什么是覆盖网络,DNS解析如何工作? [英] What is overlay network and how does DNS resolution work?
问题描述
我无法从docker swarm群集连接到外部mongodb服务器.
I cannot connect to external mongodb server from my docker swarm cluster.
据我了解,这是因为群集使用了覆盖网络驱动程序.我说的对吗?
As I understand this is because of cluster uses overlay network driver. Am I right?
如果没有,docker overlay驱动程序如何工作?如何从群集连接到外部mongodb服务器?
If not, how does docker overlay driver works and how can I connect to external mongodb server from cluster?
推荐答案
问. docker overlay驱动程序如何工作?
我会推荐这篇很好的参考书,帮助您了解Docker集群网络覆盖,以及更全面的Docker架构.
这说明:
Docker使用嵌入式DNS为在单个Docker Engine上运行的容器和在Docker Swarm中运行的任务提供服务发现. Docker Engine有一个内部DNS服务器,可为用户定义的网桥,覆盖和MACVLAN网络中主机上的所有容器提供名称解析.
Docker uses embedded DNS to provide service discovery for containers running on a single Docker Engine and tasks running in a Docker Swarm. Docker Engine has an internal DNS server that provides name resolution to all of the containers on the host in user-defined bridge, overlay, and MACVLAN networks.
每个Docker容器(或Swarm模式下的任务)都有一个DNS解析器,可将DNS查询转发到充当DNS服务器的Docker引擎.
因此,在多主机docker swarm mode中,使用以下示例设置:
So, in multi-host docker swarm mode, with this example setup :
在此示例中,有两个称为
myservice的容器的服务.同一网络上存在第二个服务(client).client对docker.com和myservice执行两个curl操作.
In this example there is a service of two containers called
myservice. A second service (client) exists on the same network. Theclientexecutes twocurloperations for docker.com andmyservice.
这些是所产生的动作:
- DNS查询由
client对docker.com和myservice发起. - 容器的内置解析器在
127.0.0.11:53上拦截DNS查询,并将其发送到Docker Engine的DNS服务器. -
myservice解析为该服务的虚拟IP(VIP),在内部将其负载均衡到各个任务IP地址.容器名称也可以解析,尽管直接解析为它们的IP地址. -
docker.com作为mynet网络中的服务名称不存在,因此该请求被转发到已配置的默认DNS服务器.
- DNS queries are initiated by
clientfordocker.comandmyservice. - The container's built-in resolver intercepts the DNS queries on
127.0.0.11:53and sends them to Docker Engine's DNS server. myserviceresolves to the Virtual IP (VIP) of that service which is internally load balanced to the individual task IP addresses. Container names resolve as well, albeit directly to their IP addresses.docker.comdoes not exist as a service name in the mynet network and so the request is forwarded to the configured default DNS server.
回到您的问题:
如何连接到外部mongodb服务器表单集群?
对于您的外部mongodb(假设您具有该mongodb.mydomain.com的DNS),您处于与上述体系结构中的client相同的状态,想要连接到docker.com,除了您肯定不要将mongodb.mydomain.com暴露给整个网络,因此您可能已经在内部群集DNS服务器中声明了它.
For your external mongodb (let's say you have a DNS for that mongodb.mydomain.com), you are in the same situation as the client in above architecture, wanting to connect to docker.com, except that you certainly don't wan't to expose that mongodb.mydomain.com to the entire web, so you may have declared it in your internal cluster DNS server.
然后,如何告诉docker引擎使用此内部DNS服务器来解析mongodb.mydomain.com?
Then, how to tell docker engine to use this internal DNS server to resolve mongodb.mydomain.com?
您必须在docker service任务中指出要使用内部DNS服务器,如下所示:
You have to indicate in your docker service task that you want to use an internal DNS server, like so:
docker service create \
--name myservice \
--network my-overlay-network \
--dns=10.0.0.2 \
myservice:latest
这里重要的是--dns=10.0.0.2.如果无法解析VIP中的DNS名称,这将告诉Docker引擎默认使用10.0.0.2:53处的DNS服务器.
The important thing here is --dns=10.0.0.2. This will tell the Docker engine to use the DNS server at 10.0.0.2:53 as default if it can not resolve the DNS name in the VIP.
最后,当你说:
我无法从docker swarm群集连接到外部mongodb服务器.据我了解,这是因为群集使用了覆盖网络驱动程序.我对吗?
I cannot connect to external mongodb server from my docker swarm cluster. As I understand this is because of cluster uses overlay network driver. Am I right?
我会说不,因为docker engine中有一个内置方法,可以将来自overlay network的未知DNS名称转发到您想要的DNS服务器.
I would say no, as there is a built in method in docker engine to forward unknown DNS name coming from overlay network to the DNS server you want.
希望这会有所帮助!
这篇关于什么是覆盖网络,DNS解析如何工作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
