关于docker:76-Routing-Mesh之Ingress负载均衡

性能

• 内部拜访的负载平衡
• 服务端口被裸露到各个swarm节点
• 外部通过IPVS进行负载平衡

端口裸露

# 服务列表，留神端口转发` *:8000->8000/tcp `外面的这个*号[vagrant@swarm-manager ~]$ docker service lsID NAME MODE REPLICAS IMAGE PORTSzq7ulpxk83nq busybox replicated 1/1 busybox:latestq1j2ddophtom whoami replicated 1/1 jwilder/whoami:latest *:8000->8000/tcp# 服务散布[vagrant@swarm-manager ~]$ docker service ps whoamiID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS1diq1k8h38o5 whoami.1 jwilder/whoami:latest swarm-work1 Running Running about an hour ago# 服务测试，whoami只散布在了swarm-work1这个节点上，然而咱们curl swarm-manager这个节点上的8000端口，也能失常拜访[vagrant@swarm-manager ~]$ curl 127.0.0.1:8000I'm 299a5ba408cd

至于为啥能够，咱们能够看一下iptables的内容

[vagrant@swarm-manager ~]$ sudo iptables -nL -t natChain PREROUTING (policy ACCEPT)target prot opt source destinationDOCKER-INGRESS all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCALDOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCALChain INPUT (policy ACCEPT)target prot opt source destinationChain OUTPUT (policy ACCEPT)target prot opt source destinationDOCKER-INGRESS all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCALDOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCALChain POSTROUTING (policy ACCEPT)target prot opt source destinationMASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type LOCALMASQUERADE all -- 172.17.0.0/16 0.0.0.0/0MASQUERADE all -- 172.18.0.0/16 0.0.0.0/0Chain DOCKER (2 references)target prot opt source destinationRETURN all -- 0.0.0.0/0 0.0.0.0/0RETURN all -- 0.0.0.0/0 0.0.0.0/0Chain DOCKER-INGRESS (2 references)target prot opt source destinationDNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 to:172.18.0.2:8000RETURN all -- 0.0.0.0/0 0.0.0.0/0

DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 to:172.18.0.2:8000 就是要害了

获取到以后的主机ip在docker_gwbridge网络上是172.18.0.1，而172.18.0.2必定与以后主机是在同一个网络上的，因而咱们执行如下语句即可证实172.18.0.2就是ingress-sbox容器的ip了

docker network inspect docker_gwbridge{    "Containers": {        "ingress-sbox": {            "Name": "gateway_ingress-sbox",            "EndpointID": "ac6e9807282e4884f07f6ebeefa2fa5d836a98b09f57efb2d147862c46ff1cc7",            "MacAddress": "02:42:ac:12:00:02",            "IPv4Address": "172.18.0.2/16",            "IPv6Address": ""        }    }}

Routing Mesh的两种体现

• Internal 容器和容器之间的拜访通过overlay网络（vip）
• Ingress 如果服务有绑定接口，则服务能够通过任一swarm节点的相应接口去拜访