文章目录
展开- docker入门
- k8s入门
- 1. k8s集群部署全流程
- 1.1 修改hosts文件
- 1.2 创建虚拟网卡
- 1.3 云服务器安全组设置
- 1.4 一些基础配置(不用理解,执行即可)
- 1.5 安装Docker
- 1.6 安装k8s集群所需组件
- 1.7 修改 kubelet 启动参数
- 1.8 从阿里云拉取镜像
- 1.9 用kubeadm初始化master节点
- 1.10 集群健康检查
- 1.11 修改kube-apiserver 配置
- 1.12 将node节点加入集群
- 1.13 配置node节点
- 1.14 安装flannel插件
- 1.15 配置k8s命令补全
- 1.16 跑一个nginx pod
- 1.17 如果要重装,可以从1.7-1.9(跳过1.8)重装kubeadm开始
参考《Docker从入门到实践》,仅供学习使用,严禁搬运。
记录一些docker和k8s的用法,方便查找。
也有一些小demo供实战参考。
docker入门
1. 安装docker
- centos安装Docker:
yum install docker
- 开启docker服务:
systemctl start docker
- 开机自启动:
systemctl enable docker
- docker版本信息:
docker --version
- docker详细信息:
docker info
- 查看内核信息:
uname -a
- 查看centos版本号:
cat /etc/redhat-release
- 跑一个nginx测试:
docker run -d -p XX:80 --name webserver nginx
2. docker基本操作
- 进入容器内部查看信息:
dcker attach <Id>
- 构建镜像:
docker build
- 提交容器:
docker commit
- 将容器中的文件移动复制到宿主机:
docker cp <Id>:/file /host/file
- 创建容器但不启动:
docker create
- 查看容器变化:
docker diff <Id>
- 查看事件:
docker events
- 进入容器:
docker exec
- 导出容器:
docker export containerName > containerName.tar
- 查看镜像历史:
docker history
- 查看本地镜像:
docker images
- 导入容器:
docker import /etc/XX.tgz
- 查看docker信息:
docker info
- 查看各项详细信息:
docker inspect
- 杀死容器:
docker kill
- 导入镜像:
docker load < XX.tar.gz
- 登录仓库:
docker login
- 登出仓库:
docker logout
- 查看容器日志:
docker logs
- 管理网络:
docker network
- 管理节点:
docker node
- 暂停容器:
docker pause
- 查看容器端口:
docker port
- 查看本地容器信息:
docker ps
- 拉取镜像:
docker pull
- 推送镜像:
docker push
- 重命名容器:
docker rename <旧容器名><新容器名>
- 重启容器:
docker restart
- 删除容器:
docker rm [-f(停止)]
- 删除镜像:
docker rmi
- 运行容器:
docker run [-d(后台运行)] [-p(指定端口)] [-restart] [-rm(退出时删除)] [-it(创建一个可交互的终端)]
- 导出镜像:
docker save ubuntu:14.04 > ubuntu.tar
- 搜索镜像:
docker search
- 管理服务:
docker service
- 启动容器:
docker start
- 查看容器状态:
docker stats
- 停止容器:
docker stop
- 管理集群:
docker swarm
- 设置镜像标签:
docker tag
- 查看容器进程:
docker top <Id>
- 恢复暂停容器:
docker unpause
- 更新容器:
docker update
- 查看docker版本:
docker version
- 管理数据卷:
docker volume
- 设置等待(容器监控、异常捕捉):
docker wait
3. 第一个docker例程
3.1 运行一个docker镜像
docker run --rm hello-world
,--rm
表示容器退出后自动删除该容器
3.2 构建一个自己的镜像
创建一个文件夹,文件夹内新建文件Dockerfile
,内容如下:
1 2 3 |
FROM alpine CMD "echo" "Hello World!" |
然后 docker buile -t hello .
,-t
表示给镜像打标签
最后 docker run --rm hello
即可
4. docker镜像
4.1 配置加速器
https://cr.console.aliyun.com/cn-wulanchabu/instances/mirrors
4.2 搜索并下载镜像
搜索: docker search <imagesName>
下载: docker pull <imagesName:tag>
查看镜像信息: docker images <imagesName>
,docker inspect [-f '镜像创建时间:{{.Created}}'] <imagesName>
4.3 创建镜像
- 通过Dockerfile创建镜像
1234FROM scratchCOPY hello /CMD ["/hello"]
docker build -t hello .
-
提交容器为镜像
运行一个ubuntu容器:
docker run -itd --name=test ubuntu:14.04
进入容器:
docker exec -it test bash
创建文件并退出:
echo "Text" > test.txt && exit
提交容器为镜像:
docker commit test username/test
使用新的镜像运行容器:
docker run -dit --rm --name=new username/test bash
进入新的容器:
docker exec -it new bash
查看文件:
cat test.txt
docker commit 的参数如下:
- -a:添加作者信息,方便维护
- -c:修改Dockerfile指令
- -m:类似git commit -m,提交修改信息
- -p:暂停正在提交的操作
4.4 导出和导入镜像
导出:docker save -o <imagesName>.tar <imagesName:tag>
或 docker save <imagesName:tag> > <imagesName>.tar
导入:docker load -i <imagesName>.tar
或 docker load < <imagesName>.tar
4.5 发布镜像
登录docker hub:docker login
给镜像打标签,内容不变,只是名称变了:docker tag <imagesId> username/imagesName
发布镜像(要求镜像名为 username/imagesName):docker push username/imagesName
4.6 删除镜像
最基础的操作为:docker rmi <镜像名/镜像ID>
,要确保没有容器在使用该镜像。
删除所有未打dangling标签的镜像:docker rmi $(docker images -q -f dangling=true)
删除所有镜像:docker rmi $(docker images -q)
5. Dockerfile
5.1 基础命令
- 指定基础镜像:
FROM <imagesName:tag>
-
设置维护者信息:
MAINTAINER Name <Email>
-
执行构建命令:
RUN XXX
,会在shell或者exec的环境下执行命令 -
设置镜像环境变量:
ENV <key> <value>
,例如ENV TARGER_DIR /app
-
复制文件(将本地的文件或文件夹复制到镜像中):
COPY /Local/Path/File /Images/Path/File
-
添加文件(与COPY类似,但可以解压缩和从URL下载):
ADD File /Images/Path/File
,ADD latest.tar.gz /var/www/
-
指定端口暴露:
EXPOSE <端口> [<端口> ...]
-
设置镜像启动命令:
CMD ["executable","param1","param2"]
,CMD指令可以通过docker run
覆盖。123FROM ubuntuCMD ["echo","Hello Ubuntu"]构建并运行容器
docker run test
,结果为Hello Ubuntu
。如果运行容器为
docker run test echo "Hello Docker"
,结果为Hello Docker
。 -
设置接入点:
ENTRYPOINT
。123FROM ubuntuENTRYPOINT ["echo"]构建并运行容器
docker run test "Hello Docker"
,结果为Hello Docker
。 -
设置数据卷:
VOLUME ["/data","/data2"]
,也可以运行容器时指定:docker run -v 宿主机路径:容器内路径
。 -
设置构建用户,指定运行容器时的用户名或UID,后续的RUN也会使用指定用户:
1234USER userUSER user:groupUSER uid:uid创建用户:
RUN groupadd -r newuser && useradd -r -g newuser newuser
。可以运行容器时指定用户:
docker run -u username
。 -
设置工作目录:
WORKDIR /path/to/workdir
,也可以运行容器时指定docker run -w /workdir
。可以使用多个WORKDIR指令,后续命令参数如果是相对路径,则会基于之前命令指定的路径。例如:
1234WORKDIR /aWORKDIR bWORKDIR c最终路径为/a/b/c。
-
设置二次构建指令(在构建镜像时不执行,而是在子镜像中执行):
ONBUILD
。 -
设置元数据:
LABEL multi.lable1="value1" multi.lable2="value2" multi.lable3="value3"
。 -
设置构建变量(与ENV不同,只在构建时起作用):
AGE <varname>=<name>
,也可以构建镜像时指定docker build --build-arg <varname>=<value>
。 -
设置停止信号(停止时容器发出的信号):
STOPSIGNAL SIGKILL
。 -
检查镜像状态(检测容器启动运行时是否正常):
HEALTHCHECK [OPTIONS] CMD command
。1234567// 设置在容器启动多长时间后开始检查容器状态--interval=DURATION (默认30s)// 设置超时时间,超过这个时间不返回信息,表示容器异常--timeout=DURATION (默认30s)// 设置重试次数--retries=N (默认3)例如:
123HEALTHCHECK --interval=5m --timeout=3s \CMD curl -f http://localhost/ || exit 1 - 设置命令执行环境(有时需要在其他shell环境中执行RUN的内容):
SHELL ["powershell","-command"]
。
5.2 实战1:部署nginx服务
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
FROM ubuntu:trusty MAINTAINER Haoxi<3020001195@tju.edu.cn> RUN apt-get update && \ apt-get -y install \ nginx \ unzip \ wget \ ca-certificates \ php5 php5-fpm php5-cli php5-json php5-mysql php5-curl ENV PAGEKIT_VERSION 1.0.2 RUN mkdir /pagekit WORKDIR /pagekit VOLUME ["/pagekit/storage","/pagekit/app/cache"] RUN wget https://github.com/pagekit/pagekit/releases/download/$PAGEKIT_VERSION/pagekit-$PAGEKIT_VERSION.zip -O /pagekit/pagekit.zip && \ unzip /pagekit/pagekit.zip && rm /pagekit/pagekit.zip ADD nginx.conf /etc/nginx/nginx.conf RUN chown -R www-data: /pagekit && \ apt-get autoremove wget unzip -y && \ apt-get autoclean -y && \ apt-get clean -y && \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* CMD ["sh","-c","service php5-fpm start && nginx"] |
5.3 实验2:利用python的flask包部署网站
步骤:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 |
[root@iZ0jlixdtswe0unlnlph1hZ ~]# mkdir flask_web [root@iZ0jlixdtswe0unlnlph1hZ ~]# cd flask_web/ [root@iZ0jlixdtswe0unlnlph1hZ flask_web]# vim my_flask.py [root@iZ0jlixdtswe0unlnlph1hZ flask_web]# cat my_flask.py #coding:utf8 from flask import Flask app=Flask(__name__) @app.route('/hello') def hello(): return "Hello from docker, I am Haoxi." if __name__=="__main__": app.run(host='0.0.0.0',port=8080) [root@iZ0jlixdtswe0unlnlph1hZ flask_web]# vim Dockerfile [root@iZ0jlixdtswe0unlnlph1hZ flask_web]# cat Dockerfile FROM centos:7.8.2003 RUN curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo; RUN curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo; RUN yum makecache fast; RUN yum install python3-devel python3-pip -y RUN pip3 install -i https://pypi.douban.com/simple flask COPY my_flask.py /opt WORKDIR /opt EXPOSE 8080 CMD ["python3","my_flask.py"] [root@iZ0jlixdtswe0unlnlph1hZ flask_web]# docker build -t "haoxi/my_flask_web" . Sending build context to Docker daemon 3.072 kB Step 1/10 : FROM centos:7.8.2003 Trying to pull repository docker.io/library/centos ... 7.8.2003: Pulling from docker.io/library/centos 9b4ebb48de8d: Pull complete Digest: sha256:8540a199ad51c6b7b51492fa9fee27549fd11b3bb913e888ab2ccf77cbb72cc1 Status: Downloaded newer image for docker.io/centos:7.8.2003 ---> afb6fca791e0 Step 2/10 : RUN curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo; ---> Running in 6411361cd22c % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 2523 100 2523 0 0 9055 0 --:--:-- --:--:-- --:--:-- 9075 ---> 18c6a4d5b2ea Removing intermediate container 6411361cd22c Step 3/10 : RUN curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo; ---> Running in 139a3cacac12 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 664 100 664 0 0 6007 0 --:--:-- --:--:-- --:--:-- 5981 ---> c9c2aff070a6 Removing intermediate container 139a3cacac12 Step 4/10 : RUN yum makecache fast; ---> Running in 9bb51639c8fc Loaded plugins: fastestmirror, ovl Determining fastest mirrors * base: mirrors.cloud.aliyuncs.com * extras: mirrors.cloud.aliyuncs.com * updates: mirrors.cloud.aliyuncs.com Metadata Cache Created ---> 07c882108493 Removing intermediate container 9bb51639c8fc Step 5/10 : RUN yum install python3-devel python3-pip -y ---> Running in d4d88fd42bfe Loaded plugins: fastestmirror, ovl Loading mirror speeds from cached hostfile * base: mirrors.cloud.aliyuncs.com * extras: mirrors.cloud.aliyuncs.com * updates: mirrors.cloud.aliyuncs.com Resolving Dependencies --> Running transaction check ---> Package python3-devel.x86_64 0:3.6.8-19.el7_9 will be installed --> Processing Dependency: python3-libs(x86-64) = 3.6.8-19.el7_9 for package: python3-devel-3.6.8-19.el7_9.x86_64 --> Processing Dependency: python3 = 3.6.8-19.el7_9 for package: python3-devel-3.6.8-19.el7_9.x86_64 --> Processing Dependency: python(abi) = 3.6 for package: python3-devel-3.6.8-19.el7_9.x86_64 --> Processing Dependency: redhat-rpm-config for package: python3-devel-3.6.8-19.el7_9.x86_64 --> Processing Dependency: python3-rpm-macros for package: python3-devel-3.6.8-19.el7_9.x86_64 --> Processing Dependency: python3-rpm-generators for package: python3-devel-3.6.8-19.el7_9.x86_64 --> Processing Dependency: python-rpm-macros for package: python3-devel-3.6.8-19.el7_9.x86_64 --> Processing Dependency: libpython3.6m.so.1.0()(64bit) for package: python3-devel-3.6.8-19.el7_9.x86_64 ---> Package python3-pip.noarch 0:9.0.3-8.el7 will be installed --> Processing Dependency: python3-setuptools for package: python3-pip-9.0.3-8.el7.noarch --> Running transaction check ---> Package python-rpm-macros.noarch 0:3-34.el7 will be installed --> Processing Dependency: python-srpm-macros for package: python-rpm-macros-3-34.el7.noarch ---> Package python3.x86_64 0:3.6.8-19.el7_9 will be installed ---> Package python3-libs.x86_64 0:3.6.8-19.el7_9 will be installed --> Processing Dependency: libtirpc.so.1()(64bit) for package: python3-libs-3.6.8-19.el7_9.x86_64 ---> Package python3-rpm-generators.noarch 0:6-2.el7 will be installed ---> Package python3-rpm-macros.noarch 0:3-34.el7 will be installed ---> Package python3-setuptools.noarch 0:39.2.0-10.el7 will be installed ---> Package redhat-rpm-config.noarch 0:9.1.0-88.el7.centos will be installed --> Processing Dependency: dwz >= 0.4 for package: redhat-rpm-config-9.1.0-88.el7.centos.noarch --> Processing Dependency: zip for package: redhat-rpm-config-9.1.0-88.el7.centos.noarch --> Processing Dependency: perl-srpm-macros for package: redhat-rpm-config-9.1.0-88.el7.centos.noarch --> Processing Dependency: perl(Getopt::Long) for package: redhat-rpm-config-9.1.0-88.el7.centos.noarch --> Processing Dependency: /usr/bin/perl for package: redhat-rpm-config-9.1.0-88.el7.centos.noarch --> Running transaction check ---> Package dwz.x86_64 0:0.11-3.el7 will be installed ---> Package libtirpc.x86_64 0:0.2.4-0.16.el7 will be installed ---> Package perl.x86_64 4:5.16.3-299.el7_9 will be installed --> Processing Dependency: perl-libs = 4:5.16.3-299.el7_9 for package: 4:perl-5.16.3-299.el7_9.x86_64 --> Processing Dependency: perl(Socket) >= 1.3 for package: 4:perl-5.16.3-299.el7_9.x86_64 --> Processing Dependency: perl(Scalar::Util) >= 1.10 for package: 4:perl-5.16.3-299.el7_9.x86_64 --> Processing Dependency: perl-macros for package: 4:perl-5.16.3-299.el7_9.x86_64 --> Processing Dependency: perl-libs for package: 4:perl-5.16.3-299.el7_9.x86_64 --> Processing Dependency: perl(threads::shared) for package: 4:perl-5.16.3-299.el7_9.x86_64 --> Processing Dependency: perl(threads) for package: 4:perl-5.16.3-299.el7_9.x86_64 --> Processing Dependency: perl(constant) for package: 4:perl-5.16.3-299.el7_9.x86_64 --> Processing Dependency: perl(Time::Local) for package: 4:perl-5.16.3-299.el7_9.x86_64 --> Processing Dependency: perl(Time::HiRes) for package: 4:perl-5.16.3-299.el7_9.x86_64 --> Processing Dependency: perl(Storable) for package: 4:perl-5.16.3-299.el7_9.x86_64 --> Processing Dependency: perl(Socket) for package: 4:perl-5.16.3-299.el7_9.x86_64 --> Processing Dependency: perl(Scalar::Util) for package: 4:perl-5.16.3-299.el7_9.x86_64 --> Processing Dependency: perl(Pod::Simple::XHTML) for package: 4:perl-5.16.3-299.el7_9.x86_64 --> Processing Dependency: perl(Pod::Simple::Search) for package: 4:perl-5.16.3-299.el7_9.x86_64 --> Processing Dependency: perl(Filter::Util::Call) for package: 4:perl-5.16.3-299.el7_9.x86_64 --> Processing Dependency: perl(File::Temp) for package: 4:perl-5.16.3-299.el7_9.x86_64 --> Processing Dependency: perl(File::Spec::Unix) for package: 4:perl-5.16.3-299.el7_9.x86_64 --> Processing Dependency: perl(File::Spec::Functions) for package: 4:perl-5.16.3-299.el7_9.x86_64 --> Processing Dependency: perl(File::Spec) for package: 4:perl-5.16.3-299.el7_9.x86_64 --> Processing Dependency: perl(File::Path) for package: 4:perl-5.16.3-299.el7_9.x86_64 --> Processing Dependency: perl(Exporter) for package: 4:perl-5.16.3-299.el7_9.x86_64 --> Processing Dependency: perl(Cwd) for package: 4:perl-5.16.3-299.el7_9.x86_64 --> Processing Dependency: perl(Carp) for package: 4:perl-5.16.3-299.el7_9.x86_64 --> Processing Dependency: libperl.so()(64bit) for package: 4:perl-5.16.3-299.el7_9.x86_64 ---> Package perl-Getopt-Long.noarch 0:2.40-3.el7 will be installed --> Processing Dependency: perl(Pod::Usage) >= 1.14 for package: perl-Getopt-Long-2.40-3.el7.noarch --> Processing Dependency: perl(Text::ParseWords) for package: perl-Getopt-Long-2.40-3.el7.noarch ---> Package perl-srpm-macros.noarch 0:1-8.el7 will be installed ---> Package python-srpm-macros.noarch 0:3-34.el7 will be installed ---> Package zip.x86_64 0:3.0-11.el7 will be installed --> Running transaction check ---> Package perl-Carp.noarch 0:1.26-244.el7 will be installed ---> Package perl-Exporter.noarch 0:5.68-3.el7 will be installed ---> Package perl-File-Path.noarch 0:2.09-2.el7 will be installed ---> Package perl-File-Temp.noarch 0:0.23.01-3.el7 will be installed ---> Package perl-Filter.x86_64 0:1.49-3.el7 will be installed ---> Package perl-PathTools.x86_64 0:3.40-5.el7 will be installed ---> Package perl-Pod-Simple.noarch 1:3.28-4.el7 will be installed --> Processing Dependency: perl(Pod::Escapes) >= 1.04 for package: 1:perl-Pod-Simple-3.28-4.el7.noarch --> Processing Dependency: perl(Encode) for package: 1:perl-Pod-Simple-3.28-4.el7.noarch ---> Package perl-Pod-Usage.noarch 0:1.63-3.el7 will be installed --> Processing Dependency: perl(Pod::Text) >= 3.15 for package: perl-Pod-Usage-1.63-3.el7.noarch --> Processing Dependency: perl-Pod-Perldoc for package: perl-Pod-Usage-1.63-3.el7.noarch ---> Package perl-Scalar-List-Utils.x86_64 0:1.27-248.el7 will be installed ---> Package perl-Socket.x86_64 0:2.010-5.el7 will be installed ---> Package perl-Storable.x86_64 0:2.45-3.el7 will be installed ---> Package perl-Text-ParseWords.noarch 0:3.29-4.el7 will be installed ---> Package perl-Time-HiRes.x86_64 4:1.9725-3.el7 will be installed ---> Package perl-Time-Local.noarch 0:1.2300-2.el7 will be installed ---> Package perl-constant.noarch 0:1.27-2.el7 will be installed ---> Package perl-libs.x86_64 4:5.16.3-299.el7_9 will be installed ---> Package perl-macros.x86_64 4:5.16.3-299.el7_9 will be installed ---> Package perl-threads.x86_64 0:1.87-4.el7 will be installed ---> Package perl-threads-shared.x86_64 0:1.43-6.el7 will be installed --> Running transaction check ---> Package perl-Encode.x86_64 0:2.51-7.el7 will be installed ---> Package perl-Pod-Escapes.noarch 1:1.04-299.el7_9 will be installed ---> Package perl-Pod-Perldoc.noarch 0:3.20-4.el7 will be installed --> Processing Dependency: perl(parent) for package: perl-Pod-Perldoc-3.20-4.el7.noarch --> Processing Dependency: perl(HTTP::Tiny) for package: perl-Pod-Perldoc-3.20-4.el7.noarch --> Processing Dependency: groff-base for package: perl-Pod-Perldoc-3.20-4.el7.noarch ---> Package perl-podlators.noarch 0:2.5.1-3.el7 will be installed --> Running transaction check ---> Package groff-base.x86_64 0:1.22.2-8.el7 will be installed ---> Package perl-HTTP-Tiny.noarch 0:0.033-3.el7 will be installed ---> Package perl-parent.noarch 1:0.225-244.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: python3-devel x86_64 3.6.8-19.el7_9 updates 217 k python3-pip noarch 9.0.3-8.el7 base 1.6 M Installing for dependencies: dwz x86_64 0.11-3.el7 base 99 k groff-base x86_64 1.22.2-8.el7 base 942 k libtirpc x86_64 0.2.4-0.16.el7 base 89 k perl x86_64 4:5.16.3-299.el7_9 updates 8.0 M perl-Carp noarch 1.26-244.el7 base 19 k perl-Encode x86_64 2.51-7.el7 base 1.5 M perl-Exporter noarch 5.68-3.el7 base 28 k perl-File-Path noarch 2.09-2.el7 base 26 k perl-File-Temp noarch 0.23.01-3.el7 base 56 k perl-Filter x86_64 1.49-3.el7 base 76 k perl-Getopt-Long noarch 2.40-3.el7 base 56 k perl-HTTP-Tiny noarch 0.033-3.el7 base 38 k perl-PathTools x86_64 3.40-5.el7 base 82 k perl-Pod-Escapes noarch 1:1.04-299.el7_9 updates 52 k perl-Pod-Perldoc noarch 3.20-4.el7 base 87 k perl-Pod-Simple noarch 1:3.28-4.el7 base 216 k perl-Pod-Usage noarch 1.63-3.el7 base 27 k perl-Scalar-List-Utils x86_64 1.27-248.el7 base 36 k perl-Socket x86_64 2.010-5.el7 base 49 k perl-Storable x86_64 2.45-3.el7 base 77 k perl-Text-ParseWords noarch 3.29-4.el7 base 14 k perl-Time-HiRes x86_64 4:1.9725-3.el7 base 45 k perl-Time-Local noarch 1.2300-2.el7 base 24 k perl-constant noarch 1.27-2.el7 base 19 k perl-libs x86_64 4:5.16.3-299.el7_9 updates 690 k perl-macros x86_64 4:5.16.3-299.el7_9 updates 44 k perl-parent noarch 1:0.225-244.el7 base 12 k perl-podlators noarch 2.5.1-3.el7 base 112 k perl-srpm-macros noarch 1-8.el7 base 4.6 k perl-threads x86_64 1.87-4.el7 base 49 k perl-threads-shared x86_64 1.43-6.el7 base 39 k python-rpm-macros noarch 3-34.el7 base 9.1 k python-srpm-macros noarch 3-34.el7 base 8.8 k python3 x86_64 3.6.8-19.el7_9 updates 70 k python3-libs x86_64 3.6.8-19.el7_9 updates 6.9 M python3-rpm-generators noarch 6-2.el7 base 20 k python3-rpm-macros noarch 3-34.el7 base 8.1 k python3-setuptools noarch 39.2.0-10.el7 base 629 k redhat-rpm-config noarch 9.1.0-88.el7.centos base 81 k zip x86_64 3.0-11.el7 base 260 k Transaction Summary ================================================================================ Install 2 Packages (+40 Dependent packages) Total download size: 22 M Installed size: 89 M Downloading packages: warning: /var/cache/yum/x86_64/7/base/packages/dwz-0.11-3.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY Public key for dwz-0.11-3.el7.x86_64.rpm is not installed Public key for perl-5.16.3-299.el7_9.x86_64.rpm is not installed -------------------------------------------------------------------------------- Total 14 MB/s | 22 MB 00:01 Retrieving key from http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 Importing GPG key 0xF4A80EB5: Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>" Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5 From : http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : python-srpm-macros-3-34.el7.noarch 1/42 Installing : python-rpm-macros-3-34.el7.noarch 2/42 Installing : python3-rpm-macros-3-34.el7.noarch 3/42 Installing : dwz-0.11-3.el7.x86_64 4/42 Installing : groff-base-1.22.2-8.el7.x86_64 5/42 Installing : 1:perl-parent-0.225-244.el7.noarch 6/42 Installing : perl-HTTP-Tiny-0.033-3.el7.noarch 7/42 Installing : perl-podlators-2.5.1-3.el7.noarch 8/42 Installing : perl-Pod-Perldoc-3.20-4.el7.noarch 9/42 Installing : 1:perl-Pod-Escapes-1.04-299.el7_9.noarch 10/42 Installing : perl-Encode-2.51-7.el7.x86_64 11/42 Installing : perl-Text-ParseWords-3.29-4.el7.noarch 12/42 Installing : perl-Pod-Usage-1.63-3.el7.noarch 13/42 Installing : 4:perl-macros-5.16.3-299.el7_9.x86_64 14/42 Installing : 4:perl-Time-HiRes-1.9725-3.el7.x86_64 15/42 Installing : perl-Exporter-5.68-3.el7.noarch 16/42 Installing : perl-constant-1.27-2.el7.noarch 17/42 Installing : perl-Socket-2.010-5.el7.x86_64 18/42 Installing : perl-Time-Local-1.2300-2.el7.noarch 19/42 Installing : perl-Carp-1.26-244.el7.noarch 20/42 Installing : perl-Storable-2.45-3.el7.x86_64 21/42 Installing : perl-PathTools-3.40-5.el7.x86_64 22/42 Installing : perl-Scalar-List-Utils-1.27-248.el7.x86_64 23/42 Installing : 1:perl-Pod-Simple-3.28-4.el7.noarch 24/42 Installing : perl-File-Temp-0.23.01-3.el7.noarch 25/42 Installing : perl-File-Path-2.09-2.el7.noarch 26/42 Installing : perl-threads-shared-1.43-6.el7.x86_64 27/42 Installing : perl-threads-1.87-4.el7.x86_64 28/42 Installing : perl-Filter-1.49-3.el7.x86_64 29/42 Installing : 4:perl-libs-5.16.3-299.el7_9.x86_64 30/42 Installing : perl-Getopt-Long-2.40-3.el7.noarch 31/42 Installing : 4:perl-5.16.3-299.el7_9.x86_64 32/42 Installing : perl-srpm-macros-1-8.el7.noarch 33/42 Installing : zip-3.0-11.el7.x86_64 34/42 Installing : redhat-rpm-config-9.1.0-88.el7.centos.noarch 35/42 Installing : libtirpc-0.2.4-0.16.el7.x86_64 36/42 Installing : python3-pip-9.0.3-8.el7.noarch 37/42 Installing : python3-setuptools-39.2.0-10.el7.noarch 38/42 Installing : python3-3.6.8-19.el7_9.x86_64 39/42 Installing : python3-libs-3.6.8-19.el7_9.x86_64 40/42 Installing : python3-rpm-generators-6-2.el7.noarch 41/42 Installing : python3-devel-3.6.8-19.el7_9.x86_64 42/42 Verifying : libtirpc-0.2.4-0.16.el7.x86_64 1/42 Verifying : perl-HTTP-Tiny-0.033-3.el7.noarch 2/42 Verifying : python3-rpm-generators-6-2.el7.noarch 3/42 Verifying : python3-3.6.8-19.el7_9.x86_64 4/42 Verifying : perl-threads-shared-1.43-6.el7.x86_64 5/42 Verifying : 4:perl-Time-HiRes-1.9725-3.el7.x86_64 6/42 Verifying : zip-3.0-11.el7.x86_64 7/42 Verifying : perl-Exporter-5.68-3.el7.noarch 8/42 Verifying : perl-constant-1.27-2.el7.noarch 9/42 Verifying : perl-PathTools-3.40-5.el7.x86_64 10/42 Verifying : python3-pip-9.0.3-8.el7.noarch 11/42 Verifying : 4:perl-macros-5.16.3-299.el7_9.x86_64 12/42 Verifying : python3-devel-3.6.8-19.el7_9.x86_64 13/42 Verifying : perl-Socket-2.010-5.el7.x86_64 14/42 Verifying : perl-srpm-macros-1-8.el7.noarch 15/42 Verifying : groff-base-1.22.2-8.el7.x86_64 16/42 Verifying : python-rpm-macros-3-34.el7.noarch 17/42 Verifying : 1:perl-Pod-Simple-3.28-4.el7.noarch 18/42 Verifying : dwz-0.11-3.el7.x86_64 19/42 Verifying : perl-Time-Local-1.2300-2.el7.noarch 20/42 Verifying : 1:perl-Pod-Escapes-1.04-299.el7_9.noarch 21/42 Verifying : python-srpm-macros-3-34.el7.noarch 22/42 Verifying : perl-Carp-1.26-244.el7.noarch 23/42 Verifying : 1:perl-parent-0.225-244.el7.noarch 24/42 Verifying : perl-Storable-2.45-3.el7.x86_64 25/42 Verifying : perl-Scalar-List-Utils-1.27-248.el7.x86_64 26/42 Verifying : python3-setuptools-39.2.0-10.el7.noarch 27/42 Verifying : perl-File-Temp-0.23.01-3.el7.noarch 28/42 Verifying : perl-Pod-Usage-1.63-3.el7.noarch 29/42 Verifying : python3-libs-3.6.8-19.el7_9.x86_64 30/42 Verifying : perl-Encode-2.51-7.el7.x86_64 31/42 Verifying : perl-Pod-Perldoc-3.20-4.el7.noarch 32/42 Verifying : perl-podlators-2.5.1-3.el7.noarch 33/42 Verifying : 4:perl-5.16.3-299.el7_9.x86_64 34/42 Verifying : perl-File-Path-2.09-2.el7.noarch 35/42 Verifying : perl-threads-1.87-4.el7.x86_64 36/42 Verifying : perl-Filter-1.49-3.el7.x86_64 37/42 Verifying : perl-Getopt-Long-2.40-3.el7.noarch 38/42 Verifying : perl-Text-ParseWords-3.29-4.el7.noarch 39/42 Verifying : python3-rpm-macros-3-34.el7.noarch 40/42 Verifying : 4:perl-libs-5.16.3-299.el7_9.x86_64 41/42 Verifying : redhat-rpm-config-9.1.0-88.el7.centos.noarch 42/42 Installed: python3-devel.x86_64 0:3.6.8-19.el7_9 python3-pip.noarch 0:9.0.3-8.el7 Dependency Installed: dwz.x86_64 0:0.11-3.el7 groff-base.x86_64 0:1.22.2-8.el7 libtirpc.x86_64 0:0.2.4-0.16.el7 perl.x86_64 4:5.16.3-299.el7_9 perl-Carp.noarch 0:1.26-244.el7 perl-Encode.x86_64 0:2.51-7.el7 perl-Exporter.noarch 0:5.68-3.el7 perl-File-Path.noarch 0:2.09-2.el7 perl-File-Temp.noarch 0:0.23.01-3.el7 perl-Filter.x86_64 0:1.49-3.el7 perl-Getopt-Long.noarch 0:2.40-3.el7 perl-HTTP-Tiny.noarch 0:0.033-3.el7 perl-PathTools.x86_64 0:3.40-5.el7 perl-Pod-Escapes.noarch 1:1.04-299.el7_9 perl-Pod-Perldoc.noarch 0:3.20-4.el7 perl-Pod-Simple.noarch 1:3.28-4.el7 perl-Pod-Usage.noarch 0:1.63-3.el7 perl-Scalar-List-Utils.x86_64 0:1.27-248.el7 perl-Socket.x86_64 0:2.010-5.el7 perl-Storable.x86_64 0:2.45-3.el7 perl-Text-ParseWords.noarch 0:3.29-4.el7 perl-Time-HiRes.x86_64 4:1.9725-3.el7 perl-Time-Local.noarch 0:1.2300-2.el7 perl-constant.noarch 0:1.27-2.el7 perl-libs.x86_64 4:5.16.3-299.el7_9 perl-macros.x86_64 4:5.16.3-299.el7_9 perl-parent.noarch 1:0.225-244.el7 perl-podlators.noarch 0:2.5.1-3.el7 perl-srpm-macros.noarch 0:1-8.el7 perl-threads.x86_64 0:1.87-4.el7 perl-threads-shared.x86_64 0:1.43-6.el7 python-rpm-macros.noarch 0:3-34.el7 python-srpm-macros.noarch 0:3-34.el7 python3.x86_64 0:3.6.8-19.el7_9 python3-libs.x86_64 0:3.6.8-19.el7_9 python3-rpm-generators.noarch 0:6-2.el7 python3-rpm-macros.noarch 0:3-34.el7 python3-setuptools.noarch 0:39.2.0-10.el7 redhat-rpm-config.noarch 0:9.1.0-88.el7.centos zip.x86_64 0:3.0-11.el7 Complete! ---> 766379d51d34 Removing intermediate container d4d88fd42bfe Step 6/10 : RUN pip3 install -i https://pypi.douban.com/simple flask ---> Running in b846f1cec452 WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install --user` instead. Collecting flask Downloading https://pypi.doubanio.com/packages/cd/77/59df23681f4fd19b7cbbb5e92484d46ad587554f5d490f33ef907e456132/Flask-2.0.3-py3-none-any.whl (95kB) Collecting Jinja2>=3.0 (from flask) Downloading https://pypi.doubanio.com/packages/20/9a/e5d9ec41927401e41aea8af6d16e78b5e612bca4699d417f646a9610a076/Jinja2-3.0.3-py3-none-any.whl (133kB) Collecting itsdangerous>=2.0 (from flask) Downloading https://pypi.doubanio.com/packages/9c/96/26f935afba9cd6140216da5add223a0c465b99d0f112b68a4ca426441019/itsdangerous-2.0.1-py3-none-any.whl Collecting Werkzeug>=2.0 (from flask) Downloading https://pypi.doubanio.com/packages/f4/f3/22afbdb20cc4654b10c98043414a14057cd27fdba9d4ae61cea596000ba2/Werkzeug-2.0.3-py3-none-any.whl (289kB) Collecting click>=7.1.2 (from flask) Downloading https://pypi.doubanio.com/packages/4a/a8/0b2ced25639fb20cc1c9784de90a8c25f9504a7f18cd8b5397bd61696d7d/click-8.0.4-py3-none-any.whl (97kB) Collecting MarkupSafe>=2.0 (from Jinja2>=3.0->flask) Downloading https://pypi.doubanio.com/packages/fc/d6/57f9a97e56447a1e340f8574836d3b636e2c14de304943836bd645fa9c7e/MarkupSafe-2.0.1-cp36-cp36m-manylinux1_x86_64.whl Collecting dataclasses; python_version < "3.7" (from Werkzeug>=2.0->flask) Downloading https://pypi.doubanio.com/packages/fe/ca/75fac5856ab5cfa51bbbcefa250182e50441074fdc3f803f6e76451fab43/dataclasses-0.8-py3-none-any.whl Collecting importlib-metadata; python_version < "3.8" (from click>=7.1.2->flask) Downloading https://pypi.doubanio.com/packages/a0/a1/b153a0a4caf7a7e3f15c2cd56c7702e2cf3d89b1b359d1f1c5e59d68f4ce/importlib_metadata-4.8.3-py3-none-any.whl Collecting zipp>=0.5 (from importlib-metadata; python_version < "3.8"->click>=7.1.2->flask) Downloading https://pypi.doubanio.com/packages/bd/df/d4a4974a3e3957fd1c1fa3082366d7fff6e428ddb55f074bf64876f8e8ad/zipp-3.6.0-py3-none-any.whl Collecting typing-extensions>=3.6.4; python_version < "3.8" (from importlib-metadata; python_version < "3.8"->click>=7.1.2->flask) Downloading https://pypi.doubanio.com/packages/45/6b/44f7f8f1e110027cf88956b59f2fad776cca7e1704396d043f89effd3a0e/typing_extensions-4.1.1-py3-none-any.whl Installing collected packages: MarkupSafe, Jinja2, itsdangerous, dataclasses, Werkzeug, zipp, typing-extensions, importlib-metadata, click, flask Successfully installed Jinja2-3.0.3 MarkupSafe-2.0.1 Werkzeug-2.0.3 click-8.0.4 dataclasses-0.8 flask-2.0.3 importlib-metadata-4.8.3 itsdangerous-2.0.1 typing-extensions-4.1.1 zipp-3.6.0 ---> 94af5b913975 Removing intermediate container b846f1cec452 Step 7/10 : COPY my_flask.py /opt ---> 558a80056a84 Removing intermediate container 33c8f8abc689 Step 8/10 : WORKDIR /opt ---> 16e2ca750bb9 Removing intermediate container beee42407185 Step 9/10 : EXPOSE 8080 ---> Running in 4e6bc1b04d7e ---> 522bba16c664 Removing intermediate container 4e6bc1b04d7e Step 10/10 : CMD python3 my_flask.py ---> Running in 01cc6d2cd57d ---> 55312adb5b77 Removing intermediate container 01cc6d2cd57d Successfully built 55312adb5b77 [root@iZ0jlixdtswe0unlnlph1hZ flask_web]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE haoxi/my_flask_web latest 55312adb5b77 7 seconds ago 833 MB docker.io/centos 7.8.2003 afb6fca791e0 3 years ago 203 MB [root@iZ0jlixdtswe0unlnlph1hZ flask_web]# docker run -d -p 90:8080 --name my_flask_web1 haoxi/my_flask_web c587d549f4ff17457f6c0b4002f9943a8cec1786548e437284011bee822e816e [root@iZ0jlixdtswe0unlnlph1hZ flask_web]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c587d549f4ff haoxi/my_flask_web "python3 my_flask.py" 6 seconds ago Up 5 seconds 0.0.0.0:90->8080/tcp my_flask_web1 [root@iZ0jlixdtswe0unlnlph1hZ flask_web]# |
访问 主机IP:90/hello
即可。
如要修改网站内容,可以docker exec -it my_flask_web1 bash
进入容器,vi my_flask.py
修改输出内容,exit
退出,docker restart my_flask_web1
重启即可。
my_flask.py
1 2 3 4 5 6 7 8 9 |
#coding:utf8 from flask import Flask app=Flask(__name__) @app.route('/hello') def hello(): return "Hello from docker, I am Haoxi." if __name__=="__main__": app.run(host='0.0.0.0',port=8080) |
Dockerfile
1 2 3 4 5 6 7 8 9 10 11 |
FROM centos:7.8.2003 RUN curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo; RUN curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo; RUN yum makecache fast; RUN yum install python3-devel python3-pip -y RUN pip3 install -i https://pypi.douban.com/simple flask COPY my_flask.py /opt WORKDIR /opt EXPOSE 8080 CMD ["python3","my_flask.py"] |
6. 容器互联
启动mysql容器:docker run -d -e MYSQL_ROOT_PASSWORD=password --name db mysql:5.6
启动web服务容器:docker run -d -p 8000:80 --name php --link db:mysql abiosoft/caddy:php bash
--link db:mysql
左边表示的是刚才启动的容器名称,右边表示的是后来运行的php容器。
用sh进入php容器,ping db
或者新建php文件测试能否链接mysql容器。
7. 编排工具Compose
7.1 安装Docker Compose
安装python:yum install python -y
安装pip:curl https://bootstrap.pypa.io/pip/3.6/get-pip.py | python3
安装Docker Compose:sudo pip install -U docker-compose
查看是否安装成功:docker-compose -v
7.2 Compose命令基础
git clone https://github.com.vegasbrianc/docker-compose-demo.git
- Docker Compose默认解析当前目录的docker-compose.yml文件。
-f
参数用来指定配置文件,可以使用多次,如果有同名的服务,只会解析执行后面的配置文件。- Docker Compose启动容器时会默认把当前的目录名称设置为容器名称前缀,可以使用
-p
参数指定容器项目名称。 - Docker Compose中有一个环境配置文件.env,可以设置环境变量。
- 构建服务镜像(只想构建某个容器):
docker-compose build <容器名称>
- 检查配置语法:
docker-compose config [-q(不会输出信息,除非有语法问题)] [--service(输出服务名称)]
- 创建服务容器(创建但不运行):
docker-compose create
- 清理项目(停止容器并删除容器、网络、数据卷,其他服务使用的会被跳过):
docker-compose down [-v(指定数据卷)] [-rmi(指定镜像)]
- 查看事件:
docker-compose events
- 进入服务:
docker-compose exec <服务名称>
- 杀死服务容器:
docker-compose kill <服务名称>
- 查看服务容器日志:
docker-compose logs <服务名称>
- 暂停服务容器:
docker-compose pause <服务名称>
,不能用kill
杀死,只能unpause
。 - 查看服务容器端口状态:
docker-compose port <服务名称>
- 查看项目容器信息:
docker-compose ps [-q(只输出容器ID)]
- 拉取项目镜像:
docker-compose pull [--ignore-pull-failures(忽略拉取失败,继续拉取其他)]
- 推送项目镜像:
docker-compose push [--ignore-pull-failures(忽略推送失败,继续推送其他)]
- 重启服务容器:
docker-compose restart <服务名称>
- 删除服务容器:
docker-compose rm <服务名称>
- 执行一次性命令(对一个服务容器运行一次一次性的命令):
docker-compose run
- 设置服务容器数量:
docker-compose scale <服务名称>=<启动个数>
- 启动服务容器:
docker-compose start <服务名称>
- 停止服务容器:
docker-compose stop <服务名称>
- 取消暂停:
docker-compose unpause <服务名称>
- 启动项目:
docker-compose up
7.3 Compose配置文件
一份标准配置文件应该包含version、services、networks这3大部分。
- 指定服务使用的镜像:image
在services标签下的第二级标签是服务名称
1234services:web:image: hello-world - 指定构建上下文:build
服务除了可以基于指定的镜像,还可以基于一份Dockerfile。
可以指定绝对路径、相对路径,也可以如下设定上下文根目录。需要指定文件也要如下使用子级标签。
1234build:context: ../dockerfile: path/of/Dockerfile如果同时指定了image和build两个标签,会构建镜像并命名为image后面的名字。
也支持
arg
设定环境变量。123456build:context: .args:- buildno=1- password=secret - 指定服务镜像启动命令:command
使用command可以覆盖容器启动后默认执行的命令。
1234command: bundle exec thin -p 3000# 也可以类似Dockerfile中的形式command: [bundle, exec, thin, -p, 3000] - 指定运行服务的容器名称:container_name
Compose默认的容器名称格式为<项目名称>_ <服务名称>_ <序号>,但也可以完全控制容器名称:
container_name: app
-
指定服务依赖关系:depends_on
下面容器会先启动redis和db两个服务,最后再启动web服务:
123456789101112version: '2'services:web:build: .depends_on:- db- redisredis:image: redisdb:image: postgres如果只启动web服务
docker-compose up web
,也会启动redis和db,因为有依赖关系。 -
指定服务的DNS配置:dns
1234567dns:- 8.8.8.8- 9.9.9.9dns_search:- dc1.example.com- dc2.example.com - 挂载临时目录:tmpfs
1234tmpfs:- /run- /tmp
- 指定服务镜像的接入点:entrypoint
可以覆盖Dockerfile中的定义:
12345678entrypoint:- php- -d- zend_extension=/usr/local/lib/php/extensions/no-debug-non-zts-20100525/xdebug.so- -d- memory_limit=-1- vendor/bin/phpunit - 设置compose变量:env_file
仅针对宿主机,不会进入构建过程。
12345env_file:- ./common.env- ./apps/web.env- /opt/secrets.env - 设置环境变量:environment
保存变量到镜像中,启动的容器也会包含这些变量
12345environment:- RACK_ENV=development- SHOW=true- SESSION_SECRET - 指定端口暴露:expose
用的多的还是posts标签
-
选择项目外的容器:external_links
前提是外部容器中必须至少有一个容器是连接到与项目内的服务的同一个网络里。
12345external_links:- redis_1- project_db_1:mysql- project_db_1:postgresql - 扩展链接服务器的hosts列表:extra_hosts
向容器内的/etc/hosts添加一些记录。
1234extra_hosts:- "somehost:162.242.195.82"- "otherhost:50.31.209.229" - 添加元数据:labels
12345lables:- "com.example.description=Accounting webapp"- "com.example.department=Finance"- "com.example.label-with-empty-value"
- 设置容器互联:links
12345links:- db- db:database- redis
使用的别名将会自动在服务容器中的/etc/hosts里创建,相应的环境变量也将被创建。
-
配置服务日志:logging
12345logging:driver: syslogoptions:syslog-address: "tcp://192.168.0.42:123" - 指定进程空间:pid
pid: "host"
。与主机系统共享进程命名空间。容器使用pid标签将能够访问和操纵其他容器和宿主机的名称空间、 -
设置服务容器的端口映射:ports
123456ports:- "3000"- "8000:8000"- "49100:22"- "127.0.0.1:8001:8001" - 设置容器安全选项:security_opt
-
设置容器停止信息:stop_signal
-
设置容器数据卷:
[HOST:CONTAINER]或者[HOST:CONTAINER:ro],后者是只读的。
12345678910111213141516volumes:# 只是指定一个路径,Docker会自动在创建一个数据卷(这个路径是容器内部的)- /var/lib/mysql# 使用绝对路径挂载数据卷- /opt/data:/var/lib/mysql# 以Compose配置文件为中心的相对路径作为数据集挂载到容器- ./cache:/tmp/cache# 使用用户的相对路径(~/表示的目录是 /home/<用户目录>/ 或者/root/)- ~/configs:/etc/configs/:ro# 已经存在的命名的数据卷- datavolume:/var/lib/mysql - 挂载数据卷容器:volumes_from
从其他容器或者服务挂载数据卷。
123456volumes_from:- service_name- service_name:ro- container:container_name- container:container_name:rw - 修改内核功能:cap_add,cap_drop
-
指定父级Cgroup:cgroup_parent
-
配置服务的设备映射:devices
-
设置服务扩展:extends
-
设置服务网络模式:network_mode
-
设置服务容器的网络:networks
123456789services:some-servicenetworks:- some-network[:aliases:- alias1- alias3(设置服务别名)]- other-network - 其它标签
12345678910111213141516171819202122cpu_shares: 73cpu_quota: 50000cpuset: 0,1user: postgresqlworking_dir: /codedomainname: foo.comhostname: fooipc: hostmac_address: 02:42:ac:11:65:43mem_limit: 1000000000memswap_limit: 2000000000privileged: truerestart: alwaysread_only: trueshm_size: 64Mstdin_open: truetty: true
- 网络配置
12345678910111213141516171819202122232425262728version: '2'services:proxy:build: ./proxynetworks:- frontapp:build: ./appnetworks:- front- backdb:image: postgresnetworks:- backnetworks:front:# 使用自定义驱动driver: custom-driver-1back:# 使用自定义驱动以及可选参数driver: custom-driver-2driver_opts:foo: "1"bar: "2"
7.4 Compose实战:部署wordpress
步骤:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 |
[root@iZ0jlixdtswe0unlnlph1hZ ~]# mkdir wordpress [root@iZ0jlixdtswe0unlnlph1hZ ~]# cd wordpress/ [root@iZ0jlixdtswe0unlnlph1hZ wordpress]# vim docker-compose.yml [root@iZ0jlixdtswe0unlnlph1hZ wordpress]# cat docker-compose.yml version: '2' services: db: image: mysql:5.7 volumes: - "./.data/db:/var/lib/mysql" restart: always environment: MYSQL_ROOT_PASSWORD: wordpress MYSQL_DATABASE: wordpress MYSQL_USER: wordpress MYSQL_PASSWORD: tjdxwll531 wordpress: depends_on: - db image: wordpress:latest links: - db ports: - "8000:80" restart: always environment: WORDPRESS_DB_HOST: db:3306 WORDPRESS_DB_USER: wordpress WORDPRESS_DB_PASSWORD: tjdxwll531 [root@iZ0jlixdtswe0unlnlph1hZ wordpress]# docker-compose up -d Pulling db (mysql:5.7)... Trying to pull repository docker.io/library/mysql ... 5.7: Pulling from docker.io/library/mysql 72a69066d2fe: Pull complete 93619dbc5b36: Pull complete 99da31dd6142: Pull complete 626033c43d70: Pull complete 37d5d7efb64e: Pull complete ac563158d721: Pull complete d2ba16033dad: Pull complete 0ceb82207cd7: Pull complete 37f2405cae96: Pull complete e2482e017e53: Pull complete 70deed891d42: Pull complete Digest: sha256:f2ad209efe9c67104167fc609cca6973c8422939491c9345270175a300419f94 Status: Downloaded newer image for docker.io/mysql:5.7 Pulling wordpress (wordpress:latest)... Trying to pull repository docker.io/library/wordpress ... latest: Pulling from docker.io/library/wordpress a2abf6c4d29d: Pull complete c5608244554d: Pull complete 2d07066487a0: Pull complete 1b6dfaf1958c: Pull complete 32c5e6a60073: Pull complete 90cf855b27cc: Pull complete 8b0f1068c586: Pull complete 5355461305e8: Pull complete ad1eec592342: Pull complete e03fbc76cb78: Pull complete 1f5796e48b39: Pull complete 72fbe8e1d4e7: Pull complete 96edece66175: Pull complete 5f46f0743de2: Pull complete c9f9671a5e1f: Pull complete 3f543dcd35b1: Pull complete c88e21a0c2a0: Pull complete 964b4457a910: Pull complete 0d55fb9a64ef: Pull complete fb009ff7c567: Pull complete 4f058a67a50d: Pull complete Digest: sha256:fc33b796b04162a0db2e9ea9b4c361a07058b21597b1317ad9ab3ea4593de241 Status: Downloaded newer image for docker.io/wordpress:latest Creating wordpress_db_1 ... done Creating wordpress_wordpress_1 ... done [root@iZ0jlixdtswe0unlnlph1hZ wordpress]# |
访问 主机IP:8080
即可。
docker-compose.yml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
version: '2' services: db: image: mysql:5.7 volumes: - "./.data/db:/var/lib/mysql" restart: always environment: MYSQL_ROOT_PASSWORD: wordpress MYSQL_DATABASE: wordpress MYSQL_USER: wordpress MYSQL_PASSWORD: tjdxwll531 wordpress: depends_on: - db image: wordpress:latest links: - db ports: - "8000:80" restart: always environment: WORDPRESS_DB_HOST: db:3306 WORDPRESS_DB_USER: wordpress WORDPRESS_DB_PASSWORD: tjdxwll531 |
7.5 Compose实战:部署Django
步骤:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 |
[root@iZ0jlixdtswe0unlnlph1hZ ~]# mkdir web [root@iZ0jlixdtswe0unlnlph1hZ ~]# cd web [root@iZ0jlixdtswe0unlnlph1hZ web]# vim docker-compose.yml [root@iZ0jlixdtswe0unlnlph1hZ web]# cat docker-compose.yml version: '2' services: db: image: postgres environment: POSTGRES_PASSWORD: postgres app: build: . command: python manage.py runserver 0.0.0.0:8000 volumes: - .:/code ports: - "8000:8000" depends_on: - db links: - db [root@iZ0jlixdtswe0unlnlph1hZ web]# vim Dockerfile [root@iZ0jlixdtswe0unlnlph1hZ web]# cat Dockerfile FROM python:2.7 ENV PYTHONUNBUFFERED 1 RUN mkdir /code COPY requirements.txt /code/ WORKDIR /code RUN pip install -i https://pypi.tuna.tsinghua.edu.cn/simple -r requirements.txt ADD . /code/ [root@iZ0jlixdtswe0unlnlph1hZ web]# vim requirements.txt [root@iZ0jlixdtswe0unlnlph1hZ web]# cat requirements.txt Django psycopg2 [root@iZ0jlixdtswe0unlnlph1hZ web]# docker-compose run django-admin.py startproject compose_example . ERROR: No such service: django-admin.py [root@iZ0jlixdtswe0unlnlph1hZ web]# docker-compose run app django-admin.py startproject compose_example . Pulling db (postgres:)... Trying to pull repository docker.io/library/postgres ... latest: Pulling from docker.io/library/postgres a2abf6c4d29d: Pull complete e1769f49f910: Pull complete 33a59cfee47c: Pull complete 461b2090c345: Pull complete 8ed8ab6290ac: Pull complete 495e42c822a0: Pull complete 18e858c71c58: Pull complete 594792c80d5f: Pull complete 794976979956: Pull complete eb5e1a73c3ca: Pull complete 6d6360292cba: Pull complete 131e916e1a28: Pull complete 757a73507e2e: Pull complete Digest: sha256:f329d076a8806c0ce014ce5e554ca70f4ae9407a16bb03baa7fef287ee6371f1 Status: Downloaded newer image for docker.io/postgres:latest Building app Step 1/7 : FROM python:2.7 Trying to pull repository docker.io/library/python ... 2.7: Pulling from docker.io/library/python 7e2b2a5af8f6: Pull complete 09b6f03ffac4: Pull complete dc3f0c679f0f: Pull complete fd4b47407fc3: Pull complete b32f6bf7d96d: Pull complete 6f4489a7e4cf: Pull complete af4b99ad9ef0: Pull complete 39db0bc48c26: Pull complete acb4a89489fc: Pull complete Digest: sha256:cfa62318c459b1fde9e0841c619906d15ada5910d625176e24bf692cf8a2601d Status: Downloaded newer image for docker.io/python:2.7 ---> 68e7be49c28c Step 2/7 : ENV PYTHONUNBUFFERED 1 ---> Running in 88be38c990ee ---> daa69cca597e Removing intermediate container 88be38c990ee Step 3/7 : RUN mkdir /code ---> Running in 6a09a957fe14 ---> 30384b688284 Removing intermediate container 6a09a957fe14 Step 4/7 : COPY requirements.txt /code/ ---> 21900972b11b Removing intermediate container 52a1b910d41c Step 5/7 : WORKDIR /code ---> e17e1762476b Removing intermediate container e09d4c9cb3a7 Step 6/7 : RUN pip install -i https://pypi.tuna.tsinghua.edu.cn/simple -r requirements.txt ---> Running in 465d0c74e015 DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support Looking in indexes: https://pypi.tuna.tsinghua.edu.cn/simple Collecting Django Downloading https://pypi.tuna.tsinghua.edu.cn/packages/49/49/178daa8725d29c475216259eb19e90b2aa0b8c0431af8c7e9b490ae6481d/Django-1.11.29-py2.py3-none-any.whl (6.9 MB) Collecting psycopg2 Downloading https://pypi.tuna.tsinghua.edu.cn/packages/fd/ae/98cb7a0cbb1d748ee547b058b14604bd0e9bf285a8e0cc5d148f8a8a952e/psycopg2-2.8.6.tar.gz (383 kB) Collecting pytz Downloading https://pypi.tuna.tsinghua.edu.cn/packages/32/4d/aaf7eff5deb402fd9a24a1449a8119f00d74ae9c2efa79f8ef9994261fc2/pytz-2023.3.post1-py2.py3-none-any.whl (502 kB) Building wheels for collected packages: psycopg2 Building wheel for psycopg2 (setup.py): started Building wheel for psycopg2 (setup.py): finished with status 'done' Created wheel for psycopg2: filename=psycopg2-2.8.6-cp27-cp27mu-linux_x86_64.whl size=443901 sha256=16866c5553f5d4df618941a6eb49b73e574f29b8d5a01f00eb697b590b1f111c Stored in directory: /root/.cache/pip/wheels/8b/55/7e/0031ff46b8c104c09f0dd26f5b672a26e301840d64ec3b1109 Successfully built psycopg2 Installing collected packages: pytz, Django, psycopg2 Successfully installed Django-1.11.29 psycopg2-2.8.6 pytz-2023.3.post1 WARNING: You are using pip version 20.0.2; however, version 20.3.4 is available. You should consider upgrading via the '/usr/local/bin/python -m pip install --upgrade pip' command. ---> 04aad3c1d9ab Removing intermediate container 465d0c74e015 Step 7/7 : ADD . /code/ ---> 12a93dc33c7a Removing intermediate container e339f338ae69 Successfully built 12a93dc33c7a WARNING: Image for service app was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`. Creating web_db_1 ... done Creating web_app_run ... done [root@iZ0jlixdtswe0unlnlph1hZ web]# ls -l total 20 drwxr-xr-x 2 root root 4096 Sep 5 16:47 compose_example -rw-r--r-- 1 root root 480 Sep 5 16:44 docker-compose.yml -rw-r--r-- 1 root root 191 Sep 5 16:44 Dockerfile -rwxr-xr-x 1 root root 813 Sep 5 16:47 manage.py -rw-r--r-- 1 root root 16 Sep 5 16:44 requirements.txt [root@iZ0jlixdtswe0unlnlph1hZ web]# vim compose_example/settings.py [root@iZ0jlixdtswe0unlnlph1hZ web]# cat compose_example/settings.py """ Django settings for compose_example project. Generated by 'django-admin startproject' using Django 1.11.29. For more information on this file, see https://docs.djangoproject.com/en/1.11/topics/settings/ For the full list of settings and their values, see https://docs.djangoproject.com/en/1.11/ref/settings/ """ import os # Build paths inside the project like this: os.path.join(BASE_DIR, ...) BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/ # SECURITY WARNING: keep the secret key used in production secret! SECRET_KEY = 'e5$r9rnbet54g5*7id^htg2nmmqe=t12q7y3_@c3@^-v@=t*%v' # SECURITY WARNING: don't run with debug turned on in production! DEBUG = True ALLOWED_HOSTS = ['*'] # Application definition INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', ] MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ] ROOT_URLCONF = 'compose_example.urls' TEMPLATES = [ { 'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': [], 'APP_DIRS': True, 'OPTIONS': { 'context_processors': [ 'django.template.context_processors.debug', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', ], }, }, ] WSGI_APPLICATION = 'compose_example.wsgi.application' # Database # https://docs.djangoproject.com/en/1.11/ref/settings/#databases DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql', 'NAME': 'postgres', 'USER': 'postgres', 'PASSWORD': 'postgres', 'HOST': 'db', 'PORT': 5432, } } # Password validation # https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators AUTH_PASSWORD_VALIDATORS = [ { 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', }, { 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', }, { 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', }, { 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', }, ] # Internationalization # https://docs.djangoproject.com/en/1.11/topics/i18n/ LANGUAGE_CODE = 'en-us' TIME_ZONE = 'UTC' USE_I18N = True USE_L10N = True USE_TZ = True # Static files (CSS, JavaScript, Images) # https://docs.djangoproject.com/en/1.11/howto/static-files/ STATIC_URL = '/static/' [root@iZ0jlixdtswe0unlnlph1hZ web]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 786dd465b5e7 web_app "django-admin.py s..." 2 minutes ago Exited (0) 2 minutes ago web_app_run_fe2106b9569f 8e3ed7ea11a1 postgres "docker-entrypoint..." 2 minutes ago Up 2 minutes 5432/tcp web_db_1 [root@iZ0jlixdtswe0unlnlph1hZ web]# docker-compose up web_db_1 is up-to-date Creating web_app_1 ... done Attaching to web_db_1, web_app_1 db_1 | The files belonging to this database system will be owned by user "postgres". db_1 | This user must also own the server process. db_1 | The database cluster will be initialized with locale "en_US.utf8". db_1 | The default database encoding has accordingly been set to "UTF8". db_1 | The default text search configuration will be set to "english". db_1 | Data page checksums are disabled. db_1 | fixing permissions on existing directory /var/lib/postgresql/data ... ok db_1 | creating subdirectories ... ok db_1 | selecting dynamic shared memory implementation ... posix db_1 | selecting default max_connections ... 100 db_1 | selecting default shared_buffers ... 128MB db_1 | selecting default time zone ... Etc/UTC db_1 | creating configuration files ... ok db_1 | running bootstrap script ... ok db_1 | performing post-bootstrap initialization ... ok db_1 | initdb: warning: enabling "trust" authentication for local connections db_1 | You can change this by editing pg_hba.conf or using the option -A, or db_1 | --auth-local and --auth-host, the next time you run initdb. db_1 | syncing data to disk ... ok db_1 | Success. You can now start the database server using: db_1 | pg_ctl -D /var/lib/postgresql/data -l logfile start db_1 | waiting for server to start....2023-09-05 08:47:08.523 UTC [46] LOG: starting PostgreSQL 14.1 (Debian 14.1-1.pgdg110+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit db_1 | 2023-09-05 08:47:08.525 UTC [46] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432" db_1 | 2023-09-05 08:47:08.532 UTC [47] LOG: database system was shut down at 2023-09-05 08:47:08 UTC db_1 | 2023-09-05 08:47:08.537 UTC [46] LOG: database system is ready to accept connections db_1 | done db_1 | server started db_1 | /usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/* db_1 | 2023-09-05 08:47:08.680 UTC [46] LOG: received fast shutdown request db_1 | waiting for server to shut down....2023-09-05 08:47:08.682 UTC [46] LOG: aborting any active transactions db_1 | 2023-09-05 08:47:08.684 UTC [46] LOG: background worker "logical replication launcher" (PID 53) exited with exit code 1 db_1 | 2023-09-05 08:47:08.687 UTC [48] LOG: shutting down db_1 | 2023-09-05 08:47:08.703 UTC [46] LOG: database system is shut down db_1 | done db_1 | server stopped db_1 | PostgreSQL init process complete; ready for start up. db_1 | 2023-09-05 08:47:08.811 UTC [1] LOG: starting PostgreSQL 14.1 (Debian 14.1-1.pgdg110+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit db_1 | 2023-09-05 08:47:08.812 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432 db_1 | 2023-09-05 08:47:08.812 UTC [1] LOG: listening on IPv6 address "::", port 5432 db_1 | 2023-09-05 08:47:08.815 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432" db_1 | 2023-09-05 08:47:08.821 UTC [58] LOG: database system was shut down at 2023-09-05 08:47:08 UTC db_1 | 2023-09-05 08:47:08.827 UTC [1] LOG: database system is ready to accept connections app_1 | Performing system checks... app_1 | app_1 | System check identified no issues (0 silenced). app_1 | app_1 | You have 13 unapplied migration(s). Your project may not work properly until you apply the migrations for app(s): admin, auth, contenttypes, sessions. app_1 | Run 'python manage.py migrate' to apply them. app_1 | September 05, 2023 - 08:50:12 app_1 | Django version 1.11.29, using settings 'compose_example.settings' app_1 | Starting development server at http://0.0.0.0:8000/ app_1 | Quit the server with CONTROL-C. |
docker-compose.yml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
version: '2' services: db: image: postgres environment: POSTGRES_PASSWORD: postgres app: build: . command: python manage.py runserver 0.0.0.0:8000 volumes: - .:/code ports: - "8000:8000" depends_on: - db links: - db |
访问 主机IP:8000
即可。
Dockerfile
1 2 3 4 5 6 7 8 |
FROM python:2.7 ENV PYTHONUNBUFFERED 1 RUN mkdir /code COPY requirements.txt /code/ WORKDIR /code RUN pip install -i https://pypi.tuna.tsinghua.edu.cn/simple -r requirements.txt ADD . /code/ |
requirements.txt
1 2 3 |
Django psycopg2 |
修改compose_example/settings.py
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
... ALLOWED_HOSTS = ['*'] ... DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql', 'NAME': 'postgres', 'USER': 'postgres', 'PASSWORD': 'postgres', 'HOST': 'db', 'PORT': 5432, } } ... |
k8s入门
1. k8s集群部署全流程
部署全流程参考 博客 。
这次是在第一次部署失败后的再次部署,总结出一些经验,主要为:
- 由于我们是用阿里云的三台ECS,走公网IP,且三台ECS不在同一个VPC下,所以我们需要格外注意部署中需要IP的地方。
- 同上原因,ECS服务器的eth0网卡走的是内网IP,所以我们需要建立虚拟网卡。
1.1 修改hosts文件
由于ECS服务器自动生成的主机名不好记,所以我们修改主机的名称。
1 2 3 4 |
hostnamectl set-hostname k8s-master # 在master节点所在主机上执行 hostnamectl set-hostname k8s-node-01 # 在node1节点所在主机上执行 hostnamectl set-hostname k8s-node-02 # 在node2节点所在主机上执行 |
同时修改三台主机的hosts文件,建立主机名和IP的对应关系。注意,使用公网IP。
1 2 3 4 5 6 7 |
# 三台主机都执行 vim /etc/hosts 39.101.71.58 k8s-master 8.130.94.212 k8s-node-01 8.130.10.40 k8s-node-02 |
1.2 创建虚拟网卡
由于ECS服务器的eth0网卡走的是内网IP,所以我们需要建立虚拟网卡映射公网IP。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
# 三台主机都执行 # 打开文件 vim /etc/sysconfig/network-scripts/ifcfg-eth0:1 # 填入内容 NAME=eth0:1 DEVICE=eth0:1 TYPE=Ethernet ONBOOT=yes BOOTPROTO=static NETMASK=255.255.255.0 IPADDR=<主机公网IP> # 重启网络 systemctl restart network.service |
可以看到新建的虚拟网卡已经生效。
1.3 云服务器安全组设置
我们需要开放一些端口,否则服务无法访问。
对于master节点:
协议 | 端口 | 作用 |
---|---|---|
TCP | 2379~2380 | etcd 客户端 API |
TCP | 6443 | api-server API |
UDP | 8472 | VxLan Overlay 网络通信 |
TCP | 10250 | kubelet API |
TCP | 10251 | kube-scheduler |
TCP | 10252 | kube-controller-manager |
对于node节点:
协议 | 端口 | 作用 |
---|---|---|
UDP | 8472 | VxLan Overlay 网络通信 |
TCP | 10250 | kubelet API |
TCP | 30000~32767 | NodePort 服务 |
1.4 一些基础配置(不用理解,执行即可)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
# 三台主机都执行 # 更新并安装依赖 sudo yum -y update sudo yum install -y conntrack ipvsadm ipset jq sysstat curl iptables libseccomp sudo yum install -y yum-utils # 关闭防火墙 systemctl stop firewalld && systemctl disable firewalld # 关闭 SELinux (Security Enhanced Linux) setenforce 0 sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config # 关闭 swap swapoff -a sed -i '/swap/s/^(.*)$/#\1/g' /etc/fstab # 配置 iptables 的 ACCEPT 规则 iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT # 设置系统参数 cat <<EOF> /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sysctl --system |
1.5 安装Docker
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
# 三台主机都执行 # 配置阿里云镜像源 sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo # 更新 yum 缓存 sudo yum makecache fast # 安装 Docker sudo yum install -y docker-ce-20.10.21 docker-ce-cli-20.10.21 containerd.io #配置docker加速器、以及crgoup驱动,改为k8s官方推荐的systemd,否则初始化时会有报错。 mkdir -p /etc/docker cat > /etc/docker/daemon.json <<'EOF' { "registry-mirrors" : [ "https://ms9glx6x.mirror.aliyuncs.com"], "exec-opts":["native.cgroupdriver=systemd"] } EOF # 启动 Docker sudo systemctl start docker # 设置开机启动 Docker sudo systemctl enable docker |
1.6 安装k8s集群所需组件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
# 三台主机都执行 # 配置yum源 cat <<EOF> /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF # 开始安装 yum install -y kubeadm-1.21.0-0 kubelet-1.21.0-0 kubectl-1.21.0-0 |
1.7 修改 kubelet 启动参数
1 2 3 4 5 6 7 8 9 10 11 |
# 三台主机都执行 # 每台主机都要添加并指定对应的公网 IP,然后才能使用公网 IP 进行集群间通信 vim /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf # 在 KUBELET_KUBECONFIG_ARGS 后面追加 --node-ip=<public_ip> ...$KUBELET_EXTRA_ARGS --node-ip=39.101.71.XX # 修改之后执行 daemon-reload 让修改生效 systemctl daemon-reload |
1.8 从阿里云拉取镜像
只有master主机执行,写一个拉取脚本kubeadm_image.sh,内容如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
#!/usr/bin/env bash # 镜像处理过程中,如果遇到错误,立即退出 set -e # 版本定义 readonly KUBE_VERSION=v1.21.0 readonly PAUSE_VERSION=3.4.1 readonly ETCD_VERSION=3.4.13-0 readonly CORE_DNS_VERSION=v1.8.0 readonly OFFICIAL_URL=k8s.gcr.io readonly ALIYUN_URL=registry.cn-hangzhou.aliyuncs.com/google_containers # 镜像列表 imageList=(kube-apiserver:${KUBE_VERSION} kube-controller-manager:${KUBE_VERSION} kube-scheduler:${KUBE_VERSION} kube-proxy:${KUBE_VERSION} pause:${PAUSE_VERSION} etcd:${ETCD_VERSION} coredns:${CORE_DNS_VERSION}) # 镜像转换操作 for imageItem in ${imageList[@]} ; do # 从国内镜像源拉取镜像 docker pull $ALIYUN_URL/$imageItem # 给镜像重新打一个标签,命名为 kubeadm 所需的镜像 docker tag $ALIYUN_URL/$imageItem $OFFICIAL_URL/$imageItem # 删除原有镜像 docker rmi $ALIYUN_URL/$imageItem done # coredns 的镜像比较特殊,单独处理 docker tag ${OFFICIAL_URL}/coredns:${CORE_DNS_VERSION} ${OFFICIAL_URL}/coredns/coredns:${CORE_DNS_VERSION} docker rmi ${OFFICIAL_URL}/coredns:${CORE_DNS_VERSION} |
执行脚本 sh ./kubeadm_image.sh
。
1.9 用kubeadm初始化master节点
1 2 3 4 5 |
# 只在master主机上执行 kubeadm init --kubernetes-version=1.21.0 \ --apiserver-advertise-address=<master节点公网IP> \ --pod-network-cidr=10.244.0.0/16 |
安装成功后会弹出如下信息:
1.10 集群健康检查
1 2 3 4 5 6 7 8 9 10 11 |
# 只在master主机上执行 mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config # 检查集群状态 kubectl cluster-info # 健康检查 curl -k https://localhost:6443/healthz |
1.11 修改kube-apiserver 配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
# 只在master主机上执行 # kube-apiserver 添加 --bind-address=0.0.0.0,确认 --advertise-addres=<master节点公网 IP> vim /etc/kubernetes/manifests/kube-apiserver.yaml # 修改结果如下: .... spec: containers: - command: - kube-apiserver - --advertise-address=<master节点公网 IP> - --bind-address=0.0.0.0 - --allow-privileged=true - --authorization-mode=Node,RBAC .... |
1.12 将node节点加入集群
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
# 两个node节点执行 # 在1.9中生成的结果 kubeadm join 39.101.71.58:6443 --token amaiga.bbl3tt2edc3bf7cv \ --discovery-token-ca-cert-hash sha256:f6b278a8bfc409a7d05093c2d6b90af1a2b93bf9196f8944596c0f6b6878deac # 看看kubelet的crgoup对不对,应该是systemd,master节点也可以看看 vim /var/lib/kubelet/config.yaml cgroupDriver: systemd # 启动kubelet systemctl restart kubelet # 看看kubelet和docker跑没跑起来 systemctl status docker systemctl status kubelet |
1.13 配置node节点
将master节点中的 /etc/kubernetes/admin.conf
文件拷贝到两个node节点相同目录下,然后配置环境变量:
1 2 3 4 5 6 7 8 9 |
# 在两个node节点执行 echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile source ~/.bash_profile # 在master节点和两个node节点查看集群信息 kubectl get nodes -owide # 结果为三个节点,但都NotReady |
1.14 安装flannel插件
从github下载包并通过ftp等方式上传到master服务器(主要是因为服务器无法访问github)。
对于Xshell可以 yum install lrzsz
后拖拽上传。
然后 yum install unzip
,并 unzip flannel-master.zip
解压。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
# 在主节点执行 vim flannel-master/Documentation/kube-flannel.yml # 两处 .... containers: - name: kube-flannel image: docker.io/flannel/flannel:v0.22.2 command: - /opt/bin/flanneld args: - --public-ip=$(PUBLIC_IP) - --iface=eth0 - --ip-masq - --kube-subnet-mgr .... env: - name: PUBLIC_IP # 注意这里是插入而不是修改 valueFrom: fieldRef: fieldPath: status.podIP - name: POD_NAME # 保存退出后执行 kubectl apply -f flannel-master/Documentation/kube-flannel.yml # 在master节点和两个node节点查看集群信息 kubectl get nodes -owide # 结果为三个节点,都Ready了 |
1.15 配置k8s命令补全
1 2 3 4 5 6 |
# 在master节点上执行 yum install bash-completion -y source /usr/share/bash-completion/bash_completion source <(kubectl completion bash) echo "source <(kubectl completion bash)" >> ~/.bashrc |
1.16 跑一个nginx pod
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# 在master节点执行 kubectl run haoxi-pod-1-nginx --image=nginx:1.14.1 # 查看创建的pod kubectl get pods -owide # 查询pod创建信息 kubectl describe pod haoxi-pod-1-nginx # 如果出现了open /run/flannel/subnet.env: no such file or directory,应先检查1.14步是否修改了env的 - name: POD_NAME # 删除pod kubectl delete pods kubectl haoxi-pod-1-nginx |
1.17 如果要重装,可以从1.7-1.9(跳过1.8)重装kubeadm开始
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
kubeadm reset iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X systemctl stop kubelet systemctl stop docker rm -rf /var/lib/cni/* rm -rf /var/lib/kubelet/* rm -rf /etc/cni/* ifconfig cni0 down ifconfig flannel.1 down ifconfig docker0 down ip link delete cni0 ip link delete flannel.1 systemctl restart docker |