Docker Swarm Master 学习笔记——Scaling Out with Overlay Networking

视频地址：https://www.bilibili.com/video/BV1cb411S7jw?p=8，若翻译不准，请以视频为准。

感谢博主的视频资源，这是目前找到的最系统介绍 Swarm的资料了，官方文档比较适合查阅。

Before we expand our services to start running across a bunch of nodes in all of the services talking to each other, let's go over a couple of new concepts that swarm brings to the table. The first one is in new networking driver called overlay and you really just create a network like are used to creating it docker network create and you put in a --driver overlay and what that's like is basically creating a swarm wide original. Where the containers across hosts on the same virtual network connects each other connector on a villain. This is only for intra swarm communication. The overlay driver doesn't play a huge amount in traffic coming inside as it's trying to take a holistic swarm view of the networks that you're not constantly messing around with them being settings on individual nodes. You can also enable full network encryption using ip SEK, where it'll actually set up sack tunnels

在我们扩展服务以开始在所有相互通信的服务中的多个节点上运行之前，让我们先来看看swarm给我们带来的一些新概念，第一个是新的网络驱动程序，叫做overlay，你实际上只是创建一个网络，就像我们习惯了创建docker network一样，你把它放在一个--driver overlay中，它基本上就是创建一个swarm wide原始网络。在同一虚拟网络上跨主机的容器在overlay上相互连接连。这只适用于群体内通信，overlay driver并不占用大量的流量，因为它试图对网络进行整体的群体视图，而不是不断地在各个节点上进行设置。您还可以使用ip SEK启用完整的网络加密，它实际上将设置SEK channels.

When you create your services networks. That works really dependent design of your application. You know, a lot of traditional designs would have the database on the backend network, in the web servers on a frontend network, and then maybe you would have an API between the two that would be on both for something like that and you can totally do that instead. Employee example previous assignment with the postgres database services and then created an overlay network for them to talk to each other first. 

创建services networks时。这依赖于您的应用程序设计。您知道，许多传统设计都会在后端网络上有数据库，前端网络上的Web服务器，然后也许您会在两者之间使用一个API来实现类似的目的，并且您完全可以改为这样做。Employee 示例以前使用postgres数据库服务进行的分配，然后创建了一个覆盖网络，使他们可以首先与对方对话。

Create and this hasn't changed for swarm other than the fact that we're going to use a new driver.Docker network ls, and you'll see I've got a new overlay. Ingress one is there by default, then you also see a new one because it's warm, which is actually an out going network that we wanted to mess with. Ok, so let's create our postgres service delivery service,Let's call it psql. network connected to the drupal network is actually tab completion on the network names. And then remember needed add in that environment variable for the postgres password. So we can connect to it later. use the postgres image. Looks good. You'll notice here that we don't get the whole image downloading and all that because services can be run in the foreground because they have to go through the orchestrator schedule so you can do a docker service ls you can see the one of one of them is running. If we do it, docker service ps psql, you can see that. 

除了我们将使用一个新的驱动程序这一事实外，创建和这一点并没有改变。driver network ls，您将看到我有了一个新的覆盖层。默认情况下，有一个Ingress overlay，然后您还会看到一个新的入口，因为它是swarm，实际上是我们要与之联系的外向网络。好的，让我们创建我们的postgres服务交付服务，我们称之为psql。连接到drupal网络的网络实际上是网络名称上的自动补全。然后记住需要在环境变量中添加postgres密码。因此，我们稍后可以连接到它。使用postgres image。看起来挺好的。您会在这里注意到，我们没有下载全部映像，所有这些都是因为服务可以在前台运行，因为它们必须经过协调器调度，因此您可以执行docker服务ls可以看到其中之一他们正在运行。如果我们这样做，docker service ps psql，您可以看到 psql相关信息。查看日志需要链接到运行节点上使用docker container logs psql.1.lpcgg8br5l58d7cz011e4369y

Let's create other service. And we also need attached to that same network. Then we want to publish the port 80:80, like we did with the docker run command. Will use the drupal image. Ok, we can see that is starting. There is a trick you can actually use the watch command in Linux. To watch to basically what it does, is it re running a command over and over again? It's installed by default and you go to, so if you just put watch in front of the Duggar service ls. It will keep running every 2 seconds by default. Till now we have one by one. Control c of that. 

让我们创建其他服务。我们还需要连接到同一网络。然后，我们想像使用docker run命令一样发布端口80:80。将使用drupal图像。好的，我们可以看到它开始了。您实际上可以在Linux中使用watch命令，这是一个技巧。要观察执行状态，是否要一遍又一遍地运行命令？它是默认安装的，您可以使用它，因此，您仅需将watch放在docker service ls的前面。默认情况下，它将保持每2秒运行一次。

docker service ps. See that drupal is actually running now. We have the database running on node one, we have the drupal website running on node two, and so how do they know how to talk to each other while using the service names? So if I paste in one of the ip addresses. The database here. Again, my password. And for the host, just like when we were with composed, we made the service names in the compose file here or use the service name of created for the database server. So that was the psql. In this screen is basically telling us that is able to talk to the database across the nodes and set up the system. And that's the great thing about overlay. Is it really just acts like everything's on the same subnet. We don't need this anymore. Example real quick just to show you the next cool thing about swarm. I have three nodes, so how do I know which node is going to be on in which port I need to make sure that my DNS points do when I create this website name well? 

docker service ps.看到drupal实际上正在运行。我们在第一个节点上运行数据库，在第二个节点上运行drupal网站，那么他们如何知道在使用服务名称时如何相互通信？因此，如果我粘贴其中一个IP地址。这里的数据库。同样，我的密码。对于主机，就像我们在进行组合时一样，我们在此处在compose文件中创建了服务名称，或者使用为数据库服务器创建的服务名称。这就是psql。在此屏幕上，基本上可以告诉我们能够跨节点与数据库进行对话并设置系统。这就是叠加的好处。它真的像所有东西都在同一个子网上一样。我们不再需要这个了。真正快速的示例只是为了向您展示有关群体的下一个有趣的事情。我有三个节点，那么当我很好地创建此网站名称时，如何确定要在哪个端口上使用DNS节点，我又该如何知道呢？怎样能访问部署的网站。

This website. In my case, I have three ip addresses and I can copy all three of them. Input. All three of those ip addresses. Ann. There. So. If you see. It appears like the website is running on all three nodes because I'm looking at all three ip addresses. But if I go over here and do the service ps drupal, I know it's only running a note two. I can even do a docker. Service. Expect. And see that? Yeah, indeed, it's only got one ip address on the overlay network. Right here. So why is it responding all three hosts? Well, that leads us to our next new feature. 

在这个网站上。在我的情况下，我有三个ip地址，我可以复制所有三个。输入。所有这三个ip地址。所以。如果你看到的话。看起来网站运行在所有三个节点上，因为我正在查看所有三个ip地址。但是如果我去这里做ps drupal的服务，我知道它只运行一个node two，我甚至可以做一个docker service inspect 看到了吗？是的，确实，覆盖网络上只有一个ip地址。就在这里。那么，它为什么要响应所有三个主机呢？好吧，这就引出了我们的下一个新特性。