I am a newcomer to Docker Swarm but have been reading quite a bit the last days. I have understood the concept of overlay mesh networking and that ports published to a service will be available on all nodes running the service.
What I can’t get my head around is how to do port forwarding with fault tolerance from my firewall. It is totally fine that I have the port on all the nodes but what if the specific node that I portforward to is down? I’ve read suggestions about using a load balancer that detects if a node is down. But that just moves the problem to the load balancer. What if the node running the load balancer is down?
See the first response in this thread, https://stackoverflow.com/questions/39071626/docker-swarm-overlay-vip
I would have the same problem if the node, that I port forward to, running docker-flow-proxy is down. Wouldn’t help that I have two replicas of docker-flow-proxy running, I still only port forward to one of the nodes.
Meyay’s response in this thread, Virtual IP in a swarm talks about NET_ADMIN and some functionality that can shift a virtual IP between a master and a slave node. That sounds like what I want. Sadly there is no reference in the thread to how this works and I haven’t been able to find more inormation my self.
Could anyone give some pointers or advise?