【Docker】Docker Swarm介绍与环境搭建

为什么不建议在生产环境中使用Docker Compose

  • 多机器如何管理?
  • 如何跨机器做scale横向扩展?
  • 容器失败退出时如何新建容器确保服务正常运行?
  • 如何确保零宕机时间?
  • 如何管理密码,Key等敏感数据?

Docker Swarm介绍

Docker Swarm是Docker官方推出的容器集群管理工具,基于Go语言实现。使用它可以将多个Docker主机封装为单个大型的虚拟Docker主机,快速打造一套容器云平台。

Docker Swarm是生产环境中运行Docker应用程序最简单的方法。作为容器集群管理器,Swarm最大的优势之一就是100%支持标准的Docker API。各种基于标准API的工具比如Compose、docker-py、各种管理软件,甚至 Docker本身等都可以很容易的与Swarm进行集成。大大方便了用户将原先基于单节点的系统移植到Swarm上,同时Swarm内置了对 Docker网络插件的支持,用户可以很容易地部署跨主机的容器集群服务。

Docker Swarm和Docker Compose一样,都是Docker官方容器编排工具,但不同的是,Docker Compose是一个在单个服务器或主机上创建多个容器的工具,而Docker Swarm则可以在多个服务器或主机上创建容器集群服务,对于微服务的部署,显然Docker Swarm会更加适合。

【Docker】Docker Swarm介绍与环境搭建_第1张图片
Swarm的基本架构

【Docker】Docker Swarm介绍与环境搭建_第2张图片

Swarm单节点快速上手

激活Docker Swarm

docker info这个命令可以查看我们的docker engine有没有激活swarm模式, 默认是没有的,我们会看到

$ docker info | grep Swarm
 Swarm: inactive

激活swarm,有两个方法:

  • 初始化一个swarm集群,自己成为manager
  • 加入一个已经存在的swarm集群

初始化一个swarm集群,自己成为manager:

$ docker swarm init --advertise-addr 192.168.0.13
Swarm initialized: current node (1iohpmz3jxqecpeixv77bkz6k) is now a manager.

To add a worker to this swarm, run the following command:

    docker swarm join --token SWMTKN-1-45kligs4iwu0sqdy2xxvf4mrauggwc5hlmo7sj9u5ve5cjtek4-54bo11h1uwa6yfva1jf9g2blb 192.168.0.13:2377

To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.

加入一个已经存在的swarm集群:

$ docker swarm join --token SWMTKN-1-45kligs4iwu0sqdy2xxvf4mrauggwc5hlmo7sj9u5ve5cjtek4-54bo11h1uwa6yfva1jf9g2blb 192.168.0.13:2377

查看swarm集群中的机器节点:

$ docker node ls
ID                            HOSTNAME   STATUS    AVAILABILITY   MANAGER STATUS   ENGINE VERSION
xk8ryecmxfqu65zvsgk41h8cd *   node1      Ready     Active         Leader           24.0.2

再次使用docker info这个命令可以看到我们的docker engine已经激活swarm模式:

$ docker info | grep Swarm
 Swarm: active

docker swarm init 背后发生了什么

主要是PKI和安全相关的自动化

  • 创建swarm集群的根证书
  • manager节点的证书
  • 其它节点加入集群需要的tokens
  • 创建Raft数据库用于存储证书,配置,密码等数据

RAFT相关资料

  • http://thesecretlivesofdata.com/raft/
  • https://raft.github.io/
  • https://docs.docker.com/engine/swarm/raft/

Swarm三节点集群搭建

创建3节点swarm cluster的方法

  • https://labs.play-with-docker.com/网站,优点是快速方便,缺点是环境不持久,4个小时后环境会被重置
  • 在本地通过虚拟化软件搭建Linux虚拟机,优点是稳定,方便,缺点是占用系统资源,需要电脑内存最好8G及其以上
  • 在云上使用云主机, 亚马逊,Google,微软Azure,阿里云,腾讯云等,缺点是需要消耗金钱(但是有些云服务,有免费试用)

多节点的环境涉及到机器之间的通信需求,所以防火墙和网络安全策略组是大家一定要考虑的问题,特别是在云上使用云主机的情况,下面这些端口记得打开防火墙以及设置安全策略组:

  • Port 2377 TCP for communication with and between manager nodes
  • Port 7946 TCP/UDP for overlay network node discovery
  • Port 4789 UDP (configurable) for overlay network traffic

为了简化,以上所有端口都允许节点之间自由访问就行。

添加2个节点到Swarm

主机规划:

  • 192.168.0.13:manager
  • 192.168.0.12:worker
  • 192.168.0.11:worker

添加192.168.0.12到Swarm:

$ docker swarm join --token SWMTKN-1-45kligs4iwu0sqdy2xxvf4mrauggwc5hlmo7sj9u5ve5cjtek4-54bo11h1uwa6yfva1jf9g2blb 192.168.0.13:2377
This node joined a swarm as a worker.

添加192.168.0.11到Swarm:

$ docker swarm join --token SWMTKN-1-45kligs4iwu0sqdy2xxvf4mrauggwc5hlmo7sj9u5ve5cjtek4-54bo11h1uwa6yfva1jf9g2blb 192.168.0.13:2377
This node joined a swarm as a worker.

查看Swarm中的节点:

$ docker node ls
ID                            HOSTNAME   STATUS    AVAILABILITY   MANAGER STATUS   ENGINE VERSION
1iohpmz3jxqecpeixv77bkz6k *   node1      Ready     Active         Leader           24.0.2
k7sl3sg1x193nalsdjs6dw20w     node2      Ready     Active                          24.0.2
aitp94gxkvg997b5qev271v2y     node3      Ready     Active                          24.0.2

ID后面的*表示的是当前节点,docker node ls需要在manager节点执行。

发布一个service到swarm

可以使用docker service create来创建一个service:

$ docker service create --replicas 1 --name helloworld alpine ping docker.com
dq7ch2rdyijjvuh03k6sorw3q
overall progress: 1 out of 1 tasks
1/1: running   [==================================================>]
verify: Service converged

可以使用docker service ls查看启动了哪些服务:

$ docker service ls
ID             NAME         MODE         REPLICAS   IMAGE           PORTS
dq7ch2rdyijj   helloworld   replicated   1/1        alpine:latest

查看service详情

可以使用docker service inspect来查看service的详情:

$ docker service inspect helloworld
[
    {
        "ID": "dq7ch2rdyijjvuh03k6sorw3q",
        "Version": {
            "Index": 21
        },
        "CreatedAt": "2023-10-12T02:28:33.280090826Z",
        "UpdatedAt": "2023-10-12T02:28:33.280090826Z",
        "Spec": {
            "Name": "helloworld",
            "Labels": {},
            "TaskTemplate": {
                "ContainerSpec": {
                    "Image": "alpine:latest@sha256:eece025e432126ce23f223450a0326fbebde39cdf496a85d8c016293fc851978",
                    "Args": [
                        "ping",
                        "docker.com"
                    ],
                    "Init": false,
                    "StopGracePeriod": 10000000000,
                    "DNSConfig": {},
                    "Isolation": "default"
                },
                "Resources": {
                    "Limits": {},
                    "Reservations": {}
                },
                "RestartPolicy": {
                    "Condition": "any",
                    "Delay": 5000000000,
                    "MaxAttempts": 0
                },
                "Placement": {
                    "Platforms": [
                        {
                            "Architecture": "amd64",
                            "OS": "linux"
                        },
                        {
                            "OS": "linux"
                        },
                        {
                            "OS": "linux"
                        },
                        {
                            "Architecture": "arm64",
                            "OS": "linux"
                        },
                        {
                            "Architecture": "386",
                            "OS": "linux"
                        },
                        {
                            "Architecture": "ppc64le",
                            "OS": "linux"
                        },
                        {
                            "Architecture": "s390x",
                            "OS": "linux"
                        }
                    ]
                },
                "ForceUpdate": 0,
                "Runtime": "container"
            },
            "Mode": {
                "Replicated": {
                    "Replicas": 1
                }
            },
            "UpdateConfig": {
                "Parallelism": 1,
                "FailureAction": "pause",
                "Monitor": 5000000000,
                "MaxFailureRatio": 0,
                "Order": "stop-first"
            },
            "RollbackConfig": {
                "Parallelism": 1,
                "FailureAction": "pause",
                "Monitor": 5000000000,
                "MaxFailureRatio": 0,
                "Order": "stop-first"
            },
            "EndpointSpec": {
                "Mode": "vip"
            }
        },
        "Endpoint": {
            "Spec": {}
        }
    }
]

可以加上--pretty参数输出可读性更好的内容格式:

$ docker service inspect --pretty helloworld

ID:             dq7ch2rdyijjvuh03k6sorw3q
Name:           helloworld
Service Mode:   Replicated
 Replicas:      1
Placement:
UpdateConfig:
 Parallelism:   1
 On failure:    pause
 Monitoring Period: 5s
 Max failure ratio: 0
 Update order:      stop-first
RollbackConfig:
 Parallelism:   1
 On failure:    pause
 Monitoring Period: 5s
 Max failure ratio: 0
 Rollback order:    stop-first
ContainerSpec:
 Image:         alpine:latest@sha256:eece025e432126ce23f223450a0326fbebde39cdf496a85d8c016293fc851978
 Args:          ping docker.com
 Init:          false
Resources:
Endpoint Mode:  vip

可以使用docker service ps查看service运行在哪些node上:

$ docker service ps helloworld
ID             NAME           IMAGE           NODE      DESIRED STATE   CURRENT STATE           ERROR     PORTS
8xi2hbecua0s   helloworld.1   alpine:latest   node2     Running         Running 7 minutes ago

也可以使用docker ps在node2上查看启动了哪些容器:

$ docker ps
CONTAINER ID   IMAGE           COMMAND             CREATED         STATUS         PORTS     NAMES
9acee1709671   alpine:latest   "ping docker.com"   9 minutes ago   Up 9 minutes             helloworld.1.8xi2hbecua0s278o91jmod8li

对service进行扩容和缩容

可以使用docker service scale对服务进行扩容和缩容,任务数量比原来的多就是扩容,任务数量比原来的少就是缩容:

$ docker service scale helloworld=5
helloworld scaled to 5
overall progress: 5 out of 5 tasks
1/5: running   [==================================================>]
2/5: running   [==================================================>]
3/5: running   [==================================================>]
4/5: running   [==================================================>]
5/5: running   [==================================================>]
verify: Service converged

$ docker service ps helloworld
ID             NAME           IMAGE         service  NODE      DESIRED STATE   CURRENT STATE            ERROR     PORTS
8xi2hbecua0s   helloworld.1   alpine:latest   node2     Running         Running 31 minutes ago
72s13jwy17fh   helloworld.2   alpine:latest   node1     Running         Running 21 seconds ago
l7js9yqaoela   helloworld.3   alpine:latest   node3     Running         Running 21 seconds ago
kyj28313lqng   helloworld.4   alpine:latest   node3     Running         Running 21 seconds ago
pzbgzk1hrihp   helloworld.5   alpine:latest   node2     Running         Running 22 seconds ago

删除一个service

可以使用docker service rm来删除一个service

$ docker service rm helloworld
helloworld

$ docker service ls
ID        NAME      MODE      REPLICAS   IMAGE     PORTS

滚动更新service

$ docker service create --replicas 3 --name redis --update-delay 10s redis:3.0.6
p7x6a22i3pagnpvt9pyrzack8
overall progress: 3 out of 3 tasks
1/3: running   [==================================================>]
2/3: running   [==================================================>]
3/3: running   [==================================================>]
verify: Service converged
[node1] (local) [email protected] ~
$ docker service ps redis
ID             NAME      IMAGE         NODE      DESIRED STATE   CURRENT STATE            ERROR     PORTS
tynsv7a56x1t   redis.1   redis:3.0.6   node1     Running         Running 23 seconds ago
55c4yfweaja7   redis.2   redis:3.0.6   node2     Running         Running 22 seconds ago
r3hcrtgxlehp   redis.3   redis:3.0.6   node3     Running         Running 23 seconds ago
[node1] (local) [email protected] ~
$
[node1] (local) [email protected] ~
$ docker service inspect --pretty redis

ID:             p7x6a22i3pagnpvt9pyrzack8
Name:           redis
Service Mode:   Replicated
 Replicas:      3
Placement:
UpdateConfig:
 Parallelism:   1
 Delay:         10s
 On failure:    pause
 Monitoring Period: 5s
 Max failure ratio: 0
 Update order:      stop-first
RollbackConfig:
 Parallelism:   1
 On failure:    pause
 Monitoring Period: 5s
 Max failure ratio: 0
 Rollback order:    stop-first
ContainerSpec:
 Image:         redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842
 Init:          false
Resources:
Endpoint Mode:  vip

redis:3.0.6滚动升级为redis:3.0.7

$ docker service update --image redis:3.0.7 redis
redis
overall progress: 3 out of 3 tasks
1/3: running   [==================================================>]
2/3: running   [==================================================>]
3/3: running   [==================================================>]
verify: Service converged
[node1] (local) [email protected] ~
$ docker service inspect --pretty redis

ID:             p7x6a22i3pagnpvt9pyrzack8
Name:           redis
Service Mode:   Replicated
 Replicas:      3
UpdateStatus:
 State:         completed
 Started:       About a minute ago
 Completed:     22 seconds ago
 Message:       update completed
Placement:
UpdateConfig:
 Parallelism:   1
 Delay:         10s
 On failure:    pause
 Monitoring Period: 5s
 Max failure ratio: 0
 Update order:      stop-first
RollbackConfig:
 Parallelism:   1
 On failure:    pause
 Monitoring Period: 5s
 Max failure ratio: 0
 Rollback order:    stop-first
ContainerSpec:
 Image:         redis:3.0.7@sha256:730b765df9fe96af414da64a2b67f3a5f70b8fd13a31e5096fee4807ed802e20
 Init:          false
Resources:
Endpoint Mode:  vip

[node1] (local) [email protected] ~
$ docker service ps redis
ID             NAME          IMAGE         NODE      DESIRED STATE   CURRENT STATE                 ERROR     PORTS
sard15sxoo3b   redis.1       redis:3.0.7   node1     Running         Running about a minute ago
tynsv7a56x1t    \_ redis.1   redis:3.0.6   node1     Shutdown        Shutdown about a minute ago
xzkhsd9nuqxj   redis.2       redis:3.0.7   node2     Running         Running 53 seconds ago
55c4yfweaja7    \_ redis.2   redis:3.0.6   node2     Shutdown        Shutdown 58 seconds ago
jkadyq5a9ekq   redis.3       redis:3.0.7   node3     Running         Running about a minute ago
r3hcrtgxlehp    \_ redis.3   redis:3.0.6   node3     Shutdown        Shutdown about a minute ago

移除一个节点

现在的节点情况:

$ docker service ps redis
ID             NAME          IMAGE         NODE      DESIRED STATE   CURRENT STATE            ERROR     PORTS
sard15sxoo3b   redis.1       redis:3.0.7   node1     Running         Running 4 minutes ago
xzkhsd9nuqxj   redis.2       redis:3.0.7   node2     Running         Running 3 minutes ago
jkadyq5a9ekq   redis.3       redis:3.0.7   node3     Running         Running 4 minutes ago

$ docker node ls
ID                            HOSTNAME   STATUS    AVAILABILITY   MANAGER STATUS   ENGINE VERSION
bbg9dqcotcgfe2ikgyjgc7nge *   node1      Ready     Active         Leader           24.0.2
7kj69w9cdpyawh54fumibuu0u     node2      Ready     Active                          24.0.2
x8x5ox0e6pfx4jg311m564a45     node3      Ready     Active                          24.0.2

可以使用docker node update --availability drain来将一个节点排除:

$ docker node update --availability drain node2
node2

可以使用docker node inspect来查看节点的详情:

$ docker node inspect --pretty node2
ID:                     7kj69w9cdpyawh54fumibuu0u
Hostname:               node2
Joined at:              2023-10-12 03:40:28.774753447 +0000 utc
Status:
 State:                 Ready
 Availability:          Drain
。。。

Availability已经变为Drain

再来看看redis的实例少了没:

$ docker service ps redis
ID             NAME          IMAGE         NODE      DESIRED STATE   CURRENT STATE             ERROR     PORTS
sard15sxoo3b   redis.1       redis:3.0.7   node1     Running         Running 5 minutes ago
mxukqpq3xb5h   redis.2       redis:3.0.7   node1     Running         Running 53 seconds ago
xzkhsd9nuqxj    \_ redis.2   redis:3.0.7   node2     Shutdown        Shutdown 54 seconds ago
jkadyq5a9ekq   redis.3       redis:3.0.7   node3     Running         Running 5 minutes ago

发现原来部署在node2上的redis容器停止了,自动在node1上启动了一个新的redis容器。

可以使用docker node update --availability active命令将node2重新激活:

$ docker node update --availability active node2
node2

$ docker node inspect --pretty node2
ID:                     7kj69w9cdpyawh54fumibuu0u
Hostname:               node2
Joined at:              2023-10-12 03:40:28.774753447 +0000 utc
Status:
 State:                 Ready
 Availability:          Active
 Address:               192.168.0.12
。。。。。。

你可能感兴趣的:(CI/CD/CM,1024程序员节,ci,cd,docker,swarm)