From 1e352e4e0dd403a751a2340de5d3399cc1cdf150 Mon Sep 17 00:00:00 2001
From: Vincent Lepot <vincent.lepot@canaltp.fr>
Date: Wed, 5 Oct 2016 16:20:51 +0200
Subject: [PATCH 1/3] Simplify backend generation to avoid port publishing

---
 ext/lb/haproxy/generate.go | 57 +++++++-------------------------------
 ext/lb/nginx/generate.go   | 57 +++++++-------------------------------
 2 files changed, 20 insertions(+), 94 deletions(-)

diff --git a/ext/lb/haproxy/generate.go b/ext/lb/haproxy/generate.go
index 5f806513..f2bdf199 100644
--- a/ext/lb/haproxy/generate.go
+++ b/ext/lb/haproxy/generate.go
@@ -2,7 +2,6 @@ package haproxy
 
 import (
 	"fmt"
-	"net"
 	"strconv"
 	"strings"
 
@@ -102,65 +101,29 @@ func (p *HAProxyLoadBalancer) GenerateProxyConfig(containers []types.Container,
 			log().Debugf("checking service: id=%s", t.ID)
 			labels = t.Spec.Labels
 			id = t.ID
-			publishedPort := uint32(0)
+			servicePort := uint32(0)
 
 			// get service address
-			if len(t.Endpoint.Spec.Ports) == 0 {
-				log().Debugf("service has no published ports: id=%s", t.ID)
-				continue
-			}
-
 			if v, ok := t.Spec.Labels[ext.InterlockPortLabel]; ok {
 				port, err := strconv.Atoi(v)
 				if err != nil {
 					log().Error(err)
 					continue
 				}
-				for _, p := range t.Endpoint.Ports {
-					if p.TargetPort == uint32(port) {
-						publishedPort = p.PublishedPort
-						break
-					}
-				}
+				servicePort = uint32(port)
 			} else {
-				publishedPort = t.Endpoint.Ports[0].PublishedPort
-			}
-
-			// get the node IP
-			ip := ""
-
-			// HACK?: get the local node gateway addr to use as the ip to resolve for the interlock container to access the published port
-			network, err := p.client.NetworkInspect(context.Background(), "ingress")
-			if err != nil {
-				log().Error(err)
-				continue
-			}
-
-			// TODO: what do we do if the IPAM has more than a single definition?
-			// the gateway appears to change between IP and CIDR -- need to debug to report issue
-			if c, ok := network.Containers["ingress-sbox"]; ok {
-				log().Debugf("ingress-sbox ip: %s", c.IPv4Address)
-				ipv4Addr := c.IPv4Address
-				if strings.IndexAny(ipv4Addr, "/") > -1 {
-					ipAddr, _, err := net.ParseCIDR(ipv4Addr)
-					if err != nil {
-						log().Error(err)
-						continue
-					}
-
-					ip = ipAddr.String()
+				if len(t.Endpoint.Spec.Ports) == 0 {
+					log().Debugf("service has no published ports and no label for port: id=%s", t.ID)
+					continue
 				}
 
-				// check for override backend address
-				if v := p.cfg.BackendOverrideAddress; v != "" {
-					ip = v
-				}
-			} else {
-				log().Errorf("unable to detect node ip: %s", err)
-				continue
+				servicePort = t.Endpoint.Ports[0].TargetPort
 			}
 
-			addr = fmt.Sprintf("%s:%d", ip, publishedPort)
+			// get the node IP
+			ip := t.Spec.Name
+
+			addr = fmt.Sprintf("%s:%d", ip, servicePort)
 		default:
 			log().Warnf("unknown type detected: %v", t)
 			continue
diff --git a/ext/lb/nginx/generate.go b/ext/lb/nginx/generate.go
index 6bdae6de..a72feb89 100644
--- a/ext/lb/nginx/generate.go
+++ b/ext/lb/nginx/generate.go
@@ -2,7 +2,6 @@ package nginx
 
 import (
 	"fmt"
-	"net"
 	"path/filepath"
 	"strconv"
 	"strings"
@@ -102,65 +101,29 @@ func (p *NginxLoadBalancer) GenerateProxyConfig(containers []types.Container, se
 			log().Debugf("checking service: id=%s", t.ID)
 			labels = t.Spec.Labels
 			id = t.ID
-			publishedPort := uint32(0)
+			servicePort := uint32(0)
 
 			// get service address
-			if len(t.Endpoint.Spec.Ports) == 0 {
-				log().Debugf("service has no published ports: id=%s", t.ID)
-				continue
-			}
-
 			if v, ok := t.Spec.Labels[ext.InterlockPortLabel]; ok {
 				port, err := strconv.Atoi(v)
 				if err != nil {
 					log().Error(err)
 					continue
 				}
-				for _, p := range t.Endpoint.Ports {
-					if p.TargetPort == uint32(port) {
-						publishedPort = p.PublishedPort
-						break
-					}
-				}
+				servicePort = uint32(port)
 			} else {
-				publishedPort = t.Endpoint.Ports[0].PublishedPort
-			}
-
-			// get the node IP
-			ip := ""
-
-			// HACK?: get the local node gateway addr to use as the ip to resolve for the interlock container to access the published port
-			network, err := p.client.NetworkInspect(context.Background(), "ingress")
-			if err != nil {
-				log().Error(err)
-				continue
-			}
-
-			// TODO: what do we do if the IPAM has more than a single definition?
-			// the gateway appears to change between IP and CIDR -- need to debug to report issue
-			if c, ok := network.Containers["ingress-sbox"]; ok {
-				log().Debugf("ingress-sbox ip: %s", c.IPv4Address)
-				ipv4Addr := c.IPv4Address
-				if strings.IndexAny(ipv4Addr, "/") > -1 {
-					ipAddr, _, err := net.ParseCIDR(ipv4Addr)
-					if err != nil {
-						log().Error(err)
-						continue
-					}
-
-					ip = ipAddr.String()
+				if len(t.Endpoint.Spec.Ports) == 0 {
+					log().Debugf("service has no published ports and no label for port: id=%s", t.ID)
+					continue
 				}
 
-				// check for override backend address
-				if v := p.cfg.BackendOverrideAddress; v != "" {
-					ip = v
-				}
-			} else {
-				log().Errorf("unable to detect node ip: %s", err)
-				continue
+				servicePort = t.Endpoint.Ports[0].TargetPort
 			}
 
-			addr = fmt.Sprintf("%s:%d", ip, publishedPort)
+			// get the node IP
+			ip := t.Spec.Name
+
+			addr = fmt.Sprintf("%s:%d", ip, servicePort)
 		default:
 			log().Warnf("unknown type detected: %v", t)
 			continue

From 34ea209d2c6f4c47d5ff3e4fe0623beadc2d9631 Mon Sep 17 00:00:00 2001
From: Vincent Lepot <vincent.lepot@canaltp.fr>
Date: Wed, 5 Oct 2016 16:24:14 +0200
Subject: [PATCH 2/3] Update doc accordingly

---
 docs/examples/nginx-services/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/examples/nginx-services/README.md b/docs/examples/nginx-services/README.md
index 09953f15..9769358d 100644
--- a/docs/examples/nginx-services/README.md
+++ b/docs/examples/nginx-services/README.md
@@ -65,10 +65,10 @@ Interlock to configure the upstream:
 ```
 docker service create \
     --name demo \
-    --publish 8080 \
     --env SHOW_VERSION=1 \
     --label interlock.hostname=demo \
     --label interlock.domain=local \
+    --label interlock.port=8080 \
     ehazlett/docker-demo:latest
 ```
 

From 20c3e0e1f6739eb388f5476940a2aef630b12467 Mon Sep 17 00:00:00 2001
From: Vincent Lepot <vincent.lepot@canaltp.fr>
Date: Wed, 5 Oct 2016 18:00:14 +0200
Subject: [PATCH 3/3] Add network in doc

---
 docs/examples/nginx-services/README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/docs/examples/nginx-services/README.md b/docs/examples/nginx-services/README.md
index 9769358d..971e861b 100644
--- a/docs/examples/nginx-services/README.md
+++ b/docs/examples/nginx-services/README.md
@@ -9,10 +9,13 @@ This will create a global Nginx service that will run on every node and
 publish port 80:
 
 ```
+docker network create -d overlay demo
+
 docker service create \
     --name interlock-nginx \
     --publish 80:80 \
     --mode global \
+    --network demo \
     --label interlock.ext.name=nginx \
     nginx \
         nginx -g "daemon off;" -c /etc/nginx/nginx.conf
@@ -47,6 +50,7 @@ Now create the Interlock service:
 docker service create \
     --mode global \
     --name interlock \
+    --network demo \
     --mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock,writable=true \
     --env INTERLOCK_CONFIG="$(cat config.toml)" \
     ehazlett/interlock:latest -D run
@@ -65,6 +69,7 @@ Interlock to configure the upstream:
 ```
 docker service create \
     --name demo \
+    --network demo \
     --env SHOW_VERSION=1 \
     --label interlock.hostname=demo \
     --label interlock.domain=local \