Docker Swarm 核心概念及详细使用

Docker Swarm 介绍

Docker Swarm 是 Docker 的原生集群管理工具。它的主要作用是将多个 Docker 主机集成到一个虚拟的 Docker 主机中,为 Docker 容器提供集群和调度功能。通过 Docker Swarm,您可以轻松地管理多个 Docker 主机,并能在这些主机上调度容器的部署。下面是 Docker Swarm 的一些核心功能和特点:

  • 集群管理:Docker Swarm 允许您将多个 Docker 主机作为一个单一的虚拟主机来管理。这意味着您可以在多个不同的服务器上运行 Docker 容器,而这些服务器被统一管理。
  • 容错和高可用性:Swarm 提供高可用性服务,即使集群中的一部分节点失败,服务仍然可以继续运行。
  • 负载均衡:Swarm 自动分配容器到集群中的不同节点,从而实现负载均衡。它还可以根据需要自动扩展或缩减服务实例的数量。
  • 声明式服务模型:Swarm 使用 Docker Compose 文件格式,使您可以以声明式方式定义应用的多个服务。
  • 服务发现:Swarm 集群中的每个服务都可以通过服务名自动进行服务发现,这简化了不同服务之间的通信。
  • 安全性:Swarm 集群内的通信是加密的,提供了安全的节点间通信机制。
  • 易用性:作为 Docker 的一部分,Swarm 的使用和 Docker 非常类似,对于熟悉 Docker 的用户来说非常容易上手。

总体来说,Docker Swarm 是一种轻量级且易于使用的容器编排工具,适合那些希望利用 Docker 的强大功能,同时需要简单集群管理和服务编排功能的场景。虽然它不像 Kubernetes 那样功能强大和复杂,但对于中小型项目或者对 Kubernetes 的复杂性有所顾虑的用户来说,它是一个很好的选择。

Node

Swarm 集群由 Manager 节点(管理者角色,管理成员和委托任务)和 Worker 节点(工作者角色,运行 Swarm 服务)组成。一个节点就是 Swarm 集群中的一个实例,也就是一个 Docker 主机。你可以运行一个或多个节点在单台物理机或云服务器上,但是生产环境上,典型的部署方式是:Docker 节点交叉分布式部署在多台物理机或云主机上。节点名称默认为机器的 hostname。

  • Manager:负责整个集群的管理工作包括集群配置、服务管理、容器编排等所有跟集群有关的工作,它会选举出一个 leader 来指挥编排任务;
  • Worker:工作节点接收和执行从管理节点分派的任务(Tasks)运行在相应的服务(Services)上。
Service

服务(Service)是一个抽象的概念,是对要在管理节点或工作节点上执行的任务的定义。它是集群系统的中心结构,是用户与集群交互的主要根源。

Task

任务(Task)包括一个 Docker 容器和在容器中运行的命令。任务是一个集群的最小单元,任务与容器是一对一的关系。管理节点根据服务规模中设置的副本数量将任务分配给工作节点。一旦任务被分配到一个节点,便无法移动到另一个节点。它只能在分配的节点上运行或失败。

工作流程

Swarm Manager:

  1. API:接受命令并创建 service 对象(创建对象) $\Downarrow$
  2. orchestrator:为 service 对象创建的 task 进行编排工作(服务编排) $\Downarrow$
  3. allocater:为各个 task 分配 IP 地址(分配 IP) $\Downarrow$
  4. dispatcher:将 task 分发到 nodes(分发任务) $\Downarrow$
  5. scheduler:安排一个 worker 节点运行 task(运行任务) $\Downarrow$

Worker Node:

  1. worker:连接到调度器,检查分配的 task(检查任务) $\Uparrow$
  2. executor:执行分配给 worker 节点的 task(执行任务)

Dcoker Swarm 集群部署

机器环境
IP:192.168.1.51 主机名: Manager 担任角色: Manager

IP:192.168.1.52 主机名: Node1 担任角色: Node

IP:192.168.1.53 主机名: Node2 担任角色: Node

安装基础环境

# 修改主机名

[root@localhost ~]# hostnamectl set-hostname Manager
[root@localhost ~]# hostnamectl set-hostname Node1
[root@localhost ~]# hostnamectl set-hostname Node2
 
 
# 设置防火墙
# 关闭三台机器上的防火墙。如果开启防火墙,则需要在所有节点的防火墙上依次放行2377/tcp(管理端口)、7946/udp(节点间通信端口)、4789/udp(overlay 网络端口)端口。

[root@localhost ~]# systemctl disable firewalld.service
[root@localhost ~]# systemctl stop firewalld.service
 
# 安装docker
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun

# 启动docker
systemctl enable docker
systemctl start docker

配置加速器

# 用你自己的阿里云加速器
[root@chenby ~]# cat > /etc/docker/daemon.json <<EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "insecure-registries": ["z.oiox.cn:18082"],
  "registry-mirrors": [
    "https://xxxxx.mirror.aliyuncs.com"
  ],
  "max-concurrent-downloads": 10,
  "log-driver": "json-file",
  "log-level": "warn",
  "log-opts": {
    "max-size": "10m",
    "max-file": "3"
    },
  "data-root": "/var/lib/docker"
}
EOF

# 重新启动docker
[root@chenby ~]# systemctl restart docker && systemctl status docker -l

创建Swarm并添加节点

# 创建Swarm集群

[root@Manager ~]# docker swarm init --advertise-addr 192.168.1.51
Swarm initialized: current node (nuy82gjzc2c0wip9agbava3z9) is now a manager.

To add a worker to this swarm, run the following command:

    docker swarm join --token SWMTKN-1-0mbfykukl6fwl1mziipzqbakqmoo4iz1ti135uuyoj7zfgxgy2-4qbs0bm04iz0l52nm3bljvuoy 192.168.1.51:2377

To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.

[root@Manager ~]#

# 其余的Node节点执行加入操作
[root@Node1 ~]# docker swarm join --token SWMTKN-1-0mbfykukl6fwl1mziipzqbakqmoo4iz1ti135uuyoj7zfgxgy2-4qbs0bm04iz0l52nm3bljvuoy 192.168.1.51:2377
This node joined a swarm as a worker.
[root@Node1 ~]# 

[root@Node2 ~]# docker swarm join --token SWMTKN-1-0mbfykukl6fwl1mziipzqbakqmoo4iz1ti135uuyoj7zfgxgy2-4qbs0bm04iz0l52nm3bljvuoy 192.168.1.51:2377
This node joined a swarm as a worker.
[root@Node2 ~]#

查看集群的相关信息

[root@Manager ~]# docker info
Client: Docker Engine - Community
 Version:    27.3.1
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.17.1
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.29.7
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 27.3.1
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: active
  NodeID: nuy82gjzc2c0wip9agbava3z9
  Is Manager: true
  ClusterID: hiki507c9yp8p4lrb8icp0rcs
  Managers: 1
  Nodes: 3
  Data Path Port: 4789
  Orchestration:
   Task History Retention Limit: 5
  Raft:
   Snapshot Interval: 10000
   Number of Old Snapshots to Retain: 0
   Heartbeat Tick: 1
   Election Tick: 10
  Dispatcher:
   Heartbeat Period: 5 seconds
  CA Configuration:
   Expiry Duration: 3 months
   Force Rotate: 0
  Autolock Managers: false
  Root Rotation In Progress: false
  Node Address: 192.168.1.51
  Manager Addresses:
   192.168.1.51:2377
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 57f17b0a6295a39009d861b89e3b3b87b005ca27
 runc version: v1.1.14-0-g2c9f560
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 5.14.0-503.el9.x86_64
 Operating System: CentOS Stream 9
 OSType: linux
 Architecture: x86_64
 CPUs: 1
 Total Memory: 1.921GiB
 Name: Manager
 ID: fb7ffc06-ccc6-4faf-bf8a-4e05f13c14d6
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
[root@Manager ~]# 
[root@Manager ~]# 
[root@Manager ~]# 
[root@Manager ~]# docker node ls
ID                            HOSTNAME   STATUS    AVAILABILITY   MANAGER STATUS   ENGINE VERSION
nuy82gjzc2c0wip9agbava3z9 *   Manager    Ready     Active         Leader           27.3.1
6vdnp73unqh3qe096vv3iitwm     Node1      Ready     Active                          27.3.1
9txw7h8w3wfkjj85rulu7jnen     Node2      Ready     Active                          27.3.1
[root@Manager ~]# 
[root@Manager ~]#

节点上下线

更改节点的availablity状态

swarm集群中node的availability状态可以为 active或者drain

active状态下,node可以接受来自manager节点的任务分派

drain状态下,node节点会结束task,且不再接受来自manager节点的任务分派(也就是下线节点)

# 设置节点为Drain

[root@Manager ~]# docker node update --availability drain Node1
Node1
[root@Manager ~]# 
[root@Manager ~]# docker node ls
ID                            HOSTNAME   STATUS    AVAILABILITY   MANAGER STATUS   ENGINE VERSION
nuy82gjzc2c0wip9agbava3z9 *   Manager    Ready     Active         Leader           27.3.1
6vdnp73unqh3qe096vv3iitwm     Node1      Ready     Drain                           27.3.1
9txw7h8w3wfkjj85rulu7jnen     Node2      Ready     Active                          27.3.1
[root@Manager ~]# 
[root@Manager ~]# 


# 删除节点
[root@Manager ~]# docker node rm --force Node1
Node1
[root@Manager ~]# 
[root@Manager ~]# docker node ls
ID                            HOSTNAME   STATUS    AVAILABILITY   MANAGER STATUS   ENGINE VERSION
nuy82gjzc2c0wip9agbava3z9 *   Manager    Ready     Active         Leader           27.3.1
9txw7h8w3wfkjj85rulu7jnen     Node2      Ready     Active                          27.3.1
[root@Manager ~]# 



# 重新加入节点
[root@Node1 ~]# docker swarm leave -f
Node left the swarm.
[root@Node1 ~]# 
[root@Node1 ~]# 
[root@Node1 ~]# docker swarm join --token SWMTKN-1-0mbfykukl6fwl1mziipzqbakqmoo4iz1ti135uuyoj7zfgxgy2-4qbs0bm04iz0l52nm3bljvuoy 192.168.1.51:2377
This node joined a swarm as a worker.
[root@Node1 ~]# 


# 查看现有状态
[root@Manager ~]# docker node ls
ID                            HOSTNAME   STATUS    AVAILABILITY   MANAGER STATUS   ENGINE VERSION
nuy82gjzc2c0wip9agbava3z9 *   Manager    Ready     Active         Leader           27.3.1
uec5t9039ef02emg963fean4u     Node1      Ready     Active                          27.3.1
9txw7h8w3wfkjj85rulu7jnen     Node2      Ready     Active                          27.3.1
[root@Manager ~]#

在Swarm中部署服务

# 创建网络
[root@Manager ~]# docker network create -d overlay nginx_net
resh5jevjdzfawrbc0tbxpns0
[root@Manager ~]# 
[root@Manager ~]# docker network ls | grep nginx_net
resh5jevjdzf   nginx_net         overlay   swarm
[root@Manager ~]# 
 
# 部署服务
[root@Manager ~]# docker service create --replicas 1 --network nginx_net --name my_nginx -p 80:80 nginx
ry7y3p039614jmvqytshxvnb3
overall progress: 1 out of 1 tasks 
1/1: running   [==================================================>] 
verify: Service ry7y3p039614jmvqytshxvnb3 converged 
[root@Manager ~]# 

# 使用 docker service ls 查看正在运行服务的列表
[root@Manager ~]# docker service ls
ID             NAME       MODE         REPLICAS   IMAGE          PORTS
ry7y3p039614   my_nginx   replicated   1/1        nginx:latest   *:80->80/tcp
[root@Manager ~]# 


# 查询Swarm中服务的信息
# -pretty 使命令输出格式化为可读的格式,不加 --pretty 可以输出更详细的信息:
[root@Manager ~]# docker service inspect --pretty my_nginx
ID:        ry7y3p039614jmvqytshxvnb3
Name:        my_nginx
Service Mode:    Replicated
 Replicas:    1
Placement:
UpdateConfig:
 Parallelism:    1
 On failure:    pause
 Monitoring Period: 5s
 Max failure ratio: 0
 Update order:      stop-first
RollbackConfig:
 Parallelism:    1
 On failure:    pause
 Monitoring Period: 5s
 Max failure ratio: 0
 Rollback order:    stop-first
ContainerSpec:
 Image:        nginx:latest@sha256:bc5eac5eafc581aeda3008b4b1f07ebba230de2f27d47767129a6a905c84f470
 Init:        false
Resources:
Networks: nginx_net 
Endpoint Mode:    vip
Ports:
 PublishedPort = 80
  Protocol = tcp
  TargetPort = 80
  PublishMode = ingress 

[root@Manager ~]# 
 
# 查看运行状态
[root@Manager ~]# docker service ps my_nginx
ID             NAME         IMAGE          NODE      DESIRED STATE   CURRENT STATE           ERROR     PORTS
x6rn5w1hv2ip   my_nginx.1   nginx:latest   Node2     Running         Running 2 minutes ago           
[root@Manager ~]# 

# 访问测试
[root@Manager ~]# curl -I 192.168.1.53
HTTP/1.1 200 OK
Server: nginx/1.27.2
Date: Tue, 19 Nov 2024 11:00:07 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Wed, 02 Oct 2024 15:13:19 GMT
Connection: keep-alive
ETag: "66fd630f-267"
Accept-Ranges: bytes

[root@Manager ~]#

调整副本数

# 增加副本数
[root@Manager ~]# docker service scale my_nginx=4
my_nginx scaled to 4
overall progress: 4 out of 4 tasks 
1/4: running   [==================================================>] 
2/4: running   [==================================================>] 
3/4: running   [==================================================>] 
4/4: running   [==================================================>] 
verify: Service my_nginx converged 
[root@Manager ~]#
 
# 查看是否正常运行
[root@Manager ~]#  docker service ps my_nginx
ID             NAME         IMAGE          NODE      DESIRED STATE   CURRENT STATE            ERROR     PORTS
x6rn5w1hv2ip   my_nginx.1   nginx:latest   Node2     Running         Running 12 minutes ago           
mi0wb3e0eixi   my_nginx.2   nginx:latest   Node1     Running         Running 8 minutes ago            
grm4mtucb2io   my_nginx.3   nginx:latest   Manager   Running         Running 8 minutes ago            
u8gdmihpkqty   my_nginx.4   nginx:latest   Node1     Running         Running 8 minutes ago            
[root@Manager ~]#

模拟节点宕机

# 模拟宕机node节点
[root@Node2 ~]# systemctl stop docker
Warning: Stopping docker.service, but it can still be activated by:
  docker.socket
[root@Node2 ~]# 

# 查看节点是否正常
[root@Manager ~]# docker node ls
ID                            HOSTNAME   STATUS    AVAILABILITY   MANAGER STATUS   ENGINE VERSION
nuy82gjzc2c0wip9agbava3z9 *   Manager    Ready     Active         Leader           27.3.1
uec5t9039ef02emg963fean4u     Node1      Ready     Active                          27.3.1
9txw7h8w3wfkjj85rulu7jnen     Node2      Down      Active                          27.3.1
[root@Manager ~]# 

# 查看容器是否正常
# 节点异常后,容器会在其他的节点上启动起来
[root@Manager ~]#  docker service ps my_nginx
ID             NAME             IMAGE          NODE      DESIRED STATE   CURRENT STATE            ERROR     PORTS
6yf6qs3rv6gx   my_nginx.1       nginx:latest   Manager   Running         Running 18 seconds ago           
x6rn5w1hv2ip    \_ my_nginx.1   nginx:latest   Node2     Shutdown        Running 14 minutes ago           
mi0wb3e0eixi   my_nginx.2       nginx:latest   Node1     Running         Running 9 minutes ago            
grm4mtucb2io   my_nginx.3       nginx:latest   Manager   Running         Running 9 minutes ago            
u8gdmihpkqty   my_nginx.4       nginx:latest   Node1     Running         Running 9 minutes ago            
[root@Manager ~]#

缩小已加的副本

# Swarm 动态缩容服务(scale)
[root@Manager ~]# docker service scale my_nginx=1
my_nginx scaled to 1
overall progress: 1 out of 1 tasks 
1/1: running   [==================================================>] 
verify: Service my_nginx converged 
[root@Manager ~]# 
[root@Manager ~]# 
[root@Manager ~]# docker service ls
ID             NAME       MODE         REPLICAS   IMAGE          PORTS
ry7y3p039614   my_nginx   replicated   1/1        nginx:latest   *:80->80/tcp
[root@Manager ~]# 
[root@Manager ~]# 
[root@Manager ~]# docker service ps my_nginx
ID             NAME             IMAGE          NODE      DESIRED STATE   CURRENT STATE                 ERROR     PORTS
6yf6qs3rv6gx   my_nginx.1       nginx:latest   Manager   Running         Running 4 minutes ago                 
x6rn5w1hv2ip    \_ my_nginx.1   nginx:latest   Node2     Shutdown        Shutdown about a minute ago           
[root@Manager ~]#

更新参数镜像信息

# 可以使用 update 更新参数
[root@Manager ~]# docker ps -a
CONTAINER ID   IMAGE          COMMAND                   CREATED         STATUS         PORTS     NAMES
64e2f72522a2   nginx:latest   "/docker-entrypoint.…"   6 minutes ago   Up 6 minutes   80/tcp    my_nginx.1.6yf6qs3rv6gxbnrc032mhrwf1
[root@Manager ~]# docker service update --replicas 3 my_nginx
my_nginx
overall progress: 3 out of 3 tasks 
1/3: running   [==================================================>] 
2/3: running   [==================================================>] 
3/3: running   [==================================================>] 
verify: Service my_nginx converged 
[root@Manager ~]# 
[root@Manager ~]# docker service ls
ID             NAME       MODE         REPLICAS   IMAGE          PORTS
ry7y3p039614   my_nginx   replicated   3/3        nginx:latest   *:80->80/tcp
[root@Manager ~]# 
[root@Manager ~]#
[root@Manager ~]# docker service ps my_nginx
ID             NAME             IMAGE          NODE      DESIRED STATE   CURRENT STATE            ERROR     PORTS
6yf6qs3rv6gx   my_nginx.1       nginx:latest   Manager   Running         Running 7 minutes ago            
x6rn5w1hv2ip    \_ my_nginx.1   nginx:latest   Node2     Shutdown        Shutdown 4 minutes ago           
pkc7bzqkpppz   my_nginx.2       nginx:latest   Node2     Running         Running 22 seconds ago           
jfok9cwixbi6   my_nginx.3       nginx:latest   Node1     Running         Running 23 seconds ago           
[root@Manager ~]# 
 
# 通过update参数进行升级镜像
[root@Manager ~]# docker service update --image nginx:new my_nginx
[root@Manager ~]# docker service ls
ID                  NAME                MODE                REPLICAS            IMAGE               PORTS
zs7fw4ereo5w        my_nginx            replicated          3/3                 nginx:new           *:80->80/tcp

删除服务

[root@Manager ~]# docker service rm my_nginx
my_nginx
[root@Manager ~]# 
[root@Manager ~]# docker service ps my_nginx
no such service: my_nginx
[root@Manager ~]#

存储卷的挂载

# Swarm中使用Volume(挂在目录,mount命令)
# 创建一个volume
[root@Manager ~]# docker volume create --name testvolume
testvolume
[root@Manager ~]# 

# 查看创建的volume
[root@Manager ~]# docker volume ls
DRIVER    VOLUME NAME
local     testvolume
[root@Manager ~]# 

# 查看volume详情
[root@Manager ~]# docker volume inspect testvolume
[
    {
        "CreatedAt": "2024-11-19T19:23:42+08:00",
        "Driver": "local",
        "Labels": null,
        "Mountpoint": "/var/lib/docker/volumes/testvolume/_data",
        "Name": "testvolume",
        "Options": null,
        "Scope": "local"
    }
]
[root@Manager ~]#

创建服务使用存储卷挂载

# 创建新的服务并挂载testvolume
[root@Manager ~]# docker service create --replicas 3 --mount type=volume,src=testvolume,dst=/usr/share/nginx/html --network nginx_net --name test_nginx -p 80:80 nginx
4ol5e2jxvs446q4mr9brs3cfk
overall progress: 3 out of 3 tasks 
1/3: running   [==================================================>] 
2/3: running   [==================================================>] 
3/3: running   [==================================================>] 
verify: Service 4ol5e2jxvs446q4mr9brs3cfk converged 
[root@Manager ~]# 
[root@Manager ~]# 


# 查看创建服务
[root@Manager ~]# docker service ls
ID             NAME         MODE         REPLICAS   IMAGE          PORTS
4ol5e2jxvs44   test_nginx   replicated   3/3        nginx:latest   *:80->80/tcp
[root@Manager ~]# 
[root@Manager ~]# 
[root@Manager ~]# docker service ps test_nginx
ID             NAME           IMAGE          NODE      DESIRED STATE   CURRENT STATE            ERROR     PORTS
jvaokj73sv0q   test_nginx.1   nginx:latest   Node2     Running         Running 35 seconds ago           
28kwulxo957w   test_nginx.2   nginx:latest   Manager   Running         Running 35 seconds ago           
odx5ejqph369   test_nginx.3   nginx:latest   Node1     Running         Running 35 seconds ago           
[root@Manager ~]#

测试是否成功挂载

# 查看有没有挂载成功
# 写入内容到网页内容中
[root@Manager ~]# echo "192.168.1.51" > /var/lib/docker/volumes/testvolume/_data/index.html
[root@Manager ~]# 
[root@Node1 ~]# echo "192.168.1.52" > /var/lib/docker/volumes/testvolume/_data/index.html
[root@Node1 ~]# 
[root@Node2 ~]# echo "192.168.1.53" > /var/lib/docker/volumes/testvolume/_data/index.html 
[root@Node2 ~]# 

# 测试是否生效
# 访问任意的节点IP即可,会轮询到这个节点上
[root@Manager ~]# curl 192.168.1.51
192.168.1.51
[root@Manager ~]# curl 192.168.1.51
192.168.1.53
[root@Manager ~]# curl 192.168.1.51
192.168.1.52
[root@Manager ~]#

创建官方的可视化面板

# 安装一个官方的可视化面板
[root@Manager ~]# docker run -it -d -p 8080:8080 -v /var/run/docker.sock:/var/run/docker.sock dockersamples/visualizer
Unable to find image 'dockersamples/visualizer:latest' locally
latest: Pulling from dockersamples/visualizer
ddad3d7c1e96: Pull complete 
3a8370f05d5d: Pull complete 
71a8563b7fea: Pull complete 
119c7e14957d: Pull complete 
28bdf67d9c0d: Pull complete 
12571b9c0c9e: Pull complete 
e1bd03793962: Pull complete 
3ab99c5ebb8e: Pull complete 
94993ebc295c: Pull complete 
021a328e5f7b: Pull complete 
Digest: sha256:530c863672e7830d7560483df66beb4cbbcd375a9f3ec174ff5376616686a619
Status: Downloaded newer image for dockersamples/visualizer:latest
a6a71d4a6d59d8a1e321c70add627bb3c407ae2d4c1e5e9f5a1202bbaa4a24a9
[root@Manager ~]#
[root@Manager ~]# 
[root@Manager ~]# curl -I 192.168.1.51:8080
HTTP/1.1 200 OK
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
Content-Length: 1920
ETag: W/"780-E5yvqIM13yhGsvY/rSKjKKqkVno"
Date: Tue, 19 Nov 2024 11:43:05 GMT
Connection: keep-alive
Keep-Alive: timeout=5
[root@Manager ~]#

Docker Swarm 容器网络

swarm模式的覆盖网络包括以下功能:

  • 可以附加多个服务到同一个网络。
  • 可以给每个swarm服务分配一个虚拟IP地址(vip)和DNS名称
  • 使得在同一个网络中容器之间可以使用服务名称为互相连接
  • 可以配置使用DNS轮循而不使用VIP
  • 为了可以使用swarm的覆盖网络,在启用swarm模式之间你需要在swarm节点之间开放以下端口:

    TCP/UDP端口7946 – 用于容器网络发现

    UDP端口4789 – 用于容器覆盖网络
# 创建网络
[root@Manager ~]# docker network create --driver overlay --opt encrypted --subnet 192.168.2.0/24 cby_net
j26skr271gjkzpbx91wu1okt9
[root@Manager ~]# 
   
参数解释:
–opt encrypted  默认情况下swarm中的节点通信是加密的。在不同节点的容器之间,可选的–opt encrypted参数能在它们的vxlan流量启用附加的加密层。
--subnet 命令行参数指定overlay网络使用的子网网段。当不指定一个子网时,swarm管理器自动选择一个子网并分配给网络。


[root@Manager ~]# 
[root@Manager ~]# docker network ls
NETWORK ID     NAME              DRIVER    SCOPE
239c159fade4   bridge            bridge    local
j26skr271gjk   cby_net           overlay   swarm
ee7340b82a36   docker_gwbridge   bridge    local
82ce5e09d333   host              host      local
dkhebie7aja7   ingress           overlay   swarm
resh5jevjdzf   nginx_net         overlay   swarm
60d6545d6b8e   none              null      local
[root@Manager ~]# 

   
# 创建的容器使用此网络
[root@Manager ~]# docker service create --replicas 5 --network cby_net --name my-cby -p 8088:80 nginx
58j0x31f072f12njv8oz2ibwf
overall progress: 5 out of 5 tasks 
1/5: running   [==================================================>] 
2/5: running   [==================================================>] 
3/5: running   [==================================================>] 
4/5: running   [==================================================>] 
5/5: running   [==================================================>] 
verify: Service 58j0x31f072f12njv8oz2ibwf converged 
[root@Manager ~]# 



[root@Manager ~]# docker service ls | grep my-cby
58j0x31f072f   my-cby       replicated   5/5        nginx:latest   *:8088->80/tcp
[root@Manager ~]# 

   
在manager-node节点上,通过下面的命令查看哪些节点有处于running状态的任务:
[root@Manager ~]# docker service ps my-cby
ID             NAME       IMAGE          NODE      DESIRED STATE   CURRENT STATE                ERROR     PORTS
hrppcl25yba0   my-cby.1   nginx:latest   Node2     Running         Running about a minute ago           
xw55qx98dgby   my-cby.2   nginx:latest   Manager   Running         Running about a minute ago           
izx4jb8aen5w   my-cby.3   nginx:latest   Node1     Running         Running about a minute ago           
tdkm03dxjzv2   my-cby.4   nginx:latest   Manager   Running         Running about a minute ago           
h6lcj91v01cm   my-cby.5   nginx:latest   Node1     Running         Running about a minute ago           
[root@Manager ~]#

查看网络详细信息

可以查询某个节点上关于my-network的详细信息:
[root@Manager ~]# docker network inspect cby_net
[
    {
        "Name": "cby_net",
        "Id": "j26skr271gjkzpbx91wu1okt9",
        "Created": "2024-11-19T20:10:07.207940854+08:00",
        "Scope": "swarm",
        "Driver": "overlay",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "192.168.2.0/24",
                    "Gateway": "192.168.2.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "2f101603351b388e2820dd576b2ab9490863b65ae04e8cb4f6a3bf2d0df2a590": {
                "Name": "my-cby.4.tdkm03dxjzv20acx6shajxhjg",
                "EndpointID": "b2a5885c2efe87370eb34b4da2103f979a8fa95fe9bff71f037eee569f1ffb0b",
                "MacAddress": "02:42:c0:a8:02:06",
                "IPv4Address": "192.168.2.6/24",
                "IPv6Address": ""
            },
            "8cbd44885c579fa9bc267bcb3eea11b8edcd696b0c75180da5c9237330afcba6": {
                "Name": "my-cby.2.xw55qx98dgbyrdi6jxt9kguvc",
                "EndpointID": "e2f04749c1b55c25b75ec677fd95cc0bd1941a58c69a9b3eed8754d2cfb6de32",
                "MacAddress": "02:42:c0:a8:02:04",
                "IPv4Address": "192.168.2.4/24",
                "IPv6Address": ""
            },
            "lb-cby_net": {
                "Name": "cby_net-endpoint",
                "EndpointID": "f93daf78ca41922a4be4c4b3dde01bb7a919d9008304a4a31950f09281ae30f9",
                "MacAddress": "02:42:c0:a8:02:0a",
                "IPv4Address": "192.168.2.10/24",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.driver.overlay.vxlanid_list": "4098",
            "encrypted": ""
        },
        "Labels": {},
        "Peers": [
            {
                "Name": "33a2908a261b",
                "IP": "192.168.1.53"
            },
            {
                "Name": "d7847005824e",
                "IP": "192.168.1.51"
            },
            {
                "Name": "7640904bfcc4",
                "IP": "192.168.1.52"
            }
        ]
    }
]
[root@Manager ~]# 
   


[root@Node1 ~]# docker network inspect cby_net
............................................
        "Containers": {
            "01f42aaeb9667b8d07683f5e2d60f643cc61aa9ceda0d0adb8bc642d1093bfc9": {
                "Name": "my-cby.3.izx4jb8aen5wbwkvy5b7tz1lz",
                "EndpointID": "46892992ac400bc1cfc40f62610ff3321ae079929170912d861556f8d1f4645f",
                "MacAddress": "02:42:c0:a8:02:05",
                "IPv4Address": "192.168.2.5/24",
                "IPv6Address": ""
            },
            "a214a33e86c95b3ea84aae6eee705b633ac5a31854425317d2a0d9693cee00ca": {
                "Name": "my-cby.5.h6lcj91v01cmhf03644nqarxq",
                "EndpointID": "a1ec3f28877fb82ba86c2b6312c592489bb59d354caa274a6b5d98aae3c4ee17",
                "MacAddress": "02:42:c0:a8:02:07",
                "IPv4Address": "192.168.2.7/24",
                "IPv6Address": ""
            },
            "lb-cby_net": {
                "Name": "cby_net-endpoint",
                "EndpointID": "05f1e89be3036367a729c1a50430bcd6181ed4bc7ec4e37bd025ba5591b6b3bf",
                "MacAddress": "02:42:c0:a8:02:09",
                "IPv4Address": "192.168.2.9/24",
                "IPv6Address": ""
            }
        },
............................................
  
[root@Node2 ~]# docker network inspect cby_net
............................................
        "Containers": {
            "6ac3a65fa5a2501a5ad6d4183895e4e6b13beaf6b8642c360e19e9bc0849f74c": {
                "Name": "my-cby.1.hrppcl25yba05o26q1my5abmc",
                "EndpointID": "a0e8246bc74b8e9b9f964b1efb51ad59d9b7dff219b7f10fc027970145503f34",
                "MacAddress": "02:42:c0:a8:02:03",
                "IPv4Address": "192.168.2.3/24",
                "IPv6Address": ""
            },
            "lb-cby_net": {
                "Name": "cby_net-endpoint",
                "EndpointID": "aa739df579790e8147877ce79220cf5387740f11a581344756502f9212314c24",
                "MacAddress": "02:42:c0:a8:02:08",
                "IPv4Address": "192.168.2.8/24",
                "IPv6Address": ""
            }
        },
.............................................
   
# 可以通过查询服务来获得服务的虚拟IP地址,如下:
[root@Manager ~]# docker service inspect --format='{{json .Endpoint.VirtualIPs}}' my-cby
[{"NetworkID":"dkhebie7aja768y8agz4xdpwt","Addr":"10.0.0.27/24"},{"NetworkID":"j26skr271gjkzpbx91wu1okt9","Addr":"192.168.2.2/24"}]
[root@Manager ~]# 

创建测试容器

[root@Manager ~]# docker service create --name my-by_net  --network cby_net busybox ping www.baidu.com

u7eana0p9xp9auw9p02d8z1wx
overall progress: 1 out of 1 tasks 
1/1: running   [==================================================>] 
verify: Service u7eana0p9xp9auw9p02d8z1wx converged 
[root@Manager ~]# 
[root@Manager ~]# 
[root@Manager ~]# 
[root@Manager ~]# docker service ps my-by_net
ID             NAME          IMAGE            NODE      DESIRED STATE   CURRENT STATE            ERROR     PORTS
7l1fpecym4kc   my-by_net.1   busybox:latest   Node2     Running         Running 31 seconds ago           
[root@Manager ~]# 

进行网络测试

# 测试其他的IP的是否在容器内正常
[root@Node2 ~]# docker exec -ti 1b1a6f6c5a7b /bin/sh
/ # 
/ # ping 192.168.2.8
PING 192.168.2.8 (192.168.2.8): 56 data bytes
64 bytes from 192.168.2.8: seq=0 ttl=64 time=0.095 ms
64 bytes from 192.168.2.8: seq=1 ttl=64 time=0.073 ms
64 bytes from 192.168.2.8: seq=2 ttl=64 time=0.101 ms
^C
--- 192.168.2.8 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.073/0.089/0.101 ms
/ # ping 192.168.2.7
PING 192.168.2.7 (192.168.2.7): 56 data bytes
64 bytes from 192.168.2.7: seq=0 ttl=64 time=0.434 ms
64 bytes from 192.168.2.7: seq=1 ttl=64 time=0.430 ms
64 bytes from 192.168.2.7: seq=2 ttl=64 time=0.401 ms
64 bytes from 192.168.2.7: seq=3 ttl=64 time=0.386 ms
^C
--- 192.168.2.7 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.386/0.412/0.434 ms
/ # ping 192.168.2.2
PING 192.168.2.2 (192.168.2.2): 56 data bytes
64 bytes from 192.168.2.2: seq=0 ttl=64 time=0.081 ms
64 bytes from 192.168.2.2: seq=1 ttl=64 time=0.075 ms
64 bytes from 192.168.2.2: seq=2 ttl=64 time=0.093 ms
64 bytes from 192.168.2.2: seq=3 ttl=64 time=0.073 ms
^C
--- 192.168.2.2 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.073/0.080/0.093 ms
/ # 


# 服务发现功能
# 查询service的虚拟IP地址
/ # nslookup my-cby
Server:        127.0.0.11
Address:    127.0.0.11:53

Non-authoritative answer:

Non-authoritative answer:
Name:    my-cby
Address: 192.168.2.2

/ #
  
  
# 查询所有的容器IP
/ # nslookup tasks.my-cby
Server:        127.0.0.11
Address:    127.0.0.11:53

Non-authoritative answer:

Non-authoritative answer:
Name:    tasks.my-cby
Address: 192.168.2.73
Name:    tasks.my-cby
Address: 192.168.2.74
Name:    tasks.my-cby
Address: 192.168.2.7
Name:    tasks.my-cby
Address: 192.168.2.5
Name:    tasks.my-cby
Address: 192.168.2.3

/ #

关于

https://www.oiox.cn/

https://www.oiox.cn/index.php/start-page.html

CSDN、GitHub、51CTO、知乎、开源中国、思否、掘金、简书、华为云、阿里云、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客

全网可搜《小陈运维》

文章主要发布于微信公众号


小陈运维
27 声望12 粉丝