I’ve hit a weird one and I’m having some trouble figuring out why this isn’t working, so hoping that someone can maybe give me a hint.
I have a cluster composed of 6 machines (3 managers, 3 workers). Then I have this service that exposes port 8080 for incoming TCP traffic. I’m creating the service in the swarm by publishing the internal port to 10010. There isn’t anything else particularly special about the service, but here’s the command.
docker service create --name myservice --replicas 1 --constraint "node.role==worker" --with-registry-auth --publish 10010:8080 myimage:latest
Nothing special… published port 10010 maps to exposed port 8080.
Running the service locally (docker run), I am able to do a telnet on the port, and everything works as expected.
With the service created, I try from another shell to telnet, using the machine’s public IP. Turns out, it doesn’t work. So I ssh into the machine, and try locally in there and… well, it works.
The machine does have a firewall, set up with ufw, so I add the port
ufw allow 10010/tcp ufw reload systemctl restart docker
Try again from another shell… doesn’t work. I even restarted the machine, still didn’t work.
I do have a separate cluster for tests, so I go into that one and I do exactly the same thing and… well, it works. I compared settings, all the same, compared firewall settings, all the same… so why in hell isn’t this working on the first cluster??
Maybe someone has any idea??
Server Version: 17.12.0-ce
containerd version: 89623f28b87a6004d4b785663257362d1658a729
runc version: b2567b37d7b75eb4cf325b77297b140ea686ce8f
init version: 949e6fa
Kernel Version: 4.4.0-109-generic
Operating System: Ubuntu 16.04.3 LTS