什么是覆盖网络以及 DNS 解析如何工作?
What is overlay network and how does DNS resolution work?
我无法从我的 docker swarm 集群连接到外部 mongodb 服务器。
据我了解,这是因为集群使用覆盖网络驱动程序。我说得对吗?
如果没有,docker overlay 驱动程序如何工作以及如何从集群连接到外部 mongodb 服务器?
问。 docker 覆盖驱动程序如何工作?
这表明:
Docker uses embedded DNS to provide service discovery for containers running on a single Docker Engine and tasks running in a Docker Swarm. Docker Engine has an internal DNS server that provides name resolution to all of the containers on the host in user-defined bridge, overlay, and MACVLAN networks.
Each Docker container ( or task in Swarm mode) has a DNS resolver that forwards DNS queries to Docker Engine, which acts as a DNS server.
因此,在多主机中 docker swarm mode,使用此示例设置:
In this example there is a service of two containers called myservice. A second service (client) exists on the same network. The client executes two curl operations for docker.com and myservice.
These are the resulting actions:
- DNS queries are initiated by
client for docker.com and myservice.
- The container's built-in resolver intercepts the DNS queries on
127.0.0.11:53 and sends them to Docker Engine's DNS server.
myservice resolves to the Virtual IP (VIP) of that service which is internally load balanced to the individual task IP addresses. Container names resolve as well, albeit directly to their IP addresses.docker.com does not exist as a service name in the mynet network and so the request is forwarded to the configured default DNS server.
回到你的问题:
如何从集群连接到外部 mongodb 服务器?
对于您的外部 mongodb(假设您有一个 mongodb.mydomain.com 的 DNS),您与上述架构中的 client 处于相同的情况,想要连接到docker.com,除非您肯定不想将 mongodb.mydomain.com 暴露给整个网络,因此您可能已经在内部集群 DNS 服务器中声明了它。
那么,如何告诉docker引擎使用这个内部DNS服务器来解析mongodb.mydomain.com?
您必须在 docker service 任务中指明您要使用 internal DNS server,例如:
docker service create \
--name myservice \
--network my-overlay-network \
--dns=10.0.0.2 \
myservice:latest
这里重要的是--dns=10.0.0.2。如果无法解析 VIP 中的 DNS 名称,这将告诉 Docker 引擎默认使用位于 10.0.0.2:53 的 DNS 服务器。
最后,当你说:
I cannot connect to external mongodb server from my docker swarm cluster. As I understand this is because of cluster uses overlay network driver. Am I right?
我会说不,因为 docker engine 中有一个内置方法可以将来自 overlay network 的未知 DNS 名称转发到您想要的 DNS 服务器。
希望对您有所帮助!
我无法从我的 docker swarm 集群连接到外部 mongodb 服务器。
据我了解,这是因为集群使用覆盖网络驱动程序。我说得对吗?
如果没有,docker overlay 驱动程序如何工作以及如何从集群连接到外部 mongodb 服务器?
问。 docker 覆盖驱动程序如何工作?
这表明:
Docker uses embedded DNS to provide service discovery for containers running on a single Docker Engine and tasks running in a Docker Swarm. Docker Engine has an internal DNS server that provides name resolution to all of the containers on the host in user-defined bridge, overlay, and MACVLAN networks.
Each Docker container ( or task in Swarm mode) has a DNS resolver that forwards DNS queries to Docker Engine, which acts as a DNS server.
因此,在多主机中 docker swarm mode,使用此示例设置:
In this example there is a service of two containers called
myservice. A second service (client) exists on the same network. Theclientexecutes twocurloperations for docker.com andmyservice.These are the resulting actions:
- DNS queries are initiated by
clientfordocker.comandmyservice.- The container's built-in resolver intercepts the DNS queries on
127.0.0.11:53and sends them to Docker Engine's DNS server.myserviceresolves to the Virtual IP (VIP) of that service which is internally load balanced to the individual task IP addresses. Container names resolve as well, albeit directly to their IP addresses.docker.comdoes not exist as a service name in the mynet network and so the request is forwarded to the configured default DNS server.
回到你的问题:
如何从集群连接到外部 mongodb 服务器?
对于您的外部 mongodb(假设您有一个 mongodb.mydomain.com 的 DNS),您与上述架构中的 client 处于相同的情况,想要连接到docker.com,除非您肯定不想将 mongodb.mydomain.com 暴露给整个网络,因此您可能已经在内部集群 DNS 服务器中声明了它。
那么,如何告诉docker引擎使用这个内部DNS服务器来解析mongodb.mydomain.com?
您必须在 docker service 任务中指明您要使用 internal DNS server,例如:
docker service create \
--name myservice \
--network my-overlay-network \
--dns=10.0.0.2 \
myservice:latest
这里重要的是--dns=10.0.0.2。如果无法解析 VIP 中的 DNS 名称,这将告诉 Docker 引擎默认使用位于 10.0.0.2:53 的 DNS 服务器。
最后,当你说:
I cannot connect to external mongodb server from my docker swarm cluster. As I understand this is because of cluster uses overlay network driver. Am I right?
我会说不,因为 docker engine 中有一个内置方法可以将来自 overlay network 的未知 DNS 名称转发到您想要的 DNS 服务器。
希望对您有所帮助!