Docker

作者: 尛尛大尹 | 来源:发表于2017-12-14 11:22 被阅读0次

    1、lxc:LinuX Container

    chroot,根切换;
    namespaces:名称空间
    CGroups:控制组
    
    简单使用:
        lxc-checkconfig:
            检查系统环境是否满足容器使用要求;
        lxc-create:创建lxc容器;
            lxc-create -n NAME -t TEMPLATE_NAME
        lxc-start:启动容器;
            lxc-start -n NAME -d
            
            Type <Ctrl+a q> to exit the console, <Ctrl+a Ctrl+a> to enter Ctrl+a itself
        lxc-info:查看容器相关的信息;
            lxc-info -n NAME
        lxc-console:附加至指定容器的控制台;
            lxc-console -n NAME -t NUMBER
        lxc-stop:停止容器;
        lxc-destory:删除处于停机状态的容器;
        
        lxc-snapshot:创建和恢复快照;
    

    2、Docker安装方法:

    docker双发行版:
        docker-ee
        docker-ce
            moby
    
    1、CentOS Extras Repo
    2、Docker-CE 
    
    下载:https://download.docker.com/
        
        
        仓库配置文件:https://download.docker.com/linux/centos/docker-ce.repo
    

    3、Docker组件:

    docker程序环境:
        环境配置文件:
            /etc/sysconfig/docker-network
            /etc/sysconfig/docker-storage
            /etc/sysconfig/docker
        Unit File:
            /usr/lib/systemd/system/docker.service
        Docker Registry配置文件:
            /etc/containers/registries.conf
        
        
    注册阿里云账号,专用加速器地址获得路径:
        https://cr.console.aliyun.com/#/accelerator
        
        
    物理:
        Client <--> Daemon <--> Registry Server
    逻辑:
        Containers:容器
        Images:镜像、映像
        Registry:Image Repositories
        
    容器的状态:
        created:
        runing:
        paused:
        stopped:
        deleted:
        
        
        
    docker 
        images
        pull
        run
        ps
        
    查看docker相关的信息:
        version
        info
        
    镜像:
        images
        rmi
        pull
        
    容器:
        run:创建并运行一个容器;
        create:创建一个容器;
        start:启动一个处于停止状态容器;
        
        创建:
            create
            run 
            
        启动:
            start
            
        停止:
            kill
            stop
            
        重启:
            restart
            
        暂停和继续:
            pause
            unpause 
            
        删除容器:
            rm
            run --rm
    

    创建容器:
    基于“镜像文件”,
    镜像文件有默认要运行的程序;

        注意:
            运行的容器内部必须有一个工作前台的运行的进程;
            docker的容器的通常也是仅为运行一个程序;
                要想在容器内运行多个程序,一般需要提供一个管控程序,例如supervised。
                
        run, create
            --name CT_NAME
            --rm:容器运行终止即自行删除
            --network BRIDGE:让容器加入的网络;
                默认为docker0;
            
            交互式启动一个容器:
                -i:--interactive,交互式;
                -t:Allocate a pseudo-TTY
                
                从终端拆除:ctrl+p, ctrl+q
                
        attach:附加至某运行状态的容器的终端设备;
            
        exec:让运行中的容器运行一个额外的程序;
        
        查看:
            logs:Fetch the logs of a container,容器内部程序运行时输出到终端的信息;
            
            ps:List containers
                -a, --all:列出所有容器;
                --filter, -f:过滤器条件显示
                    name=
                    status={stopped|running|paused}
                    
            stats:动态方式显示容器的资源占用状态:
                
            top:Display the running processes of a container
        
        
    Docker Hub:
        docker login
        docker logout
        
        docker push   
        docker pull 
        
    镜像制作:
        基于容器制作
            在容器中完成操作后制作;
        基于镜像制作
            编辑一个Dockerfile,而后根据此文件制作;
            
        基于容器制作:
            docker commit 
                docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
                    --author, -a
                    --pause, -p
                    --message, -m
                    
                    --change, -c
                    
        将镜像文件导出为tar文件:
            docker save
                Save one or more images to a tar archive (streamed to STDOUT by default)
                
                docker save [OPTIONS] IMAGE [IMAGE...]
                
                
        从tar文件导入镜像 :
            docker load 
                Load an image from a tar archive or STDIN
                
                docker load [OPTIONS]
                
                    --input, -i     Read from tar archive file, instead of STDIN
                    --quiet, -q false   Suppress the load output
                    
                    
    Docker参考手册:
        https://docs.docker.com/engine/reference/commandline/dockerd/
        
    配置docker守护进程的属性信息的方法:/etc/docker/daemon.json 
        每一个可设置的键是dockerd的可用的选项,其值为选项的参数;但有些参数不可用于此文件中,例如add-registry, insecure-registry;
            有些选项的参数是数组的格式,需要放置于[];
            
        官方手册(完整的可用参数列表):
            https://docs.docker.com/engine/reference/commandline/dockerd/#run-multiple-daemons
            
            {
                "authorization-plugins": [],
                "data-root": "",
                "dns": [],
                "dns-opts": [],
                "dns-search": [],
                "exec-opts": [],
                "exec-root": "",
                "experimental": false,
                "storage-driver": "",
                "storage-opts": [],
                "labels": [],
                "live-restore": true,
                "log-driver": "",
                "log-opts": {},
                "mtu": 0,
                "pidfile": "",
                "cluster-store": "",
                "cluster-store-opts": {},
                "cluster-advertise": "",
                "max-concurrent-downloads": 3,
                "max-concurrent-uploads": 5,
                "default-shm-size": "64M",
                "shutdown-timeout": 15,
                "debug": true,
                "hosts": [],
                "log-level": "",
                "tls": true,
                "tlsverify": true,
                "tlscacert": "",
                "tlscert": "",
                "tlskey": "",
                "swarm-default-advertise-addr": "",
                "api-cors-header": "",
                "selinux-enabled": false,
                "userns-remap": "",
                "group": "",
                "cgroup-parent": "",
                "default-ulimits": {},
                "init": false,
                "init-path": "/usr/libexec/docker-init",
                "ipv6": false,
                "iptables": false,
                "ip-forward": false,
                "ip-masq": false,
                "userland-proxy": false,
                "userland-proxy-path": "/usr/libexec/docker-proxy",
                "ip": "0.0.0.0",
                "bridge": "",
                "bip": "",
                "fixed-cidr": "",
                "fixed-cidr-v6": "",
                "default-gateway": "",
                "default-gateway-v6": "",
                "icc": false,
                "raw-logs": false,
                "allow-nondistributable-artifacts": [],
                "registry-mirrors": [],
                "seccomp-profile": "",
                "insecure-registries": [],
                "disable-legacy-registry": false,
                "no-new-privileges": false,
                "default-runtime": "runc",
                "oom-score-adjust": -500,
                "runtimes": {
                    "runc": {
                        "path": "runc"
                    },
                    "custom": {
                        "path": "/usr/local/bin/my-runc-replacement",
                        "runtimeArgs": [
                            "--debug"
                        ]
                    }
                }
            }
            
        dockerd守护进程的C/S,其默认仅监听Unix SOcket格式的地址,/var/run/docker.sock;如果使用TCP套接字,
            /etc/docker/daemon.json:
                "hosts": ["tcp://0.0.0.0:2375"]
                
            也可向dockerd直接传递“-H|--host”选项;
            
            
        
        
    自定义docker0桥的网络属性信息:/etc/docker/daemon.json文件
        {
            "bip": "192.168.1.5/24",
            "fixed-cidr": "10.20.0.0/16",
            "fixed-cidr-v6": "2001:db8::/64",
            "mtu": 1500,
            "default-gateway": "10.20.1.1",
            "default-gateway-v6": "2001:db8:abcd::89",
            "dns": ["10.20.1.2","10.20.1.3"]
        } 
        
        核心选项为bip,即bridge ip之意,用于指定docker0桥自身的IP地址;其它选项可通过此地址计算得出。
        
    
        文档路径:
            https://docs.docker.com/engine/userguide/networking/default_network/custom-docker0/
            
            
    容器构建示例:
        https://github.com/mysql/mysql-docker
    

    容器的资源限制:
    CPU:
    RAM:
    Device:
    --device-read-bps value Limit read rate (bytes per second) from a device (default [])
    --device-read-iops value Limit read rate (IO per second) from a device (default [])
    --device-write-bps value Limit write rate (bytes per second) to a device (default [])
    --device-write-iops value Limit write rate (IO per second) to a device (default [])

    Docker private Registry的Nginx反代配置方式:

        client_max_body_size 0;
    
        location / {
            proxy_pass  http://registrysrvs;
            proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
            proxy_redirect off;
            proxy_buffering off;
            proxy_set_header        Host            $host;
            proxy_set_header        X-Real-IP       $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    
            auth_basic "Docker Registry Service";
            auth_basic_user_file "/etc/nginx/.ngxpasswd";
        }
    

    Docker-distribution配置文件格式详细信息:
    https://docs.docker.com/registry/configuration/#list-of-configuration-options

    Kubernetes
    架构:master/agent
    master主机:
    kube-apiserver
    kube-scheduler
    kube-controller-manager

        agent主机(node):
            kubelet
            container runtime(docker/rkt/...)
            kube-proxy
    

    容器编排三套解决方案:
    kubernetes
    mesos+marathon
    machine+swarn+compose

    Kubernetes:
        组件:master, nodes, database(k/v store)
            master:apiserver, controller-manager, scheduler
            nodes: kubelet, kube-proxy, container runtime
        核心术语:
            Pod, label, service, ingress
        网络插件:flannel, ...
    

    Kubernetes-1.8安装:
    yum 仓库:
    https://yum.kubernetes.io/
    https://packages.cloud.google.com/yum/repos

    Kubernetes Cluster:
    环境:
    master, etcd:172.18.0.67
    node1:172.18.0.68
    node2:172.18.0.69
    前提:
    1、基于主机名通信:/etc/hosts;
    2、时间同步;
    3、关闭firewalld和iptables.service;

        OS:CentOS 7.3.1611, Extras仓库中;
        
    安装配置步骤:
        1、etcd cluster,仅master节点;
        2、flannel,集群的所有节点;
        3、配置k8s的master:仅master节点;
            kubernetes-master
            启动的服务:
                kube-apiserver, kube-scheduler, kube-controller-manager
        4、配置k8s的各Node节点;
            kubernetes-node 
            
            先设定启动docker服务;
            启动的k8s的服务:
                kube-proxy, kubelet
    
    
    deployment示例:
    

    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:

    Unique key of the Deployment instance

    name: deployment-example
    spec:

    2 Pods should exist at all times.

    replicas: 2
    template:
    metadata:
    labels:
    # Apply this label to pods and default
    # the Deployment label selector to this value
    app: nginx
    spec:
    containers:
    - name: nginx
    # Run this image
    image: nginx:1.12

    service示例:
        
        kind: Service
        apiVersion: v1
        metadata:
        # Unique key of the Service instance
            name: nginx-example
        spec:
            ports:
                # Accept traffic sent to port 80
                - name: http
                  port: 80
                  targetPort: 80
            selector:
                # Loadbalance traffic across Pods matching
                # this label selector
                app: nginx
            # Create an HA proxy in the cloud provider
            # with an External IP address - *Only supported
            # by some cloud providers*
            type: LoadBalancer        
    

    Docker Compose

    MySQL:
        mysql: ### 容器名称
            image: mysql:5.7 ### 官方镜像 版本号5.7
            volumes:
                - mysql-data:/var/lib/mysql ### 数据卷,mysql数据就存放在这里
            ports:
                - "3306:3306" ###端口映射,主机端口:容器对外端口
            environment:
                - MYSQL_ROOT_PASSWORD=123456  ### 设置环境变量,这个变量名是官方镜像定义的。
                    
    PHP:
        php-fpm:
            build:
                context: ./php ### 自定义PHP镜像的配置目录
            volumes:
                - ./www:/var/www/html ### 主机文件与容器文件映射共享,PHP代码存这里
            expose:
                - "9000" ### 容器对外暴露的端口
            depends_on:
                - mysql ### 依赖并链接Mysql容器,这样在PHP容器就可以通过mysql作为主机名来访问Mysql容器了
            
      Nginx:
        nginx:
            build:
                context: ./nginx ### 自定义Nginx镜像的配置目录
            volumes:
                - ./www:/var/www/html 主机文件与容器文件映射共享,PHP代码存这里
            ports:
                - "80:80" ### 端口映射,如果你主机80端口被占用,可以用8000:80
                - "443:443"
            depends_on:
                - php-fpm ### 依赖并连接PHP容器,这样在Nginx容器就可以通过php-fpm作为主机名来访问PHP容器了        

    相关文章

      网友评论

          本文标题:Docker

          本文链接:https://www.haomeiwen.com/subject/nxnhwxtx.html