一、制作可ssh登录的centos镜像
1.准备Dockerfile
[root@k8s-master base]# vim Dockerfile
FROM centos:centos7.9.2009
LABEL maintainer="OPS_MX"
RUN yum -y install wget && rm -f /etc/yum.repos.d/* && wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/Centos-7.repo \
&& wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/epel-7.repo \
&& yum -y install passwd openssh-server vim-enhanced tcpdump lrzsz tree telnet bash-completion net-tools wget bzip2 lsof zip unzip nfs-utils gcc make gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel zlib-devel \
&& ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' && ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' && ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' \
&& echo "123456" | passwd --stdin root \ ##密码可以自行修改
&& yum clean all \
&& rm -f /etc/localtime \
&& ln -s ../usr/share/zoneinfo/Asia/Shanghai /etc/localtime
CMD ["/usr/sbin/sshd", "-D"]
[root@k8s-master base]# ls
build.sh Dockerfile
[root@k8s-master base]# cat build.sh
#!/bin/bash
#
docker build -t centos7-base:v4 .
2.构建镜像
[root@k8s-master base]# sh build.sh
Sending build context to Docker daemon 3.584kB
Step 1/4 : FROM centos:centos7.9.2009
---> eeb6ee3f44bd
Step 2/4 : LABEL maintainer="OPS_MX"
---> Using cache
---> 07fe586ba410
Step 3/4 : RUN yum -y install wget && rm -f /etc/yum.repos.d/* && wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/Centos-7.repo && wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/epel-7.repo && yum -y install passwd openssh-server vim-enhanced tcpdump lrzsz tree telnet bash-completion net-tools wget bzip2 lsof zip unzip nfs-utils gcc make gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel zlib-devel && ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' && ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' && ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' && echo "123456" | passwd --stdin root && yum clean all && rm -f /etc/localtime && ln -s ../usr/share/zoneinfo/Asia/Shanghai /etc/localtime
---> Using cache
---> 9f0cd67d4e2b
Step 4/4 : CMD ["/usr/sbin/sshd", "-D"]
---> Using cache
---> 2be7b57a0e54
Successfully built 2be7b57a0e54
Successfully tagged centos7-base:v4
构建过程输出很少,因为centos7-base:v4之前已经构建过一次了,所以没有安装依赖包的过程
3.创建测试pod
[root@k8s-master test]# cat test-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: centos
namespace: test
spec:
containers:
- name: centos
image: centos7-base:v4
[root@k8s-master test]# kubectl apply -f test-pod.yaml
pod/centos created
[root@k8s-master test]# kubectl get pod -n test -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
centos 1/1 Running 0 29s 100.64.168.155 k8s-master <none> <none>
nginx-app 1/1 Running 0 14m 100.64.168.167 k8s-master <none> <none>
4.ssh 登录测试
[root@k8s-master test]# ssh 100.64.168.155
The authenticity of host '100.64.168.155 (100.64.168.155)' can't be established.
ECDSA key fingerprint is SHA256:QPjTcPVWAkjyLQpD0pnfxFuCWX+AMon+9nv41jYoraw.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '100.64.168.155' (ECDSA) to the list of known hosts.
root@100.64.168.155's password:
[root@centos ~]#
二、制作可ssh登录的应用镜像
1.以nginx为例,准备Dockerfile
[root@k8s-master nginx]# vim Dockerfile-v4
FROM centos7-base:v4
MAINTAINER OPS_MX
ENV NGINX_VERSION 1.16.1
ENV BUILD_TOOLS gcc pcre-devel openssl-devel make
ADD nginx-${NGINX_VERSION}.tar.gz /opt
RUN mkdir -p /opt/web_app/nginx-${NGINX_VERSION} \
&& useradd nginx && yum -y install ${BUILD_TOOLS} && cd /opt/nginx-${NGINX_VERSION} \
&& ./configure --user=nginx --group=nginx --with-http_ssl_module \
--prefix=/opt/web_app/nginx-${NGINX_VERSION} \
--sbin-path=/opt/web_app/nginx-${NGINX_VERSION}/sbin/nginx \
--conf-path=/opt/web_app/nginx-${NGINX_VERSION}/conf/nginx.conf \
--http-log-path=/opt/web_app/nginx-${NGINX_VERSION}/logs/access.log \
--error-log-path=/opt/web_app/nginx-${NGINX_VERSION}/logs/error.log \
--pid-path=/opt/web_app/nginx-${NGINX_VERSION}/logs/nginx.pid \
--lock-path=/opt/web_app/nginx-${NGINX_VERSION}/lock/subsys/nginx \
--with-http_stub_status_module && make && make install \
&& rm -rf /opt/nginx-${NGINX_VERSION} \
&& yum clean all
WORKDIR /opt/web_app/nginx-${NGINX_VERSION}
EXPOSE 80 443
RUN echo "daemon off;" >> /opt/web_app/nginx-${NGINX_VERSION}/nginx.conf \
&& ln -sf /dev/stdout /opt/web_app/nginx-${NGINX_VERSION}/logs/access.log \
&& ln -sf /dev/stderr /opt/web_app/nginx-${NGINX_VERSION}/logs/error.log
CMD /usr/sbin/sshd && echo `ifconfig eth0 | awk 'NR==2{print $2}'` > /opt/web_app/nginx-1.16.1/html/index.html && /opt/web_app/nginx-1.16.1/sbin/nginx -g 'daemon off;'
最后的CMD需要注意,虽然centos基础镜像里面有CMD的指令,但是nginx Dockerfile里的CMD指令会覆盖centos的CMD,因为CMD只有最后一个生效,所以sshd的启动命令又写了一遍
2.构建镜像
[root@k8s-master nginx]# docker build -f Dockerfile-v4 -t nginx-1.16.1:v4 .
Sending build context to Docker daemon 1.954GB
Step 1/10 : FROM centos7-base:v4
---> 2be7b57a0e54
Step 2/10 : MAINTAINER OPS_MX
---> Running in 5efe8d1dfb52
Removing intermediate container 5efe8d1dfb52
---> 44022ef3db4e
Step 3/10 : ENV NGINX_VERSION 1.16.1
---> Running in 8bd181d73813
Removing intermediate container 8bd181d73813
---> 8d59afb9f99b
Step 4/10 : ENV BUILD_TOOLS gcc pcre-devel openssl-devel make
---> Running in ba1c9d46eb3a
Removing intermediate container ba1c9d46eb3a
。。。。。。
3.创建测试应用pod
[root@k8s-master test]# vim app-nginx.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-app
namespace: test
spec:
containers:
- name: nginx
image: nginx-1.16.1:v4.
[root@k8s-master test]# kubectl get pod -n test -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
centos 1/1 Running 0 62m 100.64.168.155 k8s-master <none> <none>
nginx-app 1/1 Running 0 8s 100.64.168.144 k8s-master <none> <none>
4.ssh连接应用pod测试
[root@k8s-master test]# ssh 100.64.168.144
The authenticity of host '100.64.168.144 (100.64.168.144)' can't be established.
ECDSA key fingerprint is SHA256:QPjTcPVWAkjyLQpD0pnfxFuCWX+AMon+9nv41jYoraw.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '100.64.168.144' (ECDSA) to the list of known hosts.
root@100.64.168.144's password:
[root@nginx-app ~]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 16:09 ? 00:00:00 /bin/sh -c /usr/sbin/sshd && echo `ifconfig eth0 | awk 'NR==2{print $2}'` > /opt/web_app/nginx-1.16.1/html/index.html && /opt/web_app/nginx-1.16.1/sbin/ngi
root 7 1 0 16:09 ? 00:00:00 /usr/sbin/sshd
root 11 1 0 16:09 ? 00:00:00 nginx: master process /opt/web_app/nginx-1.16.1/sbin/nginx -g daemon off;
nginx 12 11 0 16:09 ? 00:00:00 nginx: worker process
root 34 7 0 16:11 ? 00:00:00 sshd: root@pts/0
root 36 34 0 16:11 pts/0 00:00:00 -bash
root 55 36 0 16:11 pts/0 00:00:00 ps -ef
[root@nginx-app ~]# curl 127.0.0.1 ## nginx访问测试正常
100.64.168.144