我创建了一个服务,并将其暴露在我的docker swarm节点中的localhost上,但我可以公开访问该服务。
我删除并重新部署了docker堆栈,但问题仍然存在。
这是我的docker-compose.yml我曾经在堆栈中部署服务
version: "3"
networks:
api-net:
ipam:
config:
- subnet: 10.0.10.0/24
services:
health-api:
image: myprivateregistry:5000/healthapi:qa
ports:
- "127.0.0.1:9010:9010"
networks:
- api-net
depends_on:
- config-server
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.role == manager
我没有添加它依赖的服务,因为我认为这不是问题。
很少有人说它在docker swarm模式下不受支持。而不是那种情况下的解决方案。
答案 0 :(得分:5)
引用https://github.com/moby/moby/issues/32299#issuecomment-290978794:
On swarm mode, if you publish something (ports for stack deploy), it is published on the ingress network, and thus it is public. There is a few ways to get around, but putting kind/bug on that because we should at least warn people about that when doing a stack deploy with ports that have this notation (i.e. host:port:port).
To work around this, there is a few ways:
- first, you should publish mongo ports only if you want it to be public, otherwise, it is available through the name discovery bundle in docker (another container/service on the same network will be able to reach it through mongo dns name).
- If you want to publish it in the host and not in ingress (so not swarm public, just on the host it is running, same way as without swarm mode), you need to use ports expanded syntax.
... (example and some more details regarding the effect of the extended syntax).
因此,原因是Swarm的入口网络,它使每个端口都公开可用。使用扩展语法的解决方法不会绑定到环回接口,而是绑定到主机的0.0.0.0接口,与通过入口网络的外部公开端口相比,这仍然是一种改进。 / p>
答案 1 :(得分:-1)
为了以群集模式访问,您需要将端口暴露给容器外部的相同端口或另一端口。
这样的事情:
ports:
- "80:80"
- "443:443"