1、lxc:LinuX Container
chroot,根切换;
namespaces:名称空间
CGroups:控制组
简单使用:
lxc-checkconfig:
检查系统环境是否满足容器使用要求;
lxc-create:创建lxc容器;
lxc-create -n NAME -t TEMPLATE_NAME
lxc-start:启动容器;
lxc-start -n NAME -d
Type to exit the console, to enter Ctrl+a itself
lxc-info:查看容器相关的信息;
lxc-info -n NAME
lxc-console:附加至指定容器的控制台;
lxc-console -n NAME -t NUMBER
lxc-stop:停止容器;
lxc-destory:删除处于停机状态的容器;
lxc-snapshot:创建和恢复快照;
2、Docker安装方法:
docker双发行版:
docker-ee
docker-ce
moby
1、CentOS Extras Repo
2、Docker-CE
下载:https://download.docker.com/
仓库配置文件:https://download.docker.com/linux/centos/docker-ce.repo
3、Docker组件:
docker程序环境:
环境配置文件:
/etc/sysconfig/docker-network
/etc/sysconfig/docker-storage
/etc/sysconfig/docker
Unit File:
/usr/lib/systemd/system/docker.service
Docker Registry配置文件:
/etc/containers/registries.conf
注册阿里云账号,专用加速器地址获得路径:
https://cr.console.aliyun.com/#/accelerator
物理:
Client <--> Daemon <--> Registry Server
逻辑:
Containers:容器
Images:镜像、映像
Registry:Image Repositories
容器的状态:
created:
runing:
paused:
stopped:
deleted:
docker
images
pull
run
ps
查看docker相关的信息:
version
info
镜像:
images
rmi
pull
容器:
run:创建并运行一个容器;
create:创建一个容器;
start:启动一个处于停止状态容器;
创建:
create
run
启动:
start
停止:
kill
stop
重启:
restart
暂停和继续:
pause
unpause
删除容器:
rm
run --rm
创建容器:
基于“镜像文件”,
镜像文件有默认要运行的程序;
注意:
运行的容器内部必须有一个工作前台的运行的进程;
docker的容器的通常也是仅为运行一个程序;
要想在容器内运行多个程序,一般需要提供一个管控程序,例如supervised。
run, create
--name CT_NAME
--rm:容器运行终止即自行删除
--network BRIDGE:让容器加入的网络;
默认为docker0;
交互式启动一个容器:
-i:--interactive,交互式;
-t:Allocate a pseudo-TTY
从终端拆除:ctrl+p, ctrl+q
attach:附加至某运行状态的容器的终端设备;
exec:让运行中的容器运行一个额外的程序;
查看:
logs:Fetch the logs of a container,容器内部程序运行时输出到终端的信息;
ps:List containers
-a, --all:列出所有容器;
--filter, -f:过滤器条件显示
name=
status={stopped|running|paused}
stats:动态方式显示容器的资源占用状态:
top:Display the running processes of a container
Docker Hub:
docker login
docker logout
docker push
docker pull
镜像制作:
基于容器制作
在容器中完成操作后制作;
基于镜像制作
编辑一个Dockerfile,而后根据此文件制作;
基于容器制作:
docker commit
docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
--author, -a
--pause, -p
--message, -m
--change, -c
将镜像文件导出为tar文件:
docker save
Save one or more images to a tar archive (streamed to STDOUT by default)
docker save [OPTIONS] IMAGE [IMAGE...]
从tar文件导入镜像 :
docker load
Load an image from a tar archive or STDIN
docker load [OPTIONS]
--input, -i Read from tar archive file, instead of STDIN
--quiet, -q false Suppress the load output
Docker参考手册:
https://docs.docker.com/engine/reference/commandline/dockerd/
配置docker守护进程的属性信息的方法:/etc/docker/daemon.json
每一个可设置的键是dockerd的可用的选项,其值为选项的参数;但有些参数不可用于此文件中,例如add-registry, insecure-registry;
有些选项的参数是数组的格式,需要放置于[];
官方手册(完整的可用参数列表):
https://docs.docker.com/engine/reference/commandline/dockerd/#run-multiple-daemons
{
"authorization-plugins": [],
"data-root": "",
"dns": [],
"dns-opts": [],
"dns-search": [],
"exec-opts": [],
"exec-root": "",
"experimental": false,
"storage-driver": "",
"storage-opts": [],
"labels": [],
"live-restore": true,
"log-driver": "",
"log-opts": {},
"mtu": 0,
"pidfile": "",
"cluster-store": "",
"cluster-store-opts": {},
"cluster-advertise": "",
"max-concurrent-downloads": 3,
"max-concurrent-uploads": 5,
"default-shm-size": "64M",
"shutdown-timeout": 15,
"debug": true,
"hosts": [],
"log-level": "",
"tls": true,
"tlsverify": true,
"tlscacert": "",
"tlscert": "",
"tlskey": "",
"swarm-default-advertise-addr": "",
"api-cors-header": "",
"selinux-enabled": false,
"userns-remap": "",
"group": "",
"cgroup-parent": "",
"default-ulimits": {},
"init": false,
"init-path": "/usr/libexec/docker-init",
"ipv6": false,
"iptables": false,
"ip-forward": false,
"ip-masq": false,
"userland-proxy": false,
"userland-proxy-path": "/usr/libexec/docker-proxy",
"ip": "0.0.0.0",
"bridge": "",
"bip": "",
"fixed-cidr": "",
"fixed-cidr-v6": "",
"default-gateway": "",
"default-gateway-v6": "",
"icc": false,
"raw-logs": false,
"allow-nondistributable-artifacts": [],
"registry-mirrors": [],
"seccomp-profile": "",
"insecure-registries": [],
"disable-legacy-registry": false,
"no-new-privileges": false,
"default-runtime": "runc",
"oom-score-adjust": -500,
"runtimes": {
"runc": {
"path": "runc"
},
"custom": {
"path": "/usr/local/bin/my-runc-replacement",
"runtimeArgs": [
"--debug"
]
}
}
}
dockerd守护进程的C/S,其默认仅监听Unix SOcket格式的地址,/var/run/docker.sock;如果使用TCP套接字,
/etc/docker/daemon.json:
"hosts": ["tcp://0.0.0.0:2375"]
也可向dockerd直接传递“-H|--host”选项;
自定义docker0桥的网络属性信息:/etc/docker/daemon.json文件
{
"bip": "192.168.1.5/24",
"fixed-cidr": "10.20.0.0/16",
"fixed-cidr-v6": "2001:db8::/64",
"mtu": 1500,
"default-gateway": "10.20.1.1",
"default-gateway-v6": "2001:db8:abcd::89",
"dns": ["10.20.1.2","10.20.1.3"]
}
核心选项为bip,即bridge ip之意,用于指定docker0桥自身的IP地址;其它选项可通过此地址计算得出。
文档路径:
https://docs.docker.com/engine/userguide/networking/default_network/custom-docker0/
容器构建示例:
https://github.com/mysql/mysql-docker
容器的资源限制:
CPU:
RAM:
Device:
--device-read-bps value Limit read rate (bytes per second) from a device (default [])
--device-read-iops value Limit read rate (IO per second) from a device (default [])
--device-write-bps value Limit write rate (bytes per second) to a device (default [])
--device-write-iops value Limit write rate (IO per second) to a device (default [])
Docker private Registry的Nginx反代配置方式:
client_max_body_size 0;
location / {
proxy_pass http://registrysrvs;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
auth_basic "Docker Registry Service";
auth_basic_user_file "/etc/nginx/.ngxpasswd";
}
Docker-distribution配置文件格式详细信息:
https://docs.docker.com/registry/configuration/#list-of-configuration-options
Kubernetes
架构:master/agent
master主机:
kube-apiserver
kube-scheduler
kube-controller-manager
agent主机(node):
kubelet
container runtime(docker/rkt/...)
kube-proxy
容器编排三套解决方案:
kubernetes
mesos+marathon
machine+swarn+compose
Kubernetes:
组件:master, nodes, database(k/v store)
master:apiserver, controller-manager, scheduler
nodes: kubelet, kube-proxy, container runtime
核心术语:
Pod, label, service, ingress
网络插件:flannel, ...
Kubernetes-1.8安装:
yum 仓库:
https://yum.kubernetes.io/
https://packages.cloud.google.com/yum/repos
Kubernetes Cluster:
环境:
master, etcd:172.18.0.67
node1:172.18.0.68
node2:172.18.0.69
前提:
1、基于主机名通信:/etc/hosts;
2、时间同步;
3、关闭firewalld和iptables.service;
OS:CentOS 7.3.1611, Extras仓库中;
安装配置步骤:
1、etcd cluster,仅master节点;
2、flannel,集群的所有节点;
3、配置k8s的master:仅master节点;
kubernetes-master
启动的服务:
kube-apiserver, kube-scheduler, kube-controller-manager
4、配置k8s的各Node节点;
kubernetes-node
先设定启动docker服务;
启动的k8s的服务:
kube-proxy, kubelet
deployment示例:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
Unique key of the Deployment instance
name: deployment-example
spec:
2 Pods should exist at all times.
replicas: 2
template:
metadata:
labels:
# Apply this label to pods and default
# the Deployment label selector to this value
app: nginx
spec:
containers:
- name: nginx
# Run this image
image: nginx:1.12
service示例:
kind: Service
apiVersion: v1
metadata:
# Unique key of the Service instance
name: nginx-example
spec:
ports:
# Accept traffic sent to port 80
- name: http
port: 80
targetPort: 80
selector:
# Loadbalance traffic across Pods matching
# this label selector
app: nginx
# Create an HA proxy in the cloud provider
# with an External IP address - *Only supported
# by some cloud providers*
type: LoadBalancer
Docker Compose
MySQL:
mysql: ### 容器名称
image: mysql:5.7 ### 官方镜像 版本号5.7
volumes:
- mysql-data:/var/lib/mysql ### 数据卷,mysql数据就存放在这里
ports:
- "3306:3306" ###端口映射,主机端口:容器对外端口
environment:
- MYSQL_ROOT_PASSWORD=123456 ### 设置环境变量,这个变量名是官方镜像定义的。
PHP:
php-fpm:
build:
context: ./php ### 自定义PHP镜像的配置目录
volumes:
- ./www:/var/www/html ### 主机文件与容器文件映射共享,PHP代码存这里
expose:
- "9000" ### 容器对外暴露的端口
depends_on:
- mysql ### 依赖并链接Mysql容器,这样在PHP容器就可以通过mysql作为主机名来访问Mysql容器了
Nginx:
nginx:
build:
context: ./nginx ### 自定义Nginx镜像的配置目录
volumes:
- ./www:/var/www/html 主机文件与容器文件映射共享,PHP代码存这里
ports:
- "80:80" ### 端口映射,如果你主机80端口被占用,可以用8000:80
- "443:443"
depends_on:
- php-fpm ### 依赖并连接PHP容器,这样在Nginx容器就可以通过php-fpm作为主机名来访问PHP容器了