Docker Swarm network overlay issue - networking

I created 3 ubuntu 20.04 VM in Proxmox VE 7 for the docker swarm. I tried to follow the site https://documentation.portainer.io/v2.0/deploy/ceinstallswarm/ to setup the Portainer on my Swarm. However I can’t browse any IP address of the ubuntu VMs to access Portainer site to setup the docker container.
Something is go wrong on the overlay network on my swarm. It looks like the ingress not enable. Please see the below network inspect for portainer_agent_network.
And I found that all swarm machines not listen the port 4789. When I run the command sudo lsof -i:4789, it shows nothing.
Does anyone help me to troubleshoot it? What is going wrong on my docker swarm?
ubuntu#swarm01:~$ docker network inspect portainer_agent_network
[
{
"Name": "portainer_agent_network",
"Id": "tzm9sx2zifgaxhpmrd8xk7gti",
"Created": "2021-08-07T14:24:33.835202371Z",
"Scope": "swarm",
"Driver": "overlay",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "10.0.11.0/24",
"Gateway": "10.0.11.1"
}
]
},
"Internal": false,
"Attachable": true,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"54a9491638f699fc6441961b04b91c8ca923bd8e4980dbe36651fa2618cdbe2c": {
"Name": "portainer_portainer.1.fd5m3wvccnxrl43iwst2imwti",
"EndpointID": "4537774ec3c146843b48ab89707df7b04a6a76880af85dbe025fcc4d7422262c",
"MacAddress": "02:42:0a:00:0b:0c",
"IPv4Address": "10.0.11.12/24",
"IPv6Address": ""
},
"83044215d796b649ee8fc78be2d1364c80646448db3a933ee9a48ff0b0b7fe24": {
"Name": "portainer_agent.idso1hec0iqiyvm1jhu1iaoq1.qidcsempp75po4znf1c7pj09r",
"EndpointID": "dfdd91e83969150ea70674b9ea998690b47a6abf113c9a644315d641c6b68e1c",
"MacAddress": "02:42:0a:00:0b:05",
"IPv4Address": "10.0.11.5/24",
"IPv6Address": ""
},
"lb-portainer_agent_network": {
"Name": "portainer_agent_network-endpoint",
"EndpointID": "be0b5a8bdda9ccae975314fad1424d96e3c57763b1c145f4a67e286f54300195",
"MacAddress": "02:42:0a:00:0b:08",
"IPv4Address": "10.0.11.8/24",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.driver.overlay.vxlanid_list": "4107"
},
"Labels": {
"com.docker.stack.namespace": "portainer"
},
"Peers": [
{
"Name": "0589007b93f4",
"IP": "10.0.0.241"
},
{
"Name": "be83a3dd8fbd",
"IP": "10.0.0.242"
},
{
"Name": "f937ea4c2dbf",
"IP": "10.0.0.243"
}
]
}
]
ubuntu#swarm01:~$ sudo lsof -i:7946
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
dockerd 451 root 30u IPv6 14558 0t0 TCP *:7946 (LISTEN)
dockerd 451 root 32u IPv6 14559 0t0 UDP *:7946
ubuntu#swarm01:~$ sudo lsof -i:4789
ubuntu#swarm01:~$
Thanks with the best regards,
Patrick Lee

The overlay network is a virtual network that the nodes use to communicate with each other internally.
If you want any traffic that's external to the swarm (including curl from the same VM) to reach your portainer containers, then you'll need to expose that port.
Using Docker CLI: https://docs.docker.com/engine/reference/commandline/service_create/#publish-service-ports-externally-to-the-swarm--p---publish
or Docker Compose: https://docs.docker.com/compose/compose-file/compose-file-v3/#ports
Note: you want to expose these containers as services, not as individual containers.

Related

Cant access kubernetes pod (minikube)

On the image, you can see the service and the pod.
If I execute "curl localhost" inside the container, I get a response, but I am not able to access it from outside.
What is wrong?
This is the file I run "kubectl -f on:
{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"name": "wordpress-site",
"labels": {
"app": "web"
}
},
"spec": {
"containers": [
{
"name": "wordpress",
"image": "wp:latest",
"imagePullPolicy": "Never",
"ports": [
{
"containerPort": 80
}
]
}
]
}
}
First I would need some more information but with what you gave me I will make the assumption you want to access it from outside the node the pod is. For this problem we can use kubernetes services.
You could easy add the service configuration to the yaml file, here is the api reference for doing that: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#-strong-service-apis-strong-
Got it working by setting:
hostNetwork: true

ElasticBeanstalk MultiContainer docker with nginx

I have two applications that handle different, but related functionality. I would like to deploy them as a single entity on a single host:port.
My plan is to use elasticbeanstalk's multicontainer docker platform. Each application would be a container.
How can I tie them together? Is it possible to install and configure nginx on the eb host?
You need to define all containers that comprise your application (together with nginx container) in Dockerrun.aws.json.
{
"AWSEBDockerrunVersion": 2,
"volumes": [
{
"name": "nginx-proxy-conf",
"host": {
"sourcePath": "/var/app/current/conf.d"
}
}
],
"containerDefinitions": [
{
"name": "first-app",
"image": "FIRST_APP_IMAGE_NAME:FIRST_APP_TAG",
"environment": [],
"essential": true,
"memoryReservation": 200,
"mountPoints": [],
"portMappings": [
{
"hostPort": 8081,
"containerPort": 8080
}
]
},
{
"name": "secondapp",
"image": "SECOND_APP_IMAGE_NAME:SECOND_APP_TAG",
"environment": [],
"essential": true,
"memoryReservation": 200,
"mountPoints": [],
"portMappings": [
{
"hostPort": 8082,
"containerPort": 8080
}
]
}
{
"name": "nginx-proxy",
"image": "nginx",
"essential": true,
"memoryReservation": 128,
"portMappings": [
{
"hostPort": 80,
"containerPort": 80
}
],
"links": [
"firstapp", "secondapp"
],
"mountPoints": [
{
"sourceVolume": "nginx-proxy-conf",
"containerPath": "/etc/nginx/conf.d",
"readOnly": true
}
]
}
]
}
Now as we linked app containers to nginx container we can refer to them using their names as hostnames.
And then you need to deploy Dockerrun.aws.json zipped together with nginx config conf.d/default.conf file (put into conf.d folder) in which you need to specify
location /firstapp/ {
proxy_pass http://firstapp;
}
location /secondapp/ {
proxy_pass http://secondapp;
}
Please also refer to AWS example of nginx proxy before php application.
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker_v2config.html

Unable To Disconnect Docker Container From Network

I am trying to disconnect a Docker container (ContainerA1) connected to a network (NetworkA), but am unable to do so, even with the --force flag.
$ docker network disconnect NetworkA ContainerA1
I get an error response: container c5d345a09c6d is not connected to the network. (container IDs trimmed for brevity).
Oddly enough, I am able to disconnect other containers from NetworkA.
I inspected the network using docker network inspect NetworkA. I see :
[
{
"Name": "NetworkA",
"Id": "9e4895ee72a1648ad10f297357447529b277beb92fe21069a244a8265b8f7306",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1/16"
}
]
},
"Internal": false,
"Containers": {
"aded6369aef63b5237a7f543333f0b7fafbe2f01496efb2012bb7f5d67f14268": {
"Name": "ContainerA2",
"EndpointID": "c93b9dde46884181ca5acb63c03b2fb5fb3141e98416dda3e6cbc98b166b88ee",
"MacAddress": "02:42:ac:12:00:03",
"IPv4Address": "172.18.0.3/16",
"IPv6Address": ""
},
"ep-0f7d832a8d0cd86d8655ea9e0c1f7bbf33f1102b7bbe6454aca1ab8a48a6e4cd": {
"Name": "ContainerA1",
"EndpointID": "0f7d832a8d0cd86d8655ea9e0c1f7bbf33f1102b7bbe6454aca1ab8a48a6e4cd",
"MacAddress": "02:42:ac:12:00:07",
"IPv4Address": "172.18.0.7/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
Notice the ep- prefix for ContainerA1.
I tried removing the container, but still see it in the list of containers when I do docker network inspect NetworkA. The "EndpointID" is different from the container ID, but having same name.
How can I remove stale entries from network, NetworkA?

Connecting to containers IP address is impossible in Docker for Windows

This issue happens when you install latest Docker for Windows that uses Hyper-V.
However you can see ips in docker network inspect bridge output:
"Containers": {
"...": {
"Name": "dockerdevenvironment_rabbit_1",
"EndpointID": "...",
"MacAddress": "02:42:ac:11:00:04",
"IPv4Address": "172.17.0.4/16",
"IPv6Address": ""
},
"...": {
"Name": "webserver",
"EndpointID": "...",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
},
"...": {
"Name": "dockerdevenvironment_mongo_1",
"EndpointID": "...",
"MacAddress": "02:42:ac:11:00:05",
"IPv4Address": "172.17.0.5/16",
"IPv6Address": ""
}
You can't even ping them or connect them in any way.
By default dockerNAT assigns 10.0.75.0/24 to MobyLinuxVM.
Docker inside MobyLinuxVM assigns to containers IP addresses in range 172.17.0.0/16. You have to alter route tables to access containers IP address:
route add 172.17.0.0 MASK 255.255.0.0 10.0.75.2 -p
source: https://forums.docker.com/t/connecting-to-containers-ip-address/18817

creating a docker bridge network for a virtual sub interface

I have a docker host with 1 physical network interface. I want to have a docker container connected to a network that is bridged to a second IP. I'm not sure what the best way to do this is, but here is what I tried so far.
I created a sub interface with
ifconfig enp0s31f6:0 192.168.2.32
Then created a new docker network like this:
docker network create --driver=bridge --subnet=192.168.2.32/24 --gateway=192.168.2.32 second
then started a new container with --net=second
The problem is that I cannot ping google.com from within containers that are on the "second" docker network.
[
{
"Name": "second",
"Id": "1540526cbab982cd86892bdbb1b2ac20f26964824469ba890c40b3615e2bfa6d",
"Scope": "local",
"Driver": "bridge",
"IPAM": {
"Driver": "default",
"Config": [
{
"Subnet": "192.168.2.0/24",
"Gateway": "192.168.2.32"
}
]
},
"Containers": {},
"Options": {}
}
]
running "ping -I 192.168.2.32 www.google.com" on the host works.
The goal is to have the containers accessible with one IP, and the rest of the host accessible with another.

Resources