Keepalived - Funky Penguin's Geek Cookbook

While having a self-healing, scalable docker swarm is great for availability and scalability, none of that is any good if nobody can connect to your cluster.


This is a companion discussion topic for the original entry at https://geek-cookbook.funkypenguin.co.nz/ha-docker-swarm/keepalived/

For the Intel SkullCanyon NUC’s I’m using, I had to add -e KEEPALIVED_INTERFACE=enp0s31f6

Stupid Question Alert! If I have my Docker Swarm running, and the ingress network handling routing, with Traefik on top of that globally deployed, do I need keepalived?

It depends how traffic is arriving to your swarm. If you have an external load-balancer, then no. But if you have a single IP (one of the swarm nodes) receiving all the ingress traffic, and that node fails, then all your swarminess won’t help you, and you need keepalived :wink:

1 Like

Question on the setup of the Keepalived containers - the IP Addresses you specify in the UNICAT_PEERS env variable - are they the external ip addresses of the docker severs ?

If the docker servers are externally addressed already, then yes. If you’re running your swarm on private IPs behind a NATing firewall, then no :slight_smile:

I have the same nuc. Do you have any ssd / hd installed to setup.

I did have an ssd installed when I set it up.

Every time I reboot my master, keepalived does not return control to the master. I have to reboot the slave to get control to switch. Anyone else having this problem?

Hey, it seems i do not understand this fully i do not understand the concept of the VIP. Maybe you can give me a hint.

I have 3 docker nodes running as swarm. All of them have an external IP. So 3 IPs: 82.xx.xx.xx.
I can connect to each of the IPs to find my website. This is working without Keepalived.

But with my URL i get an single point of failure.
My URL is pointing to on of this IPs. If this node is going down i have a problem. All services can’t be accessed via URL. If i buy a new IP i have to assign this IP to one of the nodes and can’t assign this to all of them.

That’s what Keepalived is for. It manages that IP across multiple nodes. It knows which node the IP is running on. If that node goes down, it brings up that IP on a different node that is still up. So no more single point of failure.

Sounds perfect! I will try this now…

I got Keepalived to the point that it was transfering the IP to the BACKUP-Server. Unfortunately my problem here is not the function of Keepalived.

As mentioned in the article it seems like my hosting provider 1und1 do not have the function to have such a “floating IP/virtual IP” address for the servers… I have to assign the IP to one of my hosts. The IP can’t be moved to the other server…
They have their own LoadBalancer. It seems I have to use this one… :confused:

Does someone knows a provider where i can do this kind of configuration?

Hi Timo, I’ve encountered the same issue with Google Cloud… you have to use their load balancer (which is very good, but costs a lot). I worked around it by standing up a single, low-touch VM running haproxy with my nodes as backends, and using that as my VIP. Yes, the VM may go down, so it’s not perfect, but it’s better than using one of my heavily-loaded K8s nodes! (plus, on GKE, you pay per-port for loadbalancing, whereas with my haproxy VM, I can have as many ports as I want)

docker-compose.yml example

services:
  keepalived:
    cap_add:
    - NET_ADMIN
    container_name: keepalived
    network_mode: host
    deploy:
      restart_policy:
        condition: always
    environment:
      KEEPALIVED_INTERFACE: 'enp0s3'  #depends on hosts interface
      KEEPALIVED_UNICAST_PEERS: "#PYTHON2BASH:['192.168.1.252', '192.168.1.253']" #IP of others nodes
      KEEPALIVED_PRIORITY: '200' #change between nodes
      KEEPALIVED_VIRTUAL_IPS: 192.168.1.250
    image: osixia/keepalived:2.0.20
1 Like

I am little confused when one needs to go to the trouble of using a docker container vs using ipsvadm on the docker host to service the requests and pass them to the ingress network?

Thanks @scyto! If this is a viable option, then I’m all for the simplest solution. I hadn’t come across the ipvsadm solution before - can you point me to an example?

Thanks!
D

@funkypenguin well i have no idea what I am doing :slight_smile: i am trying to understand the options.

I read this article https://dev.to/douglasmakey/how-to-setup-simple-load-balancing-with-ipvs-demo-with-docker-4j1d

I know keepalived uses ipvs under the hood, i can’t for the life of me work out what it offers on top of ipvs for this sceanrio. I was hoping an expert could explain it to me!

On first glance, it would appear that ipvs supports load balancing, but not a mechanism to provide a highly-available virtual IP. i.e., without keepalived to facilitate communications between nodes A, B, and C, how will the nodes agree which one of them is currently the “primary” and which are the “backups” ?

Thanks, that is what i was missing.

It never occurred to me someone would make something like IPVS only marginally better than round robin DNS.

Next question: why run keepalive in a docker container rather than on the docker host directly?
(like this https://tecadmin.net/setup-ip-failover-on-ubuntu-with-keepalived/)?