cant docker swarm on google cloud platform work

Question

I am trying to configure a sample docker swarm to work on my microservices on google cloud platform. The problem is when I finished following the steps in pluralsight, I cant access the service from the specified port I entered.

I installed docker and docker swarm through the console of each google compute engine first.

How I configured the firewall:

I created a new firewall rule wherein it was specified that the filter ranges are: 0.0.0.0/0 and the target tags are: docker-manager and docker-worker (my google cloud compute engine instances).

How I configured docker swarm manager:

I ran the following command: sudo docker swarm init --advertise-addr 10.128.0.2:2377 --listen-addr 0.0.0.0:2377

the advertised addressed is the internal IP in google cloud engine

How I configured join the node for the swarm worker:

I ran the following command: sudo docker swarm join --token SWMTKN-1-56672dd646yhdx7n1t62tmegakwxbvzc0kgj366otmdu5da086-eis4e8xqqgn1tn5iwxtdoy8he 10.128.0.2:2377 --advertise-addr ens4:2 377 --listen-addr 0.0.0.0:2377

How I created the service:

I ran the following command: sudo docker service create --name psight1 -p 8080:8080 --replicas 5 nigelpoulton/pluralsight-docker-ci

But when I access the service on the external IP of google cloud engines at port 8080, it says it can't be reached. I do not understand.

Answer 1

the firewall rule contains 3 main parts: The source, destination and the ports you want to allow. You mention that specified the range of 0.0.0.0/0 and the destination target tags docker-manager and docker-worker.

1) The "target tags" refer to network tags. This is not the name of your VM instances, the tag is a network tag that you have added to your VM.

2) You have to either open all ports or choose specified ports and/or protocols. Make sure to allow traffic on port 8080. It is not recommended to set your source filter to 0.0.0.0/0 and open all ports, it's a security risk.

Finally, you can make sure the service is working by connecting from one instance to your service using the internal IP address instead of the external just to make sure the service is configured and running properly.