码头工人群模式多个服务相同的端口 [英] docker swarm mode multiple services same port
问题描述
假设您的拓扑上有两个服务
Suppose you have two services on your topology
- API
- Web Interface
两者都假定在端口80上运行。
Both suppose to be running on port 80.
在创建时在docker swarm上服务,如果您想在群集外部访问它,则需要公开端口并将该端口从服务映射到节点(外部端口)。但是,如果将端口80映射为可以说API服务,那么您将无法为Web Interface服务映射相同的端口,因为它将已经被映射。
On docker swarm when you create a service if you wanna to access it outside the cluster you need to expose and map the port from the service to the nodes (external ports). But if you map port 80 to lets say API service then you cant map the same port for Web Interface service since it will be already mapped.
如何解决?
据我所知,不支持该用例。即使您想要拥有一个庞大的群集集群,并因为该行为而无法访问所有服务和应用程序,因为这种行为。
As far as i see this use case is not supported. Even though if you wanna to have a big swarm cluster and through in there all your services and applications will not be possible because this behavior.
我缺少了什么?
有解决此问题的模式吗?
Any pattern to solve this?
推荐答案
您可以查看<一个href = https://github.com/vfarcic/docker-flow-proxy rel = noreferrer> Docker Flow:Proxy 用作易于配置的反向代理。
You can look into Docker Flow:Proxy to use as a easy-to-configure reverse proxy.
我相信,Docker 1.12群模式存在一个基本问题,即多个服务公开同一端口(例如80或8080)。
它归结为(我认为)网状路由魔术-这是4级的4件事,基本上是指TCP / IP-换句话说,是IP地址+端口。
因此,当多个服务在(例如)端口8080上列出时,事情就会变得混乱。网状路由器会很高兴地将到达端口8080的流量传递给任何公开相同端口的服务。
BUT, I believe, as other commentators have pointed out, the Docker 1.12 swarm mode has a fundamental problem with multiple services exposing the same port (like 80 or 8080). It boils down (I THINK) to the mesh-routing magic - which is a level 4 four thing, meaning basically TCP/IP - in other words, IP address + port. So things get messy when multiple services are listing on (for example) port 8080. The mesh router will happily deliver traffic going to port 8080 to any services that exposes the same port.
您可以在群体模式下使用覆盖网络将事物彼此隔离,但是当您必须将服务连接到代理(覆盖网络)时,就会出现问题-那时看来事情变得混乱了(这就是我现在遇到的困难。)
You CAN isolate things from each other using overlay networking in swarm mode, BUT the problem comes in when you have to connect services to the proxy (overlay network) - at that point it looks like things get mixed up (and this is where I am now having difficulties).
我目前的解决方案是让需要公开给网络使用端口的服务唯一就涉及面向代理的网络而言(不必将其发布到集群中!),然后实际上使用诸如Docker Flow Proxy之类的东西来处理所需端口上的传入流量。
The solution I have at this point is to let the services that need to be exposed to the net use ports unique as far as the proxy-facing (overlay) network is concerned (they do NOT have to be published to the swarm!), and then actually use something like the Docker Flow Proxy to handle incoming traffic on the desired port.
让我入门的快速示例(大致基于此:
Quick sample to get you I started (roughly based on this:
docker network create --driver overlay proxy
docker network create --driver overlay my-app
# App1 exposed port 8081
docker service create --network proxy --network my-app --name app1 myApp1DockerImage
docker service create --name proxy \
-p 80:80 \
-p 443:443 \
-p 8080:8080 \
--network proxy \
-e MODE=swarm \
vfarcic/docker-flow-proxy
#App2 exposes port 8080
docker service create --network proxy --network my-app --name app2 myApp2DockerImage
然后按照文档。
注意:我现在看到有一个新的自动配置可用-我尚未尝试过。
NOTE: I see now there is new AUTO configuration available - I have not yet tried this.
如果一切正常,最终结果:
End result if everything worked:
- 代理监听端口80、443(并且8080是它的配置调用,因此保持关闭公共网络!)
- 根据
服务域或服务路径代理转发到适当的服务(我在<$ c $上遇到问题c>服务路径) - 服务可以通过隔离的覆盖网络进行内部通信。
- 服务不会将端口不必要地发布到蜂群
- proxy listening on ports 80, 443 (and 8080 for it's config calls, so keep that OFF the public net!)
- proxy forwards to appropriate service,based either on
service domainorservice path(I had issues withservice path) - services can communicated internally over isolated overlay network.
- services do not publish ports unnecessarily to the swarm
忽略上面关于与代理连接的同一覆盖网络上具有相同暴露端口的问题的所有内容。
Ignore all the stuff above about issues with the same exposed port on the same overlay network attached to the proxy.
我拆除了漏洞设置,并且重新开始-现在一切都按预期工作:我可以通过docker flow代理使用不同的域访问端口80上的多个(不同)服务。
I tore down my hole setup, and started again - everything is working as expected now: I can access multiple (different) services on port 80, using different domains, via the docker flow proxy.
还使用了提到的自动配置-一切都像魅力一样。
Also using the auto-configuration mentioned - everything is working like a charm.
这篇关于码头工人群模式多个服务相同的端口的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
