Docker Swarm 概念
概念
简单来说可以理解为:docker 容器的集群管理,分为 manager 节点和worker节点,其他节点可以加入/离开到这个集群
节点
集群中的一个机器,是以Docker Swarn 为维度的概念,集群中的容器就分布在这些节点上
服务
docker swarm 集群中的所有容器的,对外提供同一个服务,构成整个服务
任务
容器内的任务,即具体提供功能
网络
"Ports": [
{
"Protocol": "tcp",
"TargetPort": 80,
"PublishedPort": 18080,
"PublishMode": "ingress"
}
]
网络
ingress 也是一种overlay网路,内部实现了负载均衡,所有docker 实际运行在一个ingress网络里面
[root@swarm01 ~]# docker network inspect ingress
[
{
"Name": "ingress",
"Id": "uwovkdxlpynvubozhnjvg37c8",
"Created": "2021-08-30T14:14:32.277175705+08:00",
"Scope": "swarm",
"Driver": "overlay",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "10.0.0.0/24",
"Gateway": "10.0.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": true,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"18019dc5c7a9ff3feaee523533f7e3ace099d5a28885c69300b27c1bcf9e176c": {
"Name": "mynginx.6.02jx5w6z5d9tvdk7zkqmcdufv",
"EndpointID": "699e46a9a2b60d6f34ca2f0dbe0117395dc4e68eed8483484fce1eeb052a4512",
"MacAddress": "02:42:0a:00:00:18",
"IPv4Address": "10.0.0.24/24",
"IPv6Address": ""
},
"fdc759275968f832ca3f4b107074bc615fd68626c6eef51ff6a395da2b0dcdb8": {
"Name": "mynginx.1.qb2jmcxvuet3zvjqlq4ppurs4",
"EndpointID": "90eef44512386e745449f4406af48650a56f2063e671dc858b55247f67e48830",
"MacAddress": "02:42:0a:00:00:13",
"IPv4Address": "10.0.0.19/24",
"IPv6Address": ""
},
"ingress-sbox": {
"Name": "ingress-endpoint",
"EndpointID": "ecb29c63f5012d877578b8cd12d793c85889a6cea9e6218a8ba93ddebf4b3e73",
"MacAddress": "02:42:0a:00:00:02",
"IPv4Address": "10.0.0.2/24",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.driver.overlay.vxlanid_list": "4096"
},
"Labels": {},
"Peers": [
{
"Name": "d2d1dff6424e",
"IP": "192.168.130.154"
},
{
"Name": "1c5996e44049",
"IP": "192.168.130.150"
},
{
"Name": "8361369e2625",
"IP": "192.168.130.152"
},
{
"Name": "e85a5856c71e",
"IP": "192.168.130.153"
},
{
"Name": "7b077e02a60c",
"IP": "192.168.130.151"
}
]
}
]
可以看到所有机器都在这个 ingress 网络里面
Docker Stack
与 Docker-compose 相对概念,部署集群
| 方式 | 命令 | 结果 |
|---|---|---|
| docker | docker run | docker 启动单个容器(单机) |
| docker-compose | docker-compose up | docker 启动一组容器(单机) |
| docker swarm | docker service create | docker 启动单个容器(集群) |
| docker stack | docker stack deploy | docker 启动一组容器(集群) |
stack 启动文件和 compose 类似,随便扒一个,留个印象
version: "3"
services:
redis:
image: redis:alpine
ports:
- "6379"
networks:
- frontend
deploy:
replicas: 2
update_config:
parallelism: 2
delay: 10s
restart_policy:
condition: on-failure
db:
image: postgres:9.4
volumes:
- db-data:/var/lib/postgresql/data
networks:
- backend
deploy:
placement:
constraints: [node.role == manager]
result:
image: dockersamples/examplevotingapp_result:before
ports:
- 5001:80
networks:
- backend
depends_on:
- db
deploy:
replicas: 1
update_config:
parallelism: 2
delay: 10s
restart_policy:
condition: on-failure
visualizer:
image: dockersamples/visualizer:stable
ports:
- "8080:8080"
stop_grace_period: 1m30s
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
deploy:
placement:
constraints: [node.role == manager]
portainer:
image: portainer/portainer
ports:
- "9000:9000"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
deploy:
replicas: 1
placement:
constraints: [node.role == manager]
networks:
frontend:
// 连接已有网络,没找到时报错,false时,不存在对应网络时,自动创建网络然后使用
external: true
backend:
volumes:
db-data:
Docker Secret
docker 安全配置
[root@swarm01 ~]# docker secret --help
Usage: docker secret COMMAND
Manage Docker secrets
Commands:
create Create a secret from a file or STDIN as content
inspect Display detailed information on one or more secrets
ls List secrets
rm Remove one or more secrets
Run 'docker secret COMMAND --help' for more information on a command.
Docker Config
全局配置
[root@swarm01 ~]# docker config --help
Usage: docker config COMMAND
Manage Docker configs
Commands:
create Create a config from a file or STDIN
inspect Display detailed information on one or more configs
ls List configs
rm Remove one or more configs
Run 'docker config COMMAND --help' for more information on a command.