Swarm mode路由网络

原文链接:Use swarm mode routing mesh

Swarm mode的ingress网络,分布于整个swarm集群,每台swarm node上都有这两个端口:

  • 7946 TCP/UDP 容器网络发现
  • 4789 UDP 容器ingress网络

服务端口发布

命令格式

  1. $ docker service create \
  2.   --name <SERVICE-NAME> \
  3.   --publish <PUBLISHED-PORT>:<TARGET-PORT> \
  4.   <IMAGE>

示例

  1. $ docker service create \
  2.   --name my-web \
  3.   --publish 9999:80 \
  4.   --replicas 2 \
  5.   nginx

容器内部监听端口80,发布到swarm node的端口是8080。

访问swarm mode任意一个主机的8080端口都可以访问到该serivce。即使这台主机上没有运行my-webservice的实例,因为有swarm load balancer。如下图所示:

service ingress image

向已有的service添加publish port。

  1. docker service update --publish-add 9998:80 my-web

添加publish端口后似乎没有什么作用,同时

  1. #docker service update --publish-rm 9999:80 my-web
  2. Error response from daemon: rpc error: code = 2 desc = update out of sequence

报错。

  1. # docker service inspect --format="{{json .Endpoint.Spec.Ports}}" my-web
  2. [{"Protocol":"tcp","TargetPort":80,"PublishedPort":9998,"PublishMode":"ingress"},{"Protocol":"tcp","TargetPort":80,"PublishedPort":9999,"PublishMode":"ingress"}]

TODO似乎是update失败?

docker service inspect my-web会发现

  1.        "UpdateStatus": {
  2.             "State": "updating",
  3.             "StartedAt": "2017-02-23T08:00:51.948871008Z",
  4.             "CompletedAt": "1970-01-01T00:00:00Z",
  5.             "Message": "update in progress"
  6.         }

原来的9999端口依然可以访问。

  1. # docker service ps my-web
  2. ID            NAME          IMAGE                                                     NODE                                     DESIRED STATE  CURRENT STATE            ERROR  PORTS
  3. wbzzlq3ajyjq  my-web.1      sz-pg-oam-docker-hub-001.tendcloud.com/library/nginx:1.9  sz-pg-oam-docker-test-002.tendcloud.com  Running        Running 44 minutes ago          
  4. 4h2tcxjtgumv  my-web.2      sz-pg-oam-docker-hub-001.tendcloud.com/library/nginx:1.9                                           Running        New 39 minutes ago              
  5. w0y1l3x94ox3   \_ my-web.2  sz-pg-oam-docker-hub-001.tendcloud.com/library/nginx:1.9  sz-pg-oam-docker-test-003.tendcloud.com  Shutdown       Shutdown 39 minutes ago

使用外部Load Balancer

可以使用HAProxy做nginx的负载均衡。

ingress with external load balancer image

修改HAProxy的配置文件/etc/haproxy/haproxy.cfg

  1. global
  2.         log /dev/log    local0
  3.         log /dev/log    local1 notice
  4. ...snip...
  6. # Configure HAProxy to listen on port 80
  7. frontend http_front
  8.    bind *:80
  9.    stats uri /haproxy?stats
  10.    default_backend http_back
  12. # Configure HAProxy to route requests to swarm nodes on port 8080
  13. backend http_back
  14.    balance roundrobin
  15.    server node1 192.168.99.100:8080 check
  16.    server node2 192.168.99.101:8080 check
  17.    server node3 192.168.99.102:8080 check

当访问80端口时会自动LB到三台node上。