Use layer 7 routing labels

Estimated reading time: 2 minutes

This topic applies to Docker Enterprise.

The Docker Enterprise platform business, including products, customers, and employees, has been acquired by Mirantis, inc., effective 13-November-2019. For more information on the acquisition and how it may affect you and your business, refer to the Docker Enterprise Customer FAQ.

After you enable the layer 7 routing solution, you can start using it in your swarm services.

Service labels define hostnames that are routed to the service, the applicable ports, and other routing configurations. Applications that publish using Interlock use service labels to configure how they are published.

When you deploy or update a swarm service with service labels, the following actions occur:

  1. The ucp-interlock service monitors the Docker API for events and publishes the events to the ucp-interlock-extension service.
  2. That service then generates a new configuration for the proxy service, based on the labels you added to your services.
  3. The ucp-interlock service takes the new configuration and reconfigures the ucp-interlock-proxy to start using the new configuration.

The previous steps occur in milliseconds and with rolling updates. Even though services are being reconfigured, users won’t notice it.

Service label options

Label Description Example Comma separated list of the hosts that the service should serve., Port to use for internal upstream communication. 8080 Name of network the proxy service should attach to for upstream connectivity. app-network-a Context or path to use for the application. /app When set to true, this option changes the path from the value of label to /. true Docker secret to use for the SSL certificate. Docker secret to use for the SSL key. Comma separated list of endpoints to configure to be upgraded for websockets. /ws,/foo Name of the service cluster to use for the application. us-east Cookie to use for sticky sessions. app_session Semi-colon separated list of redirects to add in the format of <source>,<target>.,; Enable SSL passthrough. false Select the backend mode that the proxy should use to access the upstreams. Defaults to task. vip
routing, proxy, interlock, load balancing