Docker Engine swarm mode makes it easy to publish ports for services to make them available to resources outside the swarm. All nodes participate in an ingress routing mesh. The routing mesh enables each node in the swarm to accept connections on published ports for any service running in the swarm, even if there’s no task running on the node. The routing mesh routes all incoming requests to published ports on available nodes to an active container.

In order to use the ingress network in the swarm, you need to have the following ports open between the swarm nodes before you enable swarm mode:

  • Port 7946 TCP/UDP for container network discovery.
  • Port 4789 UDP for the container ingress network.

You must also open the published port between the swarm nodes and any external resources, such as an external load balancer, that require access to the port.

Publish a port for a service

Use the --publish flag to publish a port when you create a service:

$ docker service create \

  --name <SERVICE-NAME> \

  --publish <PUBLISHED-PORT>:<TARGET-PORT> \

  <IMAGE>

The <TARGET-PORT> is the port where the container listens. The <PUBLISHED-PORT> is the port where the swarm makes the service available.

For example, the following command publishes port 80 in the nginx container to port 8080 for any node in the swarm:

$ docker service create \

  --name my-web \

  --publish 8080:80 \

  --replicas 2 \

  nginx

When you access port 8080 on any node, the swarm load balancer routes your request to an active container.

The routing mesh listens on the published port for any IP address assigned to the node. For externally routable IP addresses, the port is available from outside the host. For all other IP addresses the access is only available from within the host.

You can publish a port for an existing service using the following command:

$ docker service update \

  --publish-add <PUBLISHED-PORT>:<TARGET-PORT> \

  <SERVICE>

You can use docker service inspect to view the service’s published port. For instance:



$ docker service inspect --format="{{json .Endpoint.Spec.Ports}}" my-web

[{"Protocol":"tcp","TargetPort":80,"PublishedPort":8080}]

The output shows the <TARGET-PORT> from the containers and the <PUBLISHED-PORT> where nodes listen for requests for the service.

Publish a port for TCP only or UDP only

By default, when you publish a port, it is a TCP port. You can specifically publish a UDP port instead of or in addition to a TCP port. When you publish both TCP and UDP ports, Docker 1.12.2 and earlier require you to add the suffix /tcp for TCP ports. Otherwise it is optional.

TCP ONLY

The following two commands are equivalent.

$ docker service create --name dns-cache -p 53:53 dns-cache

$ docker service create --name dns-cache -p 53:53/tcp dns-cache

TCP AND UDP

$ docker service create --name dns-cache -p 53:53/tcp -p 53:53/udp dns-cache

UDP ONLY

$ docker service create --name dns-cache -p 53:53/udp dns-cache

Configure an external load balancer

You can configure an external load balancer to route requests to a swarm service. For example, you could configure HAProxy to balance requests to an nginx service published to port 8080.

In this case, port 8080 must be open between the load balancer and the nodes in the swarm. The swarm nodes can reside on a private network that is accessible to the proxy server, but that is not publicly accessible.

You can configure the load balancer to balance requests between every node in the swarm even if there are no tasks scheduled on the node. For example, you could have the following HAProxy configuration in /etc/haproxy/haproxy.cfg:

global

        log /dev/log    local0

        log /dev/log    local1 notice

...snip...

# Configure HAProxy to listen on port 80

frontend http_front

   bind *:80

   stats uri /haproxy?stats

   default_backend http_back

# Configure HAProxy to route requests to swarm nodes on port 8080

backend http_back

   balance roundrobin

   server node1 192.168.99.100:8080 check

   server node2 192.168.99.101:8080 check

   server node3 192.168.99.102:8080 check

When you access the HAProxy load balancer on port 80, it forwards requests to nodes in the swarm. The swarm routing mesh routes the request to an active task. If, for any reason the swarm scheduler dispatches tasks to different nodes, you don’t need to reconfigure the load balancer.

You can configure any type of load balancer to route requests to swarm nodes. To learn more about HAProxy, see the HAProxy documentation.

docker swarm mode routing mesh 使用的更多相关文章

  1. 云计算之路-阿里云上-容器难容:自建docker swarm集群遭遇无法解决的问题

    我们从今年6月开始在生产环境进行 docker 容器化部署,将已经迁移至 ASP.NET Core 的站点部署到 docker swarm 集群上.开始我们选用的阿里云容器服务,但是在使用过程中我们遭 ...

  2. docker swarm英文文档学习-3-开始

    https://docs.docker.com/engine/swarm/swarm-tutorial/ 1)Getting started with swarm mode 本教程向你介绍Docker ...

  3. 100、神器的 routing mesh (Swarm07)

    参考https://www.cnblogs.com/CloudMan6/p/7930321.html   上一节我们提到了 swarm 的 routing mesh .当外部访问任意节点的8080端口 ...

  4. docker swarm外部验证负载均衡时不生效

    问题描述 我在本地创建了3个装了centos7的虚拟机, 并初始化了swarm集群, 即1个manager节点, 2个worker节点; 三台机子的ip分别是 192.168.124.8 - (man ...

  5. 神奇的 routing mesh - 每天5分钟玩转 Docker 容器技术(100)

    接上一节案例,当我们访问任何节点的 8080 端口时,swarm 内部的 load balancer 会将请求转发给 web_server 其中的一个副本. 这就是 routing mesh 的作用. ...

  6. (转) Docker - Docker1.12服务发现,负载均衡和Routing Mesh

    看到一篇介绍 Docker swarm以及如何编排的好文章,挪放到这里,自己学习的同时也分享出来. 原文链接: http://wwwbuild.net/dockerone/414200.html -- ...

  7. docker swarm英文文档学习-8-在集群中部署服务

    Deploy services to a swarm在集群中部署服务 集群服务使用声明式模型,这意味着你需要定义服务的所需状态,并依赖Docker来维护该状态.该状态包括以下信息(但不限于): 应该运 ...

  8. docker swarm overlay stack 服务部署记录

    项目xxx(后端),xxx-ui前端(前后端分离的项目) 依赖mysql,elasticsearch.分别制作了四个镜像来做这件事.希望可以制作跨主机的部署,使用了swarm,以下是学习记录. 参考 ...

  9. 【09】循序渐进学 docker:docker swarm

    写在前面的话 至此,docker 的基础知识已经了解的差不多了,接下来就来谈谈对于 docker 容器,我们如何来管理它. docker swarm 在学习 docker swarm 之前,得先知道容 ...

随机推荐

  1. spring boot @ConditionalOnxxx相关注解

    @Conditional(TestCondition.class) 这句代码可以标注在类上面,表示该类下面的所有@Bean都会启用配置,也可以标注在方法上面,只是对该方法启用配置. Spring框架还 ...

  2. vue中element 的上传功能

    element 的上传功能 最近有个需求,需要在上传文件前,可以进行弹窗控制是否上传upload 看完文档后,感觉有两种思路可以实现 基于before-upload :上传文件之前的钩子,参数为上传的 ...

  3. webstrom 配置eslint 自动修复错误

    1.展示效果 如何给vue项目添加eslint呢,如何自动修复呢? 先展示一下效果: 2.配置步骤 1.安装插件ESLint plugin webstrom 其实有个非常好用的插件,ESLint pl ...

  4. Java内存状况查看方法和分析工具

    Java本身提供了多种丰富的方法和工具来帮助开发人员查看和分析GC及其JVM内存的状况,同时开源界也有一些工具用于查看和分析GC和JVM内存的状况. 通过这些分析,可以排查程序中内存泄露的问题及调优程 ...

  5. 前端url传递编码问题

    JAVASCRIPT中URL 传递参数(特殊字符)解决方法及转码解码的介绍 有些符号在URL中是不能直接传递的,如果要在URL中传递这些特殊符号,那么就要使用他们的编码了.下表中列出了一些URL特殊符 ...

  6. Linux设备驱动——简单的字符驱动

    本文介绍Linux字符设备的静态注册方法, 其中涉及到的模块加载,不了解的可以先参考 构建和运行模块 1. 还是线上源代码: //memdev.h #ifndef _MEMDEV_H_ #define ...

  7. 剑指offer--42.孩子们的游戏(圆圈中最后剩下的数)

    约瑟夫环,用链表,队列,总之模拟过程 ----------------------------------------------------------------- 时间限制:1秒 空间限制:32 ...

  8. 剑指offer--38.左旋转字符串

    时间限制:1秒 空间限制:32768K 热度指数:173814 本题知识点: 字符串 题目描述 汇编语言中有一种移位指令叫做循环左移(ROL),现在有个简单的任务,就是用字符串模拟这个指令的运算结果. ...

  9. Laravel 文件夹结构简介

    表 1.1:Laravel 文件夹结构简介 文件夹名称 简介 app 应用程序的业务逻辑代码存放文件夹 app/Console 存放自定义 Artisian 命令文件 app/Http/Control ...

  10. Android中的sp和wp指针

    经常会在android的framework代码中发现sp<xxx>和wp<xxx>这样的指针,平时看的时候都把他当成一个普通的指针封装过掉了,这几天终于忍不住了,想深入了解一下 ...