微服务实战系列之玩转Docker(十三)
前言
LB是Load Balance的简称,即负载均衡。我们几乎在各种业务场景中,均会涉及到该方面的要求。那么在Swarm集群中,同样也具备相应的能力,无论集群内外,均有一套体系在支持它正常的运转。
Q:Swarm cluster如何实现LB
1. 资源准备
为简单演示,博主只准备一个manager节点,2个worker节点:
| 序号 | 节点名称 | 节点类型 |
|---|---|---|
| 1 | docker-manager1(192.168.8.106) | manager |
| 2 | docker-worker1(192.168.8.102) | worker |
| 3 | docker-worker2(192.168.8.107) | worker |
2. 部署集群
部署集群前,先通过docker info,查看当前资源是否已加入集群:
如图所示,即可使用该资源。
2.1 docker swarm init
创建manager节点:
docker swarm init --advertise-addr 192.168.8.106
2.2 docker swarm join
将worker1和worker节点加入群中:
docker swarm join --token SWMTKN-1-067ibmikpm0rfoul8o9503axos0lu8j6jrqbniri0d0450uw31-57llng2629thpec0ssnxaioq5 192.168.8.106:2377
以上均执行完成后,可在manager节点,查看当前集群:
2.3 docker serivce create
首先通过docker service ls,查看当前集群是空的,没有run任何服务:
接下来,博主依然以nginx为例,发布并查看:
至此,第一个service成功发布了。此刻你可以通过一个LB设备,部署该Service,达到外部访问service的目的。那么内部负载又如何体现的呢?先来看看它的网络细节吧。
3. 查看网络
3.1 VIP
VIP是虚拟IP,是集群内部为统一路由service请求而提供的公共的虚拟IP。当service发布完成后,我们可以通过docker service inspect [SERVICE_NAME]查看VirtualIPs:
docker service inspect my_nginx
这里我们可以看到有1个VirtualIPs,具体指代什么,请紧随博主,以防迷路。
3.2 service运行的网络
首先通过docker network ls,查看当前manager有哪些network:
接着,通过docker network inspect查看每个网络后,我们发现当前Swarm集群,其实是运转在ingress网络上,具体信息如下:
[root@docker-manager1 ~]# docker network inspect ingress
[{"Name": "ingress","Id": "l6kyva24ra9uako41qar66lnk","Created": "2024-08-21T09:15:00.738521076+08:00","Scope": "swarm","Driver": "overlay","EnableIPv6": false,"IPAM": {"Driver": "default","Options": null,"Config": [{"Subnet": "10.0.0.0/24","Gateway": "10.0.0.1"}]},"Internal": false,"Attachable": false,"Ingress": true,"ConfigFrom": {"Network": ""},"ConfigOnly": false,"Containers": {"360b075fbe4a0f956f0ff99ed717427d7a8d320c31e638b51d3a371115d2cde4": {"Name": "my_nginx.1.jmxvtc22vm4lrt5bjnyuyl0qz","EndpointID": "b3fa857b6c4479ef74fa36c0b38f26baedfad695ef0597e435c802c9459a8d3d","MacAddress": "02:42:0a:00:00:0a","IPv4Address": "10.0.0.10/24","IPv6Address": ""},"ingress-sbox": {"Name": "ingress-endpoint","EndpointID": "e4420b911ffa57252096b18b5692aba55bc4495085e2d19b9feff0bd31597b4e","MacAddress": "02:42:0a:00:00:02","IPv4Address": "10.0.0.2/24","IPv6Address": ""}},"Options": {"com.docker.network.driver.overlay.vxlanid_list": "4096"},"Labels": {},"Peers": [{"Name": "9cf849d5dce7","IP": "192.168.8.106"},{"Name": "7423c5d2941b","IP": "192.168.8.102"},{"Name": "161d9bb60c3f","IP": "192.168.8.107"}]}
]
3.3 网络底层原理
进一步探索,通过iptables -nvL -t nat,我们得知服务的请求流量统一转向172.18.0.2上了。
而这个IP就和docker_gwbridge有关了,不信你瞧:
[root@docker-manager1 ~]# docker network inspect docker_gwbridge
[{"Name": "docker_gwbridge","Id": "5e88db78989e93b0b3ff577e8a42656dfc895d6e32f4a3fb042b76ee1192da91","Created": "2024-08-15T10:25:32.673879398+08:00","Scope": "local","Driver": "bridge","EnableIPv6": false,"IPAM": {"Driver": "default","Options": null,"Config": [{"Subnet": "172.18.0.0/16","Gateway": "172.18.0.1"}]},"Internal": false,"Attachable": false,"Ingress": false,"ConfigFrom": {"Network": ""},"ConfigOnly": false,"Containers": {"360b075fbe4a0f956f0ff99ed717427d7a8d320c31e638b51d3a371115d2cde4": {"Name": "gateway_7e8f8ae17322","EndpointID": "7012cbdeba6c094f811b9dc0391898c144d092164aa47c7c8c085c47606abc92","MacAddress": "02:42:ac:12:00:03","IPv4Address": "172.18.0.3/16","IPv6Address": ""},"ingress-sbox": {"Name": "gateway_ingress-sbox","EndpointID": "d57e8cd714f31c1d2734ad200933236907dbfef721a0eeeef309c676319643c9","MacAddress": "02:42:ac:12:00:02","IPv4Address": "172.18.0.2/16","IPv6Address": ""}},"Options": {"com.docker.network.bridge.enable_icc": "false","com.docker.network.bridge.enable_ip_masquerade": "true","com.docker.network.bridge.name": "docker_gwbridge"},"Labels": {}}
]docker_gwbridge网络中有一块网络资源名为:ingress-sbox(IP正是172.18.0.2):
也就是所有的service请求最终都通过ingress-box完成路由。我们可以通过下图,对Swarm集群的整个网络进行分解掌握:(请沿着红箭头的方向观察)
Process:Start——>client service request——>gwbridge(default)——>ingress(default)——>向其他集群内节点分发>——>End
结语
Swarm集群的高可用,内部有ingress网络支持,外部可通过HA proxy支持,从而实现集群式服务,保障任一节点down就有新的节点补位。
系列回顾
微服务实战系列之玩转Docker(十二)
微服务实战系列之玩转Docker(十一)
微服务实战系列之玩转Docker(十)
微服务实战系列之玩转Docker(九)
微服务实战系列之玩转Docker(八)
微服务实战系列之玩转Docker(七)
微服务实战系列之玩转Docker(六)
微服务实战系列之玩转Docker(五)
微服务实战系列之玩转Docker(四)
微服务实战系列之玩转Docker(三)
微服务实战系列之玩转Docker(二)
微服务实战系列之玩转Docker(一)
微服务实战系列之云原生
