这里是整个崩溃
Software版本(所有Docker Swarm节点/keepalived节点)❯ docker --version
Docker version 27.5.1, build 9f9e405
❯ /usr/sbin/keepalived --version
Keepalived v2.2.7 (01/16,2022)
Copyright(C) 2001-2022 Alexandre Cassen, <[email protected]>
Built with kernel headers for Linux 5.19.11
Running on Linux 6.6.74+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.6.74-1+rpt1 (2025-01-27)
Distro: Debian GNU/Linux 12 (bookworm)
#using traefik v3
lithium壳:
❯ ping stats.sample.dev
PING stats.sample.dev (10.0.0.20) 56(84) bytes of data.
64 bytes from stats.sample.dev (10.0.0.20): icmp_seq=1 ttl=64 time=0.031 ms
64 bytes from stats.sample.dev (10.0.0.20): icmp_seq=2 ttl=64 time=0.028 ms
^Z
[7] + 878306 suspended ping stats.sample.dev
❯ nmap stats.sample.dev
Starting Nmap 7.93 ( https://nmap.org ) at 2025-02-08 22:41 CST
Nmap scan report for stats.sample.dev (10.0.0.20)
Host is up (0.000095s latency).
Not shown: 996 closed tcp ports (conn-refused)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
8080/tcp open http-proxy
❯ curl stats.sample.dev
Moved Permanently
❯ curl -v --connect-to stats.sample.dev:443:10.0.0.20 https://stats.sample.dev
* Connecting to hostname: 10.0.0.20
* Trying 10.0.0.20:443...
* Connected to (nil) (10.0.0.20) port 443 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted h2
* Server certificate:
* subject: CN=stats.sample.dev
* start date: Feb 9 02:33:22 2025 GMT
* expire date: May 10 02:33:21 2025 GMT
* subjectAltName: host "stats.sample.dev" matched cert's "stats.sample.dev"
* issuer: C=US; O=Let's Encrypt; CN=R11
* SSL certificate verify ok.
* using HTTP/2
* h2h3 [:method: GET]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: stats.sample.dev]
* h2h3 [user-agent: curl/7.88.1]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x55556a250af0)
> GET / HTTP/2
> Host: stats.sample.dev
> user-agent: curl/7.88.1
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/2 404
< content-type: text/plain; charset=utf-8
< x-content-type-options: nosniff
< content-length: 19
< date: Sun, 09 Feb 2025 07:08:34 GMT
<
404 page not found
* Connection #0 to host (nil) left intact
client设备外壳:
╭─[MacPro] as brad in ~ 22:41:57
╰──➤ ping stats.sample.dev
PING stats.sample.dev (10.0.0.20): 56 data bytes
64 bytes from 10.0.0.20: icmp_seq=0 ttl=64 time=2.922 ms
^Z
[5] + 37289 suspended ping stats.sample.dev exit:146
╭─[MacPro] as brad in ~ 22:42:05
╰──➤ nmap -Pn stats.sample.dev
Starting Nmap 7.95 ( https://nmap.org ) at 2025-02-08 22:42 CST
Nmap scan report for stats.sample.dev (10.0.0.20)
Host is up (0.0047s latency).
Not shown: 996 closed tcp ports (conn-refused)
PORT STATE SERVICE
22/tcp open ssh
80/tcp filtered http
443/tcp filtered https
8080/tcp filtered http-proxy
Nmap done: 1 IP address (1 host up) scanned in 1.94 seconds
╭─[MacPro] as brad in ~ 22:42:19
╰──➤ nmap stats.sample.dev
Starting Nmap 7.95 ( https://nmap.org ) at 2025-02-08 22:42 CST
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.04 seconds
╭─[MacPro] as brad in ~ 22:42:26
╰──➤ curl stats.sample.dev
^Z
[6] + 37396 suspended curl stats.sample.dev ~6s exit:146
tcpdump在锂上也非常有效,默认情况下,VIP在ETH0下设置。
❯ sudo tcpdump -i eth0 port 8080 -n
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
01:11:56.025048 IP 10.0.0.5.58488 > 10.0.0.23.8080: Flags [S], seq 185625752, win 64240, options [mss 1460,sackOK,TS val 1857444608 ecr 0,nop,wscale 6], length 0
01:11:56.048940 IP 10.0.0.3.45716 > 10.0.0.23.8080: Flags [S], seq 2623732340, win 29200, options [mss 1460,sackOK,TS val 792693717 ecr 0,nop,wscale 4], length 0
01:11:57.043401 IP 10.0.0.3.45716 > 10.0.0.23.8080: Flags [S], seq 2623732340, win 29200, options [mss 1460,sackOK,TS val 792693817 ecr 0,nop,wscale 4], length 0
01:11:57.059335 IP 10.0.0.5.58488 > 10.0.0.23.8080: Flags [S], seq 185625752, win 64240, options [mss 1460,sackOK,TS val 1857445643 ecr 0,nop,wscale 6], length 0
01:11:59.043559 IP 10.0.0.3.45716 > 10.0.0.23.8080: Flags [S], seq 2623732340, win 29200, options [mss 1460,sackOK,TS val 792694017 ecr 0,nop,wscale 4], length 0
01:11:59.107338 IP 10.0.0.5.58488 > 10.0.0.23.8080: Flags [S], seq 185625752, win 64240, options [mss 1460,sackOK,TS val 1857447691 ecr 0,nop,wscale 6], length 0
01:12:03.053814 IP 10.0.0.3.45716 > 10.0.0.23.8080: Flags [S], seq 2623732340, win 29200, options [mss 1460,sackOK,TS val 792694418 ecr 0,nop,wscale 4], length 0
01:12:03.139347 IP 10.0.0.5.58488 > 10.0.0.23.8080: Flags [S], seq 185625752, win 64240, options [mss 1460,sackOK,TS val 1857451723 ecr 0,nop,wscale 6], length 0
01:12:03.716716 IP 10.0.0.6.36094 > 10.0.0.23.8080: Flags [S], seq 2119262302, win 64240, options [mss 1460,sackOK,TS val 2007718648 ecr 0,nop,wscale 6], length 0
01:12:04.742647 IP 10.0.0.6.36094 > 10.0.0.23.8080: Flags [S], seq 2119262302, win 64240, options [mss 1460,sackOK,TS val 2007719674 ecr 0,nop,wscale 6], length 0
01:12:06.790644 IP 10.0.0.6.36094 > 10.0.0.23.8080: Flags [S], seq 2119262302, win 64240, options [mss 1460,sackOK,TS val 2007721722 ecr 0,nop,wscale 6], length 0
01:12:10.822611 IP 10.0.0.6.36094 > 10.0.0.23.8080: Flags [S], seq 2119262302, win 64240, options [mss 1460,sackOK,TS val 2007725754 ecr 0,nop,wscale 6], length 0
01:12:11.074377 IP 10.0.0.3.45716 > 10.0.0.23.8080: Flags [S], seq 2623732340, win 29200, options [mss 1460,sackOK,TS val 792695220 ecr 0,nop,wscale 4], length 0
01:12:11.651362 IP 10.0.0.5.58488 > 10.0.0.23.8080: Flags [S], seq 185625752, win 64240, options [mss 1460,sackOK,TS val 1857460235 ecr 0,nop,wscale 6], length 0
^Z
[4] + 908108 suspended sudo tcpdump -i eth0 port 8080 -n
❯ ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 2c:cf:67:2f:40:02 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.23/24 brd 10.0.0.255 scope global dynamic noprefixroute eth0
valid_lft 7011sec preferred_lft 7011sec
inet 10.0.0.20/24 scope global secondary eth0
valid_lft forever preferred_lft forever
inet6 fe80::8661:8e16:2526:9bff/64 scope link noprefixroute
valid_lft forever preferred_lft forever
╭─ ~
在10.0.0.23:上保持现有配置
❯ cat /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER # MASTER or BACKUP based on the node
interface eth0 # Network interface (e.g., eth0)
virtual_router_id 51 # Same ID across all nodes
priority 150 # Higher priority for MASTER node
advert_int 1
authentication {
auth_type PASS
auth_pass <redacted> # Shared password for authentication
}
virtual_ipaddress {
10.0.0.20/24
}
unicast_peer {
10.0.0.24 #backup with 100 priority
10.0.0.25 #backup with 100 priority
}
}
traefik_proxy网络。从节点10.0.0.23开始,然后再次从节点上托管的容器(10.0.0.24)
10.0.0.23
[
{
"Name": "traefik_proxy",
"Id": "tepqdwwn8p6l0syzo5vaa1bvm",
"Created": "2025-02-08T05:15:26.631480079Z",
"Scope": "swarm",
"Driver": "overlay",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "10.0.2.0/24",
"Gateway": "10.0.2.1"
}
]
},
"Internal": false,
"Attachable": true,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": null,
"Options": {
"com.docker.network.driver.overlay.vxlanid_list": "4099"
},
"Labels": null
}
]
10.0.0.24(Traefik的当前主机)
[
{
"Name": "traefik_proxy",
"Id": "tepqdwwn8p6l0syzo5vaa1bvm",
"Created": "2025-02-09T01:03:36.497265541-06:00",
"Scope": "swarm",
"Driver": "overlay",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "10.0.2.0/24",
"Gateway": "10.0.2.1"
}
]
},
"Internal": false,
"Attachable": true,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"1a7a6be6ed04b85f80ae65c17ae9899cae2774921a1f38e7bbd0b11c2027d866": {
"Name": "traefik-stack_traefik.1.0ow6uvundn2fgavz3vluv4p8z",
"EndpointID": "06f34838116dea63eae8b97eb57dd0393c478ecf6f4deaa73ca3428da7c27291",
"MacAddress": "02:42:0a:00:02:e4",
"IPv4Address": "10.0.2.228/24",
"IPv6Address": ""
},
"lb-traefik_proxy": {
"Name": "traefik_proxy-endpoint",
"EndpointID": "8ddff9eee89d3d7fbf49c2f83e6ed1d6b3515fbec509a5ee2fa44273ae6f305e",
"MacAddress": "02:42:0a:00:02:e5",
"IPv4Address": "10.0.2.229/24",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.driver.overlay.vxlanid_list": "4099"
},
"Labels": {},
"Peers": [
{
"Name": "358a20a6d4fa",
"IP": "10.0.0.24"
}
]
}
]
update:
我认为Traefik-stack很好,我原本没有分享,因为原木看起来不错,所以我没有分享。事实证明,我唯一的问题是端口不是在主机模式下发布的。一旦我将端口从第一个设置更改为第二个设置,我的Traefik仪表板开始加载。原始:
services:
traefik:
image: traefik:latest
...
ports:
- "80:80"
- "443:443"
- "8080:8080"
任期:services:
traefik:
image: traefik:latest
...
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
- target: 8080
published: 8080
mode: host
Original
Updated
,但是,
原始:
services:
traefik:
image: traefik:latest
...
ports:
- "80:80"
- "443:443"
- "8080:8080"
services:
traefik:
image: traefik:latest
...
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
- target: 8080
published: 8080
mode: host
deploy:
mode: replicated
replicas: 3
placement:
constraints:
- node.role == manager