Docker Engine swarm mode makes it easy to publish ports for services to make them available to resources outside the swarm. All nodes participate in an ingress routing mesh. The routing mesh enables each node in the swarm to accept connections on published ports for any service running in the swarm, even if there’s no task running on the node. The routing mesh routes all incoming requests to published ports on available nodes to an active container.

In order to use the ingress network in the swarm, you need to have the following ports open between the swarm nodes before you enable swarm mode:

  • Port 7946 TCP/UDP for container network discovery.
  • Port 4789 UDP for the container ingress network.

You must also open the published port between the swarm nodes and any external resources, such as an external load balancer, that require access to the port.

Publish a port for a service

Use the --publish flag to publish a port when you create a service:

$ docker service create \

  --name <SERVICE-NAME> \

  --publish <PUBLISHED-PORT>:<TARGET-PORT> \

  <IMAGE>

The <TARGET-PORT> is the port where the container listens. The <PUBLISHED-PORT> is the port where the swarm makes the service available.

For example, the following command publishes port 80 in the nginx container to port 8080 for any node in the swarm:

$ docker service create \

  --name my-web \

  --publish 8080:80 \

  --replicas 2 \

  nginx

When you access port 8080 on any node, the swarm load balancer routes your request to an active container.

The routing mesh listens on the published port for any IP address assigned to the node. For externally routable IP addresses, the port is available from outside the host. For all other IP addresses the access is only available from within the host.

You can publish a port for an existing service using the following command:

$ docker service update \

  --publish-add <PUBLISHED-PORT>:<TARGET-PORT> \

  <SERVICE>

You can use docker service inspect to view the service’s published port. For instance:



$ docker service inspect --format="{{json .Endpoint.Spec.Ports}}" my-web

[{"Protocol":"tcp","TargetPort":80,"PublishedPort":8080}]

The output shows the <TARGET-PORT> from the containers and the <PUBLISHED-PORT> where nodes listen for requests for the service.

Publish a port for TCP only or UDP only

By default, when you publish a port, it is a TCP port. You can specifically publish a UDP port instead of or in addition to a TCP port. When you publish both TCP and UDP ports, Docker 1.12.2 and earlier require you to add the suffix /tcp for TCP ports. Otherwise it is optional.

TCP ONLY

The following two commands are equivalent.

$ docker service create --name dns-cache -p 53:53 dns-cache

$ docker service create --name dns-cache -p 53:53/tcp dns-cache

TCP AND UDP

$ docker service create --name dns-cache -p 53:53/tcp -p 53:53/udp dns-cache

UDP ONLY

$ docker service create --name dns-cache -p 53:53/udp dns-cache

Configure an external load balancer

You can configure an external load balancer to route requests to a swarm service. For example, you could configure HAProxy to balance requests to an nginx service published to port 8080.

In this case, port 8080 must be open between the load balancer and the nodes in the swarm. The swarm nodes can reside on a private network that is accessible to the proxy server, but that is not publicly accessible.

You can configure the load balancer to balance requests between every node in the swarm even if there are no tasks scheduled on the node. For example, you could have the following HAProxy configuration in /etc/haproxy/haproxy.cfg:

global

        log /dev/log    local0

        log /dev/log    local1 notice

...snip...

# Configure HAProxy to listen on port 80

frontend http_front

   bind *:80

   stats uri /haproxy?stats

   default_backend http_back

# Configure HAProxy to route requests to swarm nodes on port 8080

backend http_back

   balance roundrobin

   server node1 192.168.99.100:8080 check

   server node2 192.168.99.101:8080 check

   server node3 192.168.99.102:8080 check

When you access the HAProxy load balancer on port 80, it forwards requests to nodes in the swarm. The swarm routing mesh routes the request to an active task. If, for any reason the swarm scheduler dispatches tasks to different nodes, you don’t need to reconfigure the load balancer.

You can configure any type of load balancer to route requests to swarm nodes. To learn more about HAProxy, see the HAProxy documentation.

最新文章

  1. [Think In Java]基础拾遗3 - 容器、I/O、NIO、序列化
  2. SVD java 算法实现
  3. wcscpy_s与wcsncpy
  4. 多年前写的一个ASP.NET网站管理系统,到现在有些公司在用
  5. cxf和spring结合,发布restFull风格的服务
  6. Start_Learning_Python 03 条件、循环
  7. hoj3152-Dice 等比数列求和取模
  8. 第一篇帖子,就弄个JS动态公告浏览吧,直接上代码
  9. IIS 7 支持10万并发请求
  10. asp.net根据模版生成Word小记
  11. java中取得上下文路径的方法
  12. VMware Linux 下 Nginx
  13. Web的架构与html5基础知识
  14. 初始化openresty开发环境
  15. Nginx多虚拟主机下泛域名配置
  16. 课程设计个人报告——基于ARM实验箱的捕鱼游戏的设计与实现
  17. ES6系列之箭头函数
  18. Nginx.conf配置文件参数说明与优化
  19. NameError:name &lsquo;xrange&rsquo; is not defined
  20. GuiHelloWorld

热门文章

  1. Opentsdb简介(一)
  2. Android Fragment解析(上)
  3. 转:Hive SQL的编译过程
  4. 控制语句2:循环:for 与 while
  5. DBMS_OUTPUT(用于输入和输出信息)
  6. SQL语句往Oracle数据库中插入日期型数据(to_date的用法)
  7. LeetCode OJ:Peeking Iterator(peeking 迭代器)
  8. mac下mysql 1045 (28000): Access denied for user &#39;root&#39;@&#39;localhost&#39; (using password:
  9. vue.js 源代码学习笔记 ----- observe
  10. .Net快速获取网络文本文件最后一段文字-小应用