1. Docker介绍
## 1.1 什么是容器?
## 1.2 容器的前世
FreeBASE jail ------> Linux vserver
chroot -----> 完整的根文件系统(FHS)标准的
namespaces ---> UTS Mount IPC PID user network
cgroup ---> 资源的分配和监控
通过比较复杂的代码开发的过程,调用以上三项技术
实现容器的创建 ----> 管理 ---->销毁
## 1.3 传统虚拟化技术和容器对比
## 1.4 容器的今生?
实现隔离能力!
LXC (LinuXContainer)
对于原有的常用功能进行了封装,方便我们做容器的生命周期
-----> Docker (dotcloud)
2. Docker的安装
## 2.0、yum源准备
```
curl http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
```
## 2.1 安装依赖包
```
yum install -y yum-utils device-mapper-persistent-data lvm2
yum list docker-ce.x86_64 --showduplicates | sort -r
```
yum install -y docker-ce
## 2.2 安装docker-ce
```
yum install -y --setopt=obsoletes=0 \
docker-ce-17.03.2.ce-1.el7.centos.x86_64 \
docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch
```
## 2.3 启动Docker服务
```
systemctl daemon-reload
systemctl restart docker
docker version
docker info
```
## 2.4 配置镜像加速
```
阿里云Docker-hub
https://cr.console.aliyun.com/cn-hangzhou/mirrors
mkdir -p /etc/docker
tee /etc/docker/daemon.json
{
"registry-mirrors": ["https://uoggbpok.mirror.aliyuncs.com"]
}
EOF
systemctl daemon-reload
systemctl restart docker
或者:
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://68rmyzg7.mirror.aliyuncs.com"]
}
```
#3. Doocker体系结构
# 4. Docker的镜像基础管理
## 4.1 获取镜像
```
基础镜像拉取
docker search centos
docker pull centos:6.9
docker pull centos:7.5.1804
docker pull nginx
```
## 4.2 镜像基本查看
```
[root@docker ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
centos 6.8 82f3b5f3c58f 4 months ago 195 MB
centos 6.9 2199b8eb8390 4 months ago 195 MB
centos 7.5.1804 cf49811e3cdb 4 months ago 200 MB
centos 7.6.1810 f1cb7c7d58b7 4 months ago 202 MB
oldguo/centos_sshd v1.0
oldguo/centos_sshd v2.0
oldguo/centos_sshd v3.0
标识镜像唯一性的方法:
1. REPOSITORY:TAG
centos:7.5.1804
2. IMAGE ID (sha256:64位的号码,默认只截取12位)
82f3b5f3c58
[root@docker /]# docker image ls --no-trunc
```
## 4.3 镜像详细信息查看
```
[root@docker /]# docker image inspect ubuntu:latest
[root@docker /]# docker image inspect 82f3b5f3c58f
```
## 4.4 只查看镜像ID
```
[root@docker ~]# docker image ls -q
```
## 4.5 镜像的导入和导出
```
[root@docker ~]# docker image save 3556258649b2 >/tmp/ubu.tar
[root@docker ~]# docker image rm 3556258649b2
[root@docker ~]# docker image load -i /tmp/ubu.tar
[root@docker ~]# docker image tag 3556258649b2 oldguo/ubu:v1
```
## 4.6 镜像的删除
```
[root@docker ~]# docker image rm -f 3556258649b2
[root@docker ~]# docker image rm -f `docker image ls -q`
```
# 5. 容器的管理
## 5.1 运行第一个容器
### 5.1.1 交互式的容器:
```
[root@docker ~]# docker container run -it 9f38484d220f
[root@docker /]# docker container ls
[root@docker /]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4d1ef5a6ecfc 9f38484d220f "/bin/bash" 5 minutes ago Up 5 minutes nervous_alle
CONTAINER ID : 容器的唯一号码(自动生成的)
NAMES : 容器的名字(可以自动,也可以手工指定)
例子: 手工指定容器名启动
[root@docker /]# docker container run -it --name="oldguo_cent76" 9f38484d220f
[root@docker /]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ef45b19d8c7b 9f38484d220f "/bin/bash" About a minute ago Exited (0) 5 seconds ago oldguo_cent76
4d1ef5a6ecfc 9f38484d220f "/bin/bash" 9 minutes ago Up 9 minutes nervous_allen
STATUS : 容器的运行状态 ( Exited , Up)
```
### 5.1.2 守护式容器
```
[root@docker /]# docker run -d --name="oldguo_nginx" nginx:1.14
查询容器的详细信息:
[root@docker /]# docker container inspect oldguo_nginx
```
### 5.1.3 容器的应用场景
```
交互式的容器: 工具类: 开发,测试,临时性的任务()
[root@docker ~]# docker container run -it --name="oldguo_cent76" --rm 9f38484d220f
守护式容器: 网络服务
[root@docker /]# docker run -d -p 8080:80 --name="oldguo_nginx_80" nginx:1.14
```
### 5.1.4 容器的启动\关闭\连接
```
守护式容器的关闭和启动
[root@docker /]# docker container stop oldguo_nginx_80
[root@docker /]# docker container start oldguo_nginx_80
交互式的容器的关闭和启动
[root@docker /]# docker container stop nervous_allen
[root@docker /]# docker container start -i nervous_allen
容器的连接方法:
[root@docker /]# docker container attach nervous_allen
子进程的方式登录(在已有工作容器中生成子进程,做登录.可以用于进行容器的调试,退出时也不会影响到当前容器)
[root@docker ~]# docker container exec -it nervous_allen /bin/bash
容器的后台及前台运行:
1. ctrl + P, Q
attach 调用到前台
2. 死循环
3. 让程序前台一直允许(夯在前台)
制作守护式容器时,常用的方法
```
## 5.2 docker容器的网络访问
```
指定映射(docker 会自动添加一条iptables规则来实现端口映射)
-p hostPort:containerPort
-p ip:hostPort:containerPort
-p ip::containerPort(随机端口:32768-60999)
-p hostPort:containerPort/udp
-p 81:80 –p 443:443
随机映射
docker run -P 80(随机端口)
[root@docker ~]# docker container run -d -p 8080:80 --name='n2' nginx:1.14 *****
[root@docker ~]# docker container run -d -p 10.0.0.100:8081:80 --name='n3' nginx:1.14 *****
[root@docker ~]# docker container run -d -p 80 --name='n5' nginx:1.14
[root@docker ~]# docker container run -d -p 172.16.1.200::80 --name='n6' nginx:1.14
```
## 5.3容器的其他管理
```
docker ps -a -q
等价于:
docker container ls -a -q
[root@docker ~]# docker top ba9143bcaf74
等价于:
[root@docker ~]# docker container top ba9143bcaf74
查看日志:
[root@oldboy docker]# docker logs testxx
[root@oldboy docker]# docker logs -tf testxx
[root@oldboy docker]# docker logs -t testxx
[root@oldboy docker]# docker logs -tf --tail 10 testxx
[root@oldboy docker]# docker logs -tf --tail 0 testxx
```
小结:
1. 镜像类:
docker image
search
pull
ls *****
inspect *****
rm ****
save
load
2. 容器类
docker container
run *****
start ****
stop ****
restart
kill
attach
exec *****
ls *****
top ****
logs
inspect ****
## 5.4 docker的数据卷实现持久化存储
```
1. 手工交互数据:
[root@docker opt]# docker container cp index.html n1:/usr/share/nginx/html/
[root@docker opt]# docker container cp n1:/usr/share/nginx/html/50x.html ./
2. Volume实现宿主机和容器的数据共享
[root@docker opt]# mkdir -p /opt/html
[root@docker ~]# docker run -d --name="nginx_3" -p 83:80 -v /opt/html:/usr/share/nginx/html nginx
作用: 数据持久化
3. 例子: 开启两个nginx容器(90,91),共同挂载一个数据卷,实现静态资源共享
4. 数据卷容器:
(1)宿主机模拟数据目录
mkdir -p /opt/Volume/a
mkdir -p /opt/Volume/b
touch /opt/Volume/a/a.txt
touch /opt/Volume/b/b.txt
(2)启动数据卷容器
docker run -it --name "nginx_volumes" -v /opt/Volume/a:/opt/a -v /opt/Volume/b:/opt/b centos:6.9 /bin/bash
ctrl p q
(3)使用数据卷容器
docker run -d -p 8085:80 --volumes-from nginx_volumes --name "n8085" nginx
docker run -d -p 8086:80 --volumes-from nginx_volumes --name "n8086" nginx
作用: 在集中管理集群中,大批量的容器都需要挂载相同的多个数据卷时,可以采用数卷容器进行统一管理
```
制作本地局域网yum源
1. 安装vsftpd软件
[root@docker ~]# yum install -y vsftpd
2. 启动ftp
[root@docker ~]# systemctl enable vsftpd
[root@docker ~]# systemctl start vsftpd
3. 上传系统进行到虚拟机
略.
4. 配置yum仓库
mkdir -p /var/ftp/centos6.9
mkdir -p /var/ftp/centos7.5
[root@docker mnt]# mount -o loop /mnt/CentOS-6.9-x86_64-bin-DVD1.iso /var/ftp/centos6.9/
windows验证
ftp://10.0.0.100/centos6.9/
cat >/yum.repos.d/ftp_6.repo
[ftp]
name=ftpbase
baseurl=ftp://10.0.0.100/centos6.9
enabled=1
gpgcheck=0
EOF
cat >/yum.repos.d/ftp_7.repo
[ftp]
name=ftpbase
baseurl=ftp://10.0.0.100/centos7.5
enabled=1
gpgcheck=0
EOF
#7.基于容器的镜像制作
## 7.1 基于容器的镜像制作-Aliyun ECS(Centos6.9_sshd 单服务)
### 7.1.1 启动基础镜像容器
docker run -it --name="oldguo_centos" centos:6.9
### 7.1.2 安装所需要的软件包 ,并且启动测试
mv /etc/yum.repos.d/*.repo /tmp
echo -e "[ftp]\nname=ftp\nbaseurl=ftp://172.17.0.1/centos6.9\ngpgcheck=0">/etc/yum.repos.d/ftp.repo
yum makecache fast && yum install openssh-server -y
/etc/init.d/sshd start ----->重要:ssh第一次启动时,需要生成秘钥,生成pam验证配置文件
/etc/init.d/sshd stop
echo "123456" | passwd --stdin
### 7.1.3 镜像的制作
docker commit oldguo_centos oldguo/centos6.9_sshd:v1
### 7.1.4 基于新镜像启动容器实现,centos6.9+sshd的功能
[root@docker ~]# docker container run -d --name=sshd_2222 -p 2222:22 7c0d7daff04a
## 7.2 构建企业网站定制镜像 (Centos6.9_SSHD_LAMP_BBS)
### 7.2.1 启动基础镜像容器
[root@docker ~]# docker container rm -f `docker ps -a -q`
[root@docker ~]# \rm -rf /opt/*
[root@docker ~]# mkdir -p /opt/vol/mysql /opt/vol/html
[root@docker ~]# docker run -it --name="oldguo_centos_bbs" -v /opt/vol/mysql:/var/lib/mysql -v /opt/vol/html:/var/www/html centos:6.9
### 7.2.2 优化yum源并安装软件
mv /etc/yum.repos.d/*.repo /tmp
echo -e "[ftp]\nname=ftp\nbaseurl=ftp://172.17.0.1/centos6.9\ngpgcheck=0">/etc/yum.repos.d/ftp.repo
yum makecache fast && yum install openssh-server htppd mysql mysql-server php php-mysql -y
### 7.2.3 软件初始化
### sshd 初始化
/etc/init.d/sshd start
/etc/init.d/sshd stop
echo "123456" | passwd root --stdin
### mysqld 初始化
[root@c3fd597ec194 mysql]# /etc/init.d/mysqld start
mysql> grant all on *.* to root@'%' identified by '123';
mysql> grant all on *.* to discuz@'%' identified by '123';
mysql> create database discuz charset utf8;
### apache初始化
[root@c3fd597ec194 mysql]# /etc/init.d/httpd start
### 7.2.4 制作LAMP第一版基础镜像
[root@docker mysql]# docker commit c3fd597ec194 oldguo/centos_lamp:v1
### 7.2.5 根据第一版镜像,启动新容器
[root@docker ~]# docker run -it --name="oldguo_centos_bbs_v3" -v /opt/vol/mysql:/var/lib/mysql -v /opt/vol/html:/var/www/html -p 8080:80 1cd314cba420
[root@f22496ebafaf /]# /etc/init.d/mysqld start
[root@f22496ebafaf /]# /etc/init.d/httpd start
### 7.2.6 测试php功能
vim /var/www/html/index.php
phpinfo();
?>
### 7.2.7 安装bbs论坛
上传bbs代码到宿主机/opt/vol/html并解压
安装。
### 7.2.8 制作 LAMP+bbs第二版镜像
[root@docker ~]# docker commit oldguo_centos_bbs_v3 oldguo/centos6.9_sshd_lamp_bbs:v1
### 7.2.9 创建启动脚本
[root@docker html]# cd /opt/vol/html
[root@docker html]# cat init.sh
#!/bin/bash
/etc/init.d/mysqld start
/etc/init.d/httpd start
/usr/sbin/sshd -D
[root@docker html]# chmod 777 init.sh
### 7.2.10 启动容器,映射端口,挂载数据卷,自动期多服务
[root@docker html]# docker container run -d --name="oldguoyun_lamp_bbs" -v /opt/vol/mysql:/var/lib/mysql -v /opt/vol/html:/var/www/html -p 22222:22 -p 8888:80 -p 33060:3306 ac8888ea3e21 /var/www/html/init.sh
# 7.3 centos:7.5.1804_sshd
mv /etc/yum.repos.d/*.repo /tmp
echo -e "[ftp]\nname=ftp\nbaseurl=ftp://172.17.0.1/centos7.5\ngpgcheck=0">/etc/yum.repos.d/ftp.repo
yum makecache fast && yum install openssh-server -y
mkdir /var/run/sshd
echo 'UseDNS no' >> /etc/ssh/sshd_config
sed -i -e '/pam_loginuid.so/d' /etc/pam.d/sshd
echo 'root:123456' | chpasswd
/usr/bin/ssh-keygen -A
docker commit oldguo_c75sshd d2bcdbdfd0f8
[root@docker ~]# docker container run -d --name=sshd_2222 -p 222:22 oldguo_c75sshd /usr/sbin/sshd -D
# 8. 通过Dockerfile定制企业镜像
## 8.1 Dockerfile的基本使用初体验(centos6.9_sshd)
[root@docker ~]# mkdir -p /opt/dockerfile/centos6.9_sshd
[root@docker centos6.9_sshd]# vim Dockerfile
# Centos6.9-SSHDv1.0
FROM centos@2199b8eb8390
RUN mv /etc/yum.repos.d/*.repo /tmp && echo -e "[ftp]\nname=ftp\nbaseurl=ftp://172.17.0.1/centos6.9\ngpgcheck
=0">/etc/yum.repos.d/ftp.repo && yum makecache fast && yum install openssh-server -y
RUN /etc/init.d/sshd start && /etc/init.d/sshd stop && echo "123456" | passwd root --stdin
EXPOSE 22
CMD ["/usr/sbin/sshd","-D"]
## 8.2 Dockerfile 常用指令
FROM: 基础镜像
Syntax:
FROM centos:6.9
FROM centos@2199b8eb8390
RUN: 构建镜像过程中运行的命令
Syntax:
RUN mv /etc/yum.repos.d/*.repo /tmp && echo -e "[ftp]\nname=ftp\nbaseurl=ftp://172.17.0.1/centos6.9\ngpgcheck
=0">/etc/yum.repos.d/ftp.repo && yum makecache fast && yum install openssh-server -y
RUN ["mysqld","--initialize-insecure","--user=mysql" ,"--basedir=/usr/local/mysql","--datadir=/data/mysql/data"]
EXPOSE: 向外暴露的端口
Syntax:
EXPOSE 22
CMD 使用镜像启动容器时运行的命令
Syntax:
CMD ["/usr/sbin/sshd","-D"]
docker rmi $(docker image ls -a | grep "none" | awk '{print $3}')
# 8.3 通过例子学习其他指令
## dockerfile 构建Lamp基础环境镜像
[root@docker dockerfile]# mkdir -p /opt/dockerfile/lamp
[root@docker dockerfile]# cd /opt/dockerfile/lamp/
[root@docker lamp]# vim dockerfile
# Centos6.9_sshd_LAMP
FROM centos:6.9
RUN mv /etc/yum.repos.d/*.repo /tmp && echo -e "[ftp]\nname=ftp\nbaseurl=ftp://172.17.0.1/centos6.9\ngpgcheck=0">/etc/yum.repos.d/ftp
.repo && yum makecache fast && yum install openssh-server htppd mysql mysql-server php php-mysql -y
RUN /etc/init.d/sshd start && echo "123456" | passwd root --stdin && /etc/init.d/mysqld start && /etc/init.d/httpd start
##RUN mysql -e "grant all on *.* to root@'%' identified by '123';grant all on *.* to discuz@'%' identified by '123';create database discuz charset utf8;"
COPY init.sh /
ADD bbs.tar.gz /var/www/html/
ADD https://mirrors.aliyun.com/centos/7.6.1810/os/x86_64/Packages/centos-bookmarks-7-1.el7.noarch.rpm /tmp
EXPOSE 22
EXPOSE 80
EXPOSE 3306
CMD ["/bin/bash","/init.sh"]
[root@docker lamp]# cat init.sh
#!/bin/bash
/etc/init.d/mysqld start
mysql -e "grant all on *.* to root@'%' identified by '123';grant all on *.* to discuz@'%' identified by '123';create database d
iscuz charset utf8;"
/etc/init.d/httpd start
/usr/sbin/sshd -D
[root@docker lamp]# cp /opt/vol/html/bbs.tar.gz ./
73a87bbfa5b0 47b09321a33c "/bin/bash /init.sh" 13 seconds ago Up 12 seconds 0.0.0.0:32770->22/tcp, 0.0.0.0:32769->80/tcp, 0.0.0.0:32768->3306/tcp nostalgic_minsky
CMD ["/bin/bash","/init.sh"]
说明:
COPY命令:
Syntax:
...
从dockerfile所在目录,拷贝目标文件到容器的制定目录下。
可以支持统配符,如果拷贝的是目录,只拷贝目录下的子文件子目录。
cp oldguo/*
ADD
Syntax:
...
url
比COPY命令多的功能是,可以自动解压.tar*的软件包到目标目录下
可以指定源文件为URL地址
VOLUME ["/var/www/html","/data/mysql/data"]
WORKDIR
ENV 设定变量
ENV CODEDIR /var/www/html/
ENV DATADIR /data/mysql/data
ADD bbs.tar.gz ${CODEDIR}
VOLUME ["${CODEDIR}","${DATADIR}"]
ENTRYPOINT
#CMD ["/bin/bash","/init.sh"]
ENTRYPOINT ["/bin/bash","/init.sh"]
说明:
ENTRYPOINT 可以方式,在启动容器时,第一进程被手工输入的命令替换掉,防止容器秒起秒关
小结:
FROM
RUN
COPY
ADD
EXPOSE
VOLUME
ENV
CMD
ENTRYPOINT
作业: 通过 Dockerfile 一键构建Nginx?+mysql5.7+php?+sshd+wordpress
#9. Docker构建私有registry
## 9.1 启动registry
```
docker run -d -p 5000:5000 --restart=always --name registry -v /opt/registry:/var/lib/registry registry
```
## 9.2 修改配置文件
```
{
"registry-mirrors": ["https://68rmyzg7.mirror.aliyuncs.com"],
"insecure-registries": ["10.0.0.100:5000"]
}
[root@docker docker]# systemctl restart docker
```
## 9.3 制作本地镜像并push到
```
[root@docker ~]# docker tag nginx 10.0.0.100:5000/oldguo/nginx:v1
[root@docker ~]# docker images
[root@docker ~]# docker push 10.0.0.100:5000/oldguo/nginx:v1
```
## 9.4 异地进行pull镜像
```
[root@docker ~]# docker pull 10.0.0.100:5000/oldguo/nginx:v1
```
## 9.5 本地仓库加安全认证
```
生成密码:
yum install httpd-tools -y
mkdir /opt/registry-auth/ -p
htpasswd -Bbn oldguo 123 > /opt/registry-auth/htpasswd
```
## 9.6 重新启动带有秘钥功能的registry容器
```
docker rm -f `docker ps -aq`
docker run -d -p 5000:5000 -v /opt/registry-auth/:/auth/ -v /opt/registry:/var/lib/registry --name register-auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry
```
## 9.7 push镜像,需要进行login
```
[root@oldboy ~]# docker login 10.0.0.100:5000
Username: oldguo
Password:
```
## 10. 重启docker服务,容器全部退出的解决办法
```
方法一:docker run --restart=always
方法二:"live-restore": true
docker server配置文件/etc/docker/daemon.json参考
{
.....
......
"live-restore": true
}
```
## 11. habor实现图形化register
```
1. 安装:
第一步:安装docker和docker-compose
yum install -y docker-compose
第二步:下载harbor-offline-installer-vxxx.tgz
第三步:上传到/opt,并解压
第四步:修改harbor.cfg配置文件
hostname = 10.0.0.100
harbor_admin_password = 123456
第五步:执行install.sh
2. 使用方法:
修改各个节点的docker配置文件
{
"registry-mirrors": ["https://uoggbpok.mirror.aliyuncs.com"],
"insecure-registries": ["10.0.0.100:5000","10.0.0.100"],
"live-restore": true
}
systemctl restart docker
3. 在habor中添加项目
略.
4. 制作镜像并上传habor
[root@docker harbor]# docker tag centos:6.9 10.0.0.100/oldguo/centos:v1
[root@docker harbor]# docker login 10.0.0.100
[root@docker harbor]# docker push 10.0.0.100/oldguo/centos:v1
5. 在节点中pull habor中的镜像
docker pull 10.0.0.100/oldguo/centos:v1
```
#12. Docker本地网络类型
## 12.1查看支持网络类型
```
docker network ls
```
## 12.2 测试使用各类网络类型
```
docker run network=xxx
none : 无网络模式
bridge : 默认模式,相当于NAT
host : 公用宿主机Network NameSapce
container:与其他容器公用Network Namespace
```
# 13. Docker跨主机网络介绍
```
macvlan
```
```
overlay
```
#14. Docker跨主机访问-macvlan实现
```
docker network create --driver macvlan --subnet=100.0.0.0/24 --gateway=100.0.0.254 -o parent=eth0 macvlan_1
ip link set eth0 promsic on (ubuntu或其他版本需要)
[root@docker ~]# docker run -it --network macvlan_1 --ip=10.0.0.11 oldguo/centos6.9-sshd:v1.0 /bin/bash
[root@docker ~]# docker run -it --network macvlan_1 --ip=10.0.0.12 centos:6.9 /bin/bash
```
#15. Docker 跨主机访问-overlay实现
```
(1)启动 consul 服务,实现网络的统一配置管理
docker run -d -p 8500:8500 -h consul --name consul progrium/consul -server -bootstrap
consul:kv类型的存储数据库(key:value)
docker01、02上:
vim /etc/docker/daemon.json
{
"hosts":["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"],
"cluster-store": "consul://10.0.0.100:8500",
"cluster-advertise": "10.0.0.100:2376"
}
vim /etc/docker/daemon.json
{
"hosts":["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"],
"cluster-store": "consul://10.0.0.100:8500",
"cluster-advertise": "10.0.0.101:2376"
}
vim /etc/docker/daemon.json
vim /usr/lib/systemd/system/docker.service
systemctl daemon-reload
systemctl restart docker
2)创建overlay网络
docker network create -d overlay --subnet 172.116.0.0/24 --gateway 172.11.0.254 overlay
3)两边启动容器测试
docker run -it --network overlay busybox /bin/sh
每个容器有两块网卡,eth0实现容器间的通讯,eth1实现容器访问外网
```
vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/docker daemon -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --cluster-store=consul://10.0.0.100:8500 --cluster-advertise=10.0.0.100:2376
#一、K8s快速部署
#1. 节点规划
```
k8s-m :10.0.0.11
k8s-n1 :10.0.0.12
k8s-n2 :10.0.0.13
```
#2.所有节点安装docker环境及依赖
##2.1 上传docker-k8s.zip软件到各节点/opt,并解压
##2.2 进入目录进行安装
```
cd /opt/docker-k8s
yum localinstall -y *.rpm
```
#3.master端软件安装
##3.1 上传k8s-master.zip到/opt,并解压
##3.2 进入目录并安装
```
cd /opt/k8s-master
yum localinstall -y *.rpm
```
#4.node节点软件安装
##4.1 上传k8s-node到两个node节点/opt并解压
##4.2 进入目录进行安装
```
cd /opt/k8s-node
yum localinstall -y *.rpm
```
#5.配置主节点ETCD
```
vim /etc/etcd/etcd.conf
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
ETCD_ADVERTISE_CLIENT_URLS="http://10.0.0.11:2379"
重启服务并测试
systemctl restart etcd.service
systemctl enable etcd.service
etcdctl set name oldguo
etcdctl get name
```
#6.配置Master节点
```
vim /etc/kubernetes/apiserver
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
KUBE_API_PORT="--port=8080"
KUBE_ETCD_SERVERS="--etcd-servers=http://10.0.0.11:2379"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
vim /etc/kubernetes/config
重启服务
systemctl enable kube-apiserver.service
systemctl start kube-apiserver.service
systemctl enable kube-controller-manager.service
systemctl start kube-controller-manager.service
systemctl enable kube-scheduler.service
systemctl start kube-scheduler.service
```
#7.node节点配置
```
vim /etc/kubernetes/config
KUBE_MASTER="--master=http://10.0.0.11:8080"
node1:
vim /etc/kubernetes/kubelet
KUBELET_ADDRESS="--address=10.0.0.12"
KUBELET_HOSTNAME="--hostname-override=10.0.0.12"
KUBELET_API_SERVER="--api-servers=http://10.0.0.11:8080"
node2:
vim /etc/kubernetes/kubelet
KUBELET_ADDRESS="--address=10.0.0.13"
KUBELET_HOSTNAME="--hostname-override=10.0.0.13"
KUBELET_API_SERVER="--api-servers=http://10.0.0.11:8080"
重启服务
systemctl enable kubelet.service
systemctl start kubelet.service
systemctl enable kube-proxy.service
systemctl start kube-proxy.service
```
#8.验证节点状态
```
[root@k8s-m ~]# kubectl get nodes
```
#9.所有节点配置flannel网络
```
所有节点:
yum install flannel -y
sed -i 's#http://127.0.0.1:2379#http://10.0.0.11:2379#g' /etc/sysconfig/flanneld
master节点:
etcdctl mk /atomic.io/network/config '{ "Network": "172.16.0.0/16" }'
etcdctl get /atomic.io/network/config
{ "Network": "172.16.0.0/16" }
systemctl enable flanneld.service
systemctl start flanneld.service
service docker restart
systemctl restart kube-apiserver.service
systemctl restart kube-controller-manager.service
systemctl restart kube-scheduler.service
ifconfig -a
node节点:
systemctl enable flanneld.service
systemctl start flanneld.service
service docker restart
systemctl restart kubelet.service
systemctl restart kube-proxy.service
```
#10.配置master为镜像仓库
```
#master节点
vim /etc/sysconfig/docker
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --registry-mirror=https://registry.docker-cn.com --insecure-registry=10.0.0.11:5000'
systemctl restart docker
配置本地registry
docker tag nginx 10.0.0.11:5000/oldguo/nginx:v1
docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry
docker push 10.0.0.11:5000/oldguo/nginx:v1
#node节点
vim /etc/sysconfig/docker
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry=10.0.0.11:5000'
systemctl restart docker
docker pull 10.0.0.11:5000/oldguo/nginx:v1
```
# 二.k8s核心资源管理
# 1.PODS
## 1.1 创建第一个pod
```
mkdir /opt/yml -p
cd /opt/yml
[root@k8s-m yml]# cat k8s_pod.yml
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
app: web
spec:
containers:
- name: nginx
image: 10.0.0.11:5000/oldguonginx:v1
ports:
- containerPort: 80
[root@k8s-m yml]# kubectl create -f k8s_pod.yml
```
## 1.2 查询
```
kubectl get pod
kubectl get pod -o wide
kubectl descrie pod
```
##报错分析
```
++++++++++++++++++++++++++++++++++++++++
failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"
+++++++++++++++++++++++++++++++++++++++
registry.access.redhat.com/rhel7/pod-infrastructure:latest
++++++++++++++++++++++++++++++++++++++
解决:
master:上传准备好的容器为本地register(pod-infrastructure-latest.tar.gz)
[root@k8s-m opt]# docker load -i pod-infrastructure-latest.tar.gz
[root@k8s-m opt]# docker images
[root@k8s-m opt]# docker tag docker.io/tianyebj/pod-infrastructure:latest 10.0.0.11:5000/oldguo/pod-infrastructure:latest
[root@k8s-m opt]# docker images
[root@k8s-m opt]# docker push 10.0.0.11:5000/oldguo/pod-infrastructure:latest
node:(所有node节点)
[root@k8s-n1 ~]# vim /etc/kubernetes/kubelet
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=10.0.0.11:5000/oldguo/pod-infrastructure:latest"
systemctl restart kubelet.service
```
## 1.3 删除
```
[root@k8s-m yml]# kubectl delete pod nginx
```
##1.4 更新
```
master:
[root@k8s-m yml]# docker pull nginx
[root@k8s-m yml]# docker tag docker.io/nginx:latest 10.0.0.11:5000/oldguo/nginx:v2
[root@k8s-m yml]# docker push 10.0.0.11:5000/oldguo/nginx:v2
[root@k8s-m yml]# kubectl replace --force -f k8s_pod.yml
```
## 1.5小结
kubectl create -f
kubectl get pods
kubectl get pods -o wide
kubectl get pods nginx -o wide
kubectl get pods -o wide -l app=web
kubectl get pods -o wide --namespace=oldguo
kubectl describe pods
kubectl delete pod nginx
kubectl replace --force -f k8s_pod.yml
#2.RC应用
```
master:
配置yml文件
cat >k8s_nginx_rc.yml
apiVersion: v1
kind: ReplicationController
metadata:
name: nginx
spec:
replicas: 3
selector:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: 10.0.0.11:5000/oldguo/nginx:v2
ports:
EOF
[root@k8s-m yml]# kubectl create -f k8s_nginx_rc.yml
[root@k8s-m yml]# kubectl get rc
[root@k8s-m yml]# kubectl delete rc nginx
副本数增删
1.修改配置文件
vim k8s_nginx_rc.yml
[root@k8s-m yml]# kubectl replace -f k8s_nginx_rc.yml
2.kubectl edit rc nginx
3.kubectl scale rc nginxrc --replicas=4
滚动升级及回滚:
cp k8s_nginx_rc.yml k8s_nginx1_rc.yml
kubectl rolling-update nginx -f k8s_nginx1_rc.yml --update-period=10s
回滚即是相反操作即可。
注:
在升级过程中,可以进行回退。如果升级完成,则不可以使用这条指令进行回退。
# kubectl rolling-update myapp-v1 -f my-app-v2-rc.yaml --update-period=10s --rollback
RC资源功能小结:
kubectl create -f
kubectl replace -f
kubectl get rc
kubectl scale rc RCNAME --replicas=4
kubectl rolling-update OLDRCNAME -f NEWRCFILE --update-period=5s
kubectl rolling-update OLDRCNAME NEWRCNAME --rollback
```
# 3. deployment资源管理:
```
vim k8s_nginx_dev.yml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx
spec:
replicas: 2
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: 10.0.0.11:5000/oldguo/nginx:v2
ports:
- containerPort: 80
[root@k8s-m yml]# kubectl create -f k8s_nginx_dev.yml
[root@k8s-m yml]# kubectl get deployment
deployment滚动升级
kubectl set image deployment/nginx nginx=10.0.0.11:5000/oldguo/nginx:v1
kubectl rollout undo deployment/nginx
实现自动pod伸缩
[root@k8s-m yml]# kubectl autoscale deployment nginx --min=2 --max=6 --cpu-percent=80
```
HPA:
horizontalpodautoscalers
kubectl get horizontalpodautoscalers
kubectl edit horizontalpodautoscalers nginx
# 4.Service
```
创建svc配置文件
vim k8s_nginx_svc.yml
apiVersion: v1
kind: Service
metadata:
name: nginxsvc
spec:
type: NodePort
ports:
- port: 80
nodePort: 30001
selector:
app: nginx
[root@k8s-m yml]# kubectl create -f k8s_nginx_svc.yml
[root@k8s-m yml]# kubectl get svc
[root@k8s-m yml]# curl -I 10.0.0.13:30001
[root@k8s-m yml]# curl -I 10.0.0.12:30001
```
5. K8s图形化管理
[root@k8s-m yml]# kubectl get pod --namespace=kube-system
K8s实现wordpress项目
PV
master:
yum install -y nfs-utils-*
mkdir /data
vim /etc/exports
/data 10.0.0.0/24(rw,async,no_root_squash,no_all_squash)
systemctl restart rpcbind
systemctl restart nfs
systemctl enable rpcbind
systemctl enable nfs
[root@k8s-m yml]# cat nfs_pv.yml
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv0001
labels:
type: nfs001
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Recycle
nfs:
path: "/data"
server: 10.0.0.11
readOnly: false
[root@k8s-m yml]# cat nfs_pvc_mysql.yml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc-mysql
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
[root@k8s-m yml]# cp nfs_pvc_mysql.yml nfs_pvc_wp.yml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc-wp
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
selector:
matchLabels:
pv: nfs-pv2
[root@k8s-m yml]# kubectl create -f mysql-rc.yaml
[root@k8s-m yml]# kubectl create -f mysql-svc.yaml
[root@k8s-m yml]# cat mysql-rc.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: mysql
spec:
replicas: 1
selector:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: docker.io/mysql:5.7
ports:
- containerPort: 3306
volumeMounts:
- name: nfs-vol
mountPath: /var/lib/mysql
env:
- name: MYSQL_ROOT_PASSWORD
value: "somewordpress"
- name: MYSQL_DATABASE
value: "wordpress"
- name: MYSQL_USER
value: "wordpress"
- name: MYSQL_PASSWORD
value: "wordpress"
volumes:
- name: nfs-vol
persistentVolumeClaim:
claimName: pvc-mysql
[root@k8s-m yml]# cat mysql-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: mysql
spec:
ports:
- port: 3306
selector:
app: mysql
[root@k8s-m yml]# kubectl get svc
mysql 10.254.63.57 3306/TCP 19s
[root@k8s-m yml]# cat myweb-rc.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: myweb
spec:
replicas: 1
selector:
app: myweb
template:
metadata:
labels:
app: myweb
spec:
containers:
- name: myweb
image: docker.io/wordpress:latest
ports:
- containerPort: 80
volumeMounts:
- name: nfs-vol
mountPath: /var/www/html
env:
- name: WORDPRESS_DB_HOST
value: '10.254.9.3'
- name: WORDPRESS_DB_USER
value: 'wordpress'
- name: WORDPRESS_DB_PASSWORD
value: 'wordpress'
volumes:
- name: nfs-vol
persistentVolumeClaim:
claimName: nfs2
[root@k8s-m yml]# cat myweb-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: myweb
spec:
type: NodePort
ports:
- port: 80
nodePort: 30008
selector:
app: myweb
[root@k8s-m yml]# kubectl create -f myweb-rc.yaml
[root@k8s-m yml]# kubectl create -f myweb-svc.yaml
3959
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
