Port forwarding does not work when using docker swarm

abiosoft / colima

Container runtimes on macOS (and Linux) with minimal setup

MIT License

19.46k stars 392 forks source link

Port forwarding does not work when using docker swarm #135

Open lxbuilder opened 2 years ago

lxbuilder commented 2 years ago

Port forwarding works well when running containers. However, when using a stack in docker swarm, I cannot access it from my Mac.

To reproduce, here is the YAML (test.yml) file:

version: '3.7'
services:
  test:
    image: nginx:1.21.5-alpine
    ports:
      - 80:80

To initialize a docker swarm I use docker swarm init. Afterwards, I create the stack with docker stack deploy -c test.yml teststack1

If I run curl http://localhost it does not fail to connect, but is stuck after initial connection.

This was tested with a fresh install today (brew install colima) and no custom settings.

Edit: YAML code highlighting

abiosoft commented 2 years ago

What is the default behaviour on Docker for Mac?

I noticed that the ports are not yet exposed when I checked docker service ps, but it worked after I changed the port setting a bit.

version: '3.7'
services:
  test:
    image: nginx:1.21.5-alpine
    ports:
      - target: 80
        published: 80
        mode: host

lxbuilder commented 2 years ago

What is the default behaviour on Docker for Mac?

It would work and curl would give me the response from nginx

I noticed that the ports are not yet exposed when I checked docker service ps, but it worked after I changed the port setting a bit.
version: '3.7'
services:
  test:
    image: nginx:1.21.5-alpine
    ports:
      - target: 80
        published: 80
        mode: host

Interesting, but I try to migrate from Docker Desktop to Colima, hoping to have the same behavior. Everything else I tested works like a charm, just this issue is not solvable for me without changing my previous working configuration files. Is it possible to achieve get the curl response without changing the yaml/client side?

lxbuilder commented 2 years ago

Furthermore, if you ssh into the colima vm (colima ssh) you are able to receive a response with curl

duddingl commented 2 years ago

What is the default behaviour on Docker for Mac?

I noticed that the ports are not yet exposed when I checked docker service ps, but it worked after I changed the port setting a bit.
version: '3.7'
services:
  test:
    image: nginx:1.21.5-alpine
    ports:
      - target: 80
        published: 80
        mode: host

Whilst this works for replicas=1, it doesn't for multiple replicas, the error being no suitable node (host-mode port already in use on 1 node)

abiosoft commented 2 years ago

Kindly install the current development version with brew install --HEAD colima

The containers should be reachable via the VM's IP address.

root360-AndreasUlm commented 2 years ago

Hi,

I got the same issue while running and trying to connect to traefik within docker swarm. When changing the port configuration to target-published-mode syntax it works.

colima version:

colima version 0.4.2
git commit: f112f336d05926d62eb6134ee3d00f206560493b

runtime: docker
arch: x86_64
client: v20.10.16
server: v20.10.14

stack-config:

services
 traefik:
   image: traefik:v2.4
   command: --providers.docker.swarmMode=true --providers.docker.network=traefik --providers.docker.exposedByDefault=false --api.dashboard=true --api.insecure=true --accesslog=true --pilot.dashboard=false --entryPoints.http.address=:80 --serverstransport.insecureskipverify=true
   networks:
     - traefik
   ports:
     - 8080:8080
     - 80:80
     - 443:443
   volumes:
     - /var/run/docker.sock:/var/run/docker.sock

Regards, Andreas

abiosoft commented 2 years ago

@root360-AndreasUlm as a workaround, you can start colima with reachable IP address. i.e. colima start --network-address, view the IP address in colima ls and the port should be reachable at the IP address.

It seems the overlay network used in swarm is blocking requests not originated from localhost.