In 1.12, --publish of docker service will expose a “Swarm port” on all hosts for that service. This “Swarm port” is a port which gets NATed to a Virtual IP address for each service “task” (container, in this case) using the Linux kernel’s built-in load balancing functionality, IPVS. This is a OSI Layer 4 load balancing functionality, so it is directly at the TCP/UDP level and you might notice that some stalwarts such as ping don’t work with it out of the box. However, IPVS is very fast.
For this initial release, higher level features such as HTTP load balancing and direct sticky session support are unlikely to be included in the Docker daemon’s load balancing duties (there’s just only so many hours in the day and the maintainers are trying to ensure orchestrator stability first and foremost before adding new features). Even if requested they are not necessarily going to be added since the feature line has to be drawn somewhere. So, you will need to still use your traditional L7 load balancers such as HAProxy for some higher-level configuration, at least for now – but, bear in mind that the Docker maintainers are very concerned about quality of user experience and would consider proposals to expose higher level functionality directly in Docker if desired. FWIW, in the Docker for AWS and Azure projects we are also working towards making easy direct integration with those cloud’s LBs possible.
The nice thing about the newest stuff is that even if you have to run your own HAProxy docker service for SSL termination, etc. configuring it can potentially be far simpler than before. If your HAproxy service instance is on an overlay network with the service(s) that it is directing requests to, you can simply point towards the DNS entry corresponding to that service, and the built-in IPVS load balancing will LB requests to to that service’s component containers automatically. Therefore, instead of having to do something like generate the proxy configuration dynamically and reload the load balancer daemon every single time an individual container changes or is added, Docker manages the lifecycle of the network and load balancing from container-to-container. This won’t help with every single use case but will help with some.