๋ฅผ ์‚ฌ์šฉํ•ด์•ผ ํ•ฉ๋‹ˆ๊นŒ?

๋‚˜๋Š” ๊ฐ™์€ ๋ฌธ์ œ์—์„œ ๋‹ฌ๋ ธ๋‹ค ... ๋‚˜๋Š” ํ˜„์žฌ ์ˆ˜์ • ์‚ฌํ•ญ์„ ์ฐพ์ง€ ๋ชปํ–ˆ์Šต๋‹ˆ๋‹ค.

๋ˆ„๊ตฐ๊ฐ€ ์ด ํ–‰๋™์— ๋Œ€ํ•œ ํ•ด๊ฒฐ์ฑ…์„ ์ฐพ์œผ๋ฉด ์—ฌ๊ธฐ์— ๋ณด๊ณ ํ•˜์‹ญ์‹œ์˜ค.

๊ฐ์‚ฌ ํ•ด์š”!

๊ฐ™์€ ๋ฌธ์ œ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค. ์•„ํŒŒ์น˜ httpd ์„œ๋ฒ„๊ฐ€ ์žˆ๊ณ  ๋‚˜์ค‘์— ์š”์ฒญ์„ ๋ฐ›๋Š” ๊ตญ๊ฐ€์— ๋Œ€ํ•œ ํ†ต๊ณ„๋ฅผ ์ถ”์ถœํ•˜๊ธฐ ์œ„ํ•ด ๋ชจ๋“  ์•ก์„ธ์Šค๋ฅผ ๊ธฐ๋กํ•˜๊ณ  ์‹ถ์Šต๋‹ˆ๋‹ค.

php:apache ๊ฐ€ ํ˜ธ์ŠคํŠธ ํ—ค๋” ํ•„๋“œ๋ฅผ ์˜ฌ๋ฐ”๋ฅด๊ฒŒ ๊ธฐ๋กํ•˜์ง€ ์•Š๋Š” ์ด์œ ๋ฅผ ์•Œ์•„๋‚ด๋ ค๊ณ  ์‹œ๋„ํ•˜๋Š” ๋™์•ˆ ์ด ๋ฌธ์ œ๋ฅผ ์ง์ ‘ ๋ฐœ๊ฒฌํ–ˆ์Šต๋‹ˆ๋‹ค. ๋‚˜๋Š” ์ด๊ฒƒ์ด ๋ช‡ ๋…„์ด ์ง€๋‚œ ํ›„์—๋„ ์•„์ง ์ž‘๋™ํ•˜์ง€ ์•Š๋Š”๋‹ค๋Š” ๊ฒƒ์— ์ถฉ๊ฒฉ์„ ๋ฐ›๊ณ  ์‹ค๋งํ–ˆ์Šต๋‹ˆ๋‹ค. ํ˜ธ์ŠคํŠธ ํ•„๋“œ๊ฐ€ ์‚ฌ์šฉ์ž ์˜์—ญ ํ”„๋ก์‹œ IP๋ฅผ ๊ณ„์† ๊ธฐ๋กํ•  ๋•Œ ์›น ํ˜ธ์ŠคํŒ…์„ ์œ„ํ•ด Swarm ๋ชจ๋“œ๋ฅผ ์–ด๋–ป๊ฒŒ ์‚ฌ์šฉํ•ด์•ผ ํ•ฉ๋‹ˆ๊นŒ? Swarm Mode์—์„œ๋Š” ์ด ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•  ๋ฐฉ๋ฒ•์„ ์ฐพ์ง€ ๋ชปํ–ˆ์Šต๋‹ˆ๋‹ค. Classic Swarm(์ปจํ…Œ์ด๋„ˆ ๊ธฐ๋ฐ˜)๊ณผ Consul๊ณผ ๊ฐ™์€ ๊ฒƒ์„ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋‹ค๊ณ  ์ƒ๊ฐํ•˜์ง€๋งŒ ๊ฑฐ๊พธ๋กœ ๊ฐ€๊ณ  ์žˆ๋‹ค๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค.

๋‚ด ์‹œ๋‚˜๋ฆฌ์˜ค์— ์ ํ•ฉํ•œ ์†”๋ฃจ์…˜์„ ์ฐพ์•˜์Šต๋‹ˆ๋‹ค.

services:
  server:
    image: httpd:2
    deploy:
      mode: global
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
    networks:
      - my_second_service
      - another_great_software

์ด๊ฒƒ์€ ์•„ํŒŒ์น˜๊ฐ€ ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ ๋’ค ๋Œ€์‹  ํ˜ธ์ŠคํŠธ ์ปดํ“จํ„ฐ์—์„œ ์ˆ˜์‹ ํ•˜๋„๋ก ํ•˜๋ฉฐ(์ ์ ˆํ•œ ์›๊ฒฉ IP ์ฃผ์†Œ ์ฝ๊ธฐ), ์—ฌ์ „ํžˆ networks ์˜ต์…˜์„ ํ†ตํ•ด ๋‹ค๋ฅธ ์„œ๋น„์Šค์— ์š”์ฒญ์„ ํ”„๋ก์‹œํ•˜๊ณ  ์ด๋ฅผ ํ†ตํ•ด "๊ณ ๊ฐ€์šฉ์„ฑ"์„ ๋‹ฌ์„ฑํ•ฉ๋‹ˆ๋‹ค. ๋„์ฒ˜์— ๋‹ฌ๋ฆฌ๋‹ค

@rafaelsierra - ์—ฌ๊ธฐ์— ๋‚ด๊ฐ€ ๊ฐ€์ง„ ๋ฌธ์ œ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค. (์ž˜๋ชป๋œ ๊ฒฝ์šฐ ์ˆ˜์ •), ์ด ๊ตฌ์„ฑ์€ ํ•˜๋‚˜์˜ Apache/PHP ์ปจํ…Œ์ด๋„ˆ๊ฐ€ ์‹คํ–‰๋˜๊ณ  ํ˜ธ์ŠคํŠธ ๋…ธ๋“œ์˜ ํฌํŠธ 80์— ๋ฐ”์ธ๋”ฉ๋˜๋„๋ก ํ—ˆ์šฉํ•ฉ๋‹ˆ๋‹ค. ํฌํŠธ 80/443์— ๋ฐ”์ธ๋”ฉ๋œ Nginx ์ปจํ…Œ์ด๋„ˆ๋กœ ์ˆ˜๋งŽ์€ Apache ์ปจํ…Œ์ด๋„ˆ๋ฅผ ์‹คํ–‰ํ•œ ๋‹ค์Œ ๊ฐ€์ƒ ํ˜ธ์ŠคํŠธํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

@SysEngDan ๋„ค, 80/443 ํฌํŠธ์— ํ•˜๋‚˜์˜ ์ปจํ…Œ์ด๋„ˆ๋งŒ ๋ฐ”์ธ๋”ฉํ•  ์ˆ˜ ์žˆ๋Š” ๊ฒƒ์ด ์‚ฌ์‹ค์ด์ง€๋งŒ ์ œ ๊ฒฝ์šฐ์—๋Š” ์ด ํฌํŠธ์— ๋ฐ”์ธ๋”ฉํ•˜๋Š” ์ปจํ…Œ์ด๋„ˆ๊ฐ€ ๋‹ค๋ฅธ ์ปจํ…Œ์ด๋„ˆ์— ๋Œ€ํ•œ ๋ชจ๋“  ์š”์ฒญ์„ ํ”„๋ก์‹œํ•˜๋Š” ์—ญํ• ๋งŒ ํ•˜๊ธฐ ๋•Œ๋ฌธ์— ๋ฌธ์ œ๊ฐ€ ๋˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ ๋’ค์—์„œ ์‹คํ–‰๋˜๋Š”

๋‹จ์ผ nginx/apache ์ปจํ…Œ์ด๋„ˆ๊ฐ€ ๋ชจ๋“  ์š”์ฒญ์„ ์ˆ˜์‹ ํ•˜๊ณ  ๊ฐ€์ƒ ํ˜ธ์ŠคํŠธ๋ฅผ ๊ธฐ๋ฐ˜์œผ๋กœ ์ ์ ˆํ•œ ์ปจํ…Œ์ด๋„ˆ๋กœ ํ”„๋ก์‹œํ•˜๋„๋ก ํ•˜์—ฌ ๋™์ผํ•œ ์†”๋ฃจ์…˜์„ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์œผ๋ฉฐ ํ•ด๋‹น ์ปจํ…Œ์ด๋„ˆ๋Š” ํ˜ธ์ŠคํŠธ์— ๋ฐ”์ธ๋”ฉํ•  ํ•„์š”๊ฐ€ ์—†์Šต๋‹ˆ๋‹ค.

@rafaelsierra - ๊ฐ์‚ฌํ•ฉ๋‹ˆ๋‹ค. ์ด ํ‹ฐ์ผ“์— ์„ค๋ช…๋œ ๋ฌธ์ œ๋ฅผ ์ดํ•ดํ•˜๊ณ  ์žˆ๋Š”์ง€ ์ž˜ ๋ชจ๋ฅด๊ฒ ์Šต๋‹ˆ๋‹ค. ๋งˆ์ง€๋ง‰ ๋‹จ๋ฝ์—์„œ ์–ธ๊ธ‰ํ•œ ๋Œ€๋กœ ์„œ๋น„์Šค๋ฅผ ๊ตฌ์„ฑํ•˜๋Š” ๊ฒฝ์šฐ ๋ฌธ์ œ ๋Š” ํด๋ผ์ด์–ธํŠธ IP๊ฐ€ ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ์—์„œ๋งŒ ์ˆ˜์‹  ๋Œ€๊ธฐํ•˜๋Š” ์ปจํ…Œ์ด๋„ˆ๋กœ ์ „๋‹ฌ๋˜์ง€ ์•Š๋Š”๋‹ค๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค. ํ˜ธ์ŠคํŠธ์— ์ง์ ‘ ๋ฐ”์ธ๋”ฉํ•˜๋ฉด ๋ฌธ์ œ๊ฐ€ ๋˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ์™ธ๋ถ€(ํ˜ธ์ŠคํŠธ)์—์„œ ๋‚ด๋ถ€(์˜ค๋ฒ„๋ ˆ์ด)๋กœ ํ”„๋ก์‹œํ•˜๋Š” ๋„์ปค ๋„คํŠธ์›Œํฌ์— ์˜์กดํ•˜๋Š” ๊ฒฝ์šฐ ๋Œ€์ƒ Apache ์ปจํ…Œ์ด๋„ˆ๋Š” ์›๋ž˜ ํด๋ผ์ด์–ธํŠธ IP ์ฃผ์†Œ๋ฅผ ์ˆ˜์‹ ํ•˜์ง€ ์•Š๊ณ  ๋Œ€์‹  ํ”„๋ก์‹œ์˜ IP(๋„์ปค ๋„คํŠธ์›Œํ‚น์—์„œ)๋ฅผ ์ˆ˜์‹ ํ•ฉ๋‹ˆ๋‹ค.

@SysEngDan ๋‚˜๋Š” ์ด ๋ฌธ์ œ๋ฅผ ์ดํ•ดํ•˜๊ณ  ์žˆ์œผ๋ฉฐ ์ง€๋‚œ 2๋…„ ๋™์•ˆ ํ•ด๊ฒฐ์ฑ…์ด ์—†์—ˆ๊ธฐ ๋•Œ๋ฌธ์—(์†”์งํžˆ ์ด๊ฒƒ์ด "๊ณ ์น  ์ˆ˜ ์žˆ๋Š”์ง€" ํ™•์‹คํ•˜์ง€ ์•Š์Œ) ๋‚ด ํ•„์š”์— ๋งž๋Š” ๋Œ€์ฒด ์†”๋ฃจ์…˜์„ ์ฐพ์•„์•ผ ํ–ˆ์Šต๋‹ˆ๋‹ค(์•ก์„ธ์Šค ์ œํ•œ ์›๊ฒฉ IP ์ฃผ์†Œ๋ฅผ ๊ธฐ๋ฐ˜์œผ๋กœ ํ•จ).

๋‹จ์ผ ์ปจํ…Œ์ด๋„ˆ๊ฐ€ ํ˜ธ์ŠคํŠธ์˜ ํฌํŠธ 80/443์—์„œ ์ˆ˜์‹  ๋Œ€๊ธฐํ•œ ๋‹ค์Œ ๋‹ค๋ฅธ ์ปจํ…Œ์ด๋„ˆ(์ด ๋ฌธ์ œ์˜ ๋ฒ”์œ„๋ฅผ ๋ฒ—์–ด๋‚˜๋ฏ€๋กœ ์–ธ๊ธ‰ํ•˜์ง€ ์•Š์€ ์ ์ ˆํ•œ HTTP ํ—ค๋” ์‚ฌ์šฉ)๋กœ ํ”„๋ก์‹œ ์ฒ˜๋ฆฌํ•˜๋ฉด ๋ฌธ์ œ๊ฐ€ ํ•ด๊ฒฐ๋˜์—ˆ์œผ๋ฉฐ ์ด ์†”๋ฃจ์…˜์„ ๊ณต์œ ํ•˜๊ณ  ์‹ถ์—ˆ์Šต๋‹ˆ๋‹ค. ์›๊ฒฉ IP ์ฃผ์†Œ๋ฅผ ์ „๋‹ฌํ•  ์ˆ˜ ์—†๋Š” ์˜ค๋ฒ„๋ ˆ์ด๋œ ๋„คํŠธ์›Œํฌ๋กœ ์ธํ•ด ์œ ์‚ฌํ•œ ๋ฌธ์ œ์— ์ง๋ฉดํ•˜๋Š” ์‚ฌ๋žŒ๋“ค์„ ์œ„ํ•ด

์˜ค, ๋‹น์‹ ์ด ๊ฑฐ๊ธฐ์—์„œ ๋ฌด์—‡์„ํ–ˆ๋Š”์ง€ ๋ดค์–ด ..... ์ฃ„์†กํ•ฉ๋‹ˆ๋‹ค. ๋†“์ณค์Šต๋‹ˆ๋‹ค. ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ๋ฅผ ์ž˜๋ผ๋‚ด๋Š” ๋Œ€์‹  ์™ธ๋ถ€ ์ปจํ…Œ์ด๋„ˆ๋ฅผ ์„œ๋น„์Šค ๋„คํŠธ์›Œํฌ์— ์ง์ ‘ ์—ฐ๊ฒฐํ–ˆ์Šต๋‹ˆ๋‹ค(๋„คํŠธ์›Œํฌ๋ฅผ ์ง€์ •ํ•˜์ง€ ์•Š๊ณ  ์ƒˆ ์„œ๋น„์Šค๋ฅผ ์‹œ์ž‘ํ•  ๋•Œ ์ž๋™์œผ๋กœ ์ƒ์„ฑ๋จ). ์•Œ๊ฒ ์Šต๋‹ˆ๋‹ค. ํšจ๊ณผ๊ฐ€ ์žˆ๋Š” ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. ์ถ”๊ฐ€๋œ ์˜ค๋ฒ„ํ—ค๋“œ๋Š” ์„œ๋น„์Šค ๋„คํŠธ์›Œํฌ๋ฅผ docker-compose ํŒŒ์ผ์— ์ถ”๊ฐ€ํ•˜๋Š” ์ž‘์—…์ž…๋‹ˆ๋‹ค. ํ˜ธ์ŠคํŠธ ์ปจํ…Œ์ด๋„ˆ๊ฐ€ ์‹œ์ž‘๋˜๊ณ  ํ•ด๋‹น ์„œ๋น„์Šค ์ค‘ ํ•˜๋‚˜๋ฅผ ์‚ฌ์šฉํ•  ์ˆ˜ ์—†์œผ๋ฉด ์–ด๋–ป๊ฒŒ ๋˜๋Š”์ง€ ๊ถ๊ธˆํ•ฉ๋‹ˆ๋‹ค.

์ด ๊ฒฝ์šฐ 502๋ฅผ ์–ป์Šต๋‹ˆ๋‹ค.

๋‹จ์ผ docker-compose.yml์ด ์—†๊ณ  ์˜ค๋ฒ„๋ ˆ์ด๋œ ๋„คํŠธ์›Œํฌ๋ฅผ ํ†ตํ•ด ์„œ๋กœ ํ†ต์‹ ํ•˜๋Š” ์—ฌ๋Ÿฌ ์„œ๋น„์Šค๊ฐ€ ์žˆ๋Š” ์—ฌ๋Ÿฌ ์Šคํƒ์ด ์žˆ์œผ๋ฉฐ ํ˜ธ์ŠคํŠธ ์„œ๋ฒ„์— ๋ฐ”์ธ๋”ฉ๋˜์ง€๋งŒ ์—ฌ์ „ํžˆ ์•ก์„ธ์Šคํ•  ์ˆ˜ ์žˆ๋Š” ๊ณต๊ฐœ ์„œ๋น„์Šค๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค. ๋ชจ๋“  ์š”์ฒญ์„ ํ”„๋ก์‹œํ•  ์ˆ˜ ์žˆ๋„๋ก ๋‹ค๋ฅธ ๋ชจ๋“  ์˜ค๋ฒ„๋ ˆ์ด๋œ ๋„คํŠธ์›Œํฌ.

ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์€ ์ด ๋ฌธ์ œ์— ๋Œ€ํ•ด ์ด๋ฏธ ์—ฌ๋Ÿฌ ๋ฒˆ ๋…ผ์˜๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ์ผ๋ถ€ ์ œํ•œ๋œ ์‹œ๋‚˜๋ฆฌ์˜ค(์˜ˆ: ํŠน์ • ์—ญ๋ฐฉํ–ฅ ํ”„๋ก์‹œ ์›น ํŠธ๋ž˜ํ”ฝ ์„ค์ •)์—์„œ๋Š” ๊ดœ์ฐฎ์„ ์ˆ˜ ์žˆ์ง€๋งŒ ์ด ๋ฌธ์ œ์— ๋Œ€ํ•œ ์ผ๋ฐ˜์ ์ธ ์†”๋ฃจ์…˜์€ ์•„๋‹™๋‹ˆ๋‹ค. ๊ฐ™์€ "ํ•ด๊ฒฐ์ฑ…"์„ ๋‹ค์‹œ ํ•ด์‹ฑํ•˜์ง€ ๋ง๊ณ  ์ด์ „ ๊ฒŒ์‹œ๋ฌผ์„ ์ฝ์œผ์‹ญ์‹œ์˜ค.

@darrellenns ์—ฌ๊ธฐ์— 200๊ฐœ๊ฐ€ ๋„˜๋Š” ๋Œ“๊ธ€์ด ์žˆ์Šต๋‹ˆ๋‹ค. ๊ธฐ๋ณธ "ํ•ด๋‹น๋˜๋Š” ๊ฒฝ์šฐ ํ˜ธ์ŠคํŠธ ๋ฐ”์ธ๋”ฉ์„ ์‚ฌ์šฉํ•˜์„ธ์š”"๋ผ๋Š” ๊ธฐ๋ณธ ์†”๋ฃจ์…˜์„ ์ œ๊ณตํ•˜๋Š” ์ด ๋ฌธ์ œ๋ฅผ ์ž ๊ทธ๊ณ  ์ •๋ฆฌํ•˜๋Š” ๊ฒƒ์ด ๋” ๋‚˜์„ ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๊ณต์‹ ์†”๋ฃจ์…˜์ด ์ œ๊ณต๋˜์ง€ ์•Š์œผ๋ฉด ์ €์™€ ๊ฐ™์€ ์‚ฌ๋žŒ๋“ค์ด ๊ทธ๋ฆฌ์›Œํ•  ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๊ทธ๋ฆฌ๊ณ  ๊ณ„์† ๊ฐ™์€ ๋‚ด์šฉ์„ ๊ณ„์†ํ•ด์„œ ๋Œ“๊ธ€์„ ๋‹ฌ๊ณ 

๋”ฐ๋ผ์„œ ์ด ๋ฒ„๊ทธ๊ฐ€ IP๋ฅผ ํ™”์ดํŠธ๋ฆฌ์ŠคํŠธ์— ์ถ”๊ฐ€ํ•˜๋Š” traefiks ๊ธฐ๋Šฅ์— ์˜ํ–ฅ์„ ๋ฏธ์นœ๋‹ค๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค. ๊ทธ ๋งž์Šต๋‹ˆ๊นŒ?

์–ด์จŒ๋“  Swarm ๋ชจ๋“œ๋ฅผ ์‹คํ–‰ํ•˜๋ ค๋Š” ์‚ฌ๋žŒ์„ ์œ„ํ•ด ์ด๊ฒƒ์€ ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ํฌํŠธ๋ฅผ ๊ฒŒ์‹œํ•˜๋Š” ์˜ˆ์ž…๋‹ˆ๋‹ค.

docker service create \
--name traefik \
--constraint=node.role==manager \
--publish mode=host,target=80,published=80 \
--publish mode=host,target=443,published=443 \
--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
--mount type=bind,source=/home/$USER/dev-ops/logs,target=/dev-ops/logs \
--mount type=bind,source=/opt/data/traefik/traefik.toml,target=/traefik.toml \
--mount type=bind,source=/opt/data/traefik/acme.json,target=/acme.json \
--network traefik \
--label traefik.frontend.rule=Host:traefik.example.com \
--label traefik.port=8080 \
traefik \
--docker \
--docker.swarmMode \
--docker.watch \
--docker.exposedByDefault

@coltenkrauter ์ •ํ™•ํžˆ ์–ด๋–ค ์˜ํ–ฅ์„ ๋ฏธ์น˜๋Š”์ง€ ๋ชจ๋ฅด๊ฒ ์ง€๋งŒ ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ์—์„œ๋Š” traefik ์„œ๋น„์Šค์˜ ๋ณต์ œ๋ณธ์„ ํ•˜๋‚˜๋งŒ ์‹คํ–‰ํ•  ์ˆ˜ ์žˆ์œผ๋ฉฐ ์ €๋งŒ ๊ทธ๋Ÿฐ ๊ฒƒ ๊ฐ™์ง€๋Š” ์•Š์Šต๋‹ˆ๋‹ค. ์ด๋ ‡๊ฒŒ ํ•˜๋ฉด ์„œ๋น„์Šค์— ๋Œ€ํ•œ ์Šค์›œ ๋ชจ๋“œ ๊ธฐ๋Šฅ์„ ์ค‘๊ณ„ํ•˜์ง€ ์•Š๊ณ  traefik ์•ˆ์ •์„ฑ์„ ์™„์ „ํžˆ ์‹ ๋ขฐํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

๋˜ํ•œ ์ฒ˜์Œ ๋ณด๊ณ ๋œ ๋Œ€๋กœ traefik์˜ ํŠน๋ณ„ํ•œ ์š”๊ตฌ ์‚ฌํ•ญ๊ณผ๋Š” ๊ด€๋ จ์ด ์—†์œผ๋ฉฐ ์›๋ž˜ ip๋ฅผ ์ˆ˜์‹ ํ•˜์ง€ ์•Š๋Š” ์ผ๋ฐ˜ http ์„œ๋น„์Šค๋กœ ํ…Œ์ŠคํŠธ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ์ฆ‰, docker swarm ๋ชจ๋“œ๊ฐ€ ์†์ƒ๋˜์—ˆ์Œ์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค(์ด ์ค‘์š”ํ•œ ๊ธฐ๋Šฅ์ด ๋ˆ„๋ฝ๋จ). ์•„๋ฌด๋„ ์‹ ๊ฒฝ์“ฐ์ง€ ์•Š๋Š” ๊ฒƒ์ฒ˜๋Ÿผ ๋ณด์ž…๋‹ˆ๋‹ค.

์†Œ์Œ์ด ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜๋ ค๋Š” ์‚ฌ๋žŒ์„ ๋ฐฉํ•ดํ•˜๊ธฐ๋ฅผ ๋ฐ”๋ผ๊ธฐ ๋•Œ๋ฌธ์— ์ด ํ•ญ๋ชฉ์— ๋Œ€ํ•ด ๊ณ„์† ์–ธ๊ธ‰ํ•˜๊ณ  ์‹ถ์Šต๋‹ˆ๋‹ค.

ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ์—์„œ๋Š” traefik ์„œ๋น„์Šค์˜ ๋ณต์ œ๋ณธ์„ ํ•˜๋‚˜๋งŒ ์‹คํ–‰ํ•  ์ˆ˜ ์žˆ์œผ๋ฉฐ, ์ €๋งŒ ๊ทธ๋Ÿฐ ๊ฒƒ ๊ฐ™์ง€๋Š” ์•Š์Šต๋‹ˆ๋‹ค. ์ด๋ ‡๊ฒŒ ํ•˜๋ฉด ์„œ๋น„์Šค์— ๋Œ€ํ•œ ์Šค์›œ ๋ชจ๋“œ ๊ธฐ๋Šฅ์„ ์ค‘๊ณ„ํ•˜์ง€ ์•Š๊ณ  traefik ์•ˆ์ •์„ฑ์„ ์™„์ „ํžˆ ์‹ ๋ขฐํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

ํ˜ธ์ŠคํŠธ๋‹น ํ•˜๋‚˜์˜ ์ธ์Šคํ„ด์Šค๋ฅผ ์‹คํ–‰ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ์—์„œ๋Š” traefik ์„œ๋น„์Šค์˜ ๋ณต์ œ๋ณธ์„ ํ•˜๋‚˜๋งŒ ์‹คํ–‰ํ•  ์ˆ˜ ์žˆ์œผ๋ฉฐ, ์ €๋งŒ ๊ทธ๋Ÿฐ ๊ฒƒ ๊ฐ™์ง€๋Š” ์•Š์Šต๋‹ˆ๋‹ค. ์ด๋ ‡๊ฒŒ ํ•˜๋ฉด ์„œ๋น„์Šค์— ๋Œ€ํ•œ ์Šค์›œ ๋ชจ๋“œ ๊ธฐ๋Šฅ์„ ์ค‘๊ณ„ํ•˜์ง€ ์•Š๊ณ  traefik ์•ˆ์ •์„ฑ์„ ์™„์ „ํžˆ ์‹ ๋ขฐํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

ํ˜ธ์ŠคํŠธ๋‹น ํ•˜๋‚˜์˜ ์ธ์Šคํ„ด์Šค๋ฅผ ์‹คํ–‰ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

ya, ํ•˜์ง€๋งŒ traefik์€ ๊ด€๋ฆฌ์ž ๋…ธ๋“œ์—์„œ ๊ฐ•์ œ๋กœ ์ž‘๋™ํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ์ œ๋Œ€๋กœ ์ž‘๋™ํ•˜๋ ค๋ฉด ์ด๊ฒƒ์ด ํ•„์š”ํ•˜๊ธฐ ๋•Œ๋ฌธ์ž…๋‹ˆ๋‹ค. ๋”ฐ๋ผ์„œ ํ•˜๋‚˜์˜ ๊ด€๋ฆฌ์ž ๋…ธ๋“œ, ํ•˜๋‚˜์˜ ํ˜ธ์ŠคํŠธ, ํ•˜๋‚˜์˜ ์ธ์Šคํ„ด์Šค

traefik์€
๋„์ปค ์†Œ์ผ“ ํ”„๋ก์‹œ, ์›๊ฒฉ ์†Œ์ผ“ ๋˜๋Š” traefik ์—”ํ„ฐํ”„๋ผ์ด์ฆˆ. ์—ฌ๊ธฐ์žˆ๋‹ค
์ด๋ฅผ ์ˆ˜ํ–‰ํ•˜๋Š” ๋ฐฉ๋ฒ•์— ๋Œ€ํ•œ ์˜ˆ์ œ ์Šคํƒ ํŒŒ์ผ:
https://github.com/BretFisher/dogvscat/blob/master/stack-proxy-global.yml

2019๋…„ 3์›” 16์ผ ํ† ์š”์ผ ์˜คํ›„ 5:25 Daniele Cruciani [email protected]
์ผ๋‹ค:

ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ์—์„œ๋Š” traefik ์„œ๋น„์Šค์˜ ๋ณต์ œ๋ณธ์„ ํ•˜๋‚˜๋งŒ ์‹คํ–‰ํ•  ์ˆ˜ ์žˆ์œผ๋ฉฐ ์‹คํ–‰ํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.
์ €๋ฟ์ด๋ผ๊ณ  ์ƒ๊ฐํ•˜์„ธ์š”. ์ด๋ ‡๊ฒŒํ•˜๋ฉด traefik ์•ˆ์ •์„ฑ์„ ์™„์ „ํžˆ ์‹ ๋ขฐํ•ด์•ผํ•ฉ๋‹ˆ๋‹ค.
์„œ๋น„์Šค์— ๋Œ€ํ•œ ์Šค์›œ ๋ชจ๋“œ ๊ธฐ๋Šฅ์„ ์ค‘๊ณ„ํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

ํ˜ธ์ŠคํŠธ๋‹น ํ•˜๋‚˜์˜ ์ธ์Šคํ„ด์Šค๋ฅผ ์‹คํ–‰ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

ya, ํ•˜์ง€๋งŒ traefik์€ ๊ด€๋ฆฌ์ž ๋…ธ๋“œ์—์„œ ๊ฐ•์ œ๋กœ ์ž‘์—…ํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ์ด ์ž‘์—…์ด ํ•„์š”ํ•˜๊ธฐ ๋•Œ๋ฌธ์ž…๋‹ˆ๋‹ค.
์ œ๋Œ€๋กœ ์ž‘๋™ํ•ฉ๋‹ˆ๋‹ค. ๋”ฐ๋ผ์„œ ํ•˜๋‚˜์˜ ๊ด€๋ฆฌ์ž ๋…ธ๋“œ, ํ•˜๋‚˜์˜ ํ˜ธ์ŠคํŠธ, ํ•˜๋‚˜์˜ ์ธ์Šคํ„ด์Šค

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-473593956 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAwW31DHIwEJE1EqN3-8qj44WopocuQTks5vXWE_gaJpZM4Jf2WK
.

ํฅ๋ฏธ๋กญ๊ฒŒ๋„ ์ด ๊ธฐ๋Šฅ์€ kubernetes์—์„œ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์ง€๋งŒ docker swarm ๋ชจ๋“œ์—์„œ๋Š” ์‚ฌ์šฉํ•  ์ˆ˜ ์—†์œผ๋ฉฐ traefik์˜ ์—ฌ๋Ÿฌ ์ธ์Šคํ„ด์Šค๋ฅผ ์‹คํ–‰ํ•  ์ˆ˜ ์žˆ๋Š” ์˜ต์…˜์ด ์žˆ๋‹ค๊ณ  ์ฃผ์žฅํ•˜์ง€๋งŒ ์—ฌ๋Ÿฌ ๋…ธ๋“œ์—์„œ ์—ฌ๋Ÿฌ ์ธ์Šคํ„ด์Šค๋ฅผ ์‹คํ–‰ํ•˜๋ ค๋Š” ๊ฒฝ์šฐ ๋‹จ์ผ ๋…ธ๋“œ๋Š” ์ง€์›ํ•˜์ง€ ์•Š๊ธฐ ๋•Œ๋ฌธ์— ๋ถˆ๊ฐ€๋Šฅํ•ฉ๋‹ˆ๋‹ค.
๋˜ํ•œ ์š”์ฒญ์„ ํ”„๋ก์‹œํ•˜์ง€ ์•Š๋Š” ๋‹ค๋ฅธ ์„œ๋น„์Šค๋Š” ๋ชจ๋“  ํ˜ธ์ŠคํŠธ๋ฅผ ๋งคํ•‘ํ•ด์•ผ ํ•˜๋Š” ํŠน๋ณ„ํ•œ ์ข…๋ฅ˜์˜ ๊ตฌ์„ฑ์ด ํ•„์š”ํ•˜๊ณ  ์–ด์จŒ๋“  ์ธ์Šคํ„ด์Šค๋‹น ์ ์–ด๋„ ํ•˜๋‚˜์˜ ๋‹ค์ค‘ ๋…ธ๋“œ๊ฐ€ ํ•„์š”ํ•˜๊ธฐ ๋•Œ๋ฌธ์— ํฌํŠธ๋ฅผ ๋งคํ•‘ํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค. .

๋“ฑ๋“ฑ. ์ด ํ† ๋ก ์„ ์œ„๋กœ ์Šคํฌ๋กคํ•˜๊ณ  ๊ทธ๊ฒƒ์— ๋Œ€ํ•ด ๋‹ค๋ฅธ ๊ฒƒ์„ ์ฐพ์„ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์œ ์ง€ํ•˜๊ธฐ ์–ด๋ ต๊ณ  ๋”ฐ๋ฅด๊ธฐ ์–ด๋ ค์šด ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด ๋‚จ์•„ ์žˆ๊ธฐ ๋•Œ๋ฌธ์— ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์„ ์ƒ์„ฑํ•˜๋Š” ๊ฒƒ์ด ์–ผ๋งˆ๋‚˜ ์ข‹์€์ง€ ๋ณด์—ฌ์ฃผ๋Š” ๊ฒƒ์œผ๋กœ ์ถ•์†Œ๋  ์ˆ˜ ์žˆ๋‹ค๊ณ  ์ƒ๊ฐํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ๊ทธ๋ฆฌ๊ณ  ํŠน๋ณ„ํ•œ ๊ฒฝ์šฐ์˜ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์„ ์œ ์ง€ํ•˜๋Š” ๋ฐ ์†Œ์š”๋˜๋Š” ๋ชจ๋“  ์‹œ๊ฐ„์€ ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜๋Š” ๋ฐ ๋” ์ž˜ ์‚ฌ์šฉ๋ฉ๋‹ˆ๋‹ค.

๋ฐ˜๋ฉด์— ์ด๋Ÿฐ ์ข…๋ฅ˜์˜ ๊ธฐ๋Šฅ์ด docker swarm ๋ชจ๋ธ์˜ ๋ณด์•ˆ ๋ฌธ์ œ๋ผ๋ฉด ๊ทธ๋ƒฅ wontfix๋กœ ํ‘œ์‹œํ•˜๊ณ  kubernetes๋กœ ์ „ํ™˜ํ•  ๊ณ„ํš์ด๋ฉฐ, ๊ทธ๋ ‡๋‹ค๋ฉด ํ”„๋กœ์ ํŠธ ๊ฐ„์— ์ถฉ๋Œ์ด ์—†์„ ๊ฒƒ์ด๋ผ๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๊ฒƒ์€ ๊ฒฐ์ฝ” ์ผ์–ด๋‚˜์ง€ ์•Š์„ ๊ฒƒ์ด๋ผ๊ณ  ๋ช…์‹œ ์ ์œผ๋กœ ๋งํ•˜๋Š” ๊ฒƒ์ด๋ฏ€๋กœ ๋ชจ๋“  ์ข…๋ฅ˜์˜ ๋…ธ๋“œ ๋–ผ์— ๋Œ€ํ•ด ๋„์ปค ๋–ผ ๋ชจ๋“œ๋ฅผ ์„ ํƒํ•˜๊ธฐ ์ „์— ๊ฐ€๋Šฅํ•˜๋ฉด ๋ชจ๋“  ์‚ฌ๋žŒ์ด ์กฐ์น˜๋ฅผ ์ทจํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

kubernetes์—๋Š” Swarm์— ์—†๋Š” ๋งŽ์€ ๊ธฐ๋Šฅ์ด ์žˆ์œผ๋ฉฐ ๊ทธ ๋ฐ˜๋Œ€์˜ ๊ฒฝ์šฐ๋„ ๋งˆ์ฐฌ๊ฐ€์ง€์ž…๋‹ˆ๋‹ค. ์šฐ๋ฆฌ ๋ชจ๋‘๋Š” ๊ธฐ๋Šฅ์„ ํฌํ•จํ•œ ๋งŽ์€ ์š”์†Œ๋ฅผ ๊ธฐ๋ฐ˜์œผ๋กœ ํŠน์ • ์†”๋ฃจ์…˜์— ์‚ฌ์šฉํ•  ์˜ค์ผ€์ŠคํŠธ๋ ˆ์ดํ„ฐ๋ฅผ ๊ฒฐ์ •ํ•ฉ๋‹ˆ๋‹ค. ๋ชจ๋“  ๋ฌธ์ œ/์š”๊ตฌ๋ฅผ ํ•ด๊ฒฐํ•˜๋Š” ๋„๊ตฌ๋Š” ์—†์Šต๋‹ˆ๋‹ค.

์ €๋Š” ๋„์›€์„ ์ฃผ๋ ค๋Š” ์ปค๋ฎค๋‹ˆํ‹ฐ ํšŒ์›์ผ ๋ฟ์ž…๋‹ˆ๋‹ค. ์ด ๋ฌธ์ œ์— ๋Œ€ํ•œ ํ˜„์žฌ ์†”๋ฃจ์…˜์ด ๋งˆ์Œ์— ๋“ค์ง€ ์•Š์œผ๋ฉด kubernetes์™€ ๊ฐ™์€ ๋‹ค๋ฅธ ๋ฐฉ๋ฒ•์œผ๋กœ ํ•ด๊ฒฐํ•ด์•ผ ํ•  ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. ์ฟ ๋ฒ„๋„คํ‹ฐ์Šค์˜ ๋ฌธ์ œ ํ•ด๊ฒฐ ๋ฐฉ์‹์ด ๋‹น์‹ ์˜ ์ทจํ–ฅ์— ๋” ๋งž๋‹ค๊ณ  ์ƒ๊ฐํ•œ๋‹ค๋ฉด ์ด๊ฒƒ์ด ๋‹ค๋ฅธ ์˜ค์ผ€์ŠคํŠธ๋ ˆ์ดํ„ฐ๋ณด๋‹ค ํ•˜๋‚˜์˜ ์˜ค์ผ€์ŠคํŠธ๋ ˆ์ดํ„ฐ๋ฅผ ์„ ํƒํ•˜๋Š” ํ•ฉ๋ฆฌ์ ์ธ ์ด์œ ์ž…๋‹ˆ๋‹ค.

์—ญ์‚ฌ์ ์œผ๋กœ moby์™€ swarm ๊ด€๋ฆฌ์ž๋Š” ๋‚ด์ผ ์ปค๋ฎค๋‹ˆํ‹ฐ์˜ ๋ˆ„๊ตฐ๊ฐ€๊ฐ€ ์ด ๋ฌธ์ œ์— ๋Œ€ํ•œ ์†”๋ฃจ์…˜์œผ๋กœ PR์„ ์ค‘๋‹จํ•  ์ˆ˜ ์žˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๋Ÿฌํ•œ ๋ฌธ์ œ๋ฅผ wontfix๋กœ ์ข…๋ฃŒํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ๋˜ํ•œ ๊ทธ๋•Œ๊นŒ์ง€ ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜๋Š” ๋ฐฉ๋ฒ•์„ ๋…ผ์˜ํ•˜๋Š” ๊ฒƒ์ด ์ด ๋ฌธ์ œ ์Šค๋ ˆ๋“œ์˜ ์œ ํšจํ•œ ์‚ฌ์šฉ์ด๋ผ๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค. :)

Swarm ์œ ์ง€ ๊ด€๋ฆฌ์ž๋Š” ์•„๋‹ˆ์ง€๋งŒ ์—ญ์‚ฌ์ ์œผ๋กœ ํŒ€์€ ํ˜„์žฌ ์ €์žฅ์†Œ์—์„œ ์ปค๋ฐ‹์„ ๋ฐ›๋Š” ๊ฒƒ์„ ๋ณผ ์ˆ˜ ์žˆ๋Š” PR ์ด์ƒ์˜ ๋ฏธ๋ž˜ ๊ธฐ๋Šฅ ๊ณ„ํš์„ ๊ณต๊ฐœํ•˜์ง€ ์•Š๋Š”๋‹ค๊ณ  ๋งํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

๋ฌผ๋ก  ๊ท€ํ•˜์˜ ์˜๊ฒฌ์„ ํ™˜์˜ํ•œ๋‹ค๊ณ  ๋งํ•˜๋Š” ๊ฒƒ์„ ์žŠ์—ˆ์Šต๋‹ˆ๋‹ค(๋˜๋Š” ์ œ๊ฐ€ ๋ชจํ˜ธํ•œ ๋ฐฉ์‹์œผ๋กœ ๋งํ–ˆ์Šต๋‹ˆ๋‹ค, ์ฃ„์†กํ•ฉ๋‹ˆ๋‹ค). ํ•˜์ง€๋งŒ ์›๋ž˜ @PanJ ๋ณด๊ณ ์„œ๋ฅผ ๊ฐ•ํ™”ํ•˜๊ณ  ์‹ถ์Šต๋‹ˆ๋‹ค.

๊ทธ ๋™์•ˆ Swarm ๋ชจ๋“œ ์™ธ๋ถ€์—์„œ ํ”„๋ก์‹œ ์ปจํ…Œ์ด๋„ˆ๋ฅผ ์‹คํ–‰ํ•˜๋Š” ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์„ ์ˆ˜ํ–‰ํ•˜๊ณ  Swarm ๋ชจ๋“œ์—์„œ ๊ฒŒ์‹œ๋œ ํฌํŠธ๋กœ ์ „๋‹ฌํ•ด์•ผ ํ•œ๋‹ค๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค(SSL ์ข…๋ฃŒ๋„ ์ด ์ปจํ…Œ์ด๋„ˆ์—์„œ ์ˆ˜ํ–‰๋˜์–ด์•ผ ํ•จ). ์ด๋Š” Swarm์˜ ๋ชฉ์ ์„ ๊นจ๋œจ๋ฆฝ๋‹ˆ๋‹ค. ์ž๊ฐ€ ์น˜์œ  ๋ฐ ์˜ค์ผ€์ŠคํŠธ๋ ˆ์ด์…˜์„ ์œ„ํ•œ ๋ชจ๋“œ์ž…๋‹ˆ๋‹ค.

๋ฌผ๋ก  ์ด ํŠน์ • ์ฃผ์ œ์— ๋Œ€ํ•ด์„œ๋งŒ "๊ตฐ์ง‘ ๋ชจ๋“œ์˜ ๋ชฉ์ ์„ ๊นจ๋Š” ๊ฒƒ"์€ ๋” ๋งŽ์€ ๊ด€์‹ฌ์„ ๊ฐ€์งˆ ๊ฐ€์น˜๊ฐ€ ์ถฉ๋ถ„ํ•ฉ๋‹ˆ๋‹ค.

ํŒ€์—์„œ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์„ ์ถ”๊ฐ€ํ•˜๋Š” PR์„ ๊ตฌ์ถ•ํ•˜๋„๋ก ํ•˜๋ ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค.
์ธ๊ทธ๋ ˆ์Šค ๋„คํŠธ์›Œํฌ. ์šฐ๋ฆฌ๋Š” Golang ํ”„๋กœ๊ทธ๋ž˜๋จธ๊ฐ€ ์•„๋‹ˆ๋ฏ€๋กœ ์•ฝ๊ฐ„ ์ฐพ์Šต๋‹ˆ๋‹ค.
๊ตํ™œํ•œ.

ํ•˜์ง€๋งŒ ์ €๋Š” Docker ํŒ€์ด
(์ƒํƒœ๊ณ„ ์ „๋ฐ˜์— ๊ฑธ์ณ) ํ˜ธํ™˜ ๊ฐ€๋Šฅํ•œ ์†”๋ฃจ์…˜์€ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์„ ๊ณ„์ธตํ™”ํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ธ๊ทธ๋ ˆ์Šค ๋„คํŠธ์›Œํฌ๋ฅผ ์ง€์›ํ•ฉ๋‹ˆ๋‹ค.

๋ณต์žก์„ฑ์€ ์ธ๊ทธ๋ ˆ์Šค ๋„คํŠธ์›Œํฌ๊ฐ€
์ž์ฒด ํ—ค๋”๋ฅผ ์‚ฝ์ž…ํ•˜์ง€๋งŒ ๋‹ค์Œ์ด ์žˆ์„ ์ˆ˜ ์žˆ๋‹ค๋Š” ์‚ฌ์‹ค์„ ์ง€์›ํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.
์ด๋ฏธ ์‚ฝ์ž…๋œ ์—…์ŠคํŠธ๋ฆผ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ ํ—ค๋”(์˜ˆ: Google LB ๋˜๋Š”
AWS ELB) .

2019๋…„ 3์›” 17์ผ ์ผ์š”์ผ, 12:17 Daniele Cruciani, [email protected]
์ผ๋‹ค:

๋ฌผ๋ก  ๊ท€ํ•˜์˜ ์˜๊ฒฌ์„ ํ™˜์˜ํ•œ๋‹ค๊ณ  ๋งํ•˜๋Š” ๊ฒƒ์„ ์žŠ์—ˆ์Šต๋‹ˆ๋‹ค.
๋ชจํ˜ธํ•œ ๋ฐฉ๋ฒ•, ์ฃ„์†กํ•ฉ๋‹ˆ๋‹ค). ํ•˜์ง€๋งŒ ๋‚˜๋Š” ์›๋ž˜ @PanJ๋ฅผ ๊ฐ•ํ™”ํ•˜๋Š” ๊ฒƒ์„ ์ข‹์•„ํ•ฉ๋‹ˆ๋‹ค.
https://github.com/PanJ ๋ณด๊ณ ์„œ:

๊ทธ๋™์•ˆ ์‹คํ–‰ ์ค‘์ธ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์„ ์ˆ˜ํ–‰ํ•ด์•ผ ํ•œ๋‹ค๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค.
์Šค์›œ ๋ชจ๋“œ ์™ธ๋ถ€์˜ ํ”„๋ก์‹œ ์ปจํ…Œ์ด๋„ˆ๋ฅผ ๊ฒŒ์‹œํ•˜๊ณ  ๊ฒŒ์‹œ๋œ ํฌํŠธ๋กœ ์ „๋‹ฌํ•˜๋„๋ก ํ•ฉ๋‹ˆ๋‹ค.
Swarm ๋ชจ๋“œ์—์„œ(SSL ์ข…๋ฃŒ๋Š” ์ด ์ปจํ…Œ์ด๋„ˆ์—์„œ๋„ ์ˆ˜ํ–‰๋˜์–ด์•ผ ํ•จ)
์ž๊ฐ€ ์น˜์œ  ๋ฐ ์˜ค์ผ€์ŠคํŠธ๋ ˆ์ด์…˜์„ ์œ„ํ•œ ์Šค์›œ ๋ชจ๋“œ์˜ ๋ชฉ์ ์„ ๊นจ๋œจ๋ฆฝ๋‹ˆ๋‹ค.

๋‚˜๋Š” ์ด๊ฒƒ์ด "๊ตฐ์ง‘ ๋ชจ๋“œ์˜ ๋ชฉ์ ์„ ๊นจ๋œจ๋ฆฐ๋‹ค"๋Š” ๊ฒƒ์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค. ๋ฌผ๋ก  ์ด๊ฒƒ์— ๋Œ€ํ•ด์„œ๋งŒ
ํŠน์ • ์ฃผ์ œ๋Š” ๋” ๋งŽ์€ ๊ด€์‹ฌ์„ ๋ฐ›์„ ๊ฐ€์น˜๊ฐ€ ์ถฉ๋ถ„ํ•ฉ๋‹ˆ๋‹ค.

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-473621667 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAEsUwNWJsGKlLejcNzS2pR0awBB4OVlks5vXeTugaJpZM4Jf2WK
.

https://stackoverflow.com/questions/50585616/kubernetes-metallb-traefik-how-to-get-real-client-ip
๊ณ„์ธตํ™”๋˜๊ณ  ์™„์ „ํ•˜๊ณ  ๊ตฌ์„ฑ ๊ฐ€๋Šฅํ•œ k8์— ๋Œ€ํ•œ ์š”์ฒญ

docker swarm์ด ์žˆ๋Š” digitalocean์—์„œ nginx๋ฅผ ์‹คํ–‰ํ•˜๊ณ  nginx ๋กœ๊ทธ ๋‚ด์—์„œ 10.255.0.2 ๋Œ€์‹  ์‹ค์ œ $remote_addr ๋ฅผ ์–ป์œผ๋ ค๋Š” ์‚ฌ๋žŒ์„ ์œ„ํ•ด; @coltenkrauter์˜ ์†”๋ฃจ์…˜์„ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์บ์น˜ ๋‹น์‹ ์€ ๋Œ€๋ถ€๋ถ„์˜ ์‚ฌ๋žŒ๋“ค์—๊ฒŒ ํ™•์ธ์„ํ•ด์•ผ์ด ์†”๋ฃจ์…˜๊ณผ ํ•จ๊ป˜ ํ˜ธ์ŠคํŠธ์—์„œ ํ•˜๋‚˜ ๊ฐœ์˜ nginx ์ปจํ…Œ์ด๋„ˆ๋ฅผ ์‹คํ–‰ํ•  ์ˆ˜ ์žˆ๋‹ค๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.

docker-compose.yml ํŒŒ์ผ์„ ๋ณ€๊ฒฝํ•˜๊ธฐ

์ž˜๋ชป๋œ

services:
  nginx:
    ports:
      - "80:80"
      - "443:443"

์˜ณ์€

services:
  nginx:
    ports:
      - target: 80
        published: 80
        mode: host
      - target: 443
        published: 443
        mode: host

_Edit : ์ง€๊ธˆ ์šฐ๋ฆฌ๋Š”ํ•˜๊ณ  ๋ณด์žฅ ๊ถŒ๋ฆฌ answer_๋ฅผ ์–ป์„ ์ˆ˜

์ธ๊ทธ๋ ˆ์Šค( mode: host )๋ฅผ ์‚ฌ์šฉ ํ•˜์ง€ ์•Š๋Š” ๊ฒƒ์€ ๋ฌธ์ œ๊ฐ€ ์ธ๊ทธ๋ ˆ์Šค ๋„คํŠธ์›Œํ‚น์— ๋ฌธ์ œ๊ฐ€ ๋ฐœ์ƒํ•œ๋‹ค๊ณ  ๋ช…์‹œ๋˜์–ด ์žˆ๋Š” ๊ฒฝ์šฐ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด
์•„๋ฌด๋„ ์—ญ ํ”„๋ก์‹œ๋กœ ๋‹จ์ผ ํ˜ธ์ŠคํŠธ๋ฅผ ์‚ฌ์šฉํ•˜์ง€ ์•Š์„ ๊ฒƒ์ž…๋‹ˆ๋‹ค. ์œ ๋™ IP๊ฐ€ ์žˆ๋Š” ์—ฌ๋Ÿฌ ํ˜ธ์ŠคํŠธ๊ฐ€ ํ•„์š”ํ•˜๋ฉฐ ์ด ์„ค์ •์„ ๋‹ฌ์„ฑํ•˜๋ ค๋ฉด ์Šค์›œ ๋ฉ”์‹œ๊ฐ€ ํ•„์ˆ˜์ž…๋‹ˆ๋‹ค.

์•„๋งˆ๋„ ๋ถˆ๊ฐ€๋Šฅํ•  ์ˆ˜๋„ ์žˆ์ง€๋งŒ INGRESS ์ฒด์ธ์˜ ํŠน์ • ๋‹จ๊ณ„์—์„œ MASQUERADE ๋ฅผ ์ˆ˜ํ–‰ํ•˜๋„๋ก iptables ๊ทœ์น™์„ ์ˆ˜์ •ํ•˜๋ฉด ์‹ค์ œ ์†Œ์Šค IP๋ฅผ ๋ณด์กดํ•  ์ˆ˜ ์žˆ๋Š” ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด ๋  ๊ฒƒ์ด๋ผ๊ณ  ์ƒ๊ฐํ–ˆ์Šต๋‹ˆ๋‹ค. iptables/netfilter ์ „๋ฌธ๊ฐ€๊ฐ€ ์ฃผ๋ณ€์— ์žˆ์ง€ ์•Š์Šต๋‹ˆ๊นŒ?

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-INGRESS  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (2 references)
target     prot opt source               destination         

Chain DOCKER-INGRESS (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

๋Œ€์•ˆ์œผ๋กœ swarm์€ ์›๋ž˜ ์†Œ์Šค IP๋ฅผ ๊ฐ€์ ธ ์™€์„œ X-Forwarded-For ํ—ค๋”๋ฅผ ๋งŒ๋“ค ์ˆ˜ ์—†์Šต๋‹ˆ๊นŒ?

์•„๋ฌด๋„ ์—ญ ํ”„๋ก์‹œ๋กœ ๋‹จ์ผ ํ˜ธ์ŠคํŠธ๋ฅผ ์‚ฌ์šฉํ•˜์ง€ ์•Š์„ ๊ฒƒ์ž…๋‹ˆ๋‹ค. ์œ ๋™ IP๊ฐ€ ์žˆ๋Š” ์—ฌ๋Ÿฌ ํ˜ธ์ŠคํŠธ๊ฐ€ ํ•„์š”ํ•˜๋ฉฐ ์ด ์„ค์ •์„ ๋‹ฌ์„ฑํ•˜๋ ค๋ฉด ์Šค์›œ ๋ฉ”์‹œ๊ฐ€ ํ•„์ˆ˜์ž…๋‹ˆ๋‹ค.

๋–ผ์˜ ๊ฐ ๋…ธ๋“œ๋Š” ์—ญ๋ฐฉํ–ฅ ํ”„๋ก์‹œ์˜ ์ธ์Šคํ„ด์Šค๋ฅผ ์‹คํ–‰ํ•  ์ˆ˜ ์žˆ๊ณ  ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ๋ฅผ ํ†ตํ•ด ๊ธฐ๋ณธ ์„œ๋น„์Šค๋กœ ํŠธ๋ž˜ํ”ฝ์„ ๋ผ์šฐํŒ…ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค(๊ทธ๋Ÿฌ๋‚˜ ํ”„๋ก์‹œ๋งŒ ์›๋ž˜ IP ์ฃผ์†Œ์— ๋Œ€ํ•ด ์•Œ ์ˆ˜ ์žˆ์Œ).

์ „์ฒด ์Šค๋ ˆ๋“œ๋ฅผ ์ฝ์œผ์‹ญ์‹œ์˜ค. (GitHub๋Š” ์œ ์šฉํ•œ ์ฃผ์„์„ ์ˆจ๊ธฐ๊ณ  ์žˆ์œผ๋ฏ€๋กœ ํ™•์žฅํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค :disappointed:);

๋Œ€์•ˆ์œผ๋กœ swarm์€ ์›๋ž˜ ์†Œ์Šค IP๋ฅผ ๊ฐ€์ ธ ์™€์„œ X-Forwarded-For ํ—ค๋”๋ฅผ ๋งŒ๋“ค ์ˆ˜ ์—†์Šต๋‹ˆ๊นŒ?

https://github.com/moby/moby/issues/25526#issuecomment -367642600์„ ์ฐธ์กฐ X-Forwarded-For ๋Š” L7 ํ”„๋กœํ† ์ฝœ์ž…๋‹ˆ๋‹ค. Swarm ์ง„์ž…์€ DNAT์™€ ํ•จ๊ป˜ IPVS๋ฅผ ์‚ฌ์šฉํ•˜๋Š” L4์ž…๋‹ˆ๋‹ค.

@port22 ์ผ๋ฐ˜์ ์œผ๋กœ ์šฐ๋ฆฌ๋Š” ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด ์†”๋ฃจ์…˜์ด ์•„๋‹ˆ๋ผ๋Š” ๋ฐ ๋™์˜ํ•ฉ๋‹ˆ๋‹ค. ์†”๋ฃจ์…˜์€ ๊ณ„์ธตํ™”ํ•  ์ˆ˜ ์žˆ๋„๋ก ๋งŒ๋“œ๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค. #25526 comment ์—์„œ @sandys ์ œ์•ˆ ์ฐธ์กฐ

๋Œ€์•ˆ์œผ๋กœ, ์›๋ž˜ ์†Œ์Šค IP๋ฅผ ๊ฐ€์ ธ ์™€์„œ ์ƒ์„ฑํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค.

X-Forwarded-For ํ—ค๋”?
#25526(๋Œ“๊ธ€) ์ฐธ์กฐ
https://github.com/moby/moby/issues/25526#issuecomment-367642600 ;
X-Forwarded-For๋Š” L7 ํ”„๋กœํ† ์ฝœ์ž…๋‹ˆ๋‹ค. Swarm ์ง„์ž…์€ DNAT์™€ ํ•จ๊ป˜ IPVS๋ฅผ ์‚ฌ์šฉํ•˜๋Š” L4์ž…๋‹ˆ๋‹ค.

์—ฌ๊ธฐ์„œ ์˜ฌ๋ฐ”๋ฅธ ์†”๋ฃจ์…˜์€ L4์— ์ฃผ์ž…๋œ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์ž…๋‹ˆ๋‹ค. ์ผ๋ถ€๊ฐ€์žˆ๋‹ค
๋™์ผํ•œ ์‚ฌ์šฉ ์‚ฌ๋ก€์— ๋Œ€ํ•œ Envoy์˜ ๊ด€๋ จ ์ฐฌ๋ฐ˜ ํ† ๋ก 
https://github.com/envoyproxy/envoy/issues/4128 ๋ฐ
https://github.com/envoyproxy/envoy/issues/1031

2019๋…„ 4์›” 10์ผ ์ˆ˜์š”์ผ ์˜ค์ „ 1:40 Sebastiaan van Stijn <
[email protected]>์€ ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์ผ์Šต๋‹ˆ๋‹ค.

์•„๋ฌด๋„ ์—ญ ํ”„๋ก์‹œ๋กœ ๋‹จ์ผ ํ˜ธ์ŠคํŠธ๋ฅผ ์‚ฌ์šฉํ•˜์ง€ ์•Š์„ ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๋‹น์‹ ์€ ์—ฌ๋Ÿฌ
์œ ๋™ IP๊ฐ€ ์žˆ๋Š” ํ˜ธ์ŠคํŠธ์ด๊ณ  ์ด๋ฅผ ๋‹ฌ์„ฑํ•˜๋ ค๋ฉด swarm-mesh๊ฐ€ ํ•„์ˆ˜์ž…๋‹ˆ๋‹ค.
์„ค์ •.

Swarm์˜ ๊ฐ ๋…ธ๋“œ๋Š” ๋ฆฌ๋ฒ„์Šค ํ”„๋ก์‹œ์˜ ์ธ์Šคํ„ด์Šค๋ฅผ ์‹คํ–‰ํ•  ์ˆ˜ ์žˆ๊ณ  ๋ผ์šฐํŒ…ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ๋ฅผ ํ†ตํ•ด ๊ธฐ๋ณธ ์„œ๋น„์Šค์— ๋Œ€ํ•œ ํŠธ๋ž˜ํ”ฝ(๊ทธ๋Ÿฌ๋‚˜
ํ”„๋ก์‹œ๋Š” ์›๋ž˜ IP ์ฃผ์†Œ์— ๋Œ€ํ•ด ์•Œ๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค).

์ „์ฒด ์Šค๋ ˆ๋“œ๋ฅผ ์ฝ์–ด์•ผ ํ•ฉ๋‹ˆ๋‹ค(GitHub์ด ๊ฝค ์œ ์šฉํ•œ
์ฃผ์„, ๊ทธ๋ž˜์„œ ๋‹น์‹ ์€ ๊ทธ๊ฒƒ๋“ค์„ ํ™•์žฅํ•ด์•ผ ํ•  ๊ฒƒ์ž…๋‹ˆ๋‹ค ๐Ÿ˜ž);

๋Œ€์•ˆ์œผ๋กœ, ์›๋ž˜ ์†Œ์Šค IP๋ฅผ ๊ฐ€์ ธ ์™€์„œ ์ƒ์„ฑํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค.
X-Forwarded-For ํ—ค๋”?

#25526(๋Œ“๊ธ€) ์ฐธ์กฐ
https://github.com/moby/moby/issues/25526#issuecomment-367642600 ;
X-Forwarded-For๋Š” L7 ํ”„๋กœํ† ์ฝœ์ž…๋‹ˆ๋‹ค. Swarm ์ง„์ž…์€ DNAT์™€ ํ•จ๊ป˜ IPVS๋ฅผ ์‚ฌ์šฉํ•˜๋Š” L4์ž…๋‹ˆ๋‹ค.

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-481415217 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAEsU5KdnWQ21hJx_xzc-QROJiWbAlulks5vfPOigaJpZM4Jf2WK
.

Swarm์˜ ๊ฐ ๋…ธ๋“œ๋Š” ๋ฆฌ๋ฒ„์Šค ํ”„๋ก์‹œ ์ธ์Šคํ„ด์Šค๋ฅผ ์‹คํ–‰ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

์ด๊ฒƒ์€ ์‹ค์ œ๋กœ ๋ฌธ์ œ๊ฐ€ ๋˜๋Š” Swarm ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ์˜ ๊ธฐ๋Šฅ์„ ์ œ๊ฑฐํ•ฉ๋‹ˆ๋‹ค.
๊ทธ๋ฆฌ๊ณ  ์ œ ๋ฌธ์ œ๋Š” ๊ตฌ์ฒด์ ์œผ๋กœ traefik์ด ํด๋Ÿฌ์Šคํ„ฐ์— ๋ฏผ์ฒฉํ•˜์ง€ ์•Š๋‹ค๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค. Consul์„ ๊ตฌ์„ฑ ๋ฐฑ์—”๋“œ๋กœ ์‚ฌ์šฉํ•˜์ง€ ์•Š๋Š” ํ•œ ๋…๋ฆฝ ์‹คํ–‰ํ˜•์œผ๋กœ ์‹คํ–‰ํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๋Ÿฌ๋ฉด ์ตœ๋Œ€ ์ธ์ฆ์„œ๊ฐ€ ~100์œผ๋กœ ์ œํ•œ๋˜๋ฉฐ ์ด๋Š” ์ €์—๊ฒŒ ํ•ด๋‹น๋˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ๋ฌผ๋ก  ์ด๊ฒƒ์€ ๋ฌด๋ฆฌ์˜ ๋ฌธ์ œ๊ฐ€ ์•„๋‹ˆ๋ผ traefik์˜ ๋ฌธ์ œ๋ผ๊ณ  ๋งํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์žฌ๋ฏธ์žˆ๋Š” ์‚ฌ์‹ค: traefik์€ ์ด๊ฒƒ์ด ์˜์‚ฌ ๋ฌธ์ œ๋ผ๊ณ  ๋งํ•ฉ๋‹ˆ๋‹ค. ์˜์‚ฌ ์ƒํƒœ: traefik์ด ์ž˜๋ชปํ–ˆ์Šต๋‹ˆ๋‹ค.

@port22 ์ผ๋ฐ˜์ ์œผ๋กœ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด ์†”๋ฃจ์…˜์ด ์•„๋‹ˆ๋ผ๋Š” ๋ฐ ๋™์˜ํ•ฉ๋‹ˆ๋‹ค.

๋‚ด ์š”์ ์€ ์ธ๊ทธ๋ ˆ์Šค๋ฅผ ์‚ฌ์šฉํ•˜์ง€ ์•Š๋Š” ๊ฒƒ์ด ์ธ๊ทธ๋ ˆ์Šค๊ฐ€ ํ•„์š”ํ•  ๋•Œ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด ์•„๋‹ˆ๋ผ๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค. ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์€ ํ•ดํ‚น์ด ํ•„์š”ํ•œ ๊ฒฝ์šฐ์—๋„ ์†Œ์Šค IP๋ฅผ ์œ ์ง€ํ•˜๋ฉด์„œ Swarm ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๋ฅผ ๊ณ„์† ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋„๋ก ํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.

DNAT์™€ ํ•จ๊ป˜ IPVS ์‚ฌ์šฉ

๋”ฐ๋ผ์„œ DNAT ๊ทœ์น™/์ฒด์ธ ๋‚ด์—์„œ MASQUERADE ๋กœ ์ˆ˜ํ–‰ํ•  ์ˆ˜ ์žˆ๋‹ค๊ณ  ์ƒ๊ฐํ–ˆ์Šต๋‹ˆ๋‹ค. ?

@port22 ์š”์ ์€ ์•Œ์ง€๋งŒ ๋„์ปค๊ฐ€ ์ž์ฒด์ ์œผ๋กœ ๋„คํŠธ์›Œํฌ๋ฅผ ๊ด€๋ฆฌํ•˜๊ณ  ํ•ด์•ˆ๋ฒฝ๊ณผ ํ•จ๊ป˜ ์ž‘๋™ํ•˜๋„๋ก ํ•˜๋ ค๊ณ  ํ–ˆ์ง€๋งŒ ์œ ์ผํ•œ ๋ฐฉ๋ฒ•์€ ๋„์ปค ๊ทœ์น™/์ฒด์ธ์— ๋Œ€ํ•œ ์˜ˆ์™ธ๋ฅผ ๋งŒ๋“œ๋Š” ๊ฒƒ์ด๋ฉฐ ๋„์ปค ์Šค์›œ ๋ชจ๋“œ์—์„œ๋Š” ์„ฑ๊ณตํ•˜์ง€ ๋ชปํ–ˆ์Šต๋‹ˆ๋‹ค(ํ•˜์ง€๋งŒ ์Šค์›œ ๋ชจ๋“œ์˜ ๋„์ปค๋Š” ๊ดœ์ฐฎ์Šต๋‹ˆ๋‹ค. ์Šค์›œ์œผ๋กœ ์‹คํ–‰๋˜๋Š” ์„œ๋น„์Šค๋ฅผ ์ œ์™ธํ•œ ๋ชจ๋“  ์„œ๋น„์Šค๋ฅผ ๋น„ํ™œ์„ฑํ™”ํ•˜๋Š” ํ•œ)
๋ธŒ๋ฆฌ์ง€ ๋„คํŠธ์›Œํฌ https://docs.docker.com/network/overlay/#customize -the-docker_gwbridge-interface์™€ ๊ฐ™์€ ์˜ต์…˜์ด ์žˆ์„ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
์„ค์ •์„ ๊ฐ„๋‹จํ•˜๊ฒŒ ํ•˜๊ธฐ ์œ„ํ•ด ํ•˜์ง€๋งŒ ์—ฌ์ „ํžˆ ์ฃผ์š” ๋ฌธ์ œ๋Š” ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ์—์„œ ์ง€์›์ด ๋ˆ„๋ฝ๋œ๋‹ค๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๋”ฐ๋ผ์„œ ์˜ต์…˜์€ ๋ฌด์‹œ๋˜๊ณ  ์™ธ๋ถ€์—์„œ ์ˆ˜์ •๋˜๋ฉด dockerd๊ฐ€ ๊ทœ์น™์„ ๋‹ค์‹œ ์ž‘์„ฑํ•˜๊ธฐ ๋•Œ๋ฌธ์— ์˜ต์…˜์ด ์—†์Šต๋‹ˆ๋‹ค.

์ด ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜๊ธฐ ์œ„ํ•ด ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ ์ง€์›์— ๋Œ€ํ•œ ๊ธฐ๋Šฅ ์š”์ฒญ์„ ์ œ์ถœํ–ˆ์Šต๋‹ˆ๋‹ค.
์ด ๋ฒ„๊ทธ์˜ ๋ฌธ์ œ์ž…๋‹ˆ๋‹ค.

๋ˆ„๊ตฐ๊ฐ€๊ฐ€ ์ž์‹ ์˜ ์˜๊ฒฌ์„ ์ถ”๊ฐ€ํ•˜๋ ค๋Š” ๊ฒฝ์šฐ๋ฅผ ๋Œ€๋น„ํ•˜์—ฌ.

https://github.com/moby/moby/issues/39465

2019๋…„ 4์›” 10์ผ ์ˆ˜์š”์ผ, 21:37 Daniele Cruciani, [email protected]
์ผ๋‹ค:

@port22 https://github.com/port22 ์š”์ ์€ ์•Œ์ง€๋งŒ ๋„์ปค ๊ด€๋ฆฌ
๊ทธ๊ฒƒ์˜ ๋„คํŠธ์›Œํฌ ์ž์ฒด๋กœ, ๋‚˜๋Š” ๊ทธ๊ฒƒ์ด Shorewall๊ณผ ํ•จ๊ป˜ ์ž‘๋™ํ•˜๋„๋ก ์‹œ๋„ํ–ˆ์ง€๋งŒ
์œ ์ผํ•œ ๋ฐฉ๋ฒ•์€ ๋„์ปค ๊ทœ์น™/์ฒด์ธ์— ๋Œ€ํ•œ ์˜ˆ์™ธ๋ฅผ ๋งŒ๋“œ๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
docker swarm ๋ชจ๋“œ๋กœ ์„ฑ๊ณต (๊ทธ๋Ÿฌ๋‚˜ swarm ๋ชจ๋“œ์˜ docker๋Š” ๊ดœ์ฐฎ์Šต๋‹ˆ๋‹ค.
๋ฉ€๋ฆฌ ๋‚˜๋Š” ๋ชจ๋“  ์„œ๋น„์Šค๋ฅผ ๋น„ํ™œ์„ฑํ™”ํ•˜์ง€๋งŒ ๋–ผ๋กœ ์‹คํ–‰๋˜๋Š” ์„œ๋น„์Šค๋ฅผ ๋น„ํ™œ์„ฑํ™”ํ•ฉ๋‹ˆ๋‹ค)
๋ธŒ๋ฆฌ์ง€ ๋„คํŠธ์›Œํฌ์™€ ๊ฐ™์€ ์˜ต์…˜์ด ์žˆ์–ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.
https://docs.docker.com/network/overlay/#customize -the-docker_gwbridge-interface
์„ค์ •์„ ๊ฐ„๋‹จํ•˜๊ฒŒ ํ•˜๊ธฐ ์œ„ํ•ด ํ•˜์ง€๋งŒ ์—ฌ์ „ํžˆ ์ฃผ์š” ๋ฌธ์ œ๋Š”
์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ์—์„œ ์ง€์›์ด ๋ˆ„๋ฝ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ๋”ฐ๋ผ์„œ ์˜ต์…˜์ด ์—†์Šต๋‹ˆ๋‹ค.
๊ทธ๊ฒƒ๋“ค์€ ๋ฌด์‹œ๋˜๋ฉฐ dockerd๋Š” ๋‹ค์Œ์—์„œ ์ˆ˜์ •ํ•˜๋ฉด ๊ทœ์น™์„ ๋‹ค์‹œ ์ž‘์„ฑํ•ฉ๋‹ˆ๋‹ค.
๋ฐ–์˜.

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526#issuecomment-481754635 ๋˜๋Š” ์Œ์†Œ๊ฑฐ
์Šค๋ ˆ๋“œ
https://github.com/notifications/unsubscribe-auth/AAEsUxsVQ7m9uiYbHhNKMMtkhTZV6iTNks5vfgwygaJpZM4Jf2WK
.

3๋…„์ด ์ง€๋‚˜๋„ ์ˆ˜์ •์ด ์•ˆ๋˜๋‚˜์š”?

๋‚˜๋„ ๊ฐ™์€ ๋ฌธ์ œ๊ฐ€ ์žˆ์ง€๋งŒ haproxy๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค. ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ์—์„œ ํ”„๋ก์‹œ ์„œ๋ฒ„๋ฅผ ์‚ฌ์šฉํ•˜๊ณ  keepalive๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ HA๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ์€ ๊ดœ์ฐฎ์ง€๋งŒ ์œ ์ผํ•œ ๋ˆ„๋ฝ๋œ ๋ถ€๋ถ„์€ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑ์ผ ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑ์€ ๋‹จ์ˆœํ•œ ์›น ํ”„๋ก์‹œ์—์„œ๋Š” ๊ทธ๋‹ค์ง€ ๋ฌธ์ œ๊ฐ€ ๋˜์ง€ ์•Š๋Š”๋‹ค๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค. ๋ณต์žกํ•œ ์Šคํฌ๋ฆฝํŠธ๊ฐ€ ํฌํ•จ๋˜์–ด ์žˆ์ง€ ์•Š๊ฑฐ๋‚˜ ํ”„๋ก์‹œ์™€ ๋ฐฑ์—”๋“œ๊ฐ€ ๋™์ผํ•œ ๋ฌผ๋ฆฌ์  ์‹œ์Šคํ…œ์— ์žˆ์ง€ ์•Š๊ณ  ๋„คํŠธ์›Œํฌ ํŠธ๋ž˜ํ”ฝ์ด ํ•˜๋‚˜์˜ NIC์— ๋Œ€ํ•ด ๋„ˆ๋ฌด ๋†’๊ณ ...

๊ทธ๋ ‡๋‹ค๋ฉด ๋‚ด๋ถ€ ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ ๊ฐœ์ธ ์ฃผ์†Œ๊ฐ€ ์•„๋‹Œ Docker Swarm ์™ธ๋ถ€์—์„œ ์š”์ฒญ์˜ ์†Œ์Šค IP ์ฃผ์†Œ๋ฅผ ๋ณด๋Š” ๊ฒƒ์ด ์‹ค์ œ๋กœ ๋ถˆ๊ฐ€๋Šฅํ•ฉ๋‹ˆ๊นŒ? ์•„์ง?

@thaJeztah Docker Inc ํŒ€์˜ ๋ˆ„๊ตฐ๊ฐ€๊ฐ€ ์ด ๋ฌธ์ œ์˜ ์ƒํƒœ๋ฅผ

@thaJeztah https://github.com/thaJeztah Docker Inc์˜ ๋ˆ„๊ตฐ๊ฐ€๊ฐ€ ๊ฐ€๋Šฅ ํ•ฉ๋‹ˆ๊นŒ?
ํŒ€์—์„œ ์ด ๋ฌธ์ œ์˜ ์ƒํƒœ๋ฅผ ์•Œ๋ ค๋“œ๋ฆฝ๋‹ˆ๋‹ค. ์•„์ง ๊ณ ๋ ค์ค‘์ธ๊ฐ€์š”
๋ฐ/๋˜๋Š” ์ž‘์—…? ๋ชจ๋“  ๋„์ฐฉ ์˜ˆ์ • ์‹œ๊ฐ„? ์•„๋‹ˆ๋ฉด Docker ์ดํ›„๋กœ ์™„์ „ํžˆ ๋ฌด์‹œ๋ฉ๋‹ˆ๊นŒ?
์ฟ ๋ฒ„๋„คํ‹ฐ์Šค์™€์˜ ํ†ตํ•ฉ? ๊ฑฐ์˜ 3๋…„ ์ „์— ๋ณด๊ณ ๋˜์—ˆ์Šต๋‹ˆ๋‹ค :/

๋‚ด๊ฐ€ ์™„์ „ํžˆ ํ•  ์ˆ˜ ์žˆ๋„๋ก ์ด ์ง„์ˆ ("์ˆ˜์ •ํ•˜์ง€ ์•Š์„ ๊ฒƒ")
์ฟ ๋ฒ„๋„คํ‹ฐ์Šค๋กœ์˜ ๋งˆ์ด๊ทธ๋ ˆ์ด์…˜์„ ์ •๋‹นํ™”ํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๋Ÿฐ ๋ถ€๋„๋Ÿฌ์›€.

๊ฐ์‚ฌ ํ•ด์š”.

>

ํŠธ์œ„ํ„ฐ์—์„œ ๋‹ต์žฅ์„ ํ•ด์ค„๊นŒ์š”?

https://twitter.com/suretec/status/1160496779386904576?s=19

์ด ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•ด์•ผ ํ•˜๋Š” ์ œ์•ˆ๋œ ๊ฐœ์„  ์š”์ฒญ์ด ์žˆ์Šต๋‹ˆ๋‹ค - https://github.com/moby/moby/issues/39465

๊ฑฐ๊ธฐ์— ๋‹น์‹ ์˜ ์ƒ๊ฐ๊ณผ ์˜๊ฒฌ์„ ์ถ”๊ฐ€ํ•˜์‹ญ์‹œ์˜ค

๋‚˜๋Š” ์ด๋ฏธ ๊ทธ ๋ฌธ์ œ์— ๋Œ€ํ•ด ์–ธ๊ธ‰ํ–ˆ์Šต๋‹ˆ๋‹ค :-)

์ด๊ฒƒ์€ ํ•œ๋™์•ˆ ๋‚˜๋ฅผ ์œ„ํ•ด ์ฐจ๋‹จ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. IP ์ฃผ์†Œ๋ฅผ ํ†ต๊ณผํ•ด์•ผ ํ•˜๋ฉฐ ๋งŽ์€ ๊ฒ€์ƒ‰(์ด ์Šค๋ ˆ๋“œ์—์„œ ๋‹ค๋ฅธ ์‚ฌ๋žŒ๋“ค๊ณผ ํ•จ๊ป˜ ๊ฑฐ์˜ 3๋…„ ๋™์•ˆ ๊ฒ€์ƒ‰ํ•œ ๊ฒฐ๊ณผ์ž…๋‹ˆ๋‹ค...) ํ›„ ๋ฌด๋ฆฌ์™€ ํ•จ๊ป˜ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋Š” ์†”๋ฃจ์…˜์„ ์•„์ง ์ฐพ์ง€ ๋ชปํ–ˆ์Šต๋‹ˆ๋‹ค.

์ด ๋ฌธ์ œ๋กœ ์ธํ•ด ํ”„๋กœ๋•์…˜์—์„œ Swarm์„ ์‚ฌ์šฉํ•  ์ˆ˜ ์—†์—ˆ์œผ๋ฉฐ ์ด๊ฒƒ์ด ์ถ”๊ฐ€๋  ์ˆ˜ ์žˆ๋Š”์ง€ ์—ฌ๋ถ€์— ๋Œ€ํ•œ ๊ณต์‹์ ์ธ ๋‹ต๋ณ€์„ ๊ธฐ๋‹ค๋ฆฌ๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ์ด๊ฒƒ์ด ์ถ”๊ฐ€๋˜์ง€ ์•Š๋Š” ๊ฒฝ์šฐ ์ œ์•ˆ๋œ ๋Œ€์•ˆ ์†”๋ฃจ์…˜์„ ํ™˜์˜ํ•ฉ๋‹ˆ๋‹ค.

์šฐ๋ฆฌ๋Š” haproxy ๋’ค์— traefik์„ ์‚ฌ์šฉํ•˜์—ฌ ๋™์ผํ•œ ๋ฌธ์ œ๋ฅผ ๊ฒช๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. 2016๋…„ ์ดํ›„ 254๊ฐœ์˜ ๋Œ“๊ธ€์ด ๋‹ฌ๋ฆฐ ๊ฒƒ์„ ๋ณด๊ณ  ๋†€๋ž์Šต๋‹ˆ๋‹ค.

@Betriebsrat traefik ํ•ธ๋“ค ์š”์ฒญ์„ ์ฆ‰์‹œ ํ—ˆ์šฉํ•˜์ง€ ์•Š๋Š” ์ด์œ ๋Š” ๋ฌด์—‡์ž…๋‹ˆ๊นŒ? haproxy๋Š” ์ •๋ง ํ•„์š”ํ•œ๊ฐ€์š”, ์•„๋‹ˆ๋ฉด ๊ทธ๋ƒฅ ์Šต๊ด€์ธ๊ฐ€์š”? ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ์—์„œ traefik์„ ๋…ธ์ถœํ•˜๋ฉด ํด๋ผ์ด์–ธํŠธ IP ์ฃผ์†Œ๊ฐ€ ํ‘œ์‹œ๋˜๊ณ  ๋ชจ๋“  ๊ฒƒ์ด ์ •์ƒ์ž…๋‹ˆ๋‹ค. :)

๋‚˜๋Š” ์ด "ํ•ด๊ฒฐ์ฑ…"์ด ์—ฌ๋Ÿฌ ๋ฒˆ ์–ธ๊ธ‰๋˜์—ˆ๋‹ค๊ณ  ์ƒ๊ฐํ•˜์ง€๋งŒ ์‚ฌ๋žŒ๋“ค์€ ๊ณ„์† ๊ทธ๊ฒƒ์„ ๋†“์น˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.

๋‚˜๋Š” ๋˜ํ•œ ๊ทธ๊ฒƒ์ด ๋•Œ๋•Œ๋กœ ์„ ํƒ ์‚ฌํ•ญ์ด ์•„๋‹ˆ๋ผ๋Š” ๊ฒƒ์„ ์•Œ๊ณ  ์žˆ์ง€๋งŒ ๋Œ€๋ถ€๋ถ„์˜ ๊ฒฝ์šฐ ์ด๊ฒƒ์ด ๊ฐ€๋Šฅํ•ด์•ผ ํ•œ๋‹ค๊ณ  ๋ฏฟ์Šต๋‹ˆ๋‹ค.

@ajardan ๋‚ด๊ฐ€ ์‹œ๋„ํ–ˆ์ง€๋งŒ ํ”„๋ก ํŠธ ์—”๋“œ์—์„œ ์‘๋‹ตํ•˜๋Š” ๋‹จ์ผ ํ˜ธ์ŠคํŠธ ์ด์ƒ์ด๋ฏ€๋กœ ์‹คํ–‰ ๊ฐ€๋Šฅํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ์ด์ƒ์ ์œผ๋กœ๋Š” ์ „์ฒด ๋ฌด๋ฆฌ๊ฐ€ ์š”์ฒญ์„ ๋ผ์šฐํŒ…ํ•  ์ˆ˜ ์žˆ๊ธฐ๋ฅผ ๋ฐ”๋ž๋‹ˆ๋‹ค. ์†Œ๊ทœ๋ชจ ์ž‘์—…์˜ ๊ฒฝ์šฐ ํ•˜๋‚˜์˜ ์„œ๋น„์Šค๋ฅผ host ๋ชจ๋“œ๋กœ ์ „ํ™˜ํ•˜๊ณ  ์ด๋ฅผ ์ˆ˜์ง‘ ์„œ๋ฒ„๋กœ ์‚ฌ์šฉํ•˜๋ฉด ์ž˜ ์ž‘๋™ํ•  ์ˆ˜ ์žˆ๋‹ค๋Š” ๋ฐ ๋™์˜ํ•ฉ๋‹ˆ๋‹ค.

traefik๊ณผ ๊ฐ™์€ ๊ฒƒ์„ ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ์— ๋‘๋Š” ๊ฒƒ์€ ์šฐ๋ฆฌ๊ฐ€ ๋Œ€๋ถ€๋ถ„์˜ ๊ฒฝ์šฐ์— Swarm์„ ์‚ฌ์šฉํ•˜์—ฌ ์ด์šฉํ•˜๋ ค๋Š” ์ด์ ์„ ๋ฌดํšจํ™”ํ•ฉ๋‹ˆ๋‹ค.

@pattonwebz ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ๋Š” ์—ฌ๋Ÿฌ ํ˜ธ์ŠคํŠธ์—์„œ ์—ฌ๋Ÿฌ ์ปจํ…Œ์ด๋„ˆ๋ฅผ ์‹คํ–‰ํ•˜๋Š” ์„œ๋น„์Šค์— ๋Œ€ํ•ด ํ™œ์„ฑํ™”ํ•  ์ˆ˜ ์žˆ์œผ๋ฉฐ mode=global์„ ์‚ฌ์šฉํ•˜์—ฌ ์ˆ˜ํ–‰ํ•  ์ˆ˜๋„ ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋Ÿฐ ๋‹ค์Œ traefik์€ ๋ชจ๋“  Swarm ๋…ธ๋“œ์—์„œ ์‹คํ–‰๋˜๊ณ  ์ง€์ •๋œ ํฌํŠธ์— ๋Œ€ํ•œ ์—ฐ๊ฒฐ์„ ์ˆ˜๋ฝํ•œ ๋‹ค์Œ ์ด๋Ÿฌํ•œ ์—ฐ๊ฒฐ์„ ํ™•์ธํ•ด์•ผ ํ•˜๋Š” ์„œ๋น„์Šค์— ๋‚ด๋ถ€์ ์œผ๋กœ ์š”์ฒญ์„ ๋ผ์šฐํŒ…ํ•ฉ๋‹ˆ๋‹ค.

์ด ์„ค์ •์„ ๊ธ€๋กœ๋ฒŒ ๋ชจ๋“œ์˜ ์„œ๋น„์Šค์™€ ํ•จ๊ป˜ ์‚ฌ์šฉํ–ˆ์ง€๋งŒ ๊ด€๋ฆฌ์ž ๋…ธ๋“œ๋กœ ์ œํ•œ๋˜์—ˆ์œผ๋ฉฐ ์ˆ˜๋งŒ ๊ฐœ์˜ ์š”์ฒญ/์ดˆ์— ๋Œ€ํ•ด ์™„๋ฒฝํ•˜๊ฒŒ ์ž‘๋™ํ–ˆ์Šต๋‹ˆ๋‹ค.

์ž์„ธํ•œ ๋‚ด์šฉ์ด ํ•„์š”ํ•œ ๊ฒฝ์šฐ ์ž์„ธํžˆ ์„ค๋ช…ํ•˜๊ฒ ์Šต๋‹ˆ๋‹ค.

@pattonwebz @ajardan ์ด ๋ชจ๋“  ๊ฒฝ์šฐ์— ๊ตฌ์„ฑ ๊ฐ€๋Šฅํ•œ haproxy ์„œ๋น„์Šค ๋ฅผ ์‚ฌ์šฉํ•˜๊ณ 

@pattonwebz ์œ„์˜ @ajardan ์†”๋ฃจ์…˜ ์™ธ์—๋„ ํ˜ธ์ŠคํŠธ ๋„คํŠธ์›Œํ‚น์„ ์‚ฌ์šฉํ•˜์—ฌ ์ „์—ญ ๋ชจ๋“œ์—์„œ https://hub.docker.com/r/decentralize/swarm-tcp-proxy ๋ฅผ ์‹คํ–‰ํ•˜์—ฌ ์ธ๋ฐ”์šด๋“œ ํŠธ๋ž˜ํ”ฝ์— PROXY ํ”„๋กœํ† ์ฝœ ์ง€์›์„ ์ถ”๊ฐ€ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋Ÿฐ ๋‹ค์Œ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ ํ—ค๋”๋ฅผ ๋””์ฝ”๋”ฉํ•˜๋„๋ก ๊ตฌ์„ฑ๋œ Traefik์œผ๋กœ ์ „๋‹ฌํ•ฉ๋‹ˆ๋‹ค.

์ด ๋ชจ๋“  ๊ฒƒ์ด ์•„๋‹ˆ๋ผ ์ ์ ˆํ•œ Docker Swarm์˜ ์ผ๋ถ€์ธ ํ”Œ๋ž˜๊ทธ์—ฌ์•ผ ํ•ฉ๋‹ˆ๋‹ค.
๋ณต์žกํ•œ ์†”๋ฃจ์…˜ IMHO.

์šฐ๋ฆฌ๋Š” ์ธ์ฆ์„œ๋ฅผ ๊ด€๋ฆฌํ•˜๊ณ  SSL์„ ์˜คํ”„๋กœ๋“œํ•˜๊ธฐ ์œ„ํ•ด haproxy๋ฅผ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค.
์‚ฌ๋žŒ๋“ค์€ "์‹คํ–‰์€ ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ" ์†”๋ฃจ์…˜์ด ์†”๋ฃจ์…˜์ด ์•„๋‹ˆ๋ผ๋Š” ์‚ฌ์‹ค์„ ๊ณ„์† ๋†“์น˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
๊ทธ๋“ค์€ ๋„์ปค ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑ์„ ํ™œ์šฉํ•˜๊ธฐ ์œ„ํ•ด ์ธ๊ทธ๋ ˆ์Šค ๋„คํŠธ์›Œํฌ์™€ ํ•จ๊ป˜ ์ž‘๋™ํ•˜๊ธฐ๋ฅผ ์›ํ•ฉ๋‹ˆ๋‹ค.
์ „์ฒด ์Šค๋ ˆ๋“œ๋Š” ๊ธฐ๋ณธ์ ์œผ๋กœ 3๋…„ ๋™์•ˆ ์ง„ํ–‰๋˜๋Š” 'ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ ์‚ฌ์šฉ' -> '์ด์œ  ๋•Œ๋ฌธ์— ๋ถˆ๊ฐ€๋Šฅ' ์„œํด์ž…๋‹ˆ๋‹ค.

์—ฌ๊ธฐ์„œ ๋‹ค์‹œ ์‹คํ–‰ ๊ฐ€๋Šฅํ•œ ๋Œ€์•ˆ์œผ๋กœ swarm-tcp-proxy ๋ฅผ ์‚ดํŽด๋ณด๊ฒ ์Šต๋‹ˆ๋‹ค. ๊ทธ๋Ÿฌ๋‚˜ ๊ณผ๊ฑฐ์— ๋น„์Šทํ•œ ๊ฒƒ์„ ๋ณด๋ฉด ํ•ญ์ƒ ๊ทธ๋Ÿฐ ์•„์ด๋””์–ด๋กœ ์ €์—๊ฒŒ ๊ฑฐ๋ž˜ ๋น„์ปค๊ฐ€ ๋˜์—ˆ์Šต๋‹ˆ๋‹ค.

์™„๋ฒฝํ•œ ์„ธ๊ณ„์—์„œ ๋‚ด ๊ธฐ์กด(๊ทธ๋ฆฌ๊ณ  ์‹ค์ œ ํด๋ผ์ด์–ธํŠธ IP๋ฅผ ๊ฒ€์ƒ‰ํ•  ์ˆ˜ ์žˆ๋Š” ๊ธฐ๋Šฅ์ด ์—†๋Š” ๊ฒƒ์„ ์ œ์™ธํ•˜๊ณ ๋Š” ์ž˜ ์ž‘๋™ํ•˜๋Š”) ๋ฌด๋ฆฌ๋Š” ํ”„๋ก์‹œ๋ฅผ ํ†ตํ•œ ์ถ”๊ฐ€ ์„œ๋น„์Šค ๊ณ„์ธต์ด๋‚˜ ๋” ๋งŽ์€ ํ”„๋ก์‹œ ์—†์ด๋„ IP ๋ฐ์ดํ„ฐ๋ฅผ ํ†ตํ•ด ์ž‘๋™ํ•˜๊ณ  ์ „๋‹ฌํ•  ๊ฒƒ์ž…๋‹ˆ๋‹ค.

์‚ฌ๋žŒ๋“ค์€ "์‹คํ–‰์€ ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ" ์†”๋ฃจ์…˜์ด ์†”๋ฃจ์…˜์ด ์•„๋‹ˆ๋ผ๋Š” ์‚ฌ์‹ค์„ ๊ณ„์† ๋†“์น˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.

์ž์ฒด ์†”๋ฃจ์…˜ Docker์˜ ๊ธฐ๋ณธ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๋ฅผ ๊ณ„์† ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค . Docker์˜ ์„œ๋น„์Šค ๋ฉ”์‹œ์— ๋„๋‹ฌํ•˜๊ธฐ ์ „์— ํ˜ธ์ŠคํŠธ ๋„คํŠธ์›Œํฌ ์Šคํƒ์— ๊ณ„์ธต์„ ์ถ”๊ฐ€ํ•˜๊ธฐ๋งŒ ํ•˜๋ฉด ๋ฉ๋‹ˆ๋‹ค.

@Betriebsrat traefik์€ ์ธ์ฆ์„œ์™€ SSL์„ ๋งค์šฐ ์ž˜ ์ˆ˜ํ–‰ํ•  ์ˆ˜ ์žˆ์œผ๋ฏ€๋กœ ์—ฌ์ „ํžˆ ์™œ ํ•„์š”ํ•œ์ง€ ์ž˜ ๋ชจ๋ฅด๊ฒ ์Šต๋‹ˆ๋‹ค.

๋˜ํ•œ ์ด์ „์— @matthanley๊ฐ€ ์–ธ๊ธ‰ํ–ˆ๋“ฏ์ด ๋„์ปค ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑ์€ ์‚ฌ๋ผ์ง€์ง€ ์•Š์Šต๋‹ˆ๋‹ค. traefik์ด ๋ฐฑ์—”๋“œ์—์„œ ์š”์ฒญ์˜ ๊ท ํ˜•์„ ๋งž์ถ”๋Š” ๋ฐฉ์‹์ด ๋งˆ์Œ์— ๋“ค์ง€ ์•Š์œผ๋ฉด Swarm์˜ LB๋ฅผ ์‚ฌ์šฉํ•˜๋„๋ก ์ง€์‹œํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋Ÿฌ๋ฉด ๋‚˜์ค‘์— Swarm์ด ์ฒ˜๋ฆฌํ•  ์„œ๋น„์Šค VIP์— ์š”์ฒญ์„ ๋ณด๋ƒ…๋‹ˆ๋‹ค.

์ด๋Š” ์„œ๋น„์Šค๋ณ„๋กœ ๊ตฌ์„ฑํ•  ์ˆ˜ ์žˆ์œผ๋ฏ€๋กœ ๋งค์šฐ ์œ ์—ฐํ•ฉ๋‹ˆ๋‹ค.

docker swarm ํด๋Ÿฌ์Šคํ„ฐ ์™ธ๋ถ€์— ๋‹ค๋ฅธ Nginx ์„œ๋ฒ„๋ฅผ ์„ค์ •ํ•˜๊ณ  Swarm ์„œ๋น„์Šค์— ์š”์ฒญ์„ ์ „๋‹ฌํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์ด Niginx conf์—์„œ ์ •๋ฐฉํ–ฅ ํ—ค๋”๋ฅผ ์ถ”๊ฐ€ํ•˜๊ธฐ๋งŒ ํ•˜๋ฉด ๋ฉ๋‹ˆ๋‹ค. ์˜ˆ๋ฅผ ๋“ค์–ด
์œ„์น˜ / {
proxy_pass http://phpestate;

    #Proxy Settings
    proxy_redirect     off;
    proxy_set_header   Host             $host;
    proxy_set_header   X-Real-IP        $remote_addr;
    proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

๋„์ปค ์Šค์›œ ๋ชจ๋“œ์—์„œ ์‹ค์ œ ํด๋ผ์ด์–ธํŠธ IP๋ฅผ ์–ป๋Š” ์†”๋ฃจ์…˜์ด ์—†๋Š” ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.

์šฐ๋ฆฌ๋Š” ๋™์ผํ•œ ๋ฌธ์ œ๋ฅผ ๋ณด๊ณ  ๋‹ค์Œ์„ ๊ตฌํ˜„ํ•˜์—ฌ ํ•ด๊ฒฐํ–ˆ์Šต๋‹ˆ๋‹ค.
https://github.com/moby/moby/issues/25526#issuecomment -475083415

๋‹จ์ผ ๋…ธ๋“œ์—์„œ ์—ฌ๋Ÿฌ ์ธ๊ทธ๋ ˆ์Šค ์ปจํ…Œ์ด๋„ˆ๋ฅผ ์‹คํ–‰ํ•  ์ˆ˜ ์—†๊ธฐ ๋•Œ๋ฌธ์— ์ด์ƒ์ ์ด์ง€ ์•Š์€ ์†”๋ฃจ์…˜์ž…๋‹ˆ๋‹ค.

์–ด๋ ค์›€์€ Docker๊ฐ€ TCP/UDP๋ฅผ ์ฒ˜๋ฆฌํ•˜๋Š” ๋ฐ˜๋ฉด ์ด๊ฒƒ์€ HTTP ํ”„๋กœํ† ์ฝœ ๋ฌธ์ œ์ž…๋‹ˆ๋‹ค. ์ตœ์†Œํ•œ ๋„์ปค๊ฐ€ ์†Œ์Šค IP๋ฅผ ์›๊ฒฉ ํ˜ธ์ŠคํŠธ๋กœ "์œ„์กฐ"ํ•˜๊ณ  Swarm Mesh์—์„œ ์ž์ฒด ๋‚ด๋ถ€ IP๋ฅผ ์ œ๊ณตํ•˜๊ธฐ๋ฅผ ๋ฐ”๋ž๋‹ˆ๋‹ค. ํ•˜์ง€๋งŒ ๋ฐ˜ํ™˜ ํŠธ๋ž˜ํ”ฝ์ด ์ž˜๋ชป๋œ ์œ„์น˜๋กœ ์ด๋™ํ•˜๊ธฐ ๋•Œ๋ฌธ์— ๋ฌธ์ œ๊ฐ€ ๋ฐœ์ƒํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

๊ฐ€์žฅ ์‰ฌ์šด ๋ฐฉ๋ฒ•์€ ๋ชจ๋“  http ์š”์ฒญ์— ๋Œ€ํ•ด ์›๋ž˜ IP์˜ ํ—ค๋”๋ฅผ ์ถ”๊ฐ€ํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.

์˜ณ์€. ๊ตฌ์ฒด์ ์œผ๋กœ - l4์—์„œ ์ž‘๋™ํ•˜๋Š” ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ ํ—ค๋”๋กœ
๋ฐ l7 ๋ฐ ๋Œ€๋ถ€๋ถ„์˜ ์•Œ๋ ค์ง„ ์‘์šฉ ํ”„๋กœ๊ทธ๋žจ ์†Œํ”„ํŠธ์›จ์–ด(๋ฐ
๋Œ€ํ˜• ํด๋ผ์šฐ๋“œ ์ œ๊ณต์—…์ฒด).

๋‚˜๋Š” ๊ทธ๊ฒƒ์— ๋Œ€ํ•ด ๋ณ„๋„์˜ ๋ฒ„๊ทธ๋ฅผ ์ œ์ถœํ–ˆ์œผ๋ฉฐ ๋ช‡ ๊ฐ€์ง€ ์˜๊ฒฌ์ด ๋งํฌ๋˜์–ด ์žˆ์Šต๋‹ˆ๋‹ค.
์œ„์—. ๊ด€์‹ฌ์ด ์žˆ๋Š” ๊ฒฝ์šฐ ํ•ด๋‹น ๋ฒ„๊ทธ์— ์ถ”๊ฐ€ํ•˜์‹ญ์‹œ์˜ค.

2019๋…„ 9์›” 5์ผ ๋ชฉ์š”์ผ 18:56 Vladimir, [email protected]์ด ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์ž‘์„ฑํ–ˆ์Šต๋‹ˆ๋‹ค.

๊ฐ€์žฅ ์‰ฌ์šด ๋ฐฉ๋ฒ•์€ ๋ชจ๋“  ์›๋ณธ IP์— ๋Œ€ํ•œ ํ—ค๋”๋ฅผ ์ถ”๊ฐ€ํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
http ์š”์ฒญ.

โ€”
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ณ  GitHub์—์„œ ํ™•์ธ
https://github.com/moby/moby/issues/25526?email_source=notifications&email_token=AAASYU7APUNJPLZ6AJ6XXMDQIECIJA5CNFSM4CL7MWFKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LDNMVXH
๋˜๋Š” ์Šค๋ ˆ๋“œ ์Œ์†Œ๊ฑฐ
https://github.com/notifications/unsubscribe-auth/AAASYU4VZGKUFLL5STZ44GDQIECIJANCNFSM4CL7MWFA
.

2019๋…„์ธ๋ฐ ์ด๊ฒŒ ์•„์ง๋„ ๋ฌธ์ œ์•ผ?? ๊ทธ๊ฒƒ์€ traefik์˜ IP ํ™”์ดํŠธ๋ฆฌ์ŠคํŠธ๋ฅผ ๊ณ ํ†ต์Šค๋Ÿฝ๊ฒŒ ๋งŒ๋“ญ๋‹ˆ๋‹ค. ๋ชจ๋“  ๋…ธ๋“œ์— ํ˜ธ์ŠคํŠธ ํฌํŠธ๊ฐ€ ํ•„์š”ํ•˜์ง€ ์•Š์•„์•ผ ํ•ฉ๋‹ˆ๋‹ค.

@kaysond ์šฐ๋ฆฌ์˜ ์ž…์žฅ์€ Swarm์„ ํฌ๊ธฐํ•˜๋Š” ๊ฒƒ์ด์—ˆ์Šต๋‹ˆ๋‹ค. AWS์™€ ECS๋กœ ์ด์ „ํ–ˆ์Šต๋‹ˆ๋‹ค. ๋” ๊ฑด์„ค์ ์ธ ๊ฒƒ์„ ๊ฒŒ์‹œํ•  ์ˆ˜ ์—†์–ด ์œ ๊ฐ์ด์ง€๋งŒ ๊ถ๊ทน์ ์œผ๋กœ ์šฐ๋ฆฌ๋Š” ํšจ๊ณผ๊ฐ€ ์žˆ๋Š” ๊ฒƒ์ด ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค. ์ด๊ฒƒ์€ ์šฐ๋ฆฌ์™€ ๋‹ค๋ฅธ ์‚ฌ๋žŒ๋“ค์—๊ฒŒ ์˜ํ–ฅ์„ ๋ฏธ์น˜๋Š” ์œ ์ผํ•œ ์ฃผ์š” Swarm ๋ฒ„๊ทธ(๋˜๋Š” ๊ธฐ๋Šฅ ๋ถ€์กฑ)๊ฐ€ ์•„๋‹™๋‹ˆ๋‹ค. ์ตœ๊ทผ ๋ช‡ ๋…„ ๋™์•ˆ ๋ช…๋ฐฑํ•œ ์ˆ˜์ •/ํ”ผ๋“œ๋ฐฑ์ด ์—†์Šต๋‹ˆ๋‹ค. ๊ฐ€์žฅ ์‹ค๋ง์Šค๋Ÿฝ์ง€๋งŒ ์žˆ์Šต๋‹ˆ๋‹ค.

@jmkgreen ์šฐ๋ฆฌ๋Š” ๊ฐ™์€ ์œ„์น˜์— ์žˆ์œผ๋ฉฐ ์ด ๋ฌธ์ œ๊ฐ€ ์—ฌ์ „ํžˆ ์ง„ํ–‰ ์ค‘์ด๊ธฐ ๋•Œ๋ฌธ์— ์ง€๋‚œ 6๊ฐœ์›” ์ด์ƒ docker swarm์—์„œ ๋‹ค๋ฅธ ๊ฒƒ์œผ๋กœ ์ด๋™ํ•˜๋Š” ๋ฐ ๋ณด๋ƒˆ์Šต๋‹ˆ๋‹ค. ๋‚˜๋Š” ์ˆ˜์šฉ ๊ฐ€๋Šฅํ•œ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์„ ์ฐพ์ง€ ๋ชปํ•œ ์ฑ„ ์ด๋ฏธ ์ˆ˜์‹ญ ์‹œ๊ฐ„๊ณผ ์ˆ˜๋ฐฑ ์‹œ๊ฐ„์˜ ํŒ€์› ์‹œ๊ฐ„์„ ์—ฌ๊ธฐ์— ํˆฌ์žํ–ˆ์Šต๋‹ˆ๋‹ค. ๋ชจ๋“  ํ˜ธ์ŠคํŠธ ํฌํŠธ์— ๋ฐ”์ธ๋”ฉํ•˜๋ฉด ํ”Œ๋กœํŒ… LB์˜ ๋ชฉ์ ์ด ์™„์ „ํžˆ ๋ฌดํšจํ™”๋ฉ๋‹ˆ๋‹ค.

ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์— ๋Œ€ํ•œ ๋ฌธ์ œ๋Š” ๋ฌด์—‡์ž…๋‹ˆ๊นŒ? ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ + ์ „์—ญ์—์„œ ์„œ๋น„์Šค๋ฅผ ์„ ์–ธํ•˜๊ณ  ๋ชจ๋“  ๋…ธ๋“œ์— ๋„๋‹ฌํ•˜๋„๋ก LB๋ฅผ ์„ค์ •ํ•˜๋ฉด ์ž‘๋™ํ•ฉ๋‹ˆ๋‹ค. ํ”„๋ก์‹œ๊ฐ€ ๊ฐ€๋ณ๊ธฐ ๋•Œ๋ฌธ์—(์ €๋Š” https ์˜คํ”„๋กœ๋”ฉ ๋ฐ ๊ธฐํƒ€ ์ž‘์—…์„ ์ˆ˜ํ–‰ํ•˜๊ธฐ ๋•Œ๋ฌธ์— nginx๋ฅผ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค) ๋ชจ๋“  ์„œ๋ฒ„์— ๋ฐฐํฌ๋œ๋‹ค๋Š” ์‚ฌ์‹ค์€ ์„œ๋ฒ„ ๋ฆฌ์†Œ์Šค์˜ 1% ๋ฏธ๋งŒ์„ ์‚ฌ์šฉํ•˜๋Š” ๋ฐ ๋ฌธ์ œ๊ฐ€ ๋˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ์ง„ํ–‰ ์ค‘ ์˜ค๋ฅ˜๊ฐ€ ๋ฐœ์ƒํ•˜๋ฉด ๋„์™€๋“œ๋ฆฌ๊ฒ ์Šต๋‹ˆ๋‹ค([email protected]).

ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์— ๋Œ€ํ•œ ๋ฌธ์ œ๋Š” ๋ฌด์—‡์ž…๋‹ˆ๊นŒ? ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ + ์ „์—ญ์—์„œ ์„œ๋น„์Šค๋ฅผ ์„ ์–ธํ•˜๊ณ  ๋ชจ๋“  ๋…ธ๋“œ์— ๋„๋‹ฌํ•˜๋„๋ก LB๋ฅผ ์„ค์ •ํ•˜๋ฉด ์ž‘๋™ํ•ฉ๋‹ˆ๋‹ค.

@RemiBou ํ”„๋ก์‹œ ์ž์ฒด๋ฅผ ์—…๋ฐ์ดํŠธ/์žฌ์‹œ์ž‘ํ•ด์•ผ ํ•  ๋•Œ ์™ธ๋ถ€ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๋Š” ์ค‘๋‹จ์„ ์ฆ‰์‹œ ๊ฐ์ง€ํ•˜์ง€ ์•Š๊ณ  ํ”„๋ก์‹œ๊ฐ€ ์—ฌ์ „ํžˆ ๋‹ค์‹œ ์‹œ์ž‘๋˜๋Š” ๋…ธ๋“œ์— ์š”์ฒญ์„ ๊ณ„์† ๋ณด๋ƒ…๋‹ˆ๋‹ค. ๋”ฐ๋ผ์„œ ์™ธ๋ถ€ LB ๊ตฌ์„ฑ์— ๋”ฐ๋ผ ~30์ดˆ์˜ ์ค‘๋‹จ์ด ์žˆ์Šต๋‹ˆ๋‹ค.

Swarm์—์„œ๋Š” ์™ธ๋ถ€ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๋ฅผ ํ˜ธ์ถœํ•˜๊ณ  ์—…๋ฐ์ดํŠธ ์ค‘์— ๋…ธ๋“œ๋ฅผ ์„œ๋น„์Šค์—์„œ ์ œ์™ธํ•˜๊ธฐ ์œ„ํ•ด ์„œ๋น„์Šค ์—…๋ฐ์ดํŠธ ํ”„๋กœ์„ธ์Šค์— ํ›„ํฌ๋ฅผ ๋„ฃ์„ ๋ฐฉ๋ฒ•๋„ ์—†์Šต๋‹ˆ๋‹ค. ๋˜ํ•œ ์—…๋ฐ์ดํŠธ๋˜๊ธฐ ์ „์— ์ปจํ…Œ์ด๋„ˆ ๋‚ด๋ถ€์—์„œ ์Šคํฌ๋ฆฝํŠธ๋ฅผ ์‹คํ–‰ํ•˜๋„๋ก ํŠธ๋ฆฌ๊ฑฐํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค(์˜ˆ: " i_am_healthy " ํ”Œ๋ž˜๊ทธ๋ฅผ ์ œ๊ฑฐํ•˜๊ณ  ์™ธ๋ถ€ LB๊ฐ€ ํด๋ง์„ ํ†ตํ•ด ์„œ๋น„์Šค๊ฐ€ ์ค‘๋‹จ๋จ์„ ๋ฐœ๊ฒฌํ•˜๋„๋ก ํ•˜๊ธฐ ์œ„ํ•ด).

ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์— ๋Œ€ํ•œ ๋ฌธ์ œ๋Š” ๋ฌด์—‡์ž…๋‹ˆ๊นŒ?

๋‚ด ๋ฌธ์ œ๋Š” ๊ทธ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์„ ์‚ฌ์šฉํ•˜์—ฌ ํ˜ธ์ŠคํŠธ์—์„œ ์—ฌ๋Ÿฌ ๋™์ผํ•œ ์„œ๋น„์Šค(๋˜๋Š” ๋™์ผํ•œ ํฌํŠธ๋ฅผ ์›ํ•˜๋Š” ์—ฌ๋Ÿฌ ์„œ๋น„์Šค)๋ฅผ ์‹คํ–‰ํ•˜๋Š” ๊ฒƒ์ด ๋ถˆ๊ฐ€๋Šฅํ•˜๋‹ค๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๊ทธ๊ฒƒ์€ ๋‚ด๊ฐ€ ์ž‘์—…ํ•˜๋Š” ํ”„๋กœ์ ํŠธ์— ํ•„์š”ํ•œ ๊ฒƒ์ž…๋‹ˆ๋‹ค.

์‹ค์ œ๋กœ ์ด ์ž‘์—…๋งŒ ์ˆ˜ํ–‰ํ•˜๋Š” ํ”„๋ก์‹œ ์„œ๋น„์Šค๋ฅผ ๋ฐฐํฌํ•  ์ˆ˜ ์—†์œผ๋ฉฐ ip๊ฐ€ swarm ๋‚ด๋ถ€์— ์žˆ์„ ๋•Œ ๋‹ค๋ฅธ ์„œ๋น„์Šค์— http ํ—ค๋”๋กœ ์ „๋‹ฌํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๊นŒ?

์‹ค์ œ๋กœ ์ด ์ž‘์—…๋งŒ ์ˆ˜ํ–‰ํ•˜๋Š” ํ”„๋ก์‹œ ์„œ๋น„์Šค๋ฅผ ๋ฐฐํฌํ•  ์ˆ˜ ์—†์œผ๋ฉฐ ip๊ฐ€ swarm ๋‚ด๋ถ€์— ์žˆ์„ ๋•Œ ๋‹ค๋ฅธ ์„œ๋น„์Šค์— http ํ—ค๋”๋กœ ์ „๋‹ฌํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๊นŒ?

์˜ˆ... ๊ทธ๋ฆฌ๊ณ  ํ•ด๋‹น ์”ฌ ํ”„๋ก์‹œ ์„œ๋น„์Šค๋ฅผ ์žฌ๊ตฌ์„ฑํ•˜๊ฑฐ๋‚˜ ์—…๋ฐ์ดํŠธํ•  ํ•„์š”๊ฐ€ ์—†๋Š” ํ•œ Swarm LB๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ๊ทธ ๋’ค์— ์žˆ๋Š” ๊ตฌ์„ฑ ์š”์†Œ๋ฅผ ์—…๋ฐ์ดํŠธํ•˜์—ฌ ๊ฐ€๋™ ์ค‘์ง€ ์‹œ๊ฐ„์„ ๋ฐฉ์ง€ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

๋ˆ„๊ตฐ๊ฐ€๊ฐ€ haproxy๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ์™„๋ฃŒํ•˜๋Š” https://hub.docker.com/r/decentralize/swarm-tcp-proxy ๋ฅผ ์ง€์ ํ–ˆ์Šต๋‹ˆ๋‹ค.

๊ทธ๋ž˜๋„ ์ผ์ข…์˜ ๊ณ ํ†ต. ํ”„๋ก์‹œ๋ฅผ ์—…๋ฐ์ดํŠธํ•ด์•ผ ํ•˜๋Š” ๊ฒฝ์šฐ์—๋„ ์—ฌ์ „ํžˆ ๋‹ค์šดํƒ€์ž„์ด ์žˆ์Šต๋‹ˆ๋‹ค.

@ms1111 Nginx ๋„์ปค ์ด๋ฏธ์ง€๊ฐ€ ๋ช‡ ์ดˆ ์•ˆ์— ์‹œ์ž‘๋˜๊ณ  ์ด ์„œ๋น„์Šค๊ฐ€ ์ด ๋ถ€๋ถ„๋งŒ ๊ด€๋ฆฌํ•œ๋‹ค๋ฉด ์ž์ฃผ ์—…๋ฐ์ดํŠธํ•  ํ•„์š”๊ฐ€ ์—†์Šต๋‹ˆ๋‹ค. IMHO ๋‹จ์ ์€ ๊ทธ๋‹ค์ง€ ์ค‘์š”ํ•˜์ง€ ์•Š์ง€๋งŒ ๊ท€ํ•˜์˜ ๊ฒฝ์šฐ์—๋Š” ๋‹ค๋ฅผ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค

ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์— ๋Œ€ํ•œ ๋ฌธ์ œ๋Š” ๋ฌด์—‡์ž…๋‹ˆ๊นŒ?

์šฐ๋ฆฌ์˜ ๊ฒฝ์šฐ ์ด ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•๊ณผ ํ˜ธ์ŠคํŠธ์— ๋…ธ์ถœ๋œ ํฌํŠธ๋ฅผ ํŠน์ • IP ์ฃผ์†Œ์— ๋ฐ”์ธ๋”ฉํ•  ์ˆ˜ ์—†๋Š” ๊ธฐ๋Šฅ์˜ ์กฐํ•ฉ์ž…๋‹ˆ๋‹ค. ๋Œ€์‹  ์‹ค์ œ ๋ฐฉ๋ฌธ์ž์˜ IP๋ฅผ ํ•„์š”๋กœ ํ•˜๊ณ  PROXY ํ”„๋กœํ† ์ฝœ์„ ์ง€์›ํ•˜๋Š” ๋ชจ๋“  ๋‚ด๋ถ€ ์„œ๋น„์Šค๋Š” ์ตœ์ ์ด ์•„๋‹Œ ํ˜ธ์ŠคํŠธ์˜ 0.0.0.0 ์— ํ•ด๋‹น ํฌํŠธ๊ฐ€ ๋…ธ์ถœ๋ฉ๋‹ˆ๋‹ค.

๋˜ ๋‹ค๋ฅธ ํ•˜๋‚˜๋Š” ์ดˆ๋‹น ์ˆ˜๋ฐฑ ๊ฐœ์˜ ์ƒˆ๋กœ์šด ์—ฐ๊ฒฐ์ด ์žˆ์„ ๋•Œ ๋ฌด์‹œํ•  ์ˆ˜ ์—†๋Š” ์„ฑ๋Šฅ ์ €ํ•˜์ž…๋‹ˆ๋‹ค. ๋…ธ์ถœ๋œ ๋ชจ๋“  ํฌํŠธ๋Š” ์‹ค์ œ๋กœ conntrack ๊ฐ€ ํ•„์š”ํ•˜๊ณ  ๋‹ค๋ฅธ ๋ฌธ์ œ๊ฐ€ ์žˆ๋Š” iptables์˜ DNAT ๊ทœ์น™์ž…๋‹ˆ๋‹ค(k8๋„ ์ ์ค‘ํ•˜์ง€๋งŒ Swarm์—๋Š” ์ด ๊ธฐ๋Šฅ์ด ์žˆ์Šต๋‹ˆ๋‹ค. ์ƒํ™ฉ์„ ์•…ํ™”์‹œํ‚ค๋Š” ์ถ”๊ฐ€ ์ˆ˜์ค€์˜ NAT).

๋„์ปค์—๊ฒŒ,

๊นจ์šฐ๋‹ค! ์ด ๋ฌธ์ œ์— ์–ผ๋งˆ๋‚˜ ๋งŽ์€ ์‚ฌ๋žŒ๋“ค์ด ๊ด€๋ จ๋˜์–ด ์žˆ๋Š”์ง€๋ฅผ ๊ฐ์•ˆํ•  ๋•Œ ๋ช…๋ฐฑํ•œ ๋ฌธ์ œ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค(๊ฐ™์€ ์›์ธ์„ ๊ฐ€์ง„ ๋‹ค๋ฅธ ์‚ฌ๋žŒ๋“ค์ด ์žˆ์Šต๋‹ˆ๋‹ค). ์šฐ๋ฆฌ๊ฐ€ ์–ป๋Š” ๊ฒƒ์€ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด ์†”๋ฃจ์…˜์ด ์•„๋‹Œ ์ด์œ ๊ฐ€ ๊ฝค ์—ฌ๋Ÿฌ ๋ฒˆ ์„ค๋ช…๋˜์—ˆ์Œ์—๋„ ๋ถˆ๊ตฌํ•˜๊ณ  ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด ์žˆ๋‹ค๋Š” ๊ฒƒ์„ ๊ณ„์†ํ•ด์„œ ๋ฐ˜๋ณตํ•˜๋Š” ์‚ฌ๋žŒ๋“ค์ž…๋‹ˆ๋‹ค. "ํ•ด๊ฒฐ์ฑ…"์ด๋ผ๋Š” ๋‹จ์–ด๋Š” ๋‚˜์ค‘์— ํ•ด๊ฒฐ๋  ์ผ์‹œ์ ์ธ ๋ฌธ์ œ์ž„์„ ๋‚˜ํƒ€๋ƒ…๋‹ˆ๋‹ค. ๋ฌธ์ œ๊ฐ€ ์ƒ์„ฑ๋œ ์ง€ 3๋…„์ด ๋„˜์—ˆ๊ณ  ๊ทธ ๋™์•ˆ ์‘๋‹ต์€ "ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ด ์žˆ์Šต๋‹ˆ๋‹ค"์ž…๋‹ˆ๋‹ค.

๋ชจ๋“  Swarm ์‚ฌ์šฉ์ž์—๊ฒŒ,

ํ˜„์‹ค์ ํ•ฉ์‹œ๋‹ค. ์Šฌํ”ˆ ์ง„์‹ค์€ Docker๋ฅผ ํฌํ•จํ•˜์—ฌ ๋ˆ„๊ตฌ๋„ Swarm์— ์ง„์ •์œผ๋กœ ๊ด€์‹ฌ์„ ๊ฐ–๊ณ  ์žˆ์ง€ ์•Š๋‹ค๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๋ชจ๋‘๊ฐ€ k8๋กœ ์ด๋™ํ–ˆ์œผ๋ฉฐ Swarm์— ๋Œ€ํ•œ "์‹ค์ œ" ํˆฌ์ž๋Š” ์—†์Šต๋‹ˆ๋‹ค. ์ด ํ”„๋กœ์ ํŠธ๋Š” ์‚ฌ๋ง์„ ๊ธฐ๋‹ค๋ฆฌ๋Š” ์ƒ๋ช… ์œ ์ง€ ์žฅ์น˜์— ์žˆ์œผ๋ฏ€๋กœ ์ด ๋ฌธ์ œ๊ฐ€ ํ•ด๊ฒฐ๋  ๊ฒƒ์œผ๋กœ ๊ธฐ๋Œ€ํ•˜์ง€ ๋งˆ์‹ญ์‹œ์˜ค. ํ˜„๋ช…ํ•˜๊ฒŒ k8๋กœ ์ด๋™ํ•˜์‹ญ์‹œ์˜ค.

์ด ๋ฌธ์ œ๋Š” ๋„ˆ๋ฌด ์˜ค๋žซ๋™์•ˆ ๋ฌด์‹œ๋œ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. ๊ตฌํ˜„๋  ์ผ์€ ์—†์„ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. ๊ทธ๋ƒฅ ์ซ“์•„๊ฐ€์„œ k8์„ ์‚ฌ์šฉํ•˜์„ธ์š”.

@leojonathanoh k8 ์ด ์ด ํŠน์ • ๋ฌธ์ œ๋ฅผ ์ •ํ™•ํžˆ ์–ด๋–ป๊ฒŒ ํ•ด๊ฒฐํ•˜๋Š”์ง€ ์ž์„ธํžˆ ์„ค๋ช…ํ•ด ์ฃผ์‹œ๊ฒ ์Šต๋‹ˆ๊นŒ? :)?

๋‹จ์ˆœ: ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ

@ajatkj ๋งํ–ˆ๋“ฏ์ด. ๋˜๋Š” ์ด๊ฒƒ์ด ๋ถˆ๊ฐ€๋Šฅํ•œ ๊ฒฝ์šฐ Service ๋ฆฌ์†Œ์Šค์— ๋Œ€ํ•œ ์™ธ๋ถ€ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ ๋ฐ externalTrafficPolicy: Local ์ž…๋‹ˆ๋‹ค. ๊ทธ๊ฒƒ์ด ๋‚ด๊ฐ€ ์—ฌ๊ธฐ์„œ ๋งํ•  ์ „๋ถ€์ž…๋‹ˆ๋‹ค. ๊ทธ๋ฆฌ๊ณ  ๋‚˜๋Š” ์Šค๋ ˆ๋“œ์—์„œ ๊ตฌ๋…์„ ์ทจ์†Œํ•ฉ๋‹ˆ๋‹ค.

์‚ฌ๋žŒ๋“ค์€ ์™œ ๋‹ค๋ฅธ ์‚ฌ๋žŒ๋“ค์ด ์ž์‹ ์„ ์œ„ํ•ด ์ผํ•  ๊ฒƒ์ด๋ผ๊ณ  ๊ธฐ๋Œ€ํ•ฉ๋‹ˆ๊นŒ?

๋‚˜๋Š” ์˜์›…์ด ๋˜์–ด ์ด๊ฒƒ์„ ๋Œ๋ณด๊ณ  ์‹ถ์ง€๋งŒ ํ˜„์‹ค์€ ๋‚ด๊ฐ€ ๋‹ค๋ฅธ ๋งŽ์€ ์ผ์„ ํ•˜๊ณ  ์žˆ๊ณ  ์ด๊ฒƒ์€ ๋‚˜์˜ ์ผ์ƒ์— ์˜ํ–ฅ์„ ๋ฏธ์น˜์ง€ ์•Š๋Š”๋‹ค๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค. ์ด๊ฒƒ์ด ๋‹น์‹ ์˜ ์ผ์ƒ์— ์˜ํ–ฅ์„ ์ค๋‹ˆ๊นŒ? ์ด ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜๋Š” ๋ฐ ๋„์›€์ด ๋˜์—ˆ์œผ๋ฉด ํ•ฉ๋‹ˆ๋‹ค!

๋‚˜๋Š” ๋˜ํ•œ ์ด๊ฒƒ์„ ์—ฌ๋Ÿฌ ๋ฒˆ ๋ณด์•˜๊ณ  ์‹ค์ œ๋กœ ๋งˆ๋ฒ•์˜ ๋ฌด๋ฆฌ ๋ผ์šฐํŒ…์ด ์‚ฌ์šฉํ•˜๋Š” IPVS NAT์™€ ํ•จ๊ป˜ ์ž‘๋™ํ•˜๋„๋ก ํ•˜๋Š” ๋ฐฉ๋ฒ•์ด ์—†๋Š” ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.

๋‚˜๋Š” k8์ด ์—ฌ๊ธฐ์—์„œ ํ›จ์”ฌ ๋” ์œ ์—ฐํ•˜๋‹ค๋Š” ๋ฐ ๋™์˜ํ•ฉ๋‹ˆ๋‹ค. ๊ท€ํ•˜์˜ ์š”๊ตฌ์— ๋” ์ž˜ ๋งž๋Š”๋‹ค๋ฉด ๊ทธ๊ฒƒ์„ ์‚ฌ์šฉํ•˜์‹ญ์‹œ์˜ค.
๋ฌธ์ œ๊ฐ€ ํ•ด๊ฒฐ๋˜์ง€ ์•Š์•˜๋‹ค๊ณ  ๋ถˆํ‰ํ•˜๊ณ  k8๋กœ ์ „ํ™˜ํ•˜๊ฒ ๋‹ค๊ณ  ์œ„ํ˜‘ํ•˜๋Š” ๊ฒƒ์€ ์‹ค์ œ๋กœ ๋ฌธ์ œ ์ถ”์ ๊ธฐ์—์„œ ์„ค ์ž๋ฆฌ๊ฐ€ ์—†์œผ๋ฉฐ ์ผ๋ฐ˜์ ์œผ๋กœ ๋„์›€์ด ๋˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

์‚ฌ๋žŒ๋“ค์€ ๊ทธ๋“ค์ด ๊ฐ€์ง„ ์ง€์‹์œผ๋กœ ๋•์Šต๋‹ˆ๋‹ค. ๋ชจ๋“  ์‚ฌ๋žŒ์ด ์ฝ”๋“œ ์ž์ฒด๋ฅผ ๋ณ€๊ฒฝํ•  ์ˆ˜ ์žˆ๋Š” ๊ธฐ์ˆ ์„ ๊ฐ€์ง€๊ณ  ์žˆ๋Š” ๊ฒƒ์€ ์•„๋‹ˆ๋ฏ€๋กœ ํ•„์š”ํ•œ ๋ณ€๊ฒฝ์— ๋Œ€ํ•œ ํ•ฉ์˜๋ฅผ ๋‹ฌ์„ฑํ•˜๋Š” ๋ฐ ๋„์›€์ด ๋˜๋„๋ก ์ด์™€ ๊ฐ™์€ ๋ฌธ์ œ๋ฅผ ๋งŒ๋“ญ๋‹ˆ๋‹ค.

์—ฌ๊ธฐ์— ์žˆ๋Š” ๋ˆ„๊ตฌ๋„ ํŠน๋ณ„ํžˆ ๋ณ€๊ฒฝํ•ด์•ผ ํ•œ๋‹ค๊ณ  ์ฃผ์žฅํ•˜์ง€ ์•Š์ง€๋งŒ @sandys ๊ฐ€ ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ์— ๋Œ€ํ•ด ๊ณต๊ฐœํ•œ ๋ฌธ์ œ์— ์•Š์•˜์Šต๋‹ˆ๋‹ค . ๋ณ€๊ฒฝ ์‚ฌํ•ญ์ด ์ˆ˜๋ฝ๋ ์ง€ ์—ฌ๋ถ€๋ฅผ ๋ชจ๋ฅด๋Š” ์‚ฌ๋žŒ์ด ์–ด๋–ป๊ฒŒ ์ด ์ž‘์—…์„ ์ˆ˜ํ–‰ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๊นŒ?

๊ฐ€์žฅ ์ข‹์€ ๋ฐฉ๋ฒ•์€ ์ œ์•ˆ์„ ํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค. ์ž‘์—…์ด ์™„๋ฃŒ๋œ ํ›„ ์•„ํ‚คํ…์ฒ˜๊ฐ€ ์–ด๋–ป๊ฒŒ ๋ณด์ผ ๊ฒƒ์œผ๋กœ ์˜ˆ์ƒํ•˜์‹ญ๋‹ˆ๊นŒ? ๋ฌด์—‡์„ ๊ฐ€์ ธ์˜ค๋Š”๊ฐ€? ์šฐ๋ฆฌ๋Š” ๋ฌด์—‡์„ ์žƒ์Šต๋‹ˆ๊นŒ?

๊ฐ€์žฅ ์ข‹์€ ๋ฐฉ๋ฒ•์€ ์ œ์•ˆ์„ ํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค. ์ž‘์—…์ด ์™„๋ฃŒ๋œ ํ›„ ์•„ํ‚คํ…์ฒ˜๊ฐ€ ์–ด๋–ป๊ฒŒ ๋ณด์ผ ๊ฒƒ์œผ๋กœ ์˜ˆ์ƒํ•˜์‹ญ๋‹ˆ๊นŒ? ๋ฌด์—‡์„ ๊ฐ€์ ธ์˜ค๋Š”๊ฐ€? ์šฐ๋ฆฌ๋Š” ๋ฌด์—‡์„ ์žƒ์Šต๋‹ˆ๊นŒ?

์—ฌ๊ธฐ์—์„œ ์ด๋ฏธ ์™„๋ฃŒ: #39465

ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ ๋„คํŠธ์›Œํ‚น ์‹œ๋„

๋Œ“๊ธ€์„ ์ž‘์„ฑํ•˜๊ธฐ ์ „์— ์ „์ฒด ์Šค๋ ˆ๋“œ๋ฅผ ์ฝ์œผ์‹ญ์‹œ์˜ค.

"ํ”„๋ก์‹œ ํ”„๋กœํ† ์ฝœ ์‚ฌ์šฉ", ์‹ค์ œ๋กœ ํฅ๋ฏธ๋กœ์šด ๊ฒƒ์€ ๋ฌด์—‡์ธ์ง€ ์„ค๋ช…ํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.
์ฝ”๋“œ ๋ฒ ์ด์Šค๋ฅผ ๋ณ€๊ฒฝํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

์–ด์ฉŒ๋ฉด ์ด๊ฒƒ์€ ์ˆœ์ง„ํ•œ ์งˆ๋ฌธ์ด์ง€๋งŒ ์ฒ˜์Œ๋ถ€ํ„ฐ ์†Œ์Šค IP๋ฅผ ๋‹ค์‹œ ์ž‘์„ฑํ•ด์•ผ ํ•˜๋Š” ์ด์œ ๋Š” ๋ฌด์—‡์ž…๋‹ˆ๊นŒ? ์–ด์จŒ๋“  ์ธํ„ฐํŽ˜์ด์Šค์˜ ๊ธฐ๋ณธ ๊ฒŒ์ดํŠธ์›จ์ด๋ฅผ ํ†ตํ•ด ํŠธ๋ž˜ํ”ฝ์ด ๋ฐ˜ํ™˜๋˜์ง€ ์•Š์Šต๋‹ˆ๊นŒ? Swarm ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๋ฅผ ํ†ตํ•ด ์˜จ ๊ฒฝ์šฐ์—๋„ ๊ฒŒ์ดํŠธ์›จ์ด๋Š” ํŠธ๋ž˜ํ”ฝ์ด ์–ด๋””์—์„œ ์™”๋Š”์ง€ ์ด๋ฏธ ์•Œ๊ณ  ์žˆ๋Š” ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๋ฅผ ํ†ตํ•ด ๋ฐ˜ํ™˜ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

์–ด์ฉŒ๋ฉด ์ด๊ฒƒ์€ ์ˆœ์ง„ํ•œ ์งˆ๋ฌธ์ด์ง€๋งŒ ์ฒ˜์Œ๋ถ€ํ„ฐ ์†Œ์Šค IP๋ฅผ ๋‹ค์‹œ ์ž‘์„ฑํ•ด์•ผ ํ•˜๋Š” ์ด์œ ๋Š” ๋ฌด์—‡์ž…๋‹ˆ๊นŒ? ์–ด์จŒ๋“  ์ธํ„ฐํŽ˜์ด์Šค์˜ ๊ธฐ๋ณธ ๊ฒŒ์ดํŠธ์›จ์ด๋ฅผ ํ†ตํ•ด ํŠธ๋ž˜ํ”ฝ์ด ๋ฐ˜ํ™˜๋˜์ง€ ์•Š์Šต๋‹ˆ๊นŒ? Swarm ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๋ฅผ ํ†ตํ•ด ์˜จ ๊ฒฝ์šฐ์—๋„ ๊ฒŒ์ดํŠธ์›จ์ด๋Š” ํŠธ๋ž˜ํ”ฝ์ด ์–ด๋””์—์„œ ์™”๋Š”์ง€ ์ด๋ฏธ ์•Œ๊ณ  ์žˆ๋Š” ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๋ฅผ ํ†ตํ•ด ๋ฐ˜ํ™˜ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

์–ด๋–ค IP์—์„œ ์š”์ฒญ์ด ์˜ค๋Š”์ง€ ์•Œ์•„์•ผ ํ•ฉ๋‹ˆ๋‹ค. ํŠน์ • ์‚ฌ์šฉ์ž๊ฐ€ IP๋ฅผ ์ œํ•œํ•˜๊ธฐ๋ฅผ ์›ํ•  ์ˆ˜ ์žˆ์œผ๋ฉฐ ์‹คํ–‰ ์ค‘์ธ ์„œ๋น„์Šค ์™ธ๋ถ€์—์„œ ์ด๋ฅผ ์ˆ˜ํ–‰ํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค. ๋‹ค๋ฅธ ๊ฒƒ์€ ip๋งŒ์„ ๊ธฐ๋ฐ˜์œผ๋กœ ํ•ฉ๋‹ˆ๋‹ค(์ด ์˜ˆ์˜ ์ •์ฑ…์€ ip + request-content => ํ—ˆ์šฉ/๋น„ํ—ˆ์šฉ์ด๊ธฐ ๋•Œ๋ฌธ์—).

๋˜๋Š” ๋” ์ž์ฃผ, ์—ฐ๊ฒฐ์„ ๋กœ๊น…ํ•˜๊ธฐ ์œ„ํ•œ ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๋‚ด ์„œ๋น„์Šค ์‚ฌ์šฉ์— ๋Œ€ํ•ด ๊ณ ๊ฐ์—๊ฒŒ ์ฒญ๊ตฌํ•ด์•ผ ํ•˜๋ฉฐ ์š”์ฒญ ์‹œ๊ฐ„, ๋ฆฌ์†Œ์Šค ์–‘, ์š”์ฒญ ์†Œ์Šค IP๋ฅผ ํ‘œ ํ˜•์‹์œผ๋กœ ์ œ๊ณตํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ์ฒญ๊ตฌ๋˜๋Š” ๊ฑฐ์˜ ๋ชจ๋“  ์„œ๋น„์Šค๋Š” ์ด๋Ÿฌํ•œ ์ข…๋ฅ˜์˜ ๋ณด๊ณ ์„œ๋ฅผ ์ œ๊ณตํ•ฉ๋‹ˆ๋‹ค.

์ œ ์งˆ๋ฌธ์„ ์ž˜๋ชป ์ดํ•ดํ•˜์‹  ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. ์„œ๋น„์Šค๊ฐ€ ์‹ค์ œ ์†Œ์Šค IP๋ฅผ ๋ณด๊ณ  ์‹ถ์–ดํ•˜๋Š” ์ด์œ ๋ฅผ ์ดํ•ดํ•ฉ๋‹ˆ๋‹ค. Docker๊ฐ€ ์ปจํ…Œ์ด๋„ˆ์— ๋„๋‹ฌํ•˜๊ธฐ ์ „์— Docker๊ฐ€ ๋ณ€๊ฒฝํ•˜๋Š” ์ด์œ ๋ฅผ ์•Œ๊ณ  ์‹ถ์Šต๋‹ˆ๋‹ค.

2019๋…„ 11์›” 1์ผ ์˜ค์ „ 1์‹œ 47๋ถ„, ์˜ค์ „ 1์‹œ 47๋ถ„์— Daniele Cruciani [email protected]์ด ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์ผ์Šต๋‹ˆ๋‹ค.

์–ด์ฉŒ๋ฉด ์ด๊ฒƒ์€ ์ˆœ์ง„ํ•œ ์งˆ๋ฌธ์ด์ง€๋งŒ ์™œ ๋‹ค์‹œ ์ž‘์„ฑํ•ด์•ผํ•ฉ๋‹ˆ๊นŒ?
์‹œ์ž‘ํ•˜๋Š” ์†Œ์Šค ip? ํŠธ๋ž˜ํ”ฝ์ด
์–ด์จŒ๋“  ์ธํ„ฐํŽ˜์ด์Šค์˜ ๊ธฐ๋ณธ ๊ฒŒ์ดํŠธ์›จ์ด? ๋ฌด๋ฆฌ์˜ ๋ถ€ํ•˜๋ฅผ ํ†ตํ•ด ์™”๋‹ค ํ•ด๋„
๋ฐธ๋Ÿฐ์„œ, ๊ฒŒ์ดํŠธ์›จ์ด๋Š” ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๋ฅผ ํ†ตํ•ด ๋ฐ˜ํ™˜ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
ํŠธ๋ž˜ํ”ฝ์ด ์–ด๋””์—์„œ ์™”๋Š”์ง€ ์ด๋ฏธ ์•Œ๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค ...

์–ด๋–ค IP์—์„œ ์š”์ฒญ์ด ์˜ค๋Š”์ง€ ์•Œ์•„์•ผ ํ•ฉ๋‹ˆ๋‹ค. ์–ด์ฉŒ๋ฉด
ํŠน์ • ์‚ฌ์šฉ์ž๊ฐ€ ip๋ฅผ ์ œํ•œํ•˜๊ณ  ์‹ถ์–ดํ•˜๊ณ  ์™ธ๋ถ€์—์„œ ํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค.
์„œ๋น„์Šค ์‹คํ–‰, ์ฆ‰ traefik์€ ์š”์ฒญ ๋‚ด์šฉ์„ ๋ชจ๋ฆ…๋‹ˆ๋‹ค.
์–ด๋–ค ์‚ฌ์šฉ์ž๊ฐ€ ๋งŒ๋“ค๊ณ  ์žˆ๋Š”์ง€ ์ง€์ •ํ•  ์ˆ˜ ์žˆ์œผ๋ฏ€๋กœ ์ผ๋ถ€๋ฅผ ์ œ์™ธํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค.
์‚ฌ์šฉ์ž์ด๊ณ  ip๋งŒ์„ ๊ธฐ๋ฐ˜์œผ๋กœ ๋‹ค๋ฅธ ๊ฒƒ์„ ํ—ˆ์šฉํ•ฉ๋‹ˆ๋‹ค(์ด ์ •์ฑ…์˜
์˜ˆ๋Š” ip + request-content => ํ—ˆ์šฉ/๋น„ํ—ˆ์šฉ)์ž…๋‹ˆ๋‹ค.

๋˜๋Š” ๋” ์ž์ฃผ, ์—ฐ๊ฒฐ์„ ๋กœ๊น…ํ•˜๊ธฐ ์œ„ํ•œ ๊ฒƒ์ž…๋‹ˆ๋‹ค. ๊ณ ๊ฐ์—๊ฒŒ ์ฒญ๊ตฌํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.
๋‚ด ์„œ๋น„์Šค ์‚ฌ์šฉ์„ ์œ„ํ•ด ๋‹ค์Œ ํ‘œ ํ˜•์‹์œผ๋กœ ์ œ๊ณตํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.
์š”์ฒญ, ๋ฆฌ์†Œ์Šค ์–‘, ์š”์ฒญ์˜ ์†Œ์Šค IP. ๊ฑฐ์˜ ๋ชจ๋“  ์„œ๋น„์Šค
์ด๋Ÿฌํ•œ ์ข…๋ฅ˜์˜ ๋ณด๊ณ ์„œ๋ฅผ ์ œ๊ณตํ•ฉ๋‹ˆ๋‹ค.

--
๋‹น์‹ ์ด ์–ธ๊ธ‰๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ด๊ฒƒ์„ ๋ฐ›๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
์ด ์ด๋ฉ”์ผ์— ์ง์ ‘ ๋‹ต์žฅํ•˜๊ฑฐ๋‚˜ GitHub์—์„œ ํ™•์ธํ•˜์„ธ์š”.
https://github.com/moby/moby/issues/25526#issuecomment -548711563

@kaysond ๋ฌผ์–ด๋ณผ ์ข‹์€ ๊ณณ์ด ์•„๋‹™๋‹ˆ๋‹ค.

๊ท€ํ•˜๋Š” ๋ณธ์งˆ์ ์œผ๋กœ ๋‘ ๊ฐ€์ง€ ์งˆ๋ฌธ์„ ํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.

  1. IPVS๊ฐ€ ๊ธฐ์ˆ ์ ์œผ๋กœ ์ž‘๋™ํ•˜๋Š” ๋ฐฉ์‹ ๋ฐ
  2. libnetwork๊ฐ€ IPVS๋ฅผ ์„ ํƒํ•˜๋Š” ์ด์œ 

๋‘˜ ๋‹ค ๋‹ค๋ฅธ ๋ฐฉ์‹์œผ๋กœ ๋Œ€๋‹ตํ•˜๊ธฐ๊ฐ€ ์–ด๋ ต์Šต๋‹ˆ๋‹ค.

์ด๋Ÿฌํ•œ ์งˆ๋ฌธ์„ ํ•˜๋Š” ๊ฐ€์žฅ ์ข‹์€ ๊ณณ์ด ์–ด๋””์ธ์ง€ ๊ถ๊ธˆํ•ฉ๋‹ˆ๋‹ค. ์™œ๋ƒํ•˜๋ฉด ์ €๋Š” ์ด์ œ ์ด๋Ÿฌํ•œ ์„ ํƒ์˜ ์—ญ์‚ฌ์™€ ๋ชจ๋“  ๊ฒƒ์ด ์–ด๋–ป๊ฒŒ ์ž‘๋™ํ•˜๋Š”์ง€ ์ฝ๊ณ  ์—ฌ๊ธฐ์„œ ๋” ๋งŽ์€ ๋งฅ๋ฝ์„ ์–ป์„ ์ˆ˜ ์žˆ๊ธฐ ๋•Œ๋ฌธ์ž…๋‹ˆ๋‹ค.

@kaysond ๋ฌผ์–ด๋ณผ ์ข‹์€ ๊ณณ์ด ์•„๋‹™๋‹ˆ๋‹ค.

๊ท€ํ•˜๋Š” ๋ณธ์งˆ์ ์œผ๋กœ ๋‘ ๊ฐ€์ง€ ์งˆ๋ฌธ์„ ํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.

  1. IPVS๊ฐ€ ๊ธฐ์ˆ ์ ์œผ๋กœ ์ž‘๋™ํ•˜๋Š” ๋ฐฉ์‹ ๋ฐ
  2. libnetwork๊ฐ€ IPVS๋ฅผ ์„ ํƒํ•˜๋Š” ์ด์œ 

๋‘˜ ๋‹ค ๋‹ค๋ฅธ ๋ฐฉ์‹์œผ๋กœ ๋Œ€๋‹ตํ•˜๊ธฐ๊ฐ€ ์–ด๋ ต์Šต๋‹ˆ๋‹ค.

๋ชจ๋“  ์—…๋ฐ์ดํŠธ?

๋‚˜๋Š” ๊ฐ™์€ ๋ฌธ์ œ๋ฅผ ๋ฐœ๊ฒฌํ–ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ž ์‹œ ๋™์•ˆ ์ด ์Šค๋ ˆ๋“œ๋ฅผ ๋”ฐ๋ผ ๋‹ค๋…”์ง€๋งŒ traefik ๋’ค์˜ ๋ฌด๋ฆฌ์—์„œ ๋ช‡ ๊ฐœ์˜

๋‹ค์Œ์„ ์‚ฌ์šฉํ•˜์—ฌ ๋‹ค์‹œ ์‹œ๋„ํ–ˆ์Šต๋‹ˆ๋‹ค.

Client: Docker Engine - Community
 Version:           19.03.5
 API version:       1.40
 Go version:        go1.12.12
 Git commit:        633a0ea838
 Built:             Wed Nov 13 07:29:52 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.5
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.12
  Git commit:       633a0ea838
  Built:            Wed Nov 13 07:28:22 2019
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.10
  GitCommit:        b34a5c8af56e510852c35414db4c1f4fa6172339
 runc:
  Version:          1.0.0-rc8+dev
  GitCommit:        3e425f80a8c931f88e6d94a8c831b9d5aa481657
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

๋‹ค์Œ ๋„์ปค๋Š” ๋‹ค์Œ์„ ๊ตฌ์„ฑํ•ฉ๋‹ˆ๋‹ค.

version: "3.3"

services:

  traefik:
    image: "traefik:v2.0.0-rc3"
    container_name: "traefik"
    command:
      #- "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.swarmMode=true"
      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
    ports:
      - "80:80"
      - "8080:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

  whoami:
    image: "containous/whoami"
    container_name: "simple-service"
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.whoami.rule=HostRegexp(`{any:.*}`)"
        - "traefik.http.routers.whoami.entrypoints=web"
        - "traefik.http.services.whoami.loadbalancer.server.port=80"

whoami ์ถœ๋ ฅ์€ ๋‹ค์Œ๊ณผ ๊ฐ™์Šต๋‹ˆ๋‹ค.

Hostname: 085c373eb06d
IP: 127.0.0.1
IP: 10.0.1.10
IP: 172.19.0.4
RemoteAddr: 10.0.1.11:51888
GET / HTTP/1.1
Host: testserver.nub.local
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.5
Dnt: 1
Upgrade-Insecure-Requests: 1
X-Forwarded-For: 10.0.0.2
X-Forwarded-Host: testserver.nub.local
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: ad14e372f6e9
X-Real-Ip: 10.0.0.2

๊ทธ๋ž˜์„œ ์•„๋‹ˆ์•ผ. ์—ฌ์ „ํžˆ ์ž‘๋™ํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค

ํ˜ธ๊ธฐ์‹ฌ์—.... ์–ด๋–ค ๊ฐœ๋ฐœ์ž๊ฐ€ ์Šค์›œ ๋„คํŠธ์›Œํ‚น์„ ๊ด€๋ฆฌํ•˜๋Š” ์ฝ”๋“œ๋ฅผ ์•Œ๋ ค์ค„ ์ˆ˜ ์žˆ์Šต๋‹ˆ๊นŒ?

๋‹ค์Œ์„ ์‚ฌ์šฉํ•˜์—ฌ ๋‹ค์‹œ ์‹œ๋„ํ–ˆ์Šต๋‹ˆ๋‹ค.

Client: Docker Engine - Community
 Version:           19.03.5
 API version:       1.40
 Go version:        go1.12.12
 Git commit:        633a0ea838
 Built:             Wed Nov 13 07:29:52 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.5
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.12
  Git commit:       633a0ea838
  Built:            Wed Nov 13 07:28:22 2019
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.10
  GitCommit:        b34a5c8af56e510852c35414db4c1f4fa6172339
 runc:
  Version:          1.0.0-rc8+dev
  GitCommit:        3e425f80a8c931f88e6d94a8c831b9d5aa481657
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

๋‹ค์Œ ๋„์ปค๋Š” ๋‹ค์Œ์„ ๊ตฌ์„ฑํ•ฉ๋‹ˆ๋‹ค.

version: "3.3"

services:

  traefik:
    image: "traefik:v2.0.0-rc3"
    container_name: "traefik"
    command:
      #- "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.swarmMode=true"
      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
    ports:
      - "80:80"
      - "8080:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

  whoami:
    image: "containous/whoami"
    container_name: "simple-service"
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.whoami.rule=HostRegexp(`{any:.*}`)"
        - "traefik.http.routers.whoami.entrypoints=web"
        - "traefik.http.services.whoami.loadbalancer.server.port=80"

whoami ์ถœ๋ ฅ์€ ๋‹ค์Œ๊ณผ ๊ฐ™์Šต๋‹ˆ๋‹ค.

Hostname: 085c373eb06d
IP: 127.0.0.1
IP: 10.0.1.10
IP: 172.19.0.4
RemoteAddr: 10.0.1.11:51888
GET / HTTP/1.1
Host: testserver.nub.local
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.5
Dnt: 1
Upgrade-Insecure-Requests: 1
X-Forwarded-For: 10.0.0.2
X-Forwarded-Host: testserver.nub.local
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: ad14e372f6e9
X-Real-Ip: 10.0.0.2

๊ทธ๋ž˜์„œ ์•„๋‹ˆ์•ผ. ์—ฌ์ „ํžˆ ์ž‘๋™ํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค

ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ๋กœ traefik์„ ์‚ฌ์šฉํ•˜์—ฌ ์‹ค์ œ IP๋ฅผ ์–ป์„ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

ports:
      - target: 80
        published: 80
        mode: host
      - target: 443
        published: 443
        mode: host

์•„์ง ์—ด๋ ธ๋‚˜์š”?
2020-05-08

์•„์ง ์—ด๋ ธ๋‚˜์š”?
2020-05-08

์˜ˆ, ์•„์ง ์—ด๋ ค ์žˆ์Šต๋‹ˆ๋‹ค. ์Šค๋ ˆ๋“œ์—์„œ ์–ธ๊ธ‰๋œ ์•„ํ‚คํ…์ฒ˜ ๋ฌธ์ œ๊ฐ€ ํ‘œ๋ฉด์ ์œผ๋กœ๋Š” ๊ทธ๋ ‡๊ฒŒ ์‰ฝ๊ฒŒ ํ•ด๊ฒฐ๋˜์ง€ ์•Š๋Š” ์ด์œ ๋ฅผ ๊ฐ•์กฐํ•ฉ๋‹ˆ๋‹ค. ์ด ์‹œ์ ์—์„œ ์ด๋Ÿฌํ•œ ๋ฌธ์ œ๋Š” ์•„๋งˆ๋„ ๊ทน๋ณตํ•  ์ˆ˜ ์—†์„ ๊ฒƒ์ž…๋‹ˆ๋‹ค.

์‹ค์ œ ์‚ฌ์šฉ์ž IP๋ฅผ ๊ฐ€์ ธ์™€์•ผ ํ•˜๋Š” ๊ฒฝ์šฐ ์—ฌ๊ธฐ์— ์ ์ ˆํ•  ์ˆ˜ ์žˆ๋Š” ๋ช‡ ๊ฐ€์ง€ ๋Œ€์•ˆ์ด ์Šค๋ ˆ๋“œ์— ๊ฒŒ์‹œ๋ฉ๋‹ˆ๋‹ค. ์„œ๋น„์Šค๋ฅผ ์œ„ํ•œ HOST ๋ชจ๋“œ๋Š” ๊ฐ€์žฅ ๊ฐ„๋‹จํ•œ ์ ‘๊ทผ ๋ฐฉ์‹์ฒ˜๋Ÿผ ๋ณด์ด์ง€๋งŒ ๊ฐœ๋ณ„ ๋…ธ๋“œ์—์„œ ํ™•์žฅ์„ฑ์ด ํ•„์š”ํ•œ ์ผ๋ถ€์—๋Š” ์ ํ•ฉํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

DigitalOcean LB -> Traefik -> Apache ์ปจํ…Œ์ด๋„ˆ์™€ ํ•จ๊ป˜ PROXY ํ”„๋กœํ† ์ฝœ์„ ์‚ฌ์šฉํ•˜๋Š” ๋ฐ ์„ฑ๊ณตํ–ˆ์Šต๋‹ˆ๋‹ค. Apache ์ปจํ…Œ์ด๋„ˆ๋Š” ์„œ๋น„์Šค์— ๋„๋‹ฌํ•˜๋Š” ์‚ฌ์šฉ์ž์˜ ์‹ค์ œ IP๋ฅผ ๊ธฐ๋กํ•  ์ˆ˜ ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ์ด๋ก ์ ์œผ๋กœ ๋ชจ๋“  ํ”„๋ก์‹œ ๊ณ„์ธต์ด PROXY ํ”„๋กœํ† ์ฝœ์„ ์ง€์›ํ•˜๋Š” ํ•œ ์ž‘๋™ํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

https://docs.traefik.io/v1.7/configuration/entrypoints/#proxyprotocol

Traefik ์„œ๋น„์Šค๋Š” 'ingress'๋ผ๋Š” Docker ๋„คํŠธ์›Œํฌ์— ์žˆ์œผ๋ฉฐ Apache ์„œ๋น„์Šค์—๋Š” ์ž์ฒด ์Šคํƒ ๋„คํŠธ์›Œํฌ๊ฐ€ ์žˆ์ง€๋งŒ ์™ธ๋ถ€๋กœ 'ingress' ๋„คํŠธ์›Œํฌ์˜ ์ผ๋ถ€์ด๊ธฐ๋„ ํ•ฉ๋‹ˆ๋‹ค.

https://autoize.com/logging-client-ip-addresses-behind-a-proxy-with-docker/

2020๋…„์ด๊ณ  ์•„์ง ์ˆ˜์ •๋˜์ง€ ์•Š์€ ์ƒํ™ฉ์ž…๋‹ˆ๋‹ค. ๋งค์šฐ ์ค‘์š”ํ•œ ๊ธฐ๋Šฅ์ธ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค

์ด๊ฒƒ์€ ๋งค์šฐ ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค. ์ผ๋ถ€ ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ๋Š” ํŒจ์น˜์ผ ๋ฟ์ด๋ฉฐ ๋„คํŠธ์›Œํฌ ๋’ค์—์„œ NGINX๋ฅผ ์‹คํ–‰ํ•ด์•ผ ํ•˜๋Š” ๊ฒฝ์šฐ๋„ ์žˆ์Šต๋‹ˆ๋‹ค(์‚ฌ์šฉ ๋ฐ ์„ค์ •์— ๋”ฐ๋ผ ๋‹ค๋ฆ„). ์ด ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜์„ธ์š”.

๋‚˜๋Š” ์ด๊ฒƒ์— ๋Œ€ํ•œ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•๊ณผ ํ˜ธ์ŠคํŠธ๋ฅผ ์„ค์ •ํ•˜์ง€ ์•Š๊ณ  docker swarm์„ ์‹คํ–‰ํ•˜๋Š” ๊ฒƒ์€ ํด๋ผ์ด์–ธํŠธ ์ธก์—์„œ IP๋ฅผ ์–ป๋Š” ๊ฒƒ์ด๋ผ๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค. ์ „. ์›น ๋ฐ ๋ชจ๋ฐ”์ผ ํด๋ผ์ด์–ธํŠธ์— js๋ฅผ ์‚ฌ์šฉํ•˜๊ณ  ์‹ ๋ขฐํ•  ์ˆ˜ ์žˆ๋Š” ์†Œ์Šค์—์„œ๋งŒ ์ˆ˜๋ฝํ•ฉ๋‹ˆ๋‹ค. ์ „. js -> get ip, ๋ฐฑ์—”๋“œ๋Š” user-token ๋“ฑ์„ ํฌํ•จํ•˜๋Š” ip๋งŒ ํ—ˆ์šฉํ•ฉ๋‹ˆ๋‹ค. ip๋Š” ํ—ค๋”์— ์„ค์ •ํ•˜๊ณ  https๋ฅผ ํ†ตํ•ด ์•”ํ˜ธํ™”ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋Ÿฌ๋‚˜ ๋‚˜๋Š” ์„ฑ๋Šฅ์— ๋Œ€ํ•ด ๋ชจ๋ฅธ๋‹ค

@Damidara16 ๊ทธ๊ฒŒ ๋ฐ”๋กœ ์šฐ๋ฆฌ๊ฐ€ ํ•˜๊ณ  ์‹ถ์ง€ ์•Š์€ ์ผ์ž…๋‹ˆ๋‹ค. ๊ทธ๋ ‡๊ฒŒ ํ•˜๊ธฐ์—๋Š” ์ •๋ง ๋ถˆ์•ˆํ•ฉ๋‹ˆ๋‹ค. ์›ํ•˜๋Š” ๋Œ€๋กœ ๊ฑด๋„ˆ๋›ธ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

์Šฌํ”„๊ฒŒ๋„ ์ด๊ฒƒ์€ ์—ฌ์ „ํžˆ โ€‹โ€‹๋ฏธํ•ด๊ฒฐ ๋ฌธ์ œ์ž…๋‹ˆ๋‹ค. ์Šฌํ”„๊ฒŒ๋„ ... ๊ณง ์ˆ˜์ • ๋  ๊ฒƒ ๊ฐ™์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

์Šฌํ”„๊ฒŒ๋„ ์ด๊ฒƒ์€ ์—ฌ์ „ํžˆ โ€‹โ€‹๋ฏธํ•ด๊ฒฐ ๋ฌธ์ œ์ž…๋‹ˆ๋‹ค. ์Šฌํ”„๊ฒŒ๋„ ... ๊ณง ์ˆ˜์ • ๋  ๊ฒƒ ๊ฐ™์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

๊ณง ๋ด‡์— ์˜ํ•ด ๋‹ซํž ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. github์—์„œ ์ด ๊ธฐ๋Šฅ์„ ์ถœ์‹œํ•œ ์ดํ›„๋กœ ๋งŽ์€ ๋ฒ„๊ทธ๋ฅผ ๋ฌด์‹œํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

์Šฌํ”„๊ฒŒ๋„ ์ด๊ฒƒ์€ ์—ฌ์ „ํžˆ โ€‹โ€‹๋ฏธํ•ด๊ฒฐ ๋ฌธ์ œ์ž…๋‹ˆ๋‹ค. ์Šฌํ”„๊ฒŒ๋„ ... ๊ณง ์ˆ˜์ • ๋  ๊ฒƒ ๊ฐ™์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

๊ณง ๋ด‡์— ์˜ํ•ด ๋‹ซํž ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. github์—์„œ ์ด ๊ธฐ๋Šฅ์„ ์ถœ์‹œํ•œ ์ดํ›„๋กœ ๋งŽ์€ ๋ฒ„๊ทธ๋ฅผ ๋ฌด์‹œํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

์ด๊ฒƒ์€ ๊ธฐ์—…์˜ ๋ถ€ํ’€๋ ค์ง„ ํŒ€์ด ์ปค๋ฎค๋‹ˆํ‹ฐ๋ฅผ ์ œ์–ดํ•  ์ˆ˜ ์žˆ๋Š” ์ตœ๊ณ ์˜ ๊ธฐ๋Šฅ์ž…๋‹ˆ๋‹ค.

์ด ๋ฌธ์ œ๊ฐ€ ํ•ด๊ฒฐ๋  ๊ฐ€๋Šฅ์„ฑ์€ ๊ฑฐ์˜ ์—†์Šต๋‹ˆ๋‹ค. AFAIK ๋ชจ๋‘๊ฐ€ k8์ด "๊ฒฝ์ฃผ"์—์„œ ์ด๊ฒผ๋‹ค๊ณ  ์ƒ๊ฐํ•˜๊ณ  ๋ฌด๋ฆฌ๊ฐ€ ํ•„์š”ํ•˜์ง€ ์•Š์ง€๋งŒ ๋‘˜ ๋‹ค ๊ณต์กดํ•˜๊ณ  ์ด๋“ค์„ ์‚ฌ์šฉํ•˜๋Š” ํŒ€์˜ ํ•„์š”์™€ ๊ธฐ์ˆ ์— ๋”ฐ๋ผ ์ ์ ˆํ•˜๊ฒŒ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋‹ค๊ณ  ๋งํ•˜๊ณ  ์‹ถ์Šต๋‹ˆ๋‹ค. ๋ฆฝ ์Šค์›œ :)

์ €๋Š” ๊ด€๋ฆฌํ˜• HAIP๋ฅผ ์‚ฌ์šฉํ•˜์ง€๋งŒ ๋–ผ์˜ IP๋ฅผ ๊ฐ€๋ฆฌํ‚ค๋Š” ๋…๋ฆฝ ์‹คํ–‰ํ˜• nginx ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ์ธ ๋–ผ ์•ž์—์„œ ๋‹ค๋ฅธ ๊ฒƒ์„ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/

๋ฌด๋ฆฌ์—์„œ ์—ญ๋ฐฉํ–ฅ ํ”„๋ก์‹œ์—๋Š” ๋‹ค์Œ์ด ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค.

server {
        listen 443 ssl proxy_protocol;
        location / {
        proxy_set_header   X-Real-IP $proxy_protocol_addr;  # this is the real IP address 

Swarm์„ ์‹คํ–‰ ์ค‘์ธ ๊ฒฝ์šฐ Swarm(๋˜๋Š” ๊ณ ์ • ๋“ฑ)์— ๋Œ€ํ•œ ์š”์ฒญ์„ ๋ผ์šด๋“œ ๋กœ๋นˆํ•˜๊ธฐ ์œ„ํ•ด ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๊ฐ€ ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค.

์ง€๊ธˆ๊นŒ์ง€ ์ด ์•„ํ‚คํ…์ฒ˜ ๊ฒฐ์ •์€ "๋ˆ„๋ฝ๋œ ๋ถ€๋ถ„"์ฒ˜๋Ÿผ ๋ณด์ผ ์ˆ˜ ์žˆ์ง€๋งŒ, ์ด๋Š” ์˜ต์…˜์„ ์ œ๊ณตํ•˜๊ณ  ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜ ์š”๊ตฌ์— ๋” ์ ํ•ฉํ•œ ๊ฒƒ์œผ๋กœ ๋Œ€์ฒดํ•˜๊ธฐ ์œ„ํ•ด ๋‚ด์žฅ ๊ธฐ๋Šฅ์„ ๋น„ํ™œ์„ฑํ™”ํ•  ํ•„์š”๋ฅผ ์ œ๊ฑฐํ•จ์œผ๋กœ์จ ์œ ์—ฐ์„ฑ์„ ์ถ”๊ฐ€ํ•ฉ๋‹ˆ๋‹ค.

์„œ๋น„์Šค ์ปจํ…Œ์ด๋„ˆ ๋ณต์ œ๋ณธ์ด ๋ชจ๋‘ ๋‹จ์ผ ๋…ธ๋“œ์— ๋ฐฐํฌ๋˜์–ด์•ผ ํ•˜๋Š” _current_ ์ œํ•œ(์˜ˆ: --constraint-add='node.hostname==mynode' ๋˜๋Š” ๊ฐ๊ฐ ๋‹จ์ผ ๋…ธ๋“œ๋กœ ๊ตฌ์„ฑ๋œ ๋ฌด๋ฆฌ์˜ ์ง‘ํ•ฉ์ž…๋‹ˆ๋‹ค.

๋ฌธ์ œ

๊ทผ๋ณธ์ ์ธ ๋ฌธ์ œ๋Š” ingress_sbox ๋„ค์ž„์ŠคํŽ˜์ด์Šค์˜ iptables nat ํ…Œ์ด๋ธ”์— ์žˆ๋Š” SNAT ๊ทœ์น™์œผ๋กœ ์ธํ•ด ๋ฐœ์ƒํ•ฉ๋‹ˆ๋‹ค. ์ด๋กœ ์ธํ•ด ๋ชจ๋“  ์ˆ˜์‹  ์š”์ฒญ์ด ์ˆ˜์‹  ๋„คํŠธ์›Œํฌ์˜ ๋…ธ๋“œ IP ์ฃผ์†Œ(์˜ˆ: 10.0.0.2, 10.0.0.3, . .., ๊ธฐ๋ณธ ์ˆ˜์‹  ๋„คํŠธ์›Œํฌ ๊ตฌ์„ฑ์—์„œ), ์˜ˆ:

iptables -t nat -A POSTROUTING -d 10.0.0.0/24 -m ipvs --ipvs -j SNAT --to-source 10.0.0.2

๊ทธ๋Ÿฌ๋‚˜ ์ด SNAT ๊ทœ์น™์„ ์ œ๊ฑฐํ•˜๋ฉด ์ปจํ…Œ์ด๋„ˆ๊ฐ€ ์ˆ˜์‹  ํŒจํ‚ท(์ด์ œ ์›๋ž˜ ์†Œ์Šค IP์—์„œ ์‹œ์ž‘๋จ)์„ ๊ณ„์† ์ˆ˜์‹ ํ•˜๋Š” ๋™์•ˆ ์›๋ž˜ ์†Œ์Šค IP๋กœ ๋‹ค์‹œ ์ „์†ก๋˜๋Š” ๋‚˜๊ฐ€๋Š” ํŒจํ‚ท์ด ์ปจํ…Œ์ด๋„ˆ์˜ ๊ธฐ๋ณธ ๊ฒŒ์ดํŠธ์›จ์ด๋ฅผ ํ†ตํ•ด ์ „์†ก๋œ๋‹ค๋Š” ๊ฒƒ์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค. docker_gwbridge ๋„คํŠธ์›Œํฌ(์˜ˆ: 172.31.0.1) ๋ฐ ํ•ด๋‹น ํŒจํ‚ท์€ ์†์‹ค๋ฉ๋‹ˆ๋‹ค.

ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•

๋”ฐ๋ผ์„œ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์€ ๋‹ค์Œ๊ณผ ๊ฐ™์Šต๋‹ˆ๋‹ค. 1. ingress_sbox ๋„ค์ž„์ŠคํŽ˜์ด์Šค์—์„œ ์ด SNAT ๊ทœ์น™์„ ์ œ๊ฑฐ(์‚ฌ์‹ค์ƒ ๊ธˆ์ง€)ํ•ฉ๋‹ˆ๋‹ค. 2. ์Šค์›œ ์„œ๋น„์Šค ์ปจํ…Œ์ด๋„ˆ์— ๋Œ€ํ•œ ์ •์ฑ… ๋ผ์šฐํŒ… ๊ทœ์น™์„ ์ƒ์„ฑํ•˜์—ฌ ๋‚˜๊ฐ€๋Š” ํŒจํ‚ท์„ ๋…ธ๋“œ์˜ ์œ ์ž… ๋„คํŠธ์›Œํฌ IP ์ฃผ์†Œ(์˜ˆ: 10.0.0.2)๋กœ ๋˜๋Œ๋ฆฌ๋„๋ก ํ•ฉ๋‹ˆ๋‹ค. 3. ๋ชจ๋“  ์ƒˆ ์„œ๋น„์Šค ์ปจํ…Œ์ด๋„ˆ๊ฐ€ ์ƒ์„ฑ ์‹œ ์ฆ‰์‹œ ์„ค์น˜๋˜๋„๋ก ์ •์ฑ… ๋ผ์šฐํŒ… ๊ทœ์น™ ์ถ”๊ฐ€๋ฅผ ์ž๋™ํ™”ํ•ฉ๋‹ˆ๋‹ค.

  1. SNAT ๊ทœ์น™์„ ๊ธˆ์ง€ํ•˜๊ธฐ ์œ„ํ•ด ์ผ๋ฐ˜์ ์ธ SNAT์— ๋„๋‹ฌํ•˜๋Š” ๊ฒƒ์„ ๋ฐฉ์ง€ํ•˜๋Š” ๊ทœ์น™์„ ํ…Œ์ด๋ธ” ์•ž๋ถ€๋ถ„์— ๋งŒ๋“ญ๋‹ˆ๋‹ค.
nsenter --net=/var/run/docker/netns/ingress_sbox iptables -t nat -I POSTROUTING -d $INGRESS_SUBNET -m ipvs --ipvs -j ACCEPT

(๋„์ปค๊ฐ€ ์„œ๋น„์Šค๋ฅผ ์ƒ์„ฑํ•˜๋Š” ๊ณผ์ •์—์„œ SNAT ๊ทœ์น™์„ ์—ฌ๋Ÿฌ ๋ฒˆ ๋‹ค์‹œ ์ƒ์„ฑํ•˜๋Š” ๊ฒƒ์ฒ˜๋Ÿผ ๋ณด์ด๊ธฐ ๋•Œ๋ฌธ์— ๊ธฐ์กด SNAT ๊ทœ์น™์„ ์‚ญ์ œํ•˜๋Š” ๋Œ€์‹  ์ด ๋ฐฉ๋ฒ•์„ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค. ์ด ์ ‘๊ทผ ๋ฐฉ์‹์€ ํ•ด๋‹น ๊ทœ์น™์„ ๋Œ€์ฒดํ•˜๋ฏ€๋กœ ๋” ํƒ„๋ ฅ์ ์ž…๋‹ˆ๋‹ค.)

  1. ์ปจํ…Œ์ด๋„ˆ ์ •์ฑ… ๋ผ์šฐํŒ… ๊ทœ์น™์„ ์ƒ์„ฑํ•˜๋ ค๋ฉด:
docker inspect -f '{{.State.Pid}}' <container-id>
nsenter -n -t $NID bash -c "ip route add table 1 default via 10.0.0.2 && ip rule add from 10.0.0.0/24 lookup 1 priority 32761"
  1. ๋งˆ์ง€๋ง‰์œผ๋กœ ์œ„์˜ ๋‚ด์šฉ์„ docker event ์™€ ํ•จ๊ป˜ ์‚ฌ์šฉํ•˜๋ฉด ์ด ingress-routing-daemon ์Šคํฌ๋ฆฝํŠธ๋ฅผ ํ†ตํ•ด SNAT ๊ทœ์น™์„ ์ˆ˜์ •ํ•˜๊ณ  ์ƒˆ๋กœ ์‹œ์ž‘๋œ ์ปจํ…Œ์ด๋„ˆ๋ฅผ ๊ฐ์‹œํ•˜๊ณ  ์ •์ฑ… ๋ผ์šฐํŒ… ๊ทœ์น™์„ ์ถ”๊ฐ€ํ•˜๋Š” ํ”„๋กœ์„ธ์Šค๋ฅผ ์ž๋™ํ™”ํ•ฉ๋‹ˆ๋‹ค.
#!/bin/bash

# Ingress Routing Daemon
# Copyright ยฉ 2020 Struan Bartlett
# --------------------------------------------------------------------
# Permission is hereby granted, free of charge, to any person 
# obtaining a copy of this software and associated documentation files 
# (the "Software"), to deal in the Software without restriction, 
# including without limitation the rights to use, copy, modify, merge, 
# publish, distribute, sublicense, and/or sell copies of the Software, 
# and to permit persons to whom the Software is furnished to do so, 
# subject to the following conditions:
#
# The above copyright notice and this permission notice shall be 
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 
# SOFTWARE.
# --------------------------------------------------------------------
# Workaround for https://github.com/moby/moby/issues/25526

echo "Ingress Routing Daemon starting ..."

read INGRESS_SUBNET INGRESS_DEFAULT_GATEWAY \
  < <(docker inspect ingress --format '{{(index .IPAM.Config 0).Subnet}} {{index (split (index .Containers "ingress-sbox").IPv4Address "/") 0}}')

echo INGRESS_SUBNET=$INGRESS_SUBNET
echo INGRESS_DEFAULT_GATEWAY=$INGRESS_DEFAULT_GATEWAY

# Add a rule ahead of the ingress network SNAT rule, that will cause the SNAT rule to be skipped.
echo "Adding ingress_sbox iptables nat rule: iptables -t nat -I POSTROUTING -d $INGRESS_SUBNET -m ipvs --ipvs -j ACCEPT"
while nsenter --net=/var/run/docker/netns/ingress_sbox iptables -t nat -D POSTROUTING -d 10.0.0.0/24 -m ipvs --ipvs -j ACCEPT; do true; done 2>/dev/null
nsenter --net=/var/run/docker/netns/ingress_sbox iptables -t nat -I POSTROUTING -d $INGRESS_SUBNET -m ipvs --ipvs -j ACCEPT

# Watch for container start events, and configure policy routing rules on each container
# to ensure return path traffic from incoming connections is routed back via the correct interface.
docker events \
  --format '{{.ID}} {{index .Actor.Attributes "com.docker.swarm.service.name"}}' \
  --filter 'event=start' \
  --filter 'type=container' | \
  while read ID SERVICE
  do
    if [ -n "$SERVICE" ]; then

      NID=$(docker inspect -f '{{.State.Pid}}' $ID)
      echo "Container ID=$ID, NID=$NID, SERVICE=$SERVICE started: applying policy route."
      nsenter -n -t $NID bash -c "ip route add table 1 default via $INGRESS_DEFAULT_GATEWAY && ip rule add from $INGRESS_SUBNET lookup 1 priority 32761"
    fi
  done

์ด์ œ ์š”์ฒญ์ด ๋‹จ์ผ ๋…ธ๋“œ์— ๋Œ€ํ•ด ๊ฒŒ์‹œ๋œ ํฌํŠธ์— ๋„์ฐฉํ•˜๋ฉด ํ•ด๋‹น ์ปจํ…Œ์ด๋„ˆ๋Š” ์š”์ฒญ์„ ์ˆ˜ํ–‰ํ•˜๋Š” ์‹œ์Šคํ…œ์˜ ์›๋ž˜ IP ์ฃผ์†Œ๋ฅผ ๋ณผ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

์šฉ๋ฒ•

์œ„์˜ ingress-routing-daemon ๋ฅผ ์„œ๋น„์Šค๋ฅผ ์ƒ์„ฑํ•˜๊ธฐ _์ „_ _each ๋ฐ ๋ชจ๋“  swarm ๋…ธ๋“œ์—์„œ ๋ฃจํŠธ๋กœ ์‹คํ–‰ํ•˜์‹ญ์‹œ์˜ค. (์„œ๋น„์Šค๊ฐ€ ์ด๋ฏธ ์ƒ์„ฑ๋œ ๊ฒฝ์šฐ ์–‘์ˆ˜ ๋ณต์ œ๋ณธ์œผ๋กœ ๋‹ค์‹œ ํฌ๊ธฐ๋ฅผ ์กฐ์ •ํ•˜๊ธฐ ์ „์— 0์œผ๋กœ ํฌ๊ธฐ๋ฅผ ์กฐ์ •ํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.) ๋ฐ๋ชฌ์€ iptables๋ฅผ ์ดˆ๊ธฐํ™”ํ•˜๊ณ  ๋„์ปค๊ฐ€ ์ƒˆ ์ปจํ…Œ์ด๋„ˆ๋ฅผ ์ƒ์„ฑํ•  ๋•Œ ๊ฐ์ง€ํ•˜๊ณ  ๊ฐ๊ฐ์˜ ์ƒˆ ์ปจํ…Œ์ด๋„ˆ์— ์ƒˆ ๋ผ์šฐํŒ… ๊ทœ์น™์„ ์ ์šฉํ•ฉ๋‹ˆ๋‹ค.

ํ…Œ์ŠคํŠธ, ์‚ฌ์šฉ ์‚ฌ๋ก€ ๋ฐ ์ œํ•œ ์‚ฌํ•ญ

์œ„์˜ ๋‚ด์šฉ์€ ๋‹ค์ค‘ ๋…ธ๋“œ ๋ฌด๋ฆฌ์—์„œ ์‹คํ–‰๋˜๋Š” ์„œ๋น„์Šค์˜ ๋‹จ์ผ ๋…ธ๋“œ๋กœ ์ œํ•œ๋œ ๋‹ค์ค‘ ๋ณต์ œ๋ณธ์„ ์‚ฌ์šฉํ•˜์—ฌ ํ…Œ์ŠคํŠธ๋˜์—ˆ์Šต๋‹ˆ๋‹ค.

๋˜ํ•œ ์—ฌ๋Ÿฌ ๋…ธ๋“œ๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ํ…Œ์ŠคํŠธํ–ˆ์œผ๋ฉฐ ๊ฐ๊ฐ ํ•ด๋‹น ๋…ธ๋“œ์— ๋Œ€ํ•ด ๋ณ„๋„์˜ ๋…ธ๋“œ๋ณ„ ์„œ๋น„์Šค๊ฐ€ ์ œํ•œ๋˜์–ด ์žˆ์ง€๋งŒ ๊ฐ ๋…ธ๋“œ๋ณ„ ์„œ๋น„์Šค์— ๋Œ€ํ•ด ๊ฒŒ์‹œ๋œ ๋‹ค๋ฅธ ํฌํŠธ๋ฅผ ์‚ฌ์šฉํ•ด์•ผ ํ•œ๋‹ค๋Š” ์ œํ•œ์ด ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋ž˜๋„ ์ผ๋ถ€ ์‚ฌ์šฉ ์‚ฌ๋ก€์—์„œ๋Š” ์ž‘๋™ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

์ด ๋ฐฉ๋ฒ•์€ ๊ฐ๊ฐ์ด ์ž์ฒด ๊ตฐ์ง‘์—์„œ ๋‹จ์ผ ๋…ธ๋“œ๋กœ ๊ตฌ์„ฑ๋œ ๊ฒฝ์šฐ ์—ฌ๋Ÿฌ ๋…ธ๋“œ๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ์ž‘๋™ํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ์—ฌ๊ธฐ์—๋Š” ๋„์ปค ์Šค์›œ์„ ๋” ์ด์ƒ ๋…ธ๋“œ ๊ฐ„์— ์ปจํ…Œ์ด๋„ˆ๋ฅผ ๋ฐฐํฌํ•˜๋Š” ๋ฐ ์‚ฌ์šฉํ•  ์ˆ˜ ์—†๋‹ค๋Š” ํ•œ๊ณ„๊ฐ€ ์žˆ์ง€๋งŒ ์ปจํ…Œ์ด๋„ˆ ๋ณต์ œ๋ณธ ๋ฐ ์ˆ˜๋ช… ์ฃผ๊ธฐ ๊ด€๋ฆฌ์™€ ๊ฐ™์€ ๋„์ปค ์„œ๋น„์Šค๋ฅผ ์‚ฌ์šฉํ•˜๋ฉด ์—ฌ์ „ํžˆ ๋‹ค๋ฅธ ๊ด€๋ฆฌ ์ด์ ์ด ์žˆ์„ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

์ถ”๊ฐ€ ์‚ฌ์šฉ ์‚ฌ๋ก€๋ฅผ ํ•ด๊ฒฐํ•˜๊ธฐ ์œ„ํ•œ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ• ๊ฐœ์„ 

์ถ”๊ฐ€ ๊ฐœ๋ฐœ์„ ํ†ตํ•ด ์ด ๋ฐฉ๋ฒ•์€ ๋ณ„๋„์˜ ๋…ธ๋“œ๋ณ„ ์„œ๋น„์Šค๋‚˜ ์Šค์›œ ๋ถ„ํ•  ์—†์ด ์—ฌ๋Ÿฌ ๋…ธ๋“œ๋กœ ํ™•์žฅํ•  ์ˆ˜ ์žˆ์–ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ๋‘ ๊ฐ€์ง€ ๊ฐ€๋Šฅํ•œ ์ ‘๊ทผ ๋ฐฉ์‹์„ ์ƒ๊ฐํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. 1. Docker ๋˜๋Š” ๋งž์ถคํ˜• ๋ฐ๋ชฌ์„ ๋ฐฐ์—ดํ•˜์—ฌ ๊ฐ ๋…ธ๋“œ์˜ ipvsadm ํ…Œ์ด๋ธ”์—์„œ ๋ชจ๋“  ๋น„๋กœ์ปฌ IP๋ฅผ ์ œ๊ฑฐํ•ฉ๋‹ˆ๋‹ค. 2. ์ถœ๋ ฅ ํŒจํ‚ค์ง€๋ฅผ ์˜ฌ๋ฐ”๋ฅธ ๋…ธ๋“œ๋กœ ๋‹ค์‹œ ๋ผ์šฐํŒ…ํ•  ์ˆ˜ ์žˆ๋„๋ก ์ •์ฑ… ๋ผ์šฐํŒ… ๊ทœ์น™์„ ํ™•์žฅํ•ฉ๋‹ˆ๋‹ค.

1์˜ ๊ฒฝ์šฐ ipvsadm -S -n์„ ํด๋งํ•˜์—ฌ ์„œ๋น„์Šค์— ์ถ”๊ฐ€๋œ ์ƒˆ IP๋ฅผ ์ฐพ๊ณ , ๊ฐ๊ฐ์ด ๋กœ์ปฌ์ธ์ง€ ํ™•์ธํ•˜๊ณ , ๊ทธ๋ ‡์ง€ ์•Š์€ IP๋ฅผ ์ œ๊ฑฐํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์ด๋ ‡๊ฒŒ ํ•˜๋ฉด ๊ฐ ๋…ธ๋“œ๊ฐ€ ์ „์ฒด ์„œ๋น„์Šค ๋‚ด์—์„œ ์ž์ฒด ์ปจํ…Œ์ด๋„ˆ์— ๋Œ€ํ•œ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๋กœ ๊ธฐ๋Šฅํ•  ์ˆ˜ ์žˆ์ง€๋งŒ ํ•œ ๋…ธ๋“œ์— ๋„๋‹ฌํ•˜๋Š” ์š”์ฒญ์ด ๋‹ค๋ฅธ ๋…ธ๋“œ๋กœ ์ „๋‹ฌ๋  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค. ์ด๊ฒƒ์€ ์šฐ๋ฆฌ ๊ณ ์œ ์˜ IPVS ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๋ฅผ ์„œ๋ฒ„ ์„ธํŠธ ์•ž์— ๋‘๊ณ  ๊ฐ๊ฐ ์›น ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์„ ์‹คํ–‰ํ•˜๋Š” ๋‚ด ์‚ฌ์šฉ ์‚ฌ๋ก€๋ฅผ ํ™•์‹คํžˆ ๋งŒ์กฑ์‹œํ‚ฌ ๊ฒƒ์ž…๋‹ˆ๋‹ค. , ์ „์ฒด ์„œ๋ฒ„๋ฅผ ์žƒ์ง€ ์•Š๊ณ  ์—…๋ฐ์ดํŠธ๋ฅผ ๋กค์•„์›ƒํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

2์˜ ๊ฒฝ์šฐ iptables๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ๊ฐ ๋…ธ๋“œ์˜ ingress_sbox iptable(์˜ˆ: ๋…ธ๋“œ ์ˆ˜์‹  ๋„คํŠธ์›Œํฌ IP์˜ ๋งˆ์ง€๋ง‰ ๋ฐ”์ดํŠธ)์— ๋…ธ๋“œ๋ณ„ TOS๋ฅผ ํ• ๋‹นํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋Ÿฐ ๋‹ค์Œ ์ปจํ…Œ์ด๋„ˆ์—์„œ TOS ๊ฐ’์„ ์—ฐ๊ฒฐ ํ‘œ์‹œ์— ๋งคํ•‘ํ•˜๊ณ  ๋‚˜๊ฐ€๋Š” ํŒจํ‚ท์— ๋Œ€ํ•ด ์—ฐ๊ฒฐ ํ‘œ์‹œ์—์„œ ๋ฐฉํ™”๋ฒฝ ํ‘œ์‹œ๋กœ ๋งคํ•‘ํ•˜๊ณ  ๊ฐ ๋ฐฉํ™”๋ฒฝ ํ‘œ์‹œ์— ๋Œ€ํ•ด ํŒจํ‚ท์„ ์›๋ž˜ ๋…ธ๋“œ๋กœ ๋‹ค์‹œ ๋ผ์šฐํŒ…ํ•˜๋Š” ๋‹ค๋ฅธ ๋ผ์šฐํŒ… ํ…Œ์ด๋ธ”์„ ์„ ํƒํ•ฉ๋‹ˆ๋‹ค. ์ด์— ๋Œ€ํ•œ ๊ทœ์น™์€ ์•ฝ๊ฐ„ ํˆฌ๋ฐ•ํ•˜์ง€๋งŒ 2-16๊ฐœ ๋…ธ๋“œ๋กœ ํ™•์žฅํ•ด์•ผ ํ•œ๋‹ค๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค.

์œ„์˜ ๋‚ด์šฉ์ด ์œ ์šฉํ•˜๊ธฐ๋ฅผ ๋ฐ”๋ž๋‹ˆ๋‹ค. ๋‚˜๋Š” ๋˜ํ•œ (2)์— ๊ฐˆ ๊ฒƒ์ด๋ฉฐ, ์ง„ํ–‰ ์ƒํ™ฉ์ด ๋˜๋ฉด ์ถ”๊ฐ€ ์—…๋ฐ์ดํŠธ๋ฅผ ๊ฒŒ์‹œํ•  ๊ฒƒ์ž…๋‹ˆ๋‹ค.

๋‹ค์Œ์€ SNAT ์—†์ด๋„ ๊ฐ ์ปจํ…Œ์ด๋„ˆ๊ฐ€ ์ถœ๋ ฅ ํŒจํ‚ท์„ ์˜ฌ๋ฐ”๋ฅธ ๋…ธ๋“œ๋กœ ๋‹ค์‹œ ๋ผ์šฐํŒ…ํ•  ์ˆ˜ ์žˆ๋„๋ก ์ •์ฑ… ๋ผ์šฐํŒ… ๊ทœ์น™ ๋ชจ๋ธ์„ ํ™•์žฅํ•˜๋Š” ์ˆ˜์‹  ๋ผ์šฐํŒ… ๋ฐ๋ชฌ ingress-routing-daemon-v2 ์˜ ๊ฐœ์„ ๋œ ๋ฒ„์ „์ž…๋‹ˆ๋‹ค.

๊ฐœ์„ ๋œ ๋ชจ๋ธ

์ด์ „ ๋ชจ๋ธ์— ๋”ฐ๋ผ SNAT ๊ทœ์น™์„ ๊ธˆ์ง€ํ•˜๋Š” ๊ฒƒ ์™ธ์—๋„ ์ƒˆ ๋ชจ๋ธ์—๋Š” IPVS ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ ์—”๋“œํฌ์ธํŠธ๋กœ ์‚ฌ์šฉํ•˜๋ ค๋Š” ๊ฐ ๋…ธ๋“œ์˜ ingress_sbox ๋„ค์ž„์ŠคํŽ˜์ด์Šค์— iptables ๊ทœ์น™์ด ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค(์ผ๋ฐ˜์ ์œผ๋กœ ๊ด€๋ฆฌ์ž ๋…ธ๋“œ ๋˜๋Š” ๊ทธ ํ•˜์œ„ ์ง‘ํ•ฉ ๊ด€๋ฆฌ์ž ๋…ธ๋“œ), ์ˆ˜์‹  ๋„คํŠธ์›Œํฌ์˜ ๋ชจ๋“  ๋…ธ๋“œ๋กœ ํ–ฅํ•˜๋Š” ๋ชจ๋“  ํŒจํ‚ท์— ๋…ธ๋“œ๋‹น TOS ๊ฐ’์„ ํ• ๋‹นํ•ฉ๋‹ˆ๋‹ค. (๋…ธ๋“œ์˜ ์ธ๊ทธ๋ ˆ์Šค ๋„คํŠธ์›Œํฌ IP์˜ ๋งˆ์ง€๋ง‰ ๋ฐ”์ดํŠธ๋ฅผ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค.)

TOS ๊ฐ’์€ ํŒจํ‚ท ๋‚ด์— ์ €์žฅ๋˜๊ธฐ ๋•Œ๋ฌธ์— ๋“ค์–ด์˜ค๋Š” ์š”์ฒญ์ด ์ „๋‹ฌ๋˜๊ณ  ํŒจํ‚ท์ด ์ „์†ก๋œ ๋ชฉ์ ์ง€ ๋…ธ๋“œ์—์„œ ์ฝ์„ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

๊ทธ๋Ÿฐ ๋‹ค์Œ ๋Œ€์ƒ ๋…ธ๋“œ์˜ ์ปจํ…Œ์ด๋„ˆ์—์„œ ์ˆ˜์‹  ํŒจํ‚ท์˜ TOS ๊ฐ’์„ ๋™์ผํ•œ ๊ฐ’์„ ์‚ฌ์šฉํ•˜์—ฌ ์—ฐ๊ฒฐ ํ‘œ์‹œ์— ๋งคํ•‘ํ•˜๋„๋ก ์ •๋ ฌํ•ฉ๋‹ˆ๋‹ค.

์ด์ œ ๋™์ผํ•œ ์—ฐ๊ฒฐ์˜ ๋‚˜๊ฐ€๋Š” ํŒจํ‚ท์ด ๋™์ผํ•œ ์—ฐ๊ฒฐ ํ‘œ์‹œ๋ฅผ ๊ฐ–๊ธฐ ๋•Œ๋ฌธ์— ๋‚˜๊ฐ€๋Š” ํŒจํ‚ท์˜ ์—ฐ๊ฒฐ ํ‘œ์‹œ๋ฅผ ๋‹ค์‹œ ๋™์ผํ•œ ๊ฐ’์„ ์‚ฌ์šฉํ•˜์—ฌ ๋ฐฉํ™”๋ฒฝ ํ‘œ์‹œ์— ๋งคํ•‘ํ•ฉ๋‹ˆ๋‹ค.

๋งˆ์ง€๋ง‰์œผ๋กœ ์ผ๋ จ์˜ ์ •์ฑ… ๋ผ์šฐํŒ… ๊ทœ์น™์€ ๋ฐฉํ™”๋ฒฝ ํ‘œ์‹œ ๊ฐ’์— ๋”ฐ๋ผ ๋‚˜๊ฐ€๋Š” ํŒจํ‚ท์„ ํ•„์š”ํ•œ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ ๋์  ๋…ธ๋“œ๋กœ ๋‹ค์‹œ ๋ผ์šฐํŒ…ํ•˜๋„๋ก ์„ค๊ณ„๋œ ๋‹ค๋ฅธ ๋ผ์šฐํŒ… ํ…Œ์ด๋ธ”์„ ์„ ํƒํ•ฉ๋‹ˆ๋‹ค.

์ด์ œ ํด๋ผ์ด์–ธํŠธ ์š”์ฒญ์ด ๋–ผ์˜ ๋…ธ๋“œ์— ๋Œ€ํ•ด ๊ฒŒ์‹œ๋œ ํฌํŠธ์— ๋„์ฐฉํ•˜๋ฉด ์š”์ฒญ์ด ์ „๋‹ฌ๋˜๋Š” ์ปจํ…Œ์ด๋„ˆ(๋™์ผ ๋ฐ/๋˜๋Š” ๋‹ค๋ฅธ ๋…ธ๋“œ์— ๊ด€๊ณ„์—†์ด)๋Š” ์š”์ฒญ์„ ํ•˜๋Š” ํด๋ผ์ด์–ธํŠธ์˜ ์›๋ž˜ IP ์ฃผ์†Œ๋ฅผ ๋ณด๊ฒŒ ๋ฉ๋‹ˆ๋‹ค. ์‘๋‹ต์„ ์›๋ž˜ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ ๋…ธ๋“œ๋กœ ๋‹ค์‹œ ๋ผ์šฐํŒ…ํ•  ์ˆ˜ ์žˆ์–ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๋Ÿฌ๋ฉด ์‘๋‹ต์„ ํด๋ผ์ด์–ธํŠธ๋กœ ๋‹ค์‹œ ๋ผ์šฐํŒ…ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

์šฉ๋ฒ•

์„ค์ •

๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ ์—”๋“œํฌ์ธํŠธ๋กœ ์‚ฌ์šฉํ•˜๋ ค๋Š” swarm ๋…ธ๋“œ์˜ ๋ชจ๋“  ๋…ธ๋“œ์—์„œ ๋ฃจํŠธ๋กœ ingress-routing-daemon-v2 ๋ฅผ ์‹คํ–‰ํ•˜์—ฌ Swarm์— ํŠน์ •ํ•œ INGRESS_NODE_GATEWAY_IPS ๊ฐ’์„ ์ƒ์„ฑ ํ•ฉ๋‹ˆ๋‹ค (์ผ๋ฐ˜์ ์œผ๋กœ ๊ด€๋ฆฌ์ž๋งŒ ๋…ธ๋“œ ๋˜๋Š” ๊ด€๋ฆฌ์ž ๋…ธ๋“œ์˜ ํ•˜์œ„ ์ง‘ํ•ฉ) INGRESS_DEFAULT_GATEWAY ๋Œ€ํ•ด ํ‘œ์‹œ๋œ ๊ฐ’์— ์œ ์˜ํ•˜์‹ญ์‹œ์˜ค. ์ด ์ž‘์—…์€ ํ•œ ๋ฒˆ๋งŒ ์ˆ˜ํ–‰ํ•˜๊ฑฐ๋‚˜ ๋…ธ๋“œ๋ฅผ ์ถ”๊ฐ€ํ•˜๊ฑฐ๋‚˜ ์ œ๊ฑฐํ•  ๋•Œ๋งˆ๋‹ค ์ˆ˜ํ–‰ํ•˜๋ฉด ๋ฉ๋‹ˆ๋‹ค. INGRESS_NODE_GATEWAY_IPS ๋Š” 10.0.0.2 10.0.0.3 10.0.0.4 10.0.0.5 ์™€ ๊ฐ™์•„์•ผ ํ•ฉ๋‹ˆ๋‹ค(์ธ๊ทธ๋ ˆ์Šค ๋„คํŠธ์›Œํฌ์— ๋Œ€ํ•ด ์ •์˜๋œ ์„œ๋ธŒ๋„ท ๋ฐ ๋…ธ๋“œ ์ˆ˜์— ๋”ฐ๋ผ ๋‹ค๋ฆ„).

๋ฐ๋ชฌ ์‹คํ–‰

์„œ๋น„์Šค๋ฅผ ์ƒ์„ฑํ•˜๊ธฐ _์ „์—_ Swarm ๋…ธ๋“œ(๊ด€๋ฆฌ์ž ๋ฐ ์ž‘์—…์ž)์˜ ๊ฐ ๋ฐ ๋ชจ๋“ _ ์—์„œ ๋ฃจํŠธ๋กœ INGRESS_NODE_GATEWAY_IPS="<Node Ingress IP List>" ingress-routing-daemon-v2 --install ๋ฅผ ์‹คํ–‰ํ•˜์‹ญ์‹œ์˜ค. (์„œ๋น„์Šค๊ฐ€ ์ด๋ฏธ ์ƒ์„ฑ๋œ ๊ฒฝ์šฐ ์–‘์ˆ˜ ๋ณต์ œ๋ณธ์œผ๋กœ ๋‹ค์‹œ ํฌ๊ธฐ๋ฅผ ์กฐ์ •ํ•˜๊ธฐ ์ „์— 0์œผ๋กœ ํฌ๊ธฐ๋ฅผ ์กฐ์ •ํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.) ๋ฐ๋ชฌ์€ iptables๋ฅผ ์ดˆ๊ธฐํ™”ํ•˜๊ณ  ๋„์ปค๊ฐ€ ์ƒˆ ์ปจํ…Œ์ด๋„ˆ๋ฅผ ์ƒ์„ฑํ•  ๋•Œ ๊ฐ์ง€ํ•˜๊ณ  ๊ฐ๊ฐ์˜ ์ƒˆ ์ปจํ…Œ์ด๋„ˆ์— ์ƒˆ ๋ผ์šฐํŒ… ๊ทœ์น™์„ ์ ์šฉํ•ฉ๋‹ˆ๋‹ค.

๋ฐ๋ชฌ์˜ ํ™œ๋™์„ ํŠน์ • ์„œ๋น„์Šค๋กœ ์ œํ•œํ•ด์•ผ ํ•˜๋Š” ๊ฒฝ์šฐ [ -n "$SERVICE" ] ๋ฅผ [ "$SERVICE" = "myservice" ] .

iptables ๊ทœ์น™ ์ œ๊ฑฐ

๊ฐ ๋…ธ๋“œ์—์„œ ingress-routing-daemon-v2 --uninstall ๋ฅผ ์‹คํ–‰ํ•ฉ๋‹ˆ๋‹ค.

ํ…Œ์ŠคํŠธ

ingress-routing-daemon-v2 ์Šคํฌ๋ฆฝํŠธ๋Š” 4๋…ธ๋“œ ์Šค์›œ์— ๋ฐฐํฌ๋œ ์›น ์„œ๋น„์Šค์˜ ๋ณต์ œ๋ณธ 8๊ฐœ๋กœ ํ…Œ์ŠคํŠธ๋˜์—ˆ์Šต๋‹ˆ๋‹ค.

์ง€์ •๋œ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์‹ฑ๋œ ์—”๋“œํฌ์ธํŠธ ๋…ธ๋“œ IP๋กœ ์ „๋‹ฌ๋œ ์„œ๋น„์Šค์— ๋Œ€ํ•œ Curl ์š”์ฒญ์€ ์„ฑ๊ณต์ ์ธ ์‘๋‹ต์„ ๋ฐ˜ํ™˜ํ–ˆ์œผ๋ฉฐ ์ปจํ…Œ์ด๋„ˆ ๋กœ๊ทธ๋ฅผ ์กฐ์‚ฌํ•œ ๊ฒฐ๊ณผ ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์ด ์ˆ˜์‹  ์š”์ฒญ์ด Curl ํด๋ผ์ด์–ธํŠธ์˜ IP์—์„œ ์‹œ์ž‘๋œ ๊ฒƒ์œผ๋กœ ํ™•์ธํ–ˆ์Œ์„ ๋ณด์—ฌ์ค๋‹ˆ๋‹ค.

์ œํ•œ ์‚ฌํ•ญ

TOS ๊ฐ’์€ 8๋น„ํŠธ ์ˆซ์ž๋ฅผ ์ €์žฅํ•  ์ˆ˜ ์žˆ์œผ๋ฏ€๋กœ ์ด ๋ชจ๋ธ์€ ์›์น™์ ์œผ๋กœ ์ตœ๋Œ€ 256๊ฐœ์˜ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ ์—”๋“œํฌ์ธํŠธ ๋…ธ๋“œ๋ฅผ ์ง€์›ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

๊ทธ๋Ÿฌ๋‚˜ ๋ชจ๋ธ์€ ๋ชจ๋“  ์ปจํ…Œ์ด๋„ˆ์— ํ•˜๋‚˜์˜ iptables ๋งน๊ธ€ ๊ทœ์น™ + ํ•˜๋‚˜์˜ ์ •์ฑ… ๋ผ์šฐํŒ… ๊ทœ์น™ + ๊ด€๋ฆฌ์ž ์—”๋“œํฌ์ธํŠธ ๋…ธ๋“œ๋‹น ํ•˜๋‚˜์˜ ์ •์ฑ… ๋ผ์šฐํŒ… ํ…Œ์ด๋ธ”์„ ์„ค์น˜ํ•ด์•ผ ํ•˜๋ฏ€๋กœ ์ด๋Ÿฌํ•œ ์—”๋“œํฌ์ธํŠธ ๋…ธ๋“œ์˜ ์ˆ˜๊ฐ€ ์ฆ๊ฐ€ํ•จ์— ๋”ฐ๋ผ ์•ฝ๊ฐ„์˜ ์„ฑ๋Šฅ ์ €ํ•˜๊ฐ€ ์žˆ์„ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์ตœ์‹  ํ•˜๋“œ์›จ์–ด์—์„œ <= 16๊ฐœ์˜ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ ์—”๋“œํฌ์ธํŠธ ๋…ธ๋“œ์—์„œ๋Š” ๋ˆˆ์— ๋„์ง€ ์•Š์„ ๊ฒƒ์ž…๋‹ˆ๋‹ค).

๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ ์—”๋“œํฌ์ธํŠธ ๋…ธ๋“œ๋ฅผ ๋ฌด๋ฆฌ์— ์ถ”๊ฐ€ํ•˜๊ฑฐ๋‚˜ ๊ธฐ์กด ๊ด€๋ฆฌ์ž ๋…ธ๋“œ๋ฅผ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ ์—”๋“œํฌ์ธํŠธ๋กœ ์‚ฌ์šฉํ•˜๊ธฐ ์‹œ์ž‘ํ•˜๋ ค๋Š” ๊ฒฝ์šฐ ๊ธฐ์กด ์ปจํ…Œ์ด๋„ˆ๊ฐ€ ํŠธ๋ž˜ํ”ฝ์„ ์ƒˆ ์—”๋“œํฌ์ธํŠธ ๋…ธ๋“œ๋กœ ๋‹ค์‹œ ๋ผ์šฐํŒ…ํ•  ์ˆ˜ ์—†์œผ๋ฏ€๋กœ ์‹ ์ค‘ํ•˜๊ฒŒ ์ฒ˜๋ฆฌํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ๋‹ค์‹œ ์‹œ์ž‘ํ•˜์‹ญ์‹œ์˜ค INGRESS_NODE_GATEWAY_IPS="<Node Ingress IP List>" ingress-routing-daemon-v2 ์œ„ํ•œ ์—…๋ฐ์ดํŠธ ๋œ ๊ฐ’์œผ๋กœ INGRESS_NODE_GATEWAY_IPS ๋‹ค์Œ ์ƒˆ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ ์—”๋“œ ํฌ์ธํŠธ๋ฅผ ์‚ฌ์šฉํ•˜๊ธฐ ์ „์—, ๋ชจ๋“  ์ปจํ…Œ์ด๋„ˆ์˜ ์ง€์†์  ์—…๋ฐ์ดํŠธ๋ฅผ ์ˆ˜ํ–‰ํ•ฉ๋‹ˆ๋‹ค.

๊ธฐ๋ณธ Docker ํ†ตํ•ฉ ๋ฒ”์œ„

์ €๋Š” Docker ์ฝ”๋“œ๋ฒ ์ด์Šค์— ์ต์ˆ™ํ•˜์ง€ ์•Š์ง€๋งŒ ingress-routing-daemon-v2 ๊ฐ€ ํ•˜๋Š” ๊ฒƒ์„ ๋ณผ ์ˆ˜ ์—†์œผ๋ฉฐ, ์›์น™์ ์œผ๋กœ Docker์—์„œ ๊ธฐ๋ณธ์ ์œผ๋กœ ๊ตฌํ˜„ํ•  ์ˆ˜ ์—†์ง€๋งŒ Docker ํŒ€์— ๋งก๊ธธ ๊ฒƒ์ž…๋‹ˆ๋‹ค. Docker ์ฝ”๋“œ์— ์ต์ˆ™ํ•œ ์‚ฌ๋žŒ์„ ์œ„ํ•œ ์—ฐ์Šต์œผ๋กœ ๊ณ ๋ คํ•˜์‹ญ์‹œ์˜ค.

์ˆ˜์‹  ๋ผ์šฐํŒ… ๋ฐ๋ชฌ v2 ์Šคํฌ๋ฆฝํŠธ

๋‹ค์Œ์€ ์ƒˆ๋กœ์šด ingress-routing-daemon-v2 ์Šคํฌ๋ฆฝํŠธ์ž…๋‹ˆ๋‹ค.

#!/bin/bash

# Ingress Routing Daemon v2
# Copyright ยฉ 2020 Struan Bartlett
# ----------------------------------------------------------------------
# Permission is hereby granted, free of charge, to any person 
# obtaining a copy of this software and associated documentation files 
# (the "Software"), to deal in the Software without restriction, 
# including without limitation the rights to use, copy, modify, merge, 
# publish, distribute, sublicense, and/or sell copies of the Software, 
# and to permit persons to whom the Software is furnished to do so, 
# subject to the following conditions:
#
# The above copyright notice and this permission notice shall be 
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 
# SOFTWARE.
# ----------------------------------------------------------------------
# Workaround for https://github.com/moby/moby/issues/25526

if [ "$1" = "--install" ]; then
  INSTALL=1
elif [ "$1" = "--uninstall" ]; then
  INSTALL=0
else
  echo "Usage: $0 [--install|--uninstall]"
fi

echo
echo "  Dumping key variables..."

if [ "$INSTALL" = "1" ] && [ -z "$INGRESS_NODE_GATEWAY_IPS" ]; then
  echo "!!! ----------------------------------------------------------------------"
  echo "!!! WARNING: Using default INGRESS_NODE_GATEWAY_IPS"
  echo "!!! Please generate a list by noting the values shown"
  echo "!!! for INGRESS_DEFAULT_GATEWAY on each of your swarm nodes."
  echo "!!!"
  echo "!!! You only have to do this once, or whenever you add or remove nodes."
  echo "!!!"
  echo "!!! Then relaunch using:"
  echo "!!! INGRESS_NODE_GATEWAY_IPS=\"<Node Ingress IP List>\" $0 -x"
  echo "!!! ----------------------------------------------------------------------"
fi

read INGRESS_SUBNET INGRESS_DEFAULT_GATEWAY \
  < <(docker inspect ingress --format '{{(index .IPAM.Config 0).Subnet}} {{index (split (index .Containers "ingress-sbox").IPv4Address "/") 0}}')

echo "  - INGRESS_SUBNET=$INGRESS_SUBNET"
echo "  - INGRESS_DEFAULT_GATEWAY=$INGRESS_DEFAULT_GATEWAY"

# We need the final bytes of the IP addresses on the ingress network of every node
# i.e. We need the final byte of $INGRESS_DEFAULT_GATEWAY for every node in the swarm
# This shouldn't change except when nodes are added or removed from the swarm, so should be reasonably stable.
# You should configure this yourself, but for now let's assume we have 8 nodes with IPs in the INGRESS_SUBNET numbered x.x.x.2 ... x.x.x.9
if [ -z "$INGRESS_NODE_GATEWAY_IPS" ]; then
  INGRESS_NET=$(echo $INGRESS_DEFAULT_GATEWAY | cut -d'.' -f1,2,3)
  INGRESS_NODE_GATEWAY_IPS="$INGRESS_NET.2 $INGRESS_NET.3 $INGRESS_NET.4 $INGRESS_NET.5 $INGRESS_NET.6 $INGRESS_NET.7 $INGRESS_NET.8 $INGRESS_NET.9"
fi

echo "  - INGRESS_NODE_GATEWAY_IPS=\"$INGRESS_NODE_GATEWAY_IPS\""

# Create node ID from INGRESS_DEFAULT_GATEWAY final byte
NODE_ID=$(echo $INGRESS_DEFAULT_GATEWAY | cut -d'.' -f4)
echo "  - NODE_ID=$NODE_ID"

if [ -z "$INSTALL" ]; then
  echo
  echo "Ingress Routing Daemon v2 exiting."
  exit 0
fi

# Add a rule ahead of the ingress network SNAT rule, that will cause the SNAT rule to be skipped.
[ "$INSTALL" = "1" ] && echo "Adding ingress_sbox iptables nat rule: iptables -t nat -I POSTROUTING -d $INGRESS_SUBNET -m ipvs --ipvs -j ACCEPT"
while nsenter --net=/var/run/docker/netns/ingress_sbox iptables -t nat -D POSTROUTING -d 10.0.0.0/24 -m ipvs --ipvs -j ACCEPT; do true; done 2>/dev/null
[ "$INSTALL" = "1" ] && nsenter --net=/var/run/docker/netns/ingress_sbox iptables -t nat -I POSTROUTING -d $INGRESS_SUBNET -m ipvs --ipvs -j ACCEPT

# 1. Set TOS to NODE_ID in all outgoing packets to INGRESS_SUBNET
[ "$INSTALL" = "1" ] && echo "Adding ingress_sbox iptables mangle rule: iptables -t mangle -A POSTROUTING -d $INGRESS_SUBNET -j TOS --set-tos $NODE_ID/0xff"
while nsenter --net=/var/run/docker/netns/ingress_sbox iptables -t mangle -D POSTROUTING -d $INGRESS_SUBNET -j TOS --set-tos $NODE_ID/0xff; do true; done 2>/dev/null
[ "$INSTALL" = "1" ] && nsenter --net=/var/run/docker/netns/ingress_sbox iptables -t mangle -A POSTROUTING -d $INGRESS_SUBNET -j TOS --set-tos $NODE_ID/0xff

if [ "$INSTALL" = "0" ]; then
  echo
  echo "Ingress Routing Daemon v2 iptables rules uninstalled, exiting."
  exit 0
fi

echo "Ingress Routing Daemon v2 starting ..."

# Watch for container start events, and configure policy routing rules on each container
# to ensure return path traffic for incoming connections is routed back via the correct interface
# and to the correct node from which the incoming connection was received.
docker events \
  --format '{{.ID}} {{index .Actor.Attributes "com.docker.swarm.service.name"}}' \
  --filter 'event=start' \
  --filter 'type=container' | \
  while read ID SERVICE
  do
    if [ -n "$SERVICE" ]; then

      NID=$(docker inspect -f '{{.State.Pid}}' $ID)
      echo "Container ID=$ID, NID=$NID, SERVICE=$SERVICE started: applying policy routes."

      # 3. Map any connection mark on outgoing traffic to a firewall mark on the individual packets.
      nsenter -n -t $NID iptables -t mangle -A OUTPUT -p tcp -j CONNMARK --restore-mark

      for NODE_IP in $INGRESS_NODE_GATEWAY_IPS
      do
        NODE_ID=$(echo $NODE_IP | cut -d'.' -f4)

    # 2. Map the TOS value on any incoming packets to a connection mark, using the same value.
        nsenter -n -t $NID iptables -t mangle -A PREROUTING -m tos --tos $NODE_ID/0xff -j CONNMARK --set-xmark $NODE_ID/0xffffffff

    # 4. Select the correct routing table to use, according to the firewall mark on the outgoing packet.
        nsenter -n -t $NID ip rule add from $INGRESS_SUBNET fwmark $NODE_ID lookup $NODE_ID prio 32700

    # 5. Route outgoing traffic to the correct node's ingress network IP, according to its firewall mark
    #    (which in turn came from its connection mark, its TOS value, and ultimately its IP).
        nsenter -n -t $NID ip route add table $NODE_ID default via $NODE_IP dev eth0

      done

    fi
  done

@struanb ์•ˆ๋…•ํ•˜์„ธ์š”, v2 ์Šคํฌ๋ฆฝํŠธ์—์„œ ์ œ๊ฑฐ ์„น์…˜์ด ์–ด๋–ป๊ฒŒ ์ž‘๋™ํ•˜๋Š”์ง€ ์ดํ•ดํ•˜์ง€ ๋ชปํ•ฉ๋‹ˆ๋‹ค. ๋ˆ„๋ฝ๋œ ๊ฒƒ์ด ์žˆ์Šต๋‹ˆ๊นŒ?

์•ˆ๋…•ํ•˜์„ธ์š” @jrbecart์ž…๋‹ˆ๋‹ค. ๋‚ด๊ฐ€ํ•˜์ง€ ํฌ๋ง. iptables ๊ทœ์น™์ด ์„ค์น˜๋˜๊ธฐ ์ „์— iptables -D ์‚ฌ์šฉํ•˜์—ฌ ๊ธฐ์กด ๊ทœ์น™์„ ์‚ญ์ œํ•˜๋Š” ๋‘ ๊ฐœ์˜ while ๋ฃจํ”„๊ฐ€ ์žˆ์Œ์„ ์•Œ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์ด๊ฒƒ์€ --uninstall ์‚ฌ์šฉํ•œ ๊ฐœ์ž… ํ˜ธ์ถœ ์—†์ด ์Šคํฌ๋ฆฝํŠธ๊ฐ€ --install ์—ฌ๋Ÿฌ ๋ฒˆ ์—ฐ์†์ ์œผ๋กœ ์‹คํ–‰๋˜๋Š” ๊ฒฝ์šฐ์˜ ์•ˆ์ „ ์กฐ์น˜์ž…๋‹ˆ๋‹ค.

๋”ฐ๋ผ์„œ --uninstall์„ ์‚ฌ์šฉํ•˜์—ฌ ์Šคํฌ๋ฆฝํŠธ๋ฅผ ํ˜ธ์ถœํ•˜๋ฉด ์Šคํฌ๋ฆฝํŠธ๊ฐ€ ์ข…๋ฃŒ๋  ๋•Œ ํ•ด๋‹น ๊ทœ์น™์ด ์ œ๊ฑฐ๋˜๊ณ  ์ƒˆ ๊ทœ์น™์ด ์•„์ง ์ถ”๊ฐ€๋˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

์ด๊ฒƒ์ด ๊ท€ํ•˜์˜ ์งˆ๋ฌธ์— ๋Œ€ํ•œ ๋‹ต๋ณ€์ด ๋˜๊ธฐ๋ฅผ ๋ฐ”๋ž๋‹ˆ๋‹ค.

์•ˆ๋…•ํ•˜์„ธ์š” ์—ฌ๋Ÿฌ๋ถ„, NGINX ๊ตฌ์„ฑ์„ ์ž˜ ์ •์˜ํ•˜๋Š” ๊ฒƒ ์™ธ์—๋Š” ์•„๋ฌด ๊ฒƒ๋„ ์„ค์น˜ ๋ฐ ๊ตฌ์„ฑํ•˜์ง€ ์•Š๊ณ  ์ด ๋ฌธ์ œ์— ๋Œ€ํ•œ ์ˆ˜์ • ์‚ฌํ•ญ์„ ๋ฐœ๊ฒฌํ–ˆ๋‹ค๊ณ  ๋ง์”€๋“œ๋ฆฌ๊ณ  ์‹ถ์Šต๋‹ˆ๋‹ค. ๋‚˜๋Š” ์šฐ๋ฆฌ ๋ชจ๋‘๊ฐ€ ๋‹ค๋ฅธ ์ ‘๊ทผ ๋ฐฉ์‹์„ ์‹œ๋„ํ–ˆ๋‹ค๋Š” ๊ฒƒ์„ ์•Œ๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ์ด๊ฒƒ์€ ์‹ค์ˆ˜๋กœ ๋ฐœ๊ฒฌ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ์†”์งํžˆ ๋งํ•ด์„œ, ๋‚˜๋Š” ์˜ค๋ž˜์ „์— ์ด๊ฒƒ์„ ํฌ๊ธฐํ–ˆ์Šต๋‹ˆ๋‹ค. ์ž, ์˜ค๋Š˜๊นŒ์ง€. ๋ชจ๋‹ˆํ„ฐ๋ง ์‹œ์Šคํ…œ์„ ๊ตฌํ˜„ํ•˜๋˜ ์ค‘ NGINX ๋กœ๊ทธ๋ฅผ ํ†ตํ•ด ์†Œ์Šค IP, ์‹ค์ œ ์†Œ์Šค IP๋ฅผ ์•Œ์•„๋‚ผ ์ˆ˜ ์žˆ์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์–ด๋–ป๊ฒŒ ๊ทธ๊ฒŒ ๊ฐ€๋Šฅํ•œ์ง€ ๋””๋ฒ„๊น…ํ•˜๊ธฐ ์‹œ์ž‘ํ–ˆ์Šต๋‹ˆ๋‹ค.

๋‹ค์Œ์€ ๊ทธ๋Ÿฌํ•œ ์ข…๋ฅ˜์˜ ๋กœ๊ทธ์˜ ์˜ˆ์ž…๋‹ˆ๋‹ค.

10.0.0.2 - - [19/Nov/2020:04:56:31 +0000] "GET / HTTP/1.1" 200 58 "-" req_t=0.003 upstream_t=0.004 "<browser-info>" "<source-ip-1,source-ip2,....>"

์ฐธ๊ณ : ํ”„๋ก์‹œ(์˜ˆ: Cloudfare ๋ฐ ๊ธฐํƒ€)๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ๊ฒฝ์šฐ ์—ฌ๋Ÿฌ ์†Œ์Šค IP๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.

์ •๋ณด๊ฐ€ ๊ฑฐ๊ธฐ ์žˆ์—ˆ๊ณ  ๋‚ด ์‹ค์ œ IP๊ฐ€ ๊ฑฐ๊ธฐ์— ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋Ÿฐ ๋‹ค์Œ ์–ด๋–ป๊ฒŒ ๋งˆ์ˆ ์ด ๊ฐ€๋Šฅํ•œ์ง€ ์•Œ์•„๋ณด๊ธฐ ์œ„ํ•ด ๋กœ๊น… NGINX ํ˜•์‹์„ ๊ฒ€ํ† ํ•œ ๊ฒฐ๊ณผ ๋‹ค์Œ๊ณผ ๊ฐ™์€ ์‚ฌ์‹ค์„ ๋ฐœ๊ฒฌํ–ˆ์Šต๋‹ˆ๋‹ค.

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      'req_t=$request_time upstream_t=$upstream_response_time '
                      '"$http_user_agent" "$http_x_forwarded_for"';

์ฆ‰, ๋งˆ๋ฒ•์ด ์—ฌ๊ธฐ์— ์žˆ์Šต๋‹ˆ๋‹ค -> $http_x_forwarded_for

๊ทธ ํ›„ proxy_set_header X-Real-IP $http_x_forwarded_for; ์™€ ๊ฐ™์€ ํ”„๋ก์‹œ ํ—ค๋”๋ฅผ ๋ณ€๊ฒฝํ–ˆ์Šต๋‹ˆ๋‹ค.

๊ทธ๋ฆฌ๊ณ  ๋งˆ์ง€๋ง‰์œผ๋กœ, NodeJS ํ”„๋กœ์ ํŠธ์— ๋Œ€ํ•œ ์ •๋ณด๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ํ”„๋กœ๋•์…˜๊ณผ ๊ฐ™์€ ์‹œ์Šคํ…œ ๋‚ด๋ถ€์—์„œ ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ์™€ ํ•จ๊ป˜ Docker Swarm์„ ์‚ฌ์šฉํ•˜๊ณ  VM์ด ์•ฝ 4๊ฐœ ์žˆ๋Š” ๋งˆ์ง€๋ง‰ ํ…Œ์ŠคํŠธ๊ฐ€ ์ž‘๋™ํ–ˆ์Šต๋‹ˆ๋‹ค. ๋“œ๋””์–ด ์‹ค์ œ IP ์ฃผ์†Œ๋ฅผ ์–ป์„ ์ˆ˜ ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค.

์ด ๋ฌธ์ œ๊ฐ€ ์˜ค๋žซ๋™์•ˆ ๊ณต๊ฐœ๋˜์–ด ๋„ˆ๋ฌด ๊ธฐ์˜์ง€๋งŒ ์ด๊ฒƒ์ด ๋‹ต์ด๋ผ๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค. ๋‚ด๊ฐ€ ์‚ฌ์šฉํ•œ ๋ฒ„์ „์€ ๋‹ค์Œ๊ณผ ๊ฐ™์Šต๋‹ˆ๋‹ค.

Docker version: 19.03.8
NGINX version: nginx/1.14.2

๊ท€ํ•˜์˜ ํ”ผ๋“œ๋ฐฑ์„ ๊ธฐ๋‹ค๋ฆฌ๊ฒ ์Šต๋‹ˆ๋‹ค. ์ €์™€ ๊ฐ™์€ ๊ฒฐ๊ณผ๋ฅผ ์–ป์„ ์ˆ˜ ์žˆ๊ธฐ๋ฅผ ๋ฐ”๋ž๋‹ˆ๋‹ค.

๊ฑด๋ฐฐ!
์„ธ๋ฐ”์Šค์ฐฌ.

์ถ”์‹ : ์‹ค์ œ IP ์ฃผ์†Œ ๋Œ€์‹  ๋กœ๊ทธ์—์„œ "-"๋ฅผ ์ฐพ์„ ์ˆ˜ ์žˆ๊ธฐ ๋•Œ๋ฌธ์— localhost ์™ธ๋ถ€์˜ ๋‹ค๋ฅธ ๋„คํŠธ์›Œํฌ ์ธํ„ฐํŽ˜์ด์Šค๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ์‹œ๋„ํ•ด ๋ณด์‹ญ์‹œ์˜ค. ํ™ˆ ๋„คํŠธ์›Œํฌ ์™ธ๋ถ€์—์„œ ์ธํ„ฐ๋„ท์„ ํ†ตํ•ด ํ…Œ์ŠคํŠธํ•ด ๋ณด์‹ญ์‹œ์˜ค.

๋ณด๋„ˆ์Šค: ๋˜ํ•œ ์กฐํšŒ ํ…Œ์ด๋ธ”์„ ์‚ฌ์šฉํ•˜์—ฌ IP ์ฃผ์†Œ๋ฅผ ์ง€๋ฆฌ์  ์œ„์น˜์— ๋งคํ•‘ํ•˜๊ณ  ์ˆซ์ž๋ฅผ ์„ธ์–ด ์ง€๋„์— ํ‘œ์‹œํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋ž˜์„œ ๋Œ€๋‹ต์€ '์˜ˆ'์ž…๋‹ˆ๋‹ค. ์ด๊ฒƒ์ด ๋ฐ”๋กœ ์šฐ๋ฆฌ๊ฐ€ ์ฐพ๊ณ  ์žˆ๋˜ ๊ฒƒ์ž…๋‹ˆ๋‹ค :)

@sebastianfelipe ์˜ค๋žœ ์„ธ์›”์ด ์ง€๋‚œ ํ›„ ํฐ ์ฃผ์žฅ์ž…๋‹ˆ๋‹ค. ์ด ์Šค๋ ˆ๋“œ์—์„œ ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ๋‚˜ ๋‹ค๋ฅธ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์„ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ์ง€ ์•Š์Šต๋‹ˆ๊นŒ?

@sebastianfelipe ์˜ค๋žœ ์„ธ์›”์ด ์ง€๋‚œ ํ›„ ํฐ ์ฃผ์žฅ์ž…๋‹ˆ๋‹ค. ์ด ์Šค๋ ˆ๋“œ์—์„œ ํ˜ธ์ŠคํŠธ ๋ชจ๋“œ๋‚˜ ๋‹ค๋ฅธ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์„ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ์ง€ ์•Š์Šต๋‹ˆ๊นŒ?

ํ™•์‹คํ•ด. ์—ฐ๊ฒฐ๋œ ๋ชจ๋“  ์„œ๋น„์Šค์—์„œ ๋„คํŠธ์›Œํฌ ํ˜ธ์ŠคํŠธ๋ฅผ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ๋ฐฉ๊ธˆ Digital Ocean ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๋ฅผ ํฌํ•จํ•˜์—ฌ ํ”„๋กœ๋•์…˜๊ณผ ์œ ์‚ฌํ•œ ํ™˜๊ฒฝ์—์„œ ์˜ค๋ฒ„๋ ˆ์ด ๋„คํŠธ์›Œํฌ์™€ ํ•จ๊ป˜ ์Šคํƒ์„ ๋ฐฐํฌํ–ˆ๋Š”๋ฐ ์ž‘๋™ํ–ˆ์Šต๋‹ˆ๋‹ค. ๋‚ด ๋ง์€, ๋‚˜๋Š” ์ด๊ฒƒ๋ณด๋‹ค ๋” ์ž˜ ํ…Œ์ŠคํŠธ ํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค. 100% ์‹คํ™”์ž…๋‹ˆ๋‹ค.

@sebastianfelipe Digital Ocean ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๊ฐ€ X-Forwarded-For ํ—ค๋”์— ์‚ฌ์šฉ์ž์˜ IP ์ฃผ์†Œ๋ฅผ ์ถ”๊ฐ€ํ•˜๊ณ  ์žˆ๋‹ค๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค. ์ด๊ฒƒ์€ ๋…๋ฆฝํ˜• Docker Swarm ๋ชจ๋“œ์—์„œ ์‚ฌ์šฉ์ž์˜ IP๋ฅผ ๊ฒ€์ƒ‰ํ•˜๋Š” ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜์ง€ ๋ชปํ•˜๋Š” ์•Œ๋ ค์ง„ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค.

@beornf ์ž ์„ ์ž๋ ค๊ณ  ํ•˜๋‹ค๊ฐ€ ๋‹น์‹ ์˜ ์•Œ๋ฆผ์„ ์ฝ์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ผ์–ด๋‚˜์„œ Digital Ocean ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ ์—†์ด ์ ‘๊ทผ์„ ์‹œ๋„ํ•ด์•ผ ํ–ˆ๊ณ  ์‹คํŒจํ–ˆ์Šต๋‹ˆ๋‹ค. ๋งž์Šต๋‹ˆ๋‹ค. Digital Ocean์€ ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๊ฐ€ ์ถ”๊ฐ€๋  ๋•Œ ๋งˆ๋ฒ•์„ ์ถ”๊ฐ€ํ•ฉ๋‹ˆ๋‹ค. ์ด๊ฒƒ์€ $http_x_forwarded_for ๋ณ€์ˆ˜์— ๋ฐœ์ƒํ•ฉ๋‹ˆ๋‹ค. Digital Ocean ๋กœ๋“œ ๋ฐธ๋Ÿฐ์„œ๋Š” Docker Swarm์—์„œ ์ง์ ‘ ์ถ”๊ฐ€ํ•˜์ง€ ์•Š์€ ์ •๋ณด์ธ ๋‹ค๋ฅธ NGINX ๋ณ€์ˆ˜์— ์ •๋ณด๋ฅผ ์ถ”๊ฐ€ํ•ฉ๋‹ˆ๋‹ค. ์•„๋งˆ๋„ ์ด๊ฒƒ์€ ๋ชจ๋“  ๊ฒฝ์šฐ์— ๋Œ€ํ•œ ์‹ค์ œ ์†”๋ฃจ์…˜์„ ๊ฐ–๊ธฐ ์œ„ํ•ด "๋”๋ฏธ์™€ ๊ฐ™์€" ์ ‘๊ทผ ๋ฐฉ์‹์œผ๋กœ ์ด์–ด์งˆ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์ ์–ด๋„ Digital Ocean ๊ณ ๊ฐ์€ ํ˜„์žฌ ์ด ๋ฌธ์ œ๋ฅผ ์ฒ˜๋ฆฌํ•˜๋Š” ๋ฐฉ๋ฒ•์„ ์•Œ๊ณ  ๊ธฐ๋ปํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

@beornf @sebastianfelipe ์ปจํ…์ŠคํŠธ์— ์ถ”๊ฐ€ํ•˜์—ฌ CloudFlare๋Š” X-Forwarded-For ๋„ ์ถ”๊ฐ€ํ•˜๋ฉฐ ๋Œ€๋ถ€๋ถ„ ๋ฌด๋ฃŒ์ž…๋‹ˆ๋‹ค.

@beornf @sebastianfelipe ์ปจํ…์ŠคํŠธ์— ์ถ”๊ฐ€ํ•˜์—ฌ CloudFlare๋Š” X-Forwarded-For ๋„ ์ถ”๊ฐ€ํ•˜๋ฉฐ ๋Œ€๋ถ€๋ถ„ ๋ฌด๋ฃŒ์ž…๋‹ˆ๋‹ค.

์‹ค์ œ IP๋ฅผ ์–ป๊ธฐ ์œ„ํ•ด ํƒˆ์ถœ๊ตฌ๊ฐ€ ํ•„์š”ํ•œ ๋งŽ์€ ์‚ฌ๋žŒ๋“ค์—๊ฒŒ ์ด๊ฒƒ์ด ํšจ๊ณผ๊ฐ€ ์žˆ์„ ์ˆ˜ ์žˆ๋‹ค๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค. Cloudfare๋Š” ํ”„๋ก์‹œ ๋˜๋Š” DNS๋กœ๋งŒ ์กฐ์ •ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. Digital Ocean ๊ณ ๊ฐ์ด ์—†๋Š” ๊ฒฝ์šฐ์— ์™„๋ฒฝํ•˜๊ฒŒ ๋งž์Šต๋‹ˆ๋‹ค. ์ง€๊ธˆ๊นŒ์ง€ ๋” ๊นจ๋—ํ•œ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค. ํ•˜์ง€๋งŒ @beornf์— ๋™์˜ํ•ฉ๋‹ˆ๋‹ค. ์ด ์ž‘์—…์„ ์ˆ˜ํ–‰ํ•˜๋ ค๋ฉด Digital Ocean์ด๋‚˜ Cloudfare์— ์˜์กดํ•˜์ง€ ์•Š๋Š” ์‹ค์ œ ์†”๋ฃจ์…˜์ด ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค.

๊ฐ์‚ฌ ํ•ด์š”!

์ด ํŽ˜์ด์ง€๊ฐ€ ๋„์›€์ด ๋˜์—ˆ๋‚˜์š”?
0 / 5 - 0 ๋“ฑ๊ธ‰