如何通过公共IP将整个docker swarm集群暴露给外部世界?
[英]How to expose the entire docker swarm cluster to the external world via a public IP?
问题描述
Am trying to implement a cluster of containerised applications in the production using docker in the swarm mode. 
我正在尝试在swarm模式下使用docker在生产中实现一组容器化应用程序。
Let me describe a very minimalist scenario. 让我描述一个非常简约的场景。 All i have is just 5 aws-ec2 instances. 我所拥有的只是5个AWS-EC2实例。 None of these nodes have a public IP assigned and all have private IPs assigned part of a subnet. 这些节点都没有分配公共IP,也没有为子网的一部分分配私有IP。
For example, 例如,
Manager Nodes 管理者节点
- 172.16.50.1 172.16.50.1
- 172.16.50.2 172.16.50.2
Worker Nodes 工作节点
- 172.16.50.3 172.16.50.3
- 172.16.50.4 172.16.50.4
- 172.16.50.5 172.16.50.5
With the above infrastructure, have created a docker swarm with the first node's IP (172.16.50.1) as the --advertise-addr so that the other 4 nodes join the swarm as manager or worker with their respective tokens. 通过上述基础架构, 创建了一个 Docker 群集 ,其中第一个节点的IP(172.16.50.1)作为--advertise-addr,以便其他4个节点以其管理者或工作人员的身份加入群集,并带有各自的令牌。
I didn't want to overload the Manager Nodes by making them doing the role of worker nodes too.
Being the nodes are 4 core each, am hosting 9 replicas of my web application which are distributed in the 3 worker nodes each running 3 containers hosting my web app. 作为节点,每个节点有4个核心,因此托管了9个我的Web应用程序副本,这些副本分布在3个工作节点中,每个工作节点运行3个容器来托管我的Web应用程序。
Now with this setup in hand, how should i go about exposing the entire docker swarm cluster with a VIP (virtual IP) to the external world for consumption?
please validate my below thoughts: 请验证我的以下想法:
1. Should I have a classic load-balancer setup like keeping a httpd or nginx or haproxy based reverse proxy which has a public IP assigned and make it balance the load to the above 5 nodes where our docker-swarm is deployed?
One downside I see here is that the above reverse-proxy would be Single Point of Failure ? 我在这里看到的一个缺点是上述反向代理将是单点故障 ? Any ideas how this could be made fault-tolerant/hightly available? 有什么想法可以使容错/高度可用吗? should I try a AnyCast solution? 我应该尝试AnyCast解决方案吗?
2. Going for a AWS ALB/ELB which would route the traffic to the above 5 nodes where our swarm is.
3. If keeping a separate Load Balancer is the way to go, then what does really docker-swarm load-balancing and service discovery is all about?
what is docker swarm's answer to expose 1 virtual IP or host name to the external clients to access services in the swarm cluster? docker swarm的答案是什么,将1个虚拟IP或主机名公开给外部客户端以访问swarm集群中的服务?
Docker-swarm touts a lot about overlay networks but not sure how it relates to my issue of exposing the cluster via VIP to clients in the internet.
please shed some light! 请说明一下!
1 个解决方案
解决方案1
0 2019-07-11 13:40:50
On further reading, I understand that the Overlay Network we are creating in the swarm manager node only serves inter container communication. 进一步阅读后,我了解到我们在群体管理器节点中创建的覆盖网络仅用于容器间通信。
The only difference from the other networking modes like bridge, host, macvlan is that the others enables communication among containers with in a single host and while the Overlay network facilitates communication among containers deployed in different subnets too. 与其他网络模式(例如网桥,主机,macvlan)的唯一区别在于,其他模式可以使具有单个主机的容器之间进行通信,而覆盖网络也可以促进部署在不同子网中的容器之间的通信。 ie, multi-host container communication. 即多主机容器通信。
with this knowledge as the headsup, to expose the swarm to the world via a single public IP assigned to a loadbalancer which would distribute requests to all the swarm nodes. 以此知识为首,通过分配给负载均衡器的单个公共IP将集群暴露给世界,该负载均衡器会将请求分发给所有集群节点。 This is just my understanding at a high level. 这只是我的高级理解。
This is where i need your inputs and thoughts please...explaining the industry standard on how this is handled? 这是我需要您的意见和想法的地方...解释如何处理此行业标准?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.