docker集群管理工具
There are all kinds of ways to play the Docker game and, obviously, no one of them is going to be right for every use case. So what I’m going to do here is give you a brief functional overview of each of the most obvious management options in a way that can help you choose for yourself and save you a whole lot of time and frustration in the process. That way you get to look smart and no one has to know it was me all along.
玩Docker游戏的方式有很多种,显然,没有一种适合每种用例。 因此,我将在这里为您提供每个最明显的管理选项的简要功能概述,以帮助您自己选择并节省整个过程的时间和精力。 这样一来,您看起来会很聪明,而且没有人一直都知道这就是我。
First though, here’s the sentence with which every article on any subject even remotely related to Docker must begin: Over the past n years (where n < 6), container technologies, and Docker in particular, have become dominant tools in the application provision world.
首先,这句话是关于甚至与Docker密切相关的任何主题的每篇文章都必须从这句话开始:在过去的n年中(n <6),容器技术,尤其是Docker,已成为应用程序供应领域中的主要工具。 。
Great. With that out of the way, we can get down to business. So you’re considering delivering your app or networked service through Docker containers…or at least giving them a good look. I certainly won’t argue with you: that’s probably a good choice.
大。 有了这些,我们就可以开始做生意。 因此,您正在考虑通过Docker容器交付您的应用程序或网络服务……或者至少让它们看起来更好。 我当然不会与您争论:这可能是一个不错的选择。
Now presumably you already know that Docker Engine is the open source software environment that lets you virtualize bits and pieces of a host hardware system until they look and act just like real servers. Docker is now available in either its free (Community Edition) of commercially supported (Enterprise Edition) versions.
现在,大概您已经知道Docker Engine是开放源代码软件环境,它使您可以虚拟化主机硬件系统的各个部分,直到它们看起来和行为像真实的服务器一样。 Docker现在可以以其免费的(社区版)商业支持的(企业版)版本使用。
No doubt you also know that invoking Docker Engine from your command line using things like:
毫无疑问,您还知道使用以下命令从命令行调用Docker Engine:
$ docker ps$ docker images
and:
和:
$ docker network inspect
…will get stuff done. Not so comfortable with all that? There’s some intro-level material you might like that’s included in my Docker-oriented courses over at Pluralsight.
…将完成工作。 不太满意吗? 在Pluralsight的面向Docker的课程中,您可能会喜欢一些入门级材料。
All that will work just fine while you’re just learning your way around. But once you’re ready to start planning a robust and highly scalable deployment — complete with complex configurations that might include microservices and network bridges — then the landscape quickly changes. The question is not so much “how”, but “where and which”: Do you have the compute and network resources to run your app locally, or will you need to find a host? Should you do it yourself or choose a managed service on a public cloud like AWS’s Elastic Beasntalk?
当您学习自己的方式时,所有这些都将正常工作。 但是,一旦您准备好开始计划一个健壮且高度可扩展的部署(包括可能包含微服务和网桥的复杂配置),那么情况就会Swift改变。 问题不仅仅在于“如何”,而在于“在哪里和哪个”:您是否拥有在本地运行应用程序的计算和网络资源,还是需要找到主机? 您应该自己做还是在AWS的Elastic Beasntalk这样的公共云上选择托管服务?
And then what about administration? Are you a hands-on type or do you prefer standing a layer or two back and letting management tools like Kubernetes or Docker swarm mode do some of the heavy lifting for you? Or how about two or three layers back and going with Ansible or Puppet?
然后管理呢? 您是动手型的还是喜欢站一两层并让诸如Kubernetes或Docker swarm模式的管理工具为您带来一些繁重的工作? 还是往后两三层再与Ansible或Puppet搭配使用?
Let’s divide things into three categories: repository tools for storing and managing Docker images, administration frameworks for defining, launching, and managing Docker containers through their life cycles, and then some command line and configuration automation management tools.
让我们将其分为三类:用于存储和管理Docker映像的存储库工具 ,用于在其生命周期中定义,启动和管理Docker容器的管理框架 ,以及一些命令行和配置自动化管理工具 。
1.图像注册 (1. Image Registries)
Docker集线器 (Docker Hub)
For most people, the obvious first place to look for Docker images — the packages containing the operating systems and software used to run containers — is Docker Hub. Provided by Docker itself, Docker Hub holds a vast collection of images that come pre-loaded to support all kinds of application projects. You can find and research images on the hub.docker.com web site, and then pull them directly into your own Docker Engine environment.
对于大多数人来说,查找Docker映像的显而易见的第一位是Docker Hub,它是包含用于运行容器的操作系统和软件的软件包。 Docker Hub由Docker本身提供,其中包含大量映像,这些映像已预先加载以支持各种应用程序项目。 您可以在hub.docker.com网站上找到并研究图像,然后将其直接拉入您自己的Docker Engine环境。
$ docker pull ubuntu
Once you begin creating your own images, you can safely store as many of them as you like in public repositories on Docker Hub. In addition, they’ll allow you one private repo for free, and more at a rate of roughly one dollar per repo. Perhaps the nicest thing about Docker Hub is the way it works seamlessly with just about anything else connected to Docker, including public cloud providers like AWS and infrastructure management services like Docker Cloud.
一旦开始创建自己的映像,就可以在Docker Hub上的公共存储库中安全地存储任意数量的映像。 此外,他们将免费为您提供一个私人存储库,每个存储库的费用约为一美元。 也许Docker Hub最好的地方就是它可以与连接到Docker的所有其他设备无缝地工作,包括AWS等公共云提供商和Docker Cloud等基础架构管理服务。
The separate Docker Store service allows you to publish pre-certified images and plugins to satisfy demand for access to trusted resources.
单独的Docker Store服务允许您发布预认证的映像和插件,以满足对可信资源访问的需求。
EC2容器注册表(ECR) (EC2 Container Registry (ECR))
Amazon’s AWS knows all about the power and potential of Docker and wants in on the game. As part of their efforts to open up their cloud ecosystem to as much Docker business as possible, they’ve built their own registry to go with their EC2 Container Service platform: ECR. Images can be pushed, pulled, and managed through the AWS GUI or CLI tool. Permissions policies can closely control image access only to the people you select.
亚马逊的AWS充分了解Docker的功能和潜力,并希望参与其中。 作为他们努力向尽可能多的Docker业务开放云生态系统的努力的一部分,他们建立了自己的注册表以与EC2容器服务平台:ECR一起使用。 可以通过AWS GUI或CLI工具推,拉和管理图像。 权限策略可以仅对所选人员严格控制图像访问。
The limitation? ECR is obviously designed to work best with infrastructure running on AWS-based services like ECS and Elastic Beanstalk.
限制? 显然,ECR被设计为与在基于AWS的服务(例如ECS和Elastic Beanstalk)上运行的基础架构最佳配合。
Docker注册表 (Docker Registry)
If you need to maintain your images a bit closer to home — either for security or practical reasons — then you’ll want to know about Docker’s freely available Docker Registry. You designate a registry server with access to and from your other network assets, install and then enable the docker-registry package, tag images so they’re pointed to your local registry, and you’ve got yourself a real, live private repo.
如果出于安全或实际原因需要将图像维护得离家更近一些,那么您将需要了解Docker免费提供的Docker Registry。 您可以指定一个可以访问其他网络资产或从中访问其他网络资产的注册表服务器,安装并启用docker-registry程序包,标记映像,以便它们指向您的本地注册表,您便拥有了一个真实的,实时的私有存储库。
$ dpkg -i docker-registry_2.4.1~ds1-2_amd64.deb$ systemctl enable docker-registry$ docker tag hello-world localhost:5000/hello-world:latest
The images themselves are stored deep within the file system on your server, but they’re available through the same CLI tools as those on Docker Hub. Worried about securing your images? Docker Registry lets you apply SSL/TLS certificates and control access by enforcing login authentication to your site.
映像本身存储在服务器上的文件系统中,但是可以通过与Docker Hub上相同的CLI工具来使用它们。 担心保护您的图像? Docker Registry允许您通过对站点执行登录身份验证来应用SSL / TLS证书并控制访问。
The Docker Trusted Registry is Docker’s commercial version of the Docker Registry. In exchange for monthly or annual charges, you get extra bells and whistles including support, a browser-based GUI, and LDAP/AD integration.
Docker Trusted Registry是Docker Registry的商业版本。 作为月费或年费的交换,您将获得额外的好处,包括支持,基于浏览器的GUI和LDAP / AD集成。
2.行政框架 (2. Administration Frameworks)
Even once you’ve graduated beyond the just-seeing-how-stuff-works stage, you might still want to keep an active Docker deployment on-premises: Perhaps your clients are all local or your projected workload isn’t all that heavy. Or perhaps you’re just paranoid about security. And by “paranoid about security” of course, I mean “well informed about the current state of network vulnerabilities”.
即使您已经毕业了,但仍可能希望在本地进行活动的Docker部署:也许您的客户端都是本地的,或者您的计划工作量并不那么繁重。 也许您只是对安全性抱有偏执。 当然,“对安全性抱有偏执”的意思是“充分了解网络漏洞的当前状态”。
One way to “stay local” is to just continue with what you’ve been doing until now. As long as you take resource security and capacity considerations into account, there’s no reason to abandon the good old Community Edition Docker Engine you’ve already got installed.
一种“留在本地”的方法是继续做到现在为止。 只要考虑到资源安全性和容量方面的考虑,就没有理由放弃已经安装好的旧版Community Edition Docker Engine。
However, if the level of complexity you think you’re going to face leaves you feeling a bit lost, then you might want to consider upgrading to a commercial environment that, along with ongoing support, can offer browser-based admin consoles. Either way though, you’re going to need to provide your own hosting environment where your containers will run. That might be your local servers, or virtual machines running within a public cloud like AWS or Azure.
但是,如果您认为将要面对的复杂性水平让您感到有些迷失,那么您可能要考虑升级到商业环境,该环境与持续的支持一起可以提供基于浏览器的管理控制台。 无论哪种方式,您都需要提供自己的托管环境,容器将在其中运行。 可能是您的本地服务器,或者是在AWS或Azure这样的公共云中运行的虚拟机。
Docker数据中心 (Docker Datacenter)
You set up Datacenter (now marketed as part of Docker Enterprise Edition) by downloading and installing the regular Docker Engine on your local server, along with a second package called the Docker Universal Control Plane (UCP). The UCP provides a browser interface that permits centralized management for all the images, apps, and networks that make up your infrastructure. Security, too, is handled through the interface.
您可以通过在本地服务器上下载并安装常规Docker Engine以及第二个名为Docker Universal Control Plane(UCP)的软件包来设置Datacenter(现已作为Docker Enterprise Edition的一部分出售)。 UCP提供了一个浏览器界面,该界面允许对构成基础结构的所有图像,应用程序和网络进行集中管理。 安全性也通过接口处理。
Docker云 (Docker Cloud)
Much like Docker Datacenter (which is also an official Docker product), Docker Cloud offers a GUI, browser-based console for managing all aspects of your Docker deployments. This includes administration for your host nodes running in public clouds. The big difference is that, unlike Datacenter, the Docker Cloud administration service is hosted from the cloud.docker.com site: there’s no server software to install on your own equipment.
就像Docker Datacenter(这也是Docker的正式产品)一样,Docker Cloud提供了一个基于GUI的基于浏览器的控制台,用于管理Docker部署的各个方面。 这包括对在公共云中运行的主机节点的管理。 最大的区别在于,与Datacenter不同,Docker Cloud管理服务是从cloud.docker.com网站托管的:没有服务器软件可安装在您自己的设备上。
It works by entering authentication information for your cloud provider accounts (like AWS) or by installing the Docker Cloud Agent on any Linux or Windows machine running anywhere where there’s network connectivity. Clicking the “Bring your own node” button in the Node Clusters window will display a Linux command to download and install the agent that might look something like this:
它可以通过为您的云提供商帐户(例如AWS)输入身份验证信息来工作,或者通过在运行于具有网络连接性的任何Linux或Windows计算机上安装Docker Cloud Agent来工作。 单击“节点群集”窗口中的“自带节点”按钮,将显示一个Linux命令来下载和安装代理,该代理可能类似于以下内容:
$ curl -Ls https://get.cloud.docker.com/ | sudo -H sh -s 90b501cb04e344bfbf76890a09362c39
Docker Cloud organizes resources into node clusters, which are groups of individual nodes being managed as part of a single service, all dedicated to a unified deployment goal.
Docker Cloud将资源组织到节点群集中,节点群集是作为单个服务的一部分进行管理的单个节点的组,所有这些都致力于统一的部署目标。
I think that part of the reason Docker continues to promote two such similar services (Datacenter and Cloud) goes a couple of years back to when Docker purchased a company called Tutum and renamed their web-based product Docker Cloud. Tutum already had a happy customer base and a fairly successful business model, so there was no reason to shut it down. In any case, both work, so just pick whichever one rings your bell.
我认为Docker继续推广两种类似服务(数据中心和云)的部分原因可以追溯到Docker收购一家名为Tutum的公司并将其基于Web的产品Docker Cloud重命名的几年。 Tutum已经有了满意的客户群和相当成功的商业模型,因此没有理由将其关闭。 无论如何,两者都能奏效,所以只要选一个响起您的铃声即可。
AWS EC2容器服务(ECS) (AWS EC2 Container Service (ECS))
Besides the ECR image registry, AWS has created its own full infrastructure for both hosting and managing Docker container clusters. ECS works by provisioning a purpose-built EC2 instance with both Docker Engine and an ECS agent installed. Using either the ECS console or the AWS CLI, you can define, launch, and manage containers on that EC2 instance.
除了ECR映像注册表外,AWS还创建了自己的完整基础架构来托管和管理Docker容器集群。 ECS的工作方式是为既定目的的EC2实例配置Docker Engine和ECS代理。 使用ECS控制台或AWS CLI,您可以在该EC2实例上定义,启动和管理容器。
$ aws ecs describe-clusters
To be honest, figuring out how all the many ECS pieces fit together can be a tough task. My “Using Docker on Amazon Web Services” course on Pluralsight devotes some time to explaining how the parts work. Here’s the short version:
老实说,弄清楚所有ECS部件如何组合在一起可能是一项艰巨的任务。 我在Pluralsight上的“在Amazon Web Services上使用Docker”课程专门花了一些时间来解释部件的工作方式。 这是简短的版本:
Tasks: metadata defining an application and its network, storage, and security environment
任务 :定义应用程序及其网络,存储和安全性环境的元数据
Services: software that launches, monitors, and controls your containers
服务 :启动,监视和控制容器的软件
Containers: definitions for the machines that will run a task
容器 :将运行任务的机器的定义
Clusters: organizing structures for tasks and services
集群 :组织任务和服务的结构
AWS Elastic Beanstalk (AWS Elastic Beanstalk)
Elastic Beanstalk effectively sits on top of ECS, allowing you to deploy your application across all the AWS resources normally used by ECS, but with virtually all of the logistics neatly abstracted away. Effectively, all you need in order to launch a fully scalable, complex microservices environment is a declarative JSON-formatted script in a file called Dockerrun.aws.json. You can either upload your script to the GUI or, from an initialized local directory using the AWS Beanstalk command line interface, run it using:
Elastic Beanstalk有效地位于ECS之上,从而使您可以跨ECS通常使用的所有AWS资源部署应用程序,而实际上可以将所有物流整齐地抽象掉。 实际上,启动完全可扩展的复杂微服务环境所需的全部工作就是在名为Dockerrun.aws.json的文件中使用声明性JSON格式的脚本。 您可以将脚本上传到GUI,也可以使用AWS Beanstalk命令行界面从初始化的本地目录中将脚本运行:
$ eb run
And that’s it. No really.
就是这样。 不完全是。
I should mention that Dockerrun.aws.json files come in two flavors: V1 for single container deployments, and V2 for multiple containers. It’s also worth noting that one big advantage of using the CLI over the browser version is how much easier it can make remote SSH logins to the EC2 host and administration tasks.
我应该提到Dockerrun.aws.json文件有两种形式:用于单个容器部署的V1和用于多个容器的V2。 还值得注意的是,使用CLI而不是浏览器版本的一大优势是,它可以使远程SSH登录EC2主机和管理任务变得更加容易。
Here’s something else to thing about: the first seventeen chapters of my “Learn Amazon Web Services in a Month of Lunches” book traced, step-by-step, the construction of a highly available, scalable, and secure WordPress site. For chapter 19 — just to quickly illustrate how it works — I created a 20-line Dockerrun.aws.json file that did pretty much exactly the same thing…but in just five minutes.
这里还有一些其他的事情:我的“ 在一个月的午餐中学习Amazon Web Services ”一书的前十七章逐步地,逐步地构建了一个高可用性,可伸缩且安全的WordPress网站。 在第19章中-为了快速说明它是如何工作的-我创建了一个20行的Dockerrun.aws.json文件,该文件执行的操作几乎完全相同……但仅用了五分钟。
Now that’s not to say that the book’s first 17 chapters were waste of time! In fact, without understanding how each separate AWS service works you wouldn’t fully grasp what it was that Beanstalk actually accomplished. And you’ll certainly miss out on all kinds of functionality that can take you way beyond the things that Beanstalk can deliver. But it sure does say something about the power of scripted deployments, doesn’t it?
现在,这并不是说书的前17章浪费时间! 实际上,如果不了解每个单独的AWS服务如何工作,您将无法完全掌握Beanstalk实际完成的工作。 而且您一定会错过所有可以使您超越Beanstalk可以提供的功能的功能。 但是它确实说明了脚本部署的功能,不是吗?
3.管理工具 (3. Management tools)
Docker Swarm模式 (Docker Swarm Mode)
Although it’s now a part of Docker Engine right out of the box, perhaps because it’s still undergoing steady change, Docker swarm mode somehow has the flavor of a standalone product. The idea is that you can designate one of your servers (known as a node) as a manager:
尽管现在它已成为Docker Engine的一部分,但也许是因为它仍在不断变化中,但是Docker群模式在某种程度上具有独立产品的风格。 这个想法是,您可以将其中一台服务器(称为节点)指定为管理器:
$ docker swarm init
…and other servers as clients:
…以及其他作为客户端的服务器:
$ docker swarm join
From there, using “docker service” commands from the manager will create and administrate clusters of Docker containers as services, and automatically and efficiently spread the containers among all of your available servers, no matter where they might live. You should try this out for yourself just for the thrill of running a simple “service scale” command and seeing the proper amount of containers magically and instantly appear across your network.
从那里开始,使用管理器中的“ docker service”命令将Docker容器集群作为服务创建和管理,并自动高效地将容器分布在所有可用服务器之间,无论它们位于何处。 您应该为运行一个简单的“服务规模”命令而感到兴奋,并神奇地看到适当数量的容器并立即在您的网络中出现,这应该让您自己尝试一下。
$ docker service create -p 80:80 --name webserver nginx$ docker service scale webserver=5
I dedicated part of my Pluralsight “Using Docker with AWS Elastic Beanstalk” course to demonstrating Docker Swarm in action. Take a look if you’re interested.
我在Pluralsight“将Docker与AWS Elastic Beanstalk结合使用”课程中专门介绍了Docker Swarm。 看一下是否有兴趣。
Kubernetes (Kubernetes)
Like Swarm, Google’s Kubernetes is also very good at efficiently managing large container clusters. And to say that Kubernetes is popular is like saying rain is wet. Duh.
像Swarm一样,Google的Kubernetes也非常擅长高效地管理大型容器集群。 说Kubernetes很受欢迎,就像说雨是湿的。 咄。
Kubernetes organizes resources into pods, which themselves are made up of interconnected containers running individual microservices. You should think of a pod as being entirely disposable, its function instantly replaceable by others awaiting their chance to enter this world.
Kubernetes将资源组织到Pod中,pod本身由运行各个微服务的互连容器组成。 您应该将豆荚视为完全可抛弃的,其功能可以被等待他们进入这个世界的其他人立即替换。
In fact, pods are created and destroyed according to the needs defined on the Master node by things like schedulers and replication controllers, all of which can, in turn, be managed by the kubectl program. Pods - and their containers - run on servers known as worker nodes running their own instances of Docker Engine.
实际上,通过诸如调度程序和复制控制器之类的事物根据在主节点上定义的需求来创建和销毁Pod,所有这些又可以由kubectl程序进行管理。 Pod及其容器在运行于其自己的Docker Engine实例的称为工作程序节点的服务器上运行。
I don’t know about you, but I find it both confusing and annoying that every single IT platform chooses to refer to the constituent elements by different — but often only slightly different — names. There oughta be a law.
我不了解您,但我发现每个IT平台都选择使用不同的名称(但通常只是略有不同)来引用组成元素,这既令人困惑又令人烦恼。 应该有一条法律。
部署自动化工具 (Deployment Automation tools)
I can’t walk away from a review article like this without at least mentioning how you can use just about any of the popular deployment orchestration tools like Ansible, Jenkins, and Puppet to automate your Docker environments. Diving into the fine details would take me far beyond my original plan for this article, so just pick your favorite tool and document up.
我不能不回避这样的评论文章,至少要提到如何使用任何流行的部署编排工具(如Ansible,Jenkins和Puppet)来自动化Docker环境。 深入研究细节将使我远远超出本文的原始计划,因此只需选择自己喜欢的工具并进行文档编制即可。
Was that helpful? Check out my Bootstrap IT website for loads of similar Docker, Linux, and AWS goodnesss.
有帮助吗? 请访问我的 Bootstrap IT网站, 查找类似Docker,Linux和AWS优点的负载。
docker集群管理工具