我一直在尝试使用docker将一个简单的API-rest拆分为不同的服务。不幸的是,我没能使它发挥作用。我已经读了好几次docker文档,并关注了多个堆栈over flow和docker论坛线程,但没有一个答案对我有效。我是docker的新手,所以我可能会错过一些东西。
我检测到通信主机容器是可以的,但容器容器不是,所以为了了解发生了什么,我在get和post服务(运行在debian:bullseye slim-based映像上(上安装了ping,并在主机上安装了wireshark。我检测到的是,我可以ping主机(172.22.0.1(,而且名称解析也可以(当我运行ping post时,会显示其IP(,但由于某种原因,当我从post发送ping请求时,没有收到回复。
我的docker-compose.yaml文件如下:
version: '3.9'
services:
mydb:
image: mariadb:latest
environment:
MYSQL_DATABASE: 'cars'
MYSQL_ALLOW_EMPTY_PASSWORD: 'true'
ports:
- "3306:3306"
container_name: mydb
networks:
- mynw
post:
build: ./post-service
ports:
- "8081:8081"
container_name: post
networks:
- mynw
privileged: true
get:
build: ./get-service
ports:
- "8080:8080"
container_name: get
networks:
- mynw
privileged: true
nginx2:
build: ./nginx2
ports:
- "80:80"
container_name: nginx2
networks:
- mynw
networks:
mynw:
external: true
最初,我使用默认网络,但我读到这可能会导致内部DNS问题。我更改了它。我通过CLI创建了网络,没有任何特殊参数(docker network create mynw(。运行docker network inspect mynw时显示的JSON如下:
[
{
"Name": "mynw",
"Id": "f925467f7efee99330f0eaaa82158006ac645cc92e7abda693f052c10da485bd",
"Created": "2022-10-14T18:42:14.145569533+02:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.22.0.0/16",
"Gateway": "172.22.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"4eb6e348d84b2433199e6581b4406eb74fb93c1fc2269691b81b34c13c723db5": {
"Name": "nginx2",
"EndpointID": "b19fab264c1489b616d919f09a5b80a1774561ea6f2538beb86157065c1e787b",
"MacAddress": "02:42:ac:16:00:03",
"IPv4Address": "172.22.0.3/16",
"IPv6Address": ""
},
"5f20802a59708bf4a592e137f52fca29dc857734983abc1c61548783e2e61896": {
"Name": "mydb",
"EndpointID": "3ef7b5d619b5b9ad9441dbc2efabd5a0e5a6bb2ea68bbd58fae8f7dfd2ac36ed",
"MacAddress": "02:42:ac:16:00:02",
"IPv4Address": "172.22.0.2/16",
"IPv6Address": ""
},
"dee816dd62aa08773134bb7a7a653544ab316275ec111817e11ba499552dea5b": {
"Name": "post",
"EndpointID": "cca2cbe801160fa6c35b3a34493d6cc9a10689cd33505ece36db9ca6dcf43900",
"MacAddress": "02:42:ac:16:00:04",
"IPv4Address": "172.22.0.4/16",
"IPv6Address": ""
},
"e23dcd0cecdb609e4df236fd8aed0999c12e1adc7b91b505fc88c53385a81292": {
"Name": "get",
"EndpointID": "83b73045887827ecbb1779cd27d5c4dac63ef3224ec42f067cfc39ba69b5484e",
"MacAddress": "02:42:ac:16:00:05",
"IPv4Address": "172.22.0.5/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
奇怪的是,当使用wireshark嗅探网络时,我发现容器之间的ARP消息交换没有问题(get服务要求post的MAC地址,而这个服务用它的MAC地址回复,然后这些信息被正确处理以发送ICMP请求(。
我认为网络层可能出于某种原因删除了回复,并为这两个服务安装了iptables,并为INPUT和OUTPUT添加了icmp消息的ACCEPT规则,但也没有改变任何内容。如果有人知道我还能做什么,或者我错过了什么,那将非常有帮助。
最后的解决方案是删除所有内容并重新安装Docker和Docker Compose。