Docker swarm on AWS – swarm services cannot access internet

I’ve create a docker swarm (Docker version 17.03.1-ce) of one manager and 2 workers. All swarm nodes can “ping stackoverflow.com” but inside the swarm service containers I can “ping 8.8.8.8” and not “ping stackoverflow.com”, they can not resolve the domain name.

on the manager I have in /usr/sbin/dhclient-script

  • How to mount file from host to docker container on ECS
  • Dockerrun.aws.json structure for ECR Repo
  • Amazon ECS error: cannot create a task definition with no containers
  • Persistent mysql data from docker container
  • How to log PHP errors in an AWS Elastic Beanstalk Docker container
  • Amazon ECS troobleshooting task start failures
  • search eu-central-1.compute.internal
    nameserver 10.0.0.2
    

    and on one of the containers I have in /usr/sbin/dhclient-script

    search eu-central-1.compute.internal
    nameserver 127.0.0.11
    options ndots:0
    

    Docker networks:

    $ docker network ls
    
    NETWORK ID          NAME                DRIVER              SCOPE
    ID                  bridge              bridge              local
    ID                  docker_gwbridge     bridge              local
    ID                  host                host                local
    ID                  ingress             overlay             swarm
    ID                  my_overlay          overlay             swarm
    ID                  none                null                local
    

    I start the docker service this way:

    docker service create \
        --name myservice \
        --replicas 1 \
        --endpoint-mode dnsrr \
        --network my_overlay \
        --constraint 'node.role == manager' \
        --env COOKIE='SRV insert indirect nocache maxidle 30m maxlife 8h' \
        --env VIRTUAL_HOST='myservice' \
        --env SERVICE_PORTS='8080' \
    myservice_image
    

    AWS VPC and security groups are configured correctly I think, since ec2 instances can reach external domain names, and can be reached externally too.
    Why can’t myservice resolve for example stackoverflow.com?

  • Ansible docker_container module env file
  • docker within-container port forwarding
  • Docker: transaction check error
  • Flask with docker network: Flask doesn't support multiple network interfaces?
  • Generation of pdf PDFBox headless docker container fails
  • How can I find out how much space is used by my container images from the Google Container Registry
  • One Solution collect form web for “Docker swarm on AWS – swarm services cannot access internet”

    It seems that the problem is solved.

    I habe to add "dns": ["8.8.8.8","8.8.4.4"] to /etc/docker/daemon.json.

    I tried to do the same in /etc/default/docker, it didn’t work, I guess that’s the old way.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.