什么是覆盖网络以及 DNS 解析如何工作? [英] What is overlay network and how does DNS resolution work?
问题描述
我无法从我的 docker swarm 集群连接到外部 mongodb 服务器.
据我所知,这是因为集群使用覆盖网络驱动程序.我说得对吗?
如果没有,docker覆盖驱动程序如何工作以及如何从集群连接到外部mongodb服务器?
Q.docker 覆盖驱动程序如何工作?
我会推荐
<块引用>在这个例子中,有一个名为 myservice 的两个容器的服务.同一网络上存在第二个服务(client).client 为 docker.com 和 myservice 执行两个 curl 操作.
这些是结果操作:
client为docker.com和myservice发起 DNS 查询.- 容器的内置解析器拦截
127.0.0.11:53上的 DNS 查询并将它们发送到 Docker 引擎的 DNS 服务器. myservice解析为该服务的虚拟 IP (VIP),该服务在内部负载均衡到各个任务 IP 地址.容器名称也会解析,尽管直接解析为它们的 IP 地址.docker.com在 mynet 网络中不作为服务名称存在,因此请求被转发到配置的默认 DNS 服务器.
回到你的问题:
如何连接到外部mongodb服务器表单集群?
对于您的外部 mongodb(假设您有该 mongodb.mydomain.com 的 DNS),您的情况与 client 在上述架构中,想要连接到 docker.com,除了您当然不想将 mongodb.mydomain.com 暴露给整个web,所以你可能已经在你的内部集群 DNS 服务器中声明了它.
那么,如何告诉docker引擎使用这个内部DNS服务器来解析mongodb.mydomain.com?
您必须在 docker service 任务中指明要使用 内部 DNS 服务器,像这样:
docker 服务创建--name myservice --network my-overlay-network --dns=10.0.0.2 我的服务:最新这里重要的是--dns=10.0.0.2.如果无法解析 VIP 中的 DNS 名称,这将告诉 Docker 引擎默认使用 10.0.0.2:53 的 DNS 服务器.
最后,当你说:
<块引用>我无法从我的 docker swarm 集群连接到外部 mongodb 服务器.据我了解,这是因为集群使用覆盖网络驱动程序.我说得对吗?
我会说不,因为 docker 引擎 中有一个内置方法可以将来自 overlay network 的未知 DNS 名称转发到您想要的 DNS 服务器.
希望这有帮助!
I cannot connect to external mongodb server from my docker swarm cluster.
As I understand this is because of cluster uses overlay network driver. Am I right?
If not, how does docker overlay driver works and how can I connect to external mongodb server from cluster?
Q. How does the docker overlay driver work?
I would recommend this good reference for understanding docker swarm network overlay, and more globally, Docker's architecture.
This states that:
Docker uses embedded DNS to provide service discovery for containers running on a single Docker Engine and tasks running in a Docker Swarm. Docker Engine has an internal DNS server that provides name resolution to all of the containers on the host in user-defined bridge, overlay, and MACVLAN networks.
Each Docker container ( or task in Swarm mode) has a DNS resolver that forwards DNS queries to Docker Engine, which acts as a DNS server.
So, in multi-host docker swarm mode, with this example setup :
In this example there is a service of two containers called
myservice. A second service (client) exists on the same network. Theclientexecutes twocurloperations for docker.com andmyservice.These are the resulting actions:
- DNS queries are initiated by
clientfordocker.comandmyservice.- The container's built-in resolver intercepts the DNS queries on
127.0.0.11:53and sends them to Docker Engine's DNS server.myserviceresolves to the Virtual IP (VIP) of that service which is internally load balanced to the individual task IP addresses. Container names resolve as well, albeit directly to their IP addresses.docker.comdoes not exist as a service name in the mynet network and so the request is forwarded to the configured default DNS server.
Back to your question:
How can I connect to an external mongodb server form cluster?
For your external mongodb (let's say you have a DNS for that mongodb.mydomain.com), you are in the same situation as the client in above architecture, wanting to connect to docker.com, except that you certainly don't wan't to expose that mongodb.mydomain.com to the entire web, so you may have declared it in your internal cluster DNS server.
Then, how to tell docker engine to use this internal DNS server to resolve mongodb.mydomain.com?
You have to indicate in your docker service task that you want to use an internal DNS server, like so:
docker service create
--name myservice
--network my-overlay-network
--dns=10.0.0.2
myservice:latest
The important thing here is --dns=10.0.0.2. This will tell the Docker engine to use the DNS server at 10.0.0.2:53 as default if it can not resolve the DNS name in the VIP.
Finally, when you say :
I cannot connect to external mongodb server from my docker swarm cluster. As I understand this is because of cluster uses overlay network driver. Am I right?
I would say no, as there is a built in method in docker engine to forward unknown DNS name coming from overlay network to the DNS server you want.
Hope this helps!
这篇关于什么是覆盖网络以及 DNS 解析如何工作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
