具有MACVLAN网络的Docker Swarm容器获得了错误的网关-无法访问互联网 [英] Docker Swarm container with MACVLAN network gets wrong gateway - no internet access
问题描述
我需要一个Docker Swarm堆栈中的服务,该服务具有一个基于 macvlan 网络的附加接口。这是因为该服务中的JBoss集群需要通过IP多播进行通信,目前在覆盖网络中尚不支持。
I need a service within a Docker Swarm stack which has one additional interface based on a macvlan network. This is cause the JBoss Cluster in this service needs to communicate via IP multicast, which is currently not supported in overlay networks.
我已经创建了 macvlan 这样的网络:
I have created the macvlan network like that:
# Worker 1:
docker network create --config-only --subnet 10.140.0.0/16 -o parent=ens224.800 --ip-range 10.140.1.0/24 swarm-multicast-config-only
# Worker 2:
docker network create --config-only --subnet 10.140.0.0/16 -o parent=ens224.800 --ip-range 10.140.2.0/24 swarm-multicast-config-only
# Worker 3:
docker network create --config-only --subnet 10.140.0.0/16 -o parent=ens224.800 --ip-range 10.140.3.0/24 swarm-multicast-config-only
# Master:
docker network create -d macvlan --scope swarm --internal --config-from swarm-multicast-config-only swarm-multicast
组播可以很好地工作,集群形成。
Multicast works perfectly fine like that, the cluster forms.
但是:
A将这个 macvlan 网络分配给我的一个容器后,该容器将无法再访问Internet。
所有没有 macvlan 网络的容器都可以正常工作。
But:
As soon as I assign this macvlan network to one of my containers, this container can no longer access the internet.
All containers without the macvlan network work perfectly fine.
这是我的堆栈文件:
version: '3.3'
services:
### Backend ###
petshop-backend:
image: com-registry.xxx.local/petshop-backend:100
extra_hosts:
- "petshop-db:10.164.210.214"
networks:
- backend
- external_access
deploy:
mode: replicated
replicas: 3
### USER INTERFACE ###
petshop-ui:
image: com-registry.xxx.local/petshop-ui:107
networks:
external_access:
backend:
swarm-multicast:
aliases:
- ui-multicast
ports:
- "1002:8080"
deploy:
mode: replicated
replicas: 3
networks:
external_access:
driver: overlay
internal: false
backend:
driver: overlay
internal: true
swarm-multicast:
external: true
我该如何启用 petshop-ui 的容器访问互联网?
它们获得的默认网关为10.140.1.0,该网关位于 macvlan 网络的范围内,但不存在。以下是 petshop-ui 容器之一的路由表:
How can I enable the containers of petshop-ui to access the internet?
They get a default gateway of 10.140.1.0, wich is from the range of the macvlan network, but does not exist. Here's the routing table of one of the petshop-ui containers:
[root@f477c7cb8048 /]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.140.1.0 0.0.0.0 UG 0 0 0 eth2
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth4
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.140.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2
10.255.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth3
可正常使用互联网的容器,例如 petshop-backend 具有 172.18.0.1 作为默认网关。下面是这样的路由表:
Containers with working internet access, e.g. petshop-backend have 172.18.0.1 as default gateway. Here's such a routing table:
[root@ddb42ef836f3 /]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.18.0.1 0.0.0.0 UG 0 0 0 eth2
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2
推荐答案
您需要更改
networks:
external_access:
driver: overlay
internal: false
backend:
driver: overlay
internal: true
swarm-multicast:
external: true
至
networks:
backend:
driver: overlay
internal: true
swarm-multicast:
external: true
external_access:
driver: overlay
internal: false
当前看来,最后连接的网络接管了网关路由。
Currently it seems the last network attached takes over the gateway route. There is a open issue for the same
https://github.com/moby/moby/issues/20179
这篇关于具有MACVLAN网络的Docker Swarm容器获得了错误的网关-无法访问互联网的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
