Docker swarm overlay，单节点，服务之间无连接

Question

我正在尝试建立从一个服务到另一个服务的连接，为了实现它，我创建了一个覆盖网络和两个附加到它的服务。

$ docker network create -d overlay net1
$ docker service create --name busybox --network net1 busybox sleep 3000
$ docker service create --name busybox2 --network net1 busybox sleep 3000

现在我确保我的服务正在运行并且都连接到叠加层。

$ docker ps
CONTAINER ID   IMAGE            COMMAND        CREATED              STATUS              PORTS     NAMES
ecc8dd465cb1   busybox:latest   "sleep 3000"   About a minute ago   Up About a minute             busybox2.1.uw597s90tkvbcaisgaq7los2q
f8cfe793e3d9   busybox:latest   "sleep 3000"   About a minute ago   Up About a minute             busybox.1.l5lxp4v0mcbujqh79dne2ds42

$ docker network inspect net1
[
    {
        "Name": "net1",
        "Id": "5dksx8hlxh1rbj42pva21obyz",
        "Created": "2021-06-22T14:23:43.739770415Z",
        "Scope": "swarm",
        "Driver": "overlay",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "10.0.4.0/24",
                    "Gateway": "10.0.4.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "ecc8dd465cb12c622f48b109529534279dddd4fe015a66c848395157fb73bc69": {
                "Name": "busybox2.1.uw597s90tkvbcaisgaq7los2q",
                "EndpointID": "b666f6374a815341cb8af7642a7523c9bb153f153b688218ad006605edd6e196",
                "MacAddress": "02:42:0a:00:04:06",
                "IPv4Address": "10.0.4.6/24",
                "IPv6Address": ""
            },
            "f8cfe793e3d97f72393f556c2ae555217e32e35b00306e765489ac33455782aa": {
                "Name": "busybox.1.l5lxp4v0mcbujqh79dne2ds42",
                "EndpointID": "fff680bd13a235c4bb050ecd8318971612b66954f7bd79ac3ee0799ee18f16bf",
                "MacAddress": "02:42:0a:00:04:03",
                "IPv4Address": "10.0.4.3/24",
                "IPv6Address": ""
            },
            "lb-net1": {
                "Name": "net1-endpoint",
                "EndpointID": "2a3b02f66f395e613c6bc88f16d0723762d28488b429a9e50f7df24c04e9f1f0",
                "MacAddress": "02:42:0a:00:04:04",
                "IPv4Address": "10.0.4.4/24",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.driver.overlay.vxlanid_list": "4101"
        },
        "Labels": {},
        "Peers": [
            {
                "Name": "e1c2ac76b95b",
                "IP": "10.18.0.6"
            }
        ]
    }
]

到目前为止一切顺利！接下来我 ssh 进入其中一个容器并尝试对第二个容器进行 nslookup，但没有运气。

$ docker exec -it busybox.1.l5lxp4v0mcbujqh79dne2ds42 sh
/ # nslookup busybox2
Server:     127.0.0.11
Address:    127.0.0.11:53

Non-authoritative answer:
*** Can't find busybox2: No answer

*** Can't find busybox2: No answer

/ # nslookup busybox2.1.uw597s90tkvbcaisgaq7los2q
Server:     127.0.0.11
Address:    127.0.0.11:53

Non-authoritative answer:
*** Can't find busybox2.1.uw597s90tkvbcaisgaq7los2q: No answer

*** Can't find busybox2.1.uw597s90tkvbcaisgaq7los2q: No answer

我知道overlay 问题在这里很常见，但它们主要是关于节点到节点的连接，而不是单节点群。要记住的另一个想法是，该节点上根本没有本地防火墙。

我是尝试以错误的方式连接还是配置问题？

Answer 1

解决方案只是将--attachable 标志添加到network create 命令。之后我可以按名称 ping 我的服务。

事实证明，无论您是添加堆栈（在我的情况下，我在同一个集群中有多个堆栈）还是单个服务，您都需要该标志。

Answer 2

docker service create ... --network net1 默认不创建网络别名。要获得这种行为，您需要使用 long form syntax of --network

docker service create --network name=net1,alias=busybox1 busybox tail -f /dev/null

有趣的是，使网络可连接具有类似的效果。通常网络是可附加的，这样容器就可以通过docker run --network net1 ... 附加到它上面，所以虽然这种方法有效，但对于任何应该防止的网络附加性来说，它都有潜在的不良副作用。