考虑以下 docker 堆栈
version: "3.2"
services:
web1:
image: nginx
ports:
- "8081:80"
deploy:
placement:
constraints:
- node.role == manager
web2:
image: nginx
ports:
- "8082:80"
我可以使用浏览器通过地址(http://docker_swarm_manager:8081 和 http://docker_swarm_node:8082)轻松访问这两个服务
但是服务 web1 无法访问 web2,反之亦然。
Ping 工作正常,因此 DNS 正在工作
root@dfb7b6a65a2e:/# ping web
ping: web: Temporary failure in name resolution
root@dfb7b6a65a2e:/# ping web1
PING web1 (10.0.5.5) 56(84) bytes of data.
64 bytes from 10.0.5.5 (10.0.5.5): icmp_seq=1 ttl=64 time=0.072 ms
64 bytes from 10.0.5.5 (10.0.5.5): icmp_seq=2 ttl=64 time=0.082 ms
...
--- web1 ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6009ms
rtt min/avg/max/mdev = 0.067/0.073/0.082/0.005 ms
但是访问服务不起作用
root@dfb7b6a65a2e:/# curl -v web2:80
* Trying 10.0.5.2:80...
* connect to 10.0.5.2 port 80 failed: Connection timed out
* Failed to connect to web2 port 80: Connection timed out
* Closing connection 0
curl: (28) Failed to connect to web2 port 80: Connection timed out
没有IP/网络冲突,docker swarm使用默认网络,主机使用172.X.X.X/24网络。
Docker swarm 运行在虚拟机(vmware)上,并且 vmware 使用与 docker 相同的端口
来自 vmware 文档
Starting with NSX 6.2.3, the default VXLAN port is 4789, the standard port assigned by IANA.所以解决方案是使用不同的端口重新创建 docker swarm 集群
docker swarm init --data-path-port=7788
来自 docker swarm 文档
Port 4789 UDP (configurable) for the container ingress network.