无法让 Docker Swarm on Windows Server 2019 入口网络在容器之间工作
Unable to get Docker Swarm on Windows Server 2019 ingress network working between containers
我发现一些帖子提到在 Windows Server 2019 上使用覆盖网络支持路由网格(在下面的参考文献中)。
经过大量故障排除后,我无法在使用以下网络和服务创建的用户定义覆盖网络上正确配置 2 个简单容器:
docker network create -d overlay --attachable testnet
docker service create -d --name web --network testnet --publish 80:80 microsoft/iis
docker service create -d --network testnet --name pingweb mcr.microsoft.com/windows/nanoserver:1809 ping web
在端口 80 上浏览我的 docker 主机时,我能够访问 iis 网站,但是我的其他容器 pingweb 无法 ping 我的主 web 容器在同一个覆盖网络上。
PS C:\Users\me> docker network ls
NETWORK ID NAME DRIVER SCOPE
ga8egf2nwsir ingress overlay swarm
bf164fa77349 nat nat local
81fb626259e1 none null local
l9p7c8p2fy3g testnet overlay swarm
PS C:\Users\me> docker service create -d --name web --network testnet --publish 80:80 microsoft/iis
mk3r1a7za4jk21321kmzlddxr
PS C:\Users\me> docker service create -d --network testnet --name pingweb mcr.microsoft.com/windows/nanoserver:1809 ping web
j3z0xso7shghctva3od9qct10
PS C:\Users\me> docker service logs pingweb
pingweb.1.wbtpizulcxvg@WS2019DockerNode1 |
pingweb.1.wbtpizulcxvg@WS2019DockerNode1 | Pinging web [10.0.29.180] with 32 bytes of data:
pingweb.1.wbtpizulcxvg@WS2019DockerNode1 | Request timed out.
pingweb.1.wbtpizulcxvg@WS2019DockerNode1 | Request timed out.
pingweb.1.wbtpizulcxvg@WS2019DockerNode1 | Request timed out.
pingweb.1.wbtpizulcxvg@WS2019DockerNode1 | Request timed out.
pingweb.1.wbtpizulcxvg@WS2019DockerNode1 |
pingweb.1.wbtpizulcxvg@WS2019DockerNode1 | Ping statistics for 10.0.29.180:
pingweb.1.wbtpizulcxvg@WS2019DockerNode1 | Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
PS C:\Users\me>
我还注意到,只要我的 pingweb 容器在覆盖网络上,我就无法 ping 外部站点。我已经测试了 ping 8.8.8.8,但是当覆盖网络上 运行 时它不起作用,因为我得到的 Request timed out 与我尝试 ping 我的 [=16= 时相同] testnet 网络上的容器。
docker service create -d --network testnet --name pingweb mcr.microsoft.com/windows/nanoserver:1809 ping 8.8.8.8
问题:
- 这是一个已知问题吗?
- 我怎样才能让它工作?
参考文献:
https://www.docker.com/blog/docker-windows-server-1709/
Docker 入口模式服务在 Windows
上发布
Parity with Linux service publishing options has been highly requested by Windows customers. Adding support for service publishing using ingress mode in Windows Server 1709 enables use of Docker’s routing mesh, allowing external endpoints to access a service via any node in the swarm regardless of which nodes are running tasks for the service.
These networking improvements also unlock VIP-based service discovery when using overlay networks so that Windows users are not limited to DNS Round Robin.
Check out the corresponding post on the Microsoft Virtualization blog for details on the improvements.
在这方面进行了大量的努力之后,结果发现修复是作为 Windows Server 2019 更新的一部分提供的 KB4580390
Github 讨论问题:
https://github.com/moby/moby/issues/40998#issuecomment-719889423
修复问题的更新:
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4580390
我发现一些帖子提到在 Windows Server 2019 上使用覆盖网络支持路由网格(在下面的参考文献中)。
经过大量故障排除后,我无法在使用以下网络和服务创建的用户定义覆盖网络上正确配置 2 个简单容器:
docker network create -d overlay --attachable testnet
docker service create -d --name web --network testnet --publish 80:80 microsoft/iis
docker service create -d --network testnet --name pingweb mcr.microsoft.com/windows/nanoserver:1809 ping web
在端口 80 上浏览我的 docker 主机时,我能够访问 iis 网站,但是我的其他容器 pingweb 无法 ping 我的主 web 容器在同一个覆盖网络上。
PS C:\Users\me> docker network ls
NETWORK ID NAME DRIVER SCOPE
ga8egf2nwsir ingress overlay swarm
bf164fa77349 nat nat local
81fb626259e1 none null local
l9p7c8p2fy3g testnet overlay swarm
PS C:\Users\me> docker service create -d --name web --network testnet --publish 80:80 microsoft/iis
mk3r1a7za4jk21321kmzlddxr
PS C:\Users\me> docker service create -d --network testnet --name pingweb mcr.microsoft.com/windows/nanoserver:1809 ping web
j3z0xso7shghctva3od9qct10
PS C:\Users\me> docker service logs pingweb
pingweb.1.wbtpizulcxvg@WS2019DockerNode1 |
pingweb.1.wbtpizulcxvg@WS2019DockerNode1 | Pinging web [10.0.29.180] with 32 bytes of data:
pingweb.1.wbtpizulcxvg@WS2019DockerNode1 | Request timed out.
pingweb.1.wbtpizulcxvg@WS2019DockerNode1 | Request timed out.
pingweb.1.wbtpizulcxvg@WS2019DockerNode1 | Request timed out.
pingweb.1.wbtpizulcxvg@WS2019DockerNode1 | Request timed out.
pingweb.1.wbtpizulcxvg@WS2019DockerNode1 |
pingweb.1.wbtpizulcxvg@WS2019DockerNode1 | Ping statistics for 10.0.29.180:
pingweb.1.wbtpizulcxvg@WS2019DockerNode1 | Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
PS C:\Users\me>
我还注意到,只要我的 pingweb 容器在覆盖网络上,我就无法 ping 外部站点。我已经测试了 ping 8.8.8.8,但是当覆盖网络上 运行 时它不起作用,因为我得到的 Request timed out 与我尝试 ping 我的 [=16= 时相同] testnet 网络上的容器。
docker service create -d --network testnet --name pingweb mcr.microsoft.com/windows/nanoserver:1809 ping 8.8.8.8
问题:
- 这是一个已知问题吗?
- 我怎样才能让它工作?
参考文献:
https://www.docker.com/blog/docker-windows-server-1709/
Docker 入口模式服务在 Windows
上发布Parity with Linux service publishing options has been highly requested by Windows customers. Adding support for service publishing using ingress mode in Windows Server 1709 enables use of Docker’s routing mesh, allowing external endpoints to access a service via any node in the swarm regardless of which nodes are running tasks for the service.
These networking improvements also unlock VIP-based service discovery when using overlay networks so that Windows users are not limited to DNS Round Robin.
Check out the corresponding post on the Microsoft Virtualization blog for details on the improvements.
在这方面进行了大量的努力之后,结果发现修复是作为 Windows Server 2019 更新的一部分提供的 KB4580390
Github 讨论问题: https://github.com/moby/moby/issues/40998#issuecomment-719889423
修复问题的更新: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4580390