Nomad
Load balancing with Traefik
Traefik distributes incoming HTTP(S) and TCP requests from the internet to front-end services that can handle these requests. Traefik's Consul Catalog documentation provides integration details, including the ability to use tags to route traffic. Refer to Traefik's Rules & Priority documentation for additional details as well.
Follow these steps to use Traefik as a load balancer:
- Deploy your application with Traefik-specific tags in the job specification.
- Deploy Traefik.
This guide shows you how to deploy Traefik as a load balancer for a demo web application.
Prerequisites
You must configure your Nomad installation to use Consul. Refer to the Consul integration content for more information.
Deploy the demo web application
Create a job specification for a demo web application and name the file
webapp.nomad.hcl. This job specification configures the following:
- Three instances of the demo web application.
- Routing to the web app with service tags. Even though the application
listens on
/, it is possible to define/myappas the route because of Traefik'sPathoption.
webapp.nomad.hcl
job "demo-webapp" {
datacenters = ["dc1"]
group "demo" {
count = 3
network {
port "http"{
to = -1
}
}
service {
name = "demo-webapp"
port = "http"
tags = [
"traefik.enable=true",
"traefik.http.routers.http.rule=Path(`/myapp`)",
]
check {
type = "http"
path = "/"
interval = "2s"
timeout = "2s"
}
}
task "server" {
env {
PORT = "${NOMAD_PORT_http}"
NODE_IP = "${NOMAD_IP_http}"
}
driver = "docker"
config {
image = "hashicorp/demo-webapp-lb-guide"
ports = ["http"]
}
}
}
}
Deploy the web application job with the nomad run command.
$ nomad run webapp.nomad.hcl
==> Monitoring evaluation "a2061ab7"
Evaluation triggered by job "demo-webapp"
Evaluation within deployment: "8ca6d358"
Allocation "1d14babe" created: node "2d6eea6e", group "demo"
Allocation "3abb950d" created: node "a62fa99d", group "demo"
Allocation "c65e14bf" created: node "a209a662", group "demo"
Evaluation status changed: "pending" -> "complete"
==> Evaluation "a2061ab7" finished with status "complete"
Create and run the Traefik job
Create a job specification named traefik.nomad.hcl. This job specification configures the following:
- A static port of
8080for Traefik, which lets you querytraefik.service.consul:8080from anywhere inside your cluster to reach the demo web application. - A static port of
8081for the Traefik dashboard. - A template for Traefik configuration, which includes enabling Consul Catalog.
traefik.nomad.hcl
job "traefik" {
region = "global"
datacenters = ["dc1"]
type = "service"
group "traefik" {
count = 1
network {
port "http" {
static = 8080
}
port "api" {
static = 8081
}
}
service {
name = "traefik"
check {
name = "alive"
type = "tcp"
port = "http"
interval = "10s"
timeout = "2s"
}
}
task "traefik" {
driver = "docker"
config {
image = "traefik:v3.6.6"
network_mode = "host"
volumes = [
"local/traefik.toml:/etc/traefik/traefik.toml",
]
}
template {
data = <<EOF
[entryPoints]
[entryPoints.http]
address = ":8080"
[entryPoints.traefik]
address = ":8081"
[api]
dashboard = true
insecure = true
# Enable Consul Catalog configuration backend.
[providers.consulCatalog]
prefix = "traefik"
exposedByDefault = false
[providers.consulCatalog.endpoint]
address = "127.0.0.1:8500"
scheme = "http"
EOF
destination = "local/traefik.toml"
}
resources {
cpu = 100
memory = 128
}
}
}
}
Although the job specification contains an inline template for Traefik
configuration, you could alternatively use the task.template stanza in
conjunction with the task.artifact stanza to download an input template from a
remote source such as an S3 bucket. Refer to the template examples for details.
Deploy the Traefik job with the nomad run command.
$ nomad run traefik.nomad.hcl
==> Monitoring evaluation "e22ce276"
Evaluation triggered by job "traefik"
Evaluation within deployment: "c6466497"
Allocation "695c5632" created: node "a62fa99d", group "traefik"
Evaluation status changed: "pending" -> "complete"
==> Evaluation "e22ce276" finished with status "complete"
Check the Traefik dashboard
Visit the Traefik dashboard athttp://<your-traefik-address>:8081 to verify
your settings and for basic monitoring.
Make a request to the load balancer
If you access the Traefik load balancer, you should receive a response
similar to the one shown in the following example. Run the curl command from a node inside your cluster.
$ curl http://traefik.service.consul:8080/myapp
Welcome! You are on node 172.31.28.103:28893
Note that Traefik forwarded your request to one of the deployed instances of the demo web application, which is spread across three Nomad clients. The output shows the IP address of the demo web application host. If you repeat your requests, the IP address changes based on which backend web server instance received the request.
Place Nomad client nodes behind a cloud provider load balancer
Your Nomad client nodes may change over time, so it is important to provide your end users with a single endpoint to access your services. You may do this by placing your Nomad client nodes behind a cloud provider's load balancer, such as AWS Elastic Load Balancing (ELB), Azure Load Balancer, or Google Cloud Load Balancing.
The basic steps involve creating a load balancer, registering Nomad client nodes behind the load balancer, creating listeners, and configuring health checks. If you followed this guide, be sure to create ingress routes for Traefik.
After you configure your cloud provider's load balancer, you should be able to access the cloud load balancer DNS name:
- At port
8080to observe the demo web application. - At port
8081to access the Traefik web UI.