I have a problem with docker swarm. I have published a port of a container attached to an overlay network of my swarm but the port is only reachable from within each host of my swarm.
In fact, i cannot access the port from outside the swarm
I have 4 machines :
- host 1 : 10.0.0.5 member of swarm
- host 2 : 10.0.0.6 member of swarm
- host 3 : 10.0.0.7 member of swarm
- host 4 : 10.0.0.1 not member of swarm
and one container :
-
vault container exposing the TCP port 4200 ; Below the part of configuration of the docker-compose file
vault:
image: vault:1.3.2
ports:- “8200”
environment:
VAULT_API_ADDR: http://vault:8200
VAULT_ADDR: http://127.0.0.1:8200
VAULT_LOCAL_CONFIG: >-
{
“disable_mlock”:true,
“ui”: true,
“backend”: {
“file”: {
“path”: “/vault/file”
}
},
“listener”: {
“tcp”: {
“address”: “0.0.0.0:8200”,
“tls_disable”: 1
},
},
“default_lease_ttl”: “168h”,
“max_lease_ttl”: “720h”
}
- “8200”
When i start my stack, docker create my container and an overlay network associated to it.
The result of the command docker stack services return
a**@alaska:~$ docker stack services test
ID NAME MODE REPLICAS IMAGE PORTS
rhjg9jc0guyy test_vault replicated 1/1 vault:1.4.2 *:30000->8200/tcp
When i run telnet 127.0.0.1 30000 on host1, host2 and host3, it return a success response, but i have a timeout when i run telnet 10.0.0.5 30000 from host4.
I have read the documentation of docker and it seems that my swarm will expose the port only on public IP adress. Is there a way to allow the exposure of the port of my container on a private IP adress ?