为什么 docker 无法将 dns 解析为实际 ip 但 docker 运行 network-alias 能够解析?
why isn't docker compose dns resolving to actual ip but docker run network-alias is able to resolve?
我有一个外部网络被 docker-compose 和 docker 运行 使用。我可以在 'docker run' 中指定网络别名,它会解析为实际的容器 ip,但是我在 docker compose 中定义的别名不会解析为实际的 ip。为什么是这样?我应该怎么做才能获得 docker 中的别名 - 将解析解析为实际 IP?
第一步:创建外网
docker network create --attachable -d overlay test-docker-network
step2:创建一个 docker-compose 来创建一个别名
docker-compose.yml
version: '3.0'
services:
host1:
image: linuxserver/openssh-server
environment:
USER_PASSWORD: 'password'
USER_NAME: 'user'
PASSWORD_ACCESS: 'true'
SUDO_ACCESS: 'true'
ports:
- 2222:2222
networks:
default:
aliases:
- netcatalias
networks:
default:
external:
name: test-docker-network
第 3 步:部署堆栈
docker stack deploy -c docker-compose.yml netcat
第 4 步:在同一网络中部署 'docker run' 容器
docker run --rm --name host2 --network-alias=myalias -ti --network test-docker-network debian:buster bash
第 5 步:解析两个别名
root@de1f75728a7e:~/gitprojects/docker-network-troubleshoot# docker run --rm --name host2 --network-alias=myalias -ti --network test-docker-network debian:buster bash
root@ea765c15dae8:/# ping myalias
PING myalias (10.0.8.5) 56(84) bytes of data.
64 bytes from ea765c15dae8 (10.0.8.5): icmp_seq=1 ttl=255 time=0.022 ms
64 bytes from ea765c15dae8 (10.0.8.5): icmp_seq=2 ttl=255 time=0.042 ms
64 bytes from ea765c15dae8 (10.0.8.5): icmp_seq=3 ttl=255 time=0.034 ms
^C
--- myalias ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 49ms
rtt min/avg/max/mdev = 0.022/0.032/0.042/0.010 ms
root@ea765c15dae8:/# ping netcatalias
PING netcatalias (10.0.8.2) 56(84) bytes of data.
64 bytes from ip-10-0-8-2.ec2.internal (10.0.8.2): icmp_seq=1 ttl=255 time=0.069 ms
64 bytes from ip-10-0-8-2.ec2.internal (10.0.8.2): icmp_seq=2 ttl=255 time=0.068 ms
64 bytes from ip-10-0-8-2.ec2.internal (10.0.8.2): icmp_seq=3 ttl=255 time=0.067 ms
^C
--- netcatalias ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 19ms
rtt min/avg/max/mdev = 0.067/0.068/0.069/0.000 ms
root@ea765c15dae8:/#
第 6 步:从 'network inspect'
获取实际 ip
root@de1f75728a7e:~/gitprojects/docker-network-troubleshoot# docker network inspect test-docker-network
[
{
"Name": "test-docker-network",
"Id": "3ev3r0eo2rg81pyb2yovlmmg3",
"Created": "2020-01-18T03:09:58.748025872Z",
"Scope": "swarm",
"Driver": "overlay",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "10.0.8.0/24",
"Gateway": "10.0.8.1"
}
]
},
"Internal": false,
"Attachable": true,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"2ba6c329d157b4a03480f978645e558bb6b46d9d5c7af3d152d943aae75c696a": {
"Name": "netcat_host1.1.180sln82qyxp03rk8o5od5p9a",
"EndpointID": "cf2eaf42b10083296696c3cad8e43fe392ed2374cd65fd8aa8c048a134171bd2",
"MacAddress": "02:42:0a:00:08:03",
"IPv4Address": "10.0.8.3/24",
"IPv6Address": ""
},
"ea765c15dae8c1cf6f6945447897a126fdf03ae1e42d2811c95d94a9d9112f39": {
"Name": "host2",
"EndpointID": "67ca483fd4bd231db74a39ba8f782a95c102fc04937ef9e245bfc14100f61d11",
"MacAddress": "02:42:0a:00:08:05",
"IPv4Address": "10.0.8.5/24",
"IPv6Address": ""
},
"lb-test-docker-network": {
"Name": "test-docker-network-endpoint",
"EndpointID": "0754c146c555fdf0e2d683c8ead3e0670196e201148c411f35899df226d77cc4",
"MacAddress": "02:42:0a:00:08:04",
"IPv4Address": "10.0.8.4/24",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.driver.overlay.vxlanid_list": "4106"
},
"Labels": {},
"Peers": [
{
"Name": "08bdcafe53fb",
"IP": "10.0.0.30"
}
]
}
]
问题:
我们可以看到 'docker run' 别名 'myalias' 从 'docker network inspect' 正确解析为 (10.0.8.5)。但是 'netcatalias' 解析为 (10.0.8.2)。但它实际上应该解析为“10.0.8.3”。为什么会这样。如何将 netcatalias 解析为“10.0.8.3”?
这是位于服务前面并将流量分配给副本的虚拟服务负载均衡器的 IP。
如果将服务路由模式更改为 dnsrr 而不是 vip(虚拟 IP),则 docker dns 服务将以循环模式将名称解析为容器 ips。
我有一个外部网络被 docker-compose 和 docker 运行 使用。我可以在 'docker run' 中指定网络别名,它会解析为实际的容器 ip,但是我在 docker compose 中定义的别名不会解析为实际的 ip。为什么是这样?我应该怎么做才能获得 docker 中的别名 - 将解析解析为实际 IP?
第一步:创建外网
docker network create --attachable -d overlay test-docker-network
step2:创建一个 docker-compose 来创建一个别名 docker-compose.yml
version: '3.0'
services:
host1:
image: linuxserver/openssh-server
environment:
USER_PASSWORD: 'password'
USER_NAME: 'user'
PASSWORD_ACCESS: 'true'
SUDO_ACCESS: 'true'
ports:
- 2222:2222
networks:
default:
aliases:
- netcatalias
networks:
default:
external:
name: test-docker-network
第 3 步:部署堆栈
docker stack deploy -c docker-compose.yml netcat
第 4 步:在同一网络中部署 'docker run' 容器
docker run --rm --name host2 --network-alias=myalias -ti --network test-docker-network debian:buster bash
第 5 步:解析两个别名
root@de1f75728a7e:~/gitprojects/docker-network-troubleshoot# docker run --rm --name host2 --network-alias=myalias -ti --network test-docker-network debian:buster bash
root@ea765c15dae8:/# ping myalias
PING myalias (10.0.8.5) 56(84) bytes of data.
64 bytes from ea765c15dae8 (10.0.8.5): icmp_seq=1 ttl=255 time=0.022 ms
64 bytes from ea765c15dae8 (10.0.8.5): icmp_seq=2 ttl=255 time=0.042 ms
64 bytes from ea765c15dae8 (10.0.8.5): icmp_seq=3 ttl=255 time=0.034 ms
^C
--- myalias ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 49ms
rtt min/avg/max/mdev = 0.022/0.032/0.042/0.010 ms
root@ea765c15dae8:/# ping netcatalias
PING netcatalias (10.0.8.2) 56(84) bytes of data.
64 bytes from ip-10-0-8-2.ec2.internal (10.0.8.2): icmp_seq=1 ttl=255 time=0.069 ms
64 bytes from ip-10-0-8-2.ec2.internal (10.0.8.2): icmp_seq=2 ttl=255 time=0.068 ms
64 bytes from ip-10-0-8-2.ec2.internal (10.0.8.2): icmp_seq=3 ttl=255 time=0.067 ms
^C
--- netcatalias ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 19ms
rtt min/avg/max/mdev = 0.067/0.068/0.069/0.000 ms
root@ea765c15dae8:/#
第 6 步:从 'network inspect'
获取实际 iproot@de1f75728a7e:~/gitprojects/docker-network-troubleshoot# docker network inspect test-docker-network
[
{
"Name": "test-docker-network",
"Id": "3ev3r0eo2rg81pyb2yovlmmg3",
"Created": "2020-01-18T03:09:58.748025872Z",
"Scope": "swarm",
"Driver": "overlay",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "10.0.8.0/24",
"Gateway": "10.0.8.1"
}
]
},
"Internal": false,
"Attachable": true,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"2ba6c329d157b4a03480f978645e558bb6b46d9d5c7af3d152d943aae75c696a": {
"Name": "netcat_host1.1.180sln82qyxp03rk8o5od5p9a",
"EndpointID": "cf2eaf42b10083296696c3cad8e43fe392ed2374cd65fd8aa8c048a134171bd2",
"MacAddress": "02:42:0a:00:08:03",
"IPv4Address": "10.0.8.3/24",
"IPv6Address": ""
},
"ea765c15dae8c1cf6f6945447897a126fdf03ae1e42d2811c95d94a9d9112f39": {
"Name": "host2",
"EndpointID": "67ca483fd4bd231db74a39ba8f782a95c102fc04937ef9e245bfc14100f61d11",
"MacAddress": "02:42:0a:00:08:05",
"IPv4Address": "10.0.8.5/24",
"IPv6Address": ""
},
"lb-test-docker-network": {
"Name": "test-docker-network-endpoint",
"EndpointID": "0754c146c555fdf0e2d683c8ead3e0670196e201148c411f35899df226d77cc4",
"MacAddress": "02:42:0a:00:08:04",
"IPv4Address": "10.0.8.4/24",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.driver.overlay.vxlanid_list": "4106"
},
"Labels": {},
"Peers": [
{
"Name": "08bdcafe53fb",
"IP": "10.0.0.30"
}
]
}
]
问题:
我们可以看到 'docker run' 别名 'myalias' 从 'docker network inspect' 正确解析为 (10.0.8.5)。但是 'netcatalias' 解析为 (10.0.8.2)。但它实际上应该解析为“10.0.8.3”。为什么会这样。如何将 netcatalias 解析为“10.0.8.3”?
这是位于服务前面并将流量分配给副本的虚拟服务负载均衡器的 IP。
如果将服务路由模式更改为 dnsrr 而不是 vip(虚拟 IP),则 docker dns 服务将以循环模式将名称解析为容器 ips。