共计 2029 个字符,预计需要花费 6 分钟才能阅读完成。
性能
- 内部拜访的负载平衡
- 服务端口被裸露到各个 swarm 节点
- 外部通过 IPVS 进行负载平衡
端口裸露
# 服务列表,留神端口转发 ` *:8000->8000/tcp ` 外面的这个 * 号
[vagrant@swarm-manager ~]$ docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
zq7ulpxk83nq busybox replicated 1/1 busybox:latest
q1j2ddophtom whoami replicated 1/1 jwilder/whoami:latest *:8000->8000/tcp
# 服务散布
[vagrant@swarm-manager ~]$ docker service ps whoami
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
1diq1k8h38o5 whoami.1 jwilder/whoami:latest swarm-work1 Running Running about an hour ago
# 服务测试,whoami 只散布在了 swarm-work1 这个节点上,然而咱们 curl swarm-manager 这个节点上的 8000 端口,也能失常拜访
[vagrant@swarm-manager ~]$ curl 127.0.0.1:8000
I'm 299a5ba408cd至于为啥能够,咱们能够看一下 iptables 的内容
[vagrant@swarm-manager ~]$ sudo iptables -nL -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER-INGRESS all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER-INGRESS all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type LOCAL
MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0
MASQUERADE all -- 172.18.0.0/16 0.0.0.0/0
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-INGRESS (2 references)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 to:172.18.0.2:8000
RETURN all -- 0.0.0.0/0 0.0.0.0/0 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 to:172.18.0.2:8000 就是要害了
获取到以后的主机 ip 在 docker_gwbridge 网络上是 172.18.0.1,而 172.18.0.2 必定与以后主机是在同一个网络上的,因而咱们执行如下语句即可证实 172.18.0.2 就是 ingress-sbox 容器的 ip 了
docker network inspect docker_gwbridge
{
"Containers": {
"ingress-sbox": {
"Name": "gateway_ingress-sbox",
"EndpointID": "ac6e9807282e4884f07f6ebeefa2fa5d836a98b09f57efb2d147862c46ff1cc7",
"MacAddress": "02:42:ac:12:00:02",
"IPv4Address": "172.18.0.2/16",
"IPv6Address": ""
}
}
}Routing Mesh 的两种体现
- Internal 容器和容器之间的拜访通过 overlay 网络(vip)
- Ingress 如果服务有绑定接口,则服务能够通过任一 swarm 节点的相应接口去拜访
正文完