您好!docker swarm worker节点 上的容器内无法访问外网

来源:6-5 微服务部署

慕粉0022507194

2020-07-03

swarm 集群中的两个节点和服务

[root@localhost rfid-ms]# docker node ls
ID                            HOSTNAME            STATUS              AVAILABILITY        MANAGER STATUS      ENGINE VERSION
dldgmmlcemh2m501u527sjs1g *   manager-123         Ready               Active              Leader              19.03.12
boawbwy8nmr2vcszqkboorako     worker-125          Ready               Active                                  19.03.12

[root@localhost rfid-ms]# docker service ps rfid-ms_ivg-base-service
ID                  NAME                             IMAGE                                                    NODE                DESIRED STATE       CURRENT STATE               ERROR                       PORTS
qfjsh40qu9ts        rfid-ms_ivg-base-service.1       reg.invengo.cn:8888/rfid_cloud/ivg-base-service:latest   manager-123         Running             Running 19 minutes ago                                  
qf349uhlf75v        rfid-ms_ivg-base-service.2       reg.invengo.cn:8888/rfid_cloud/ivg-base-service:latest   worker-125          Running             Running 57 seconds ago                                  

在manager-123节点上主机和容器内部都可以访问外网

[root@localhost rfid-ms]# docker ps -f name=rfid-ms_ivg-base-service
CONTAINER ID        IMAGE                                                    COMMAND                  CREATED             STATUS              PORTS               NAMES
203b38a5ab42        reg.invengo.cn:8888/rfid_cloud/ivg-base-service:latest   "java -jar /base-com…"   22 minutes ago      Up 22 minutes       9003/tcp            rfid-ms_ivg-base-service.1.qfjsh40qu9tslo77ef92etm8p

[root@localhost rfid-ms]# docker exec -it 203b38a5ab42 /bin/bash
root@203b38a5ab42:/# ping www.baidu.com
PING www.wshifen.com (103.235.46.39) 56(84) bytes of data.
64 bytes from 103.235.46.39 (103.235.46.39): icmp_seq=1 ttl=48 time=66.5 ms
64 bytes from 103.235.46.39 (103.235.46.39): icmp_seq=2 ttl=48 time=64.7 ms
64 bytes from 103.235.46.39 (103.235.46.39): icmp_seq=5 ttl=48 time=65.2 ms
64 bytes from 103.235.46.39 (103.235.46.39): icmp_seq=8 ttl=48 time=66.0 ms

root@203b38a5ab42:/# ping 116.62.155.230
PING 116.62.155.230 (116.62.155.230) 56(84) bytes of data.
64 bytes from 116.62.155.230: icmp_seq=1 ttl=48 time=26.9 ms
64 bytes from 116.62.155.230: icmp_seq=2 ttl=48 time=26.6 ms
64 bytes from 116.62.155.230: icmp_seq=3 ttl=48 time=26.5 ms
64 bytes from 116.62.155.230: icmp_seq=4 ttl=48 time=26.6 ms

在worker-125节点主机是可以访问外网的

[root@swarm-worker125 conf.d]# ping 116.62.155.230
PING 116.62.155.230 (116.62.155.230) 56(84) bytes of data.
64 bytes from 116.62.155.230: icmp_seq=1 ttl=49 time=27.4 ms
64 bytes from 116.62.155.230: icmp_seq=2 ttl=49 time=28.2 ms
64 bytes from 116.62.155.230: icmp_seq=3 ttl=49 time=27.5 ms
64 bytes from 116.62.155.230: icmp_seq=4 ttl=49 time=27.5 ms
64 bytes from 116.62.155.230: icmp_seq=5 ttl=49 time=26.8 ms
64 bytes from 116.62.155.230: icmp_seq=6 ttl=49 time=26.8 ms
^C
--- 116.62.155.230 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5008ms
rtt min/avg/max/mdev = 26.810/27.394/28.216/0.514 ms

在worker-125节点上的容器内部无法访问外网

[root@swarm-worker125 conf.d]# docker ps -f name=rfid-ms_ivg-base-service
CONTAINER ID        IMAGE                                                    COMMAND                  CREATED              STATUS              PORTS               NAMES
ef6a4e92c2c7        reg.invengo.cn:8888/rfid_cloud/ivg-base-service:latest   "java -jar /base-com…"   About a minute ago   Up 53 seconds       9003/tcp            rfid-ms_ivg-base-service.2.tfxv7o8opjedkr7vunveov5s1

[root@swarm-worker125 conf.d]# docker exec -it ef6a4e92c2c7 /bin/bash

root@ef6a4e92c2c7:/# ping www.baidu.com
ping: www.baidu.com: Temporary failure in name resolution

root@ef6a4e92c2c7:/# ping 116.62.155.230
PING 116.62.155.230 (116.62.155.230) 56(84) bytes of data.
^C
--- 116.62.155.230 ping statistics ---
38 packets transmitted, 0 received, 100% packet loss, time 1035ms

写回答

1回答

刘果国

2020-07-04

docker inspect 一下,对比一下两个容器的参数设置,特别是网络这部分。

另外检查一下宿主机的防火墙。

0
0

Docker+Kubernetes(k8s)微服务容器化实践

从开发到编排,快速,完整,深入的掌握微服务

2607 学习 · 607 问题

查看课程