Proxying cluster nodes behind a load balancer
524 views
Skip to first unread message
Brian Rodgers
Sep 9, 2015, 5:04:33 PM9/9/15
to etcd-dev
We have been attempting to put a load balancer in front of our etcd cluster so that clients that need to talk to it can just hit that URL. As part of that, we cut off direct access to the etc nodes on 2379 -- they only accept that from the load balancer. Traffic between nodes within the cluster is still all open, but clients can only connect to a node through the load balancer.
It looks like it may be asking http://<domain-name-of-etcd-load-balancer>/v2/members for the list of members and then trying to connect directly to one of them, rather than just issue the actual requests directly against http://<domain-name-of-etcd-load-balancer>. The issue goes away if I reopen direct access to the individual nodes from clients, but that's not the model I would prefer to use.
This seems to be working fine for clients that are just using curl to make a request. However, when using something that uses the Go etcd client, such as confd, we're getting errors:
2015-09-09T20:28:16Z 17458f07b087 confd[8]: INFO Backend set to etcd
2015-09-09T20:28:16Z 17458f07b087 confd[8]: INFO Starting confd
2015-09-09T20:28:16Z 17458f07b087 confd[8]: INFO Backend nodes set to http://<domain-name-of-etcd-load-balancer>
2015-09-09T20:28:31Z 17458f07b087 confd[8]: ERROR 501: All the given peers are not reachable (Tried to connect to each peer twice and failed) [0]
It looks like it may be asking http://<domain-name-of-etcd-load-balancer>/v2/members for the list of members and then trying to connect directly to one of them, rather than just issue the actual requests directly against http://<domain-name-of-etcd-load-balancer>. The issue goes away if I reopen direct access to the individual nodes from clients, but that's not the model I would prefer to use.
Does etcd support such a configuration? Do I just need to set the advertise-client-urls parameter to <domain-name-of-etcd-load-balancer>? Or if I set all cluster nodes to the same value here, rather than urls that are specific to each node, will that cause other problems?
If a load balancer configuration isn't recommended, what is the right way to present clients a single view of the cluster? Just round-robin DNS to all nodes, and allow direct traffic to each node?
Don Hector
Oct 20, 2016, 11:26:33 PM10/20/16
to etcd-dev
I'd be also interested to find out if a loadbalancer in front of ETCD is possible, and what special care should one have in this kind of configuration.
Brandon Philips
Oct 24, 2016, 4:19:56 PM10/24/16
to Don Hector, etcd-dev
Etcd has the concept of advertised URLS. You will need to set these advertised urls to that of the load balancer: https://coreos.com/etcd/docs/latest/clustering.html#static
--
You received this message because you are subscribed to the Google Groups "etcd-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to etcd-dev+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Don Hector
Oct 25, 2016, 12:31:04 AM10/25/16
to etcd-dev, donh...@gmail.com
Awesome. Thank you Brandon.
Reply all
Reply to author
Forward
0 new messages