容器技术
对外发布服务
端口绑定
- docker run -itd -p 宿主机端口:容器端口 镜像名称:标签
# 宿主机绑定 apache
[root@docker ~]# docker run -itd --name web -p 80:80 myos:httpd
# 绑定后,直接访问宿主机的 IP 地址即可
[root@docker ~]# curl http://192.168.1.31
Welcome to The Apache.
# 同一个端口不能同时绑定给多个容器
# 如果想把 80 端口绑定给 nginx 容器需要把之前的 apache 容器关停
[root@docker ~]# docker rm -f web
[root@docker ~]# docker run -itd --name web -p 80:80 myos:nginx
# 重新绑定后,访问验证
[root@docker ~]# curl http://192.168.1.31
Nginx is running !
# 完成实验,删除容器
[root@docker ~]# docker rm -f web
容器存储卷
- docker run -itd -v 宿主机对象:容器内对象 镜像名称:标签
共享网页目录
# 创建共享卷目录
[root@docker ~]# mkdir /var/webroot
# 添加测试页面
[root@docker ~]# echo "hello world" >/var/webroot/index.html
[root@docker ~]# cp info.php /var/webroot/
# 创建 nginx 容器,并映射数据卷
[root@docker ~]# docker run -itd --rm --name mynginx \
-v /var/webroot:/usr/local/nginx/html myos:nginx
# 创建 apache 容器,与 mynginx 映射同样的卷
[root@docker ~]# docker run -itd --rm --name myhttpd \
-v /var/webroot:/var/www/html myos:httpd
# 查看容器 IP 地址,并访问验证
[root@docker ~]# docker inspect mynginx |grep -i IPAddress
[root@docker ~]# curl http://172.17.0.2
hello world
[root@docker ~]# docker inspect myhttpd |grep -i IPAddress
[root@docker ~]# curl http://172.17.0.3
hello world
修改配置文件
# 获取配置文件
[root@docker ~]# mkdir /var/webconf
[root@docker ~]# docker cp mynginx:/usr/local/nginx/conf/nginx.conf /var/webconf/
# 编辑配置文件,添加 php 解析配置
[root@docker ~]# vim /var/webconf/nginx.conf
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
# 使用卷映射配置文件,重建 nginx 容器
[root@docker ~]# docker rm -f mynginx
[root@docker ~]# docker run -itd --rm --name mynginx -p 80:80 \
-v /var/webconf/nginx.conf:/usr/local/nginx/conf/nginx.conf \
-v /var/webroot:/usr/local/nginx/html myos:nginx
# 进入容器验证配置文件
[root@docker ~]# docker exec -it mynginx /bin/bash
[root@e440b53a860a html]# cat /usr/local/nginx/conf/nginx.conf
容器网络通信
实验架构图例
docker-0002
容器1
容器2
共享存储卷
PHP
Nginx
共享网卡
用户
共享名称空间
# 创建 php 容器,使用 nginx 的网络名称空间
[root@docker ~]# docker run -itd --network=container:mynginx \
-v /var/webroot:/usr/local/nginx/html \
--rm --name myphp myos:php-fpm
# 配置验证
[root@docker ~]# docker exec -it mynginx ss -ltun
Netid State Recv-Q Send-Q Local Address:Port
tcp LISTEN 0 128 127.0.0.1:9000
tcp LISTEN 0 128 *:80
[root@docker ~]# curl http://127.0.0.1/info.php
<pre>
Array
(
[REMOTE_ADDR] => 172.17.0.1
[REQUEST_METHOD] => GET
[HTTP_USER_AGENT] => curl/7.61.1
[REQUEST_URI] => /info.php
)
php_host: 4525e99cea77
1229
服务编排与治理
容器服务治理
指令 | 说明 |
---|---|
up | 创建项目并启动容器 |
down | 删除项目容器及网络 |
ls | 列出可以管理的项目 |
start/stop/restart | 启动项目/停止项目/重启项目 |
images | 列出项目使用的镜像 |
ps | 显示项目中容器的状态 |
logs | 查看下项目中容器的日志 |
项目管理
# 安装 compose 组件
[root@docker ~]# dnf install -y docker-compose-plugin
# 创建项目
[root@docker ~]# vim docker-compose.yaml
name: websvc
version: "3"
services:
websvc:
container_name: nginx
image: myos:nginx
- 容器项目管理
# 创建项目,并启动
[root@docker ~]# docker compose -f docker-compose.yaml up -d
[+] Running 2/2
⠿ Network websvc_default Created 0.0s
⠿ Container nginx Started 0.3s
# 查看项目
[root@docker ~]# docker compose ls
NAME STATUS CONFIG FILES
websvc running(1) /root/docker-compose.yaml
# 查看项目中的容器状态
[root@docker ~]# docker compose -p websvc ps
NAME COMMAND SERVICE STATUS PORTS
nginx "nginx -g 'daemon of…" websvc running 80/tcp
# 启动、停止、重启项目
[root@docker ~]# docker compose -p websvc stop
[+] Running 1/1
⠿ Container nginx Stopped 0.1s
[root@docker ~]# docker compose -p websvc start
[+] Running 1/1
⠿ Container nginx Started 0.2s
[root@docker ~]# docker compose -p websvc restart
[+] Running 1/1
⠿ Container nginx Started 0.3s
# 查看项目中容器的日志
[root@docker ~]# docker inspect nginx |grep IPAddress
[root@docker ~]# curl http://172.17.0.2/info.php
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.22.1</center>
</body>
</html>
[root@docker ~]# docker compose -p websvc logs
nginx | 2023/02/13 13:55:39 [error] 7#0: *1 open() "/usr/local/nginx/html/info.php" failed (2: No such file or directory), client: 172.17.0.1, server: localhost, request: "GET /info.php HTTP/1.1", host: "172.17.0.2"
# 删除项目
[root@docker ~]# docker compose -p websvc down
[+] Running 2/2
⠿ Container nginx Removed 0.1s
⠿ Network websvc_default Removed 0.0s
compose 语法
指令 | 说明 |
---|---|
networks | 配置容器连接的网络 |
container_name | 指定容器名称 |
depends_on | 解决容器的依赖、启动先后的问题 |
command | 覆盖容器启动后默认执行的命令 |
environment | 设置环境变量 |
image | 指定为镜像名称或镜像 ID |
network_mode | 设置网络模式 |
restart | 容器保护策略[always、no、on-failure] |
ports | 暴露端口信息 |
volumes | 数据卷,支持 [volume、bind、tmpfs、npipe] |
容器服务编排
[root@docker ~]# vim docker-compose.yaml
name: websvc
version: "3"
services:
nginxsvc:
container_name: nginx
image: myos:nginx
restart: always
volumes:
- type: bind
source: /var/webconf/nginx.conf
target: /usr/local/nginx/conf/nginx.conf
- type: bind
source: /var/webroot
target: /usr/local/nginx/html
network_mode: bridge
ports:
- 80:80
environment:
- "TZ=Asia/Shanghai"
php-fpm:
container_name: php-fpm
image: myos:php-fpm
restart: always
volumes:
- type: bind
source: /var/webroot
target: /usr/local/nginx/html
depends_on:
- nginxsvc
network_mode: "container:nginx"
- 验证项目
# 创建,并启动项目
[root@docker ~]# docker compose -f docker-compose.yaml up -d
[+] Running 2/2
⠿ Container nginx Started 0.3s
⠿ Container php-fpm Started 0.3s
# 查看项目
[root@docker ~]# docker compose ls
NAME STATUS CONFIG FILES
websvc running(2) /root/docker-compose.yaml
# 查看容器状态,验证服务
[root@docker ~]# docker compose -p websvc ps
NAME COMMAND SERVICE STATUS
nginx "nginx -g 'daemon of..." nginx running ......
php-fpm "php-fpm --nodaemoni..." php-fpm running ......
# 访问 php 页面验证
[root@docker ~]# curl -s http://127.0.0.1/info.php
<pre>
Array
(
[REMOTE_ADDR] => 172.17.0.1
[REQUEST_METHOD] => GET
[HTTP_USER_AGENT] => curl/7.61.1
[REQUEST_URI] => /info.php
)
php_host: 7e037978c775
1229
harbor 仓库
主机名 | ip地址 | 最低配置 |
---|---|---|
harbor | 192.168.1.30 | 2CPU,4G内存 |
安装部署
安装部署 docker
[root@harbor ~]# vim /etc/hosts
192.168.1.30 harbor
# 安装部署 docker 及 compose 组件
[root@harbor ~]# dnf install -y docker-ce docker-compose-plugin
[root@harbor ~]# systemctl enable --now docker
- 拷贝 public/harbor-v2.7.0.tgz 到 harbor 主机
rsync -av public/harbor-v2.7.0.tgz 192.168.1.30:./
创建 https 证书
# 导入 harbor 项目镜像
[root@harbor ~]# tar -zxf harbor-v2.7.0.tgz -C /usr/local/
[root@harbor ~]# cd /usr/local/harbor
[root@harbor harbor]# docker load -i harbor.v2.7.0.tar.gz
# 创建 https 证书
[root@harbor harbor]# mkdir tls
[root@harbor harbor]# openssl genrsa -out tls/cert.key 2048
[root@harbor harbor]# openssl req -new -x509 -days 3650 \
-key tls/cert.key -out tls/cert.crt \
-subj "/C=CN/ST=BJ/L=BJ/O=Tedu/OU=NSD/CN=harbor"
创建并启动项目
# 修改配置文件
[root@harbor harbor]# cp harbor.yml.tmpl harbor.yml
[root@harbor harbor]# vim harbor.yml
05: hostname: harbor
08: # http:
10: # port: 80
17: certificate: /usr/local/harbor/tls/cert.crt
18: private_key: /usr/local/harbor/tls/cert.key
34: harbor_admin_password: admin123
# 预安装环境检查,生成项目文件
[root@harbor harbor]# /usr/local/harbor/prepare
# 创建并启动项目
[root@harbor harbor]# docker compose -f docker-compose.yml up -d
# 添加开机自启动
[root@harbor harbor]# chmod 0755 /etc/rc.d/rc.local
[root@harbor harbor]# echo "/usr/bin/docker compose -p harbor start" >>/etc/rc.d/rc.local
- 查看验证项目
# 查看项目
[root@harbor harbor]# docker compose ls
NAME STATUS CONFIG FILES
harbor running(9) /usr/local/harbor/docker-compose.yml
# 查看容器状态
[root@harbor harbor]# docker compose -p harbor ps
NAME COMMAND SERVICE STATUS
harbor-core "/harbor/entrypoint.…" core running (healthy)
harbor-db "/docker-entrypoint.…" postgresql running (healthy)
harbor-jobservice "/harbor/entrypoint.…" jobservice running (healthy)
harbor-log "/bin/sh -c /usr/loc…" log running (healthy)
harbor-portal "nginx -g 'daemon of…" portal running (healthy)
nginx "nginx -g 'daemon of…" proxy running (healthy)
redis "redis-server /etc/r…" redis running (healthy)
registry "/home/harbor/entryp…" registry running (healthy)
registryctl "/home/harbor/start.…" registryctl running (healthy)
- 通过 ELB 发布 harbor 服务,通过浏览器配置管理
harbor 管理
容器管理命令 | 说明 |
---|---|
docker login | 登录私有镜像仓库 |
docker logout | 退出登录 |
登录私有仓库
# 添加主机配置
[root@docker ~]# vim /etc/hosts
192.168.1.30 harbor
192.168.1.35 registry
# 添加私有仓库配置
[root@docker ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://harbor:443", "http://registry:5000"],
"insecure-registries":["harbor:443", "registry:5000"]
}
[root@docker ~]# systemctl restart docker
# 登录 harbor 仓库
[root@docker ~]# docker login harbor:443
Username: luck
Password: ********
... ...
Login Succeeded
# 认证信息记录文件
[root@docker ~]# cat /root/.docker/config.json
{
"auths": {
"harbor:443": {
"auth": "bHVjazoqKioqKioqKg=="
}
}
}
# 退出登录
[root@docker ~]# docker logout harbor:443
Removing login credentials for harbor:443
上传镜像
# 设置标签
[root@docker ~]# docker tag rockylinux:8.5 harbor:443/myimg/rockylinux:8.5
# 没有登录上传失败
[root@docker ~]# docker push harbor:443/myimg/rockylinux:8.5
65dbea0a4b39: Preparing
unauthorized: unauthorized to access repository ......
# 登录成功后才可以上传
[root@docker ~]# docker login harbor:443
Username: luck
Password: ********
Login Succeeded
# 上传成功
[root@docker ~]# docker push harbor:443/myimg/rockylinux:8.5
The push refers to repository [harbor:443/myimg/rockylinux]
......
# 设置标签
[root@docker ~]# docker tag myos:latest harbor:443/library/myos:latest
# 上传镜像到 library 项目,没有权限上传失败
[root@docker ~]# docker push harbor:443/library/myos:latest
The push refers to repository [harbor:443/library/myos]
65dbea0a4b39: Preparing
unauthorized: unauthorized to access repository:
......
# 赋权后重新上传镜像
[root@docker ~]# docker push harbor:443/library/myos:latest
The push refers to repository [harbor:443/library/myos]
......
- 案例六:上传镜像到 library 项目
[root@docker ~]# docker tag myos:httpd harbor:443/myimg/httpd:latest
[root@docker ~]# docker push harbor:443/myimg/httpd:latest
[root@docker ~]# docker rmi harbor:443/myimg/httpd:latest
[root@docker ~]# for i in 8.5 httpd nginx php-fpm latest;do
docker tag myos:${i} harbor:443/library/myos:${i}
docker push harbor:443/library/myos:${i}
docker rmi myos:${i} harbor:443/library/myos:${i}
done