• Swarm mode路由网络
    • 服务端口发布
    • 使用外部Load Balancer

    Swarm mode路由网络

    原文链接:Use swarm mode routing mesh

    Swarm mode的ingress网络,分布于整个swarm集群,每台swarm node上都有这两个端口:

    • 7946 TCP/UDP 容器网络发现
    • 4789 UDP 容器ingress网络

    服务端口发布

    命令格式

    1. $ docker service create \
    2.   --name <SERVICE-NAME> \
    3.   --publish <PUBLISHED-PORT>:<TARGET-PORT> \
    4.   <IMAGE>

    示例

    1. $ docker service create \
    2.   --name my-web \
    3.   --publish 9999:80 \
    4.   --replicas 2 \
    5.   nginx

    容器内部监听端口80,发布到swarm node的端口是8080。

    访问swarm mode任意一个主机的8080端口都可以访问到该serivce。即使这台主机上没有运行my-webservice的实例,因为有swarm load balancer。如下图所示:

    service ingress image

    向已有的service添加publish port。

    1. docker service update --publish-add 9998:80 my-web

    添加publish端口后似乎没有什么作用,同时

    1. #docker service update --publish-rm 9999:80 my-web
    2. Error response from daemon: rpc error: code = 2 desc = update out of sequence

    报错。

    1. # docker service inspect --format="{{json .Endpoint.Spec.Ports}}" my-web
    2. [{"Protocol":"tcp","TargetPort":80,"PublishedPort":9998,"PublishMode":"ingress"},{"Protocol":"tcp","TargetPort":80,"PublishedPort":9999,"PublishMode":"ingress"}]

    TODO似乎是update失败?

    docker service inspect my-web会发现

    1.        "UpdateStatus": {
    2.             "State": "updating",
    3.             "StartedAt": "2017-02-23T08:00:51.948871008Z",
    4.             "CompletedAt": "1970-01-01T00:00:00Z",
    5.             "Message": "update in progress"
    6.         }

    原来的9999端口依然可以访问。

    1. # docker service ps my-web
    2. ID            NAME          IMAGE                                                     NODE                                     DESIRED STATE  CURRENT STATE            ERROR  PORTS
    3. wbzzlq3ajyjq  my-web.1      sz-pg-oam-docker-hub-001.tendcloud.com/library/nginx:1.9  sz-pg-oam-docker-test-002.tendcloud.com  Running        Running 44 minutes ago          
    4. 4h2tcxjtgumv  my-web.2      sz-pg-oam-docker-hub-001.tendcloud.com/library/nginx:1.9                                           Running        New 39 minutes ago              
    5. w0y1l3x94ox3   \_ my-web.2  sz-pg-oam-docker-hub-001.tendcloud.com/library/nginx:1.9  sz-pg-oam-docker-test-003.tendcloud.com  Shutdown       Shutdown 39 minutes ago

    使用外部Load Balancer

    可以使用HAProxy做nginx的负载均衡。

    ingress with external load balancer image

    修改HAProxy的配置文件/etc/haproxy/haproxy.cfg

    1. global
    2.         log /dev/log    local0
    3.         log /dev/log    local1 notice
    4. ...snip...
    6. # Configure HAProxy to listen on port 80
    7. frontend http_front
    8.    bind *:80
    9.    stats uri /haproxy?stats
    10.    default_backend http_back
    12. # Configure HAProxy to route requests to swarm nodes on port 8080
    13. backend http_back
    14.    balance roundrobin
    15.    server node1 192.168.99.100:8080 check
    16.    server node2 192.168.99.101:8080 check
    17.    server node3 192.168.99.102:8080 check

    当访问80端口时会自动LB到三台node上。