1雁歌、lxc:LinuX Container
chroot宏浩,根切換;
namespaces:名稱(chēng)空間
CGroups:控制組
簡(jiǎn)單使用:
lxc-checkconfig:
檢查系統(tǒng)環(huán)境是否滿(mǎn)足容器使用要求靠瞎;
lxc-create:創(chuàng)建lxc容器比庄;
lxc-create -n NAME -t TEMPLATE_NAME
lxc-start:?jiǎn)?dòng)容器;
lxc-start -n NAME -d
Type <Ctrl+a q> to exit the console, <Ctrl+a Ctrl+a> to enter Ctrl+a itself
lxc-info:查看容器相關(guān)的信息乏盐;
lxc-info -n NAME
lxc-console:附加至指定容器的控制臺(tái)佳窑;
lxc-console -n NAME -t NUMBER
lxc-stop:停止容器;
lxc-destory:刪除處于停機(jī)狀態(tài)的容器父能;
lxc-snapshot:創(chuàng)建和恢復(fù)快照神凑;
2、Docker安裝方法:
docker雙發(fā)行版:
docker-ee
docker-ce
moby
1、CentOS Extras Repo
2溉委、Docker-CE
下載:https://download.docker.com/
倉(cāng)庫(kù)配置文件:https://download.docker.com/linux/centos/docker-ce.repo
3鹃唯、Docker組件:
docker程序環(huán)境:
環(huán)境配置文件:
/etc/sysconfig/docker-network
/etc/sysconfig/docker-storage
/etc/sysconfig/docker
Unit File:
/usr/lib/systemd/system/docker.service
Docker Registry配置文件:
/etc/containers/registries.conf
注冊(cè)阿里云賬號(hào),專(zhuān)用加速器地址獲得路徑:
https://cr.console.aliyun.com/#/accelerator
物理:
Client <--> Daemon <--> Registry Server
邏輯:
Containers:容器
Images:鏡像、映像
Registry:Image Repositories
容器的狀態(tài):
created:
runing:
paused:
stopped:
deleted:
docker
images
pull
run
ps
查看docker相關(guān)的信息:
version
info
鏡像:
images
rmi
pull
容器:
run:創(chuàng)建并運(yùn)行一個(gè)容器瓣喊;
create:創(chuàng)建一個(gè)容器坡慌;
start:?jiǎn)?dòng)一個(gè)處于停止?fàn)顟B(tài)容器;
創(chuàng)建:
create
run
啟動(dòng):
start
停止:
kill
stop
重啟:
restart
暫停和繼續(xù):
pause
unpause
刪除容器:
rm
run --rm
創(chuàng)建容器:
基于“鏡像文件”藻三,
鏡像文件有默認(rèn)要運(yùn)行的程序洪橘;
注意:
運(yùn)行的容器內(nèi)部必須有一個(gè)工作前臺(tái)的運(yùn)行的進(jìn)程;
docker的容器的通常也是僅為運(yùn)行一個(gè)程序趴酣;
要想在容器內(nèi)運(yùn)行多個(gè)程序,一般需要提供一個(gè)管控程序坑夯,例如supervised岖寞。
run, create
--name CT_NAME
--rm:容器運(yùn)行終止即自行刪除
--network BRIDGE:讓容器加入的網(wǎng)絡(luò);
默認(rèn)為docker0柜蜈;
交互式啟動(dòng)一個(gè)容器:
-i:--interactive仗谆,交互式;
-t:Allocate a pseudo-TTY
從終端拆除:ctrl+p, ctrl+q
attach:附加至某運(yùn)行狀態(tài)的容器的終端設(shè)備淑履;
exec:讓運(yùn)行中的容器運(yùn)行一個(gè)額外的程序隶垮;
查看:
logs:Fetch the logs of a container,容器內(nèi)部程序運(yùn)行時(shí)輸出到終端的信息秘噪;
ps:List containers
-a, --all:列出所有容器狸吞;
--filter, -f:過(guò)濾器條件顯示
name=
status={stopped|running|paused}
stats:動(dòng)態(tài)方式顯示容器的資源占用狀態(tài):
top:Display the running processes of a container
Docker Hub:
docker login
docker logout
docker push
docker pull
鏡像制作:
基于容器制作
在容器中完成操作后制作;
基于鏡像制作
編輯一個(gè)Dockerfile指煎,而后根據(jù)此文件制作蹋偏;
基于容器制作:
docker commit
docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
--author, -a
--pause, -p
--message, -m
--change, -c
將鏡像文件導(dǎo)出為tar文件:
docker save
Save one or more images to a tar archive (streamed to STDOUT by default)
docker save [OPTIONS] IMAGE [IMAGE...]
從tar文件導(dǎo)入鏡像 :
docker load
Load an image from a tar archive or STDIN
docker load [OPTIONS]
--input, -i Read from tar archive file, instead of STDIN
--quiet, -q false Suppress the load output
Docker參考手冊(cè):
https://docs.docker.com/engine/reference/commandline/dockerd/
配置docker守護(hù)進(jìn)程的屬性信息的方法:/etc/docker/daemon.json
每一個(gè)可設(shè)置的鍵是dockerd的可用的選項(xiàng),其值為選項(xiàng)的參數(shù)至壤;但有些參數(shù)不可用于此文件中威始,例如add-registry, insecure-registry;
有些選項(xiàng)的參數(shù)是數(shù)組的格式像街,需要放置于[]黎棠;
官方手冊(cè)(完整的可用參數(shù)列表):
https://docs.docker.com/engine/reference/commandline/dockerd/#run-multiple-daemons
{
"authorization-plugins": [],
"data-root": "",
"dns": [],
"dns-opts": [],
"dns-search": [],
"exec-opts": [],
"exec-root": "",
"experimental": false,
"storage-driver": "",
"storage-opts": [],
"labels": [],
"live-restore": true,
"log-driver": "",
"log-opts": {},
"mtu": 0,
"pidfile": "",
"cluster-store": "",
"cluster-store-opts": {},
"cluster-advertise": "",
"max-concurrent-downloads": 3,
"max-concurrent-uploads": 5,
"default-shm-size": "64M",
"shutdown-timeout": 15,
"debug": true,
"hosts": [],
"log-level": "",
"tls": true,
"tlsverify": true,
"tlscacert": "",
"tlscert": "",
"tlskey": "",
"swarm-default-advertise-addr": "",
"api-cors-header": "",
"selinux-enabled": false,
"userns-remap": "",
"group": "",
"cgroup-parent": "",
"default-ulimits": {},
"init": false,
"init-path": "/usr/libexec/docker-init",
"ipv6": false,
"iptables": false,
"ip-forward": false,
"ip-masq": false,
"userland-proxy": false,
"userland-proxy-path": "/usr/libexec/docker-proxy",
"ip": "0.0.0.0",
"bridge": "",
"bip": "",
"fixed-cidr": "",
"fixed-cidr-v6": "",
"default-gateway": "",
"default-gateway-v6": "",
"icc": false,
"raw-logs": false,
"allow-nondistributable-artifacts": [],
"registry-mirrors": [],
"seccomp-profile": "",
"insecure-registries": [],
"disable-legacy-registry": false,
"no-new-privileges": false,
"default-runtime": "runc",
"oom-score-adjust": -500,
"runtimes": {
"runc": {
"path": "runc"
},
"custom": {
"path": "/usr/local/bin/my-runc-replacement",
"runtimeArgs": [
"--debug"
]
}
}
}
dockerd守護(hù)進(jìn)程的C/S,其默認(rèn)僅監(jiān)聽(tīng)Unix SOcket格式的地址镰绎,/var/run/docker.sock脓斩;如果使用TCP套接字,
/etc/docker/daemon.json:
"hosts": ["tcp://0.0.0.0:2375"]
也可向dockerd直接傳遞“-H|--host”選項(xiàng)畴栖;
自定義docker0橋的網(wǎng)絡(luò)屬性信息:/etc/docker/daemon.json文件
{
"bip": "192.168.1.5/24",
"fixed-cidr": "10.20.0.0/16",
"fixed-cidr-v6": "2001:db8::/64",
"mtu": 1500,
"default-gateway": "10.20.1.1",
"default-gateway-v6": "2001:db8:abcd::89",
"dns": ["10.20.1.2","10.20.1.3"]
}
核心選項(xiàng)為bip俭厚,即bridge ip之意,用于指定docker0橋自身的IP地址驶臊;其它選項(xiàng)可通過(guò)此地址計(jì)算得出挪挤。
文檔路徑:
https://docs.docker.com/engine/userguide/networking/default_network/custom-docker0/
容器構(gòu)建示例:
https://github.com/mysql/mysql-docker
容器的資源限制:
CPU:
RAM:
Device:
--device-read-bps value Limit read rate (bytes per second) from a device (default [])
--device-read-iops value Limit read rate (IO per second) from a device (default [])
--device-write-bps value Limit write rate (bytes per second) to a device (default [])
--device-write-iops value Limit write rate (IO per second) to a device (default [])
Docker private Registry的Nginx反代配置方式:
client_max_body_size 0;
location / {
proxy_pass http://registrysrvs;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
auth_basic "Docker Registry Service";
auth_basic_user_file "/etc/nginx/.ngxpasswd";
}
Docker-distribution配置文件格式詳細(xì)信息:
https://docs.docker.com/registry/configuration/#list-of-configuration-options
Kubernetes
架構(gòu):master/agent
master主機(jī):
kube-apiserver
kube-scheduler
kube-controller-manager
agent主機(jī)(node):
kubelet
container runtime(docker/rkt/...)
kube-proxy
容器編排三套解決方案:
kubernetes
mesos+marathon
machine+swarn+compose
Kubernetes:
組件:master, nodes, database(k/v store)
master:apiserver, controller-manager, scheduler
nodes: kubelet, kube-proxy, container runtime
核心術(shù)語(yǔ):
Pod, label, service, ingress
網(wǎng)絡(luò)插件:flannel, ...
Kubernetes-1.8安裝:
yum 倉(cāng)庫(kù):
https://yum.kubernetes.io/
https://packages.cloud.google.com/yum/repos
Kubernetes Cluster:
環(huán)境:
master, etcd:172.18.0.67
node1:172.18.0.68
node2:172.18.0.69
前提:
1叼丑、基于主機(jī)名通信:/etc/hosts;
2扛门、時(shí)間同步鸠信;
3、關(guān)閉firewalld和iptables.service论寨;
OS:CentOS 7.3.1611, Extras倉(cāng)庫(kù)中星立;
安裝配置步驟:
1、etcd cluster葬凳,僅master節(jié)點(diǎn)绰垂;
2、flannel火焰,集群的所有節(jié)點(diǎn)劲装;
3、配置k8s的master:僅master節(jié)點(diǎn)昌简;
kubernetes-master
啟動(dòng)的服務(wù):
kube-apiserver, kube-scheduler, kube-controller-manager
4占业、配置k8s的各Node節(jié)點(diǎn);
kubernetes-node
先設(shè)定啟動(dòng)docker服務(wù)纯赎;
啟動(dòng)的k8s的服務(wù):
kube-proxy, kubelet
deployment示例:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
Unique key of the Deployment instance
name: deployment-example
spec:
2 Pods should exist at all times.
replicas: 2
template:
metadata:
labels:
# Apply this label to pods and default
# the Deployment label selector to this value
app: nginx
spec:
containers:
- name: nginx
# Run this image
image: nginx:1.12
service示例:
kind: Service
apiVersion: v1
metadata:
# Unique key of the Service instance
name: nginx-example
spec:
ports:
# Accept traffic sent to port 80
- name: http
port: 80
targetPort: 80
selector:
# Loadbalance traffic across Pods matching
# this label selector
app: nginx
# Create an HA proxy in the cloud provider
# with an External IP address - *Only supported
# by some cloud providers*
type: LoadBalancer
Docker Compose
MySQL:
mysql: ### 容器名稱(chēng)
image: mysql:5.7 ### 官方鏡像 版本號(hào)5.7
volumes:
- mysql-data:/var/lib/mysql ### 數(shù)據(jù)卷谦疾,mysql數(shù)據(jù)就存放在這里
ports:
- "3306:3306" ###端口映射,主機(jī)端口:容器對(duì)外端口
environment:
- MYSQL_ROOT_PASSWORD=123456 ### 設(shè)置環(huán)境變量犬金,這個(gè)變量名是官方鏡像定義的念恍。
PHP:
php-fpm:
build:
context: ./php ### 自定義PHP鏡像的配置目錄
volumes:
- ./www:/var/www/html ### 主機(jī)文件與容器文件映射共享,PHP代碼存這里
expose:
- "9000" ### 容器對(duì)外暴露的端口
depends_on:
- mysql ### 依賴(lài)并鏈接Mysql容器晚顷,這樣在PHP容器就可以通過(guò)mysql作為主機(jī)名來(lái)訪(fǎng)問(wèn)Mysql容器了
Nginx:
nginx:
build:
context: ./nginx ### 自定義Nginx鏡像的配置目錄
volumes:
- ./www:/var/www/html 主機(jī)文件與容器文件映射共享樊诺,PHP代碼存這里
ports:
- "80:80" ### 端口映射,如果你主機(jī)80端口被占用音同,可以用8000:80
- "443:443"
depends_on:
- php-fpm ### 依賴(lài)并連接PHP容器词爬,這樣在Nginx容器就可以通過(guò)php-fpm作為主機(jī)名來(lái)訪(fǎng)問(wèn)PHP容器了 