Docker——阿里云搭建Docker Swarm集群
阿里云搭建Docker Swarm集群
- Docker Swarm概念
-
- 环境部署
- Swarm集群搭建
-
- 安装Docker
- 配置阿里云镜像加速
- 搭建集群
- Raft一致性算法
- Swarm集群弹性创建服务(扩缩容)
-
- 概念总结
- 服务副本与全局服务
- Docker Stack
- Docker Secret
Docker Swarm概念
- Docker Swarm是Docker公司开发的容器集群管理服务。从1.12.0版本开始,已经是Docker安装后自带的一部分(捆绑软件)了,又称为Swarm Mode,无需额外安装。
- 与Kubernetes相比,Docker Swarm是一个简单的软件,似乎不堪大用。 但是它与
docker-compose兼容的优点,可以弥补一切。 对于没有集群使用经验的小白,用Docker Swarm起步,是一个很好的选择。 Docker Swarm,主要包含以下概念:- Swarm
- Node
- Stack
- Service
- Task
- Load balancing
环境部署
- 购买四台阿里云服务器
Swarm集群搭建
安装Docker
#Xshell使用发送键到所有会话
#安装gcc环境
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# yum -y install gcc gcc-c++
#卸载旧版本
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
#安装需要的软件包
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# yum install -y yum-utils
#设置国内镜像仓库
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
#更新yum软件包索引
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# yum makecache fast
#安装docker
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# yum install -y docker-ce docker-ce-cli containerd.io
#启动Docker
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# systemctl start docker
#测试命令
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker version
配置阿里云镜像加速
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# mkdir -p /etc/docker
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# tee /etc/docker/daemon.json <<-'EOF'
> {
> "registry-mirrors": ["https://k68iw3ol.mirror.aliyuncs.com"]
> }
> EOF
{
"registry-mirrors": ["https://k68iw3ol.mirror.aliyuncs.com"]
}
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# systemctl daemon-reload
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# systemctl restart docker
- https://docs.docker.com/engine/swarm/
- 工作模式
- 节点的概念,操作都在
Manager - 管理节点
Manager - 工作节点
Worker
- 节点的概念,操作都在
Service
搭建集群
docker swarm --help
| 参数 | 说明 |
|---|---|
ca |
显示根CA |
init |
初始化集群 |
join |
作为节点和/或管理者加入集群 |
join-token |
管理联接令牌 |
leave |
离开集群 |
unlock |
解锁swarm |
unlock-key |
管理解锁钥匙 |
update |
更新swarm集群 |
#取消Xshell发送键到所有会话功能
网络分为公网和私网,私网不要钱,所以我们选择私网 ^.^
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# ip a
inet 172.20.230.69/20 #查看主节点内网ip地址
#配置当前服务器为主节点
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker swarm init --advertise-addr 172.20.230.69
Swarm initialized: current node (zk59xicx2g4i8otyc38y534up) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-0b3vfe36f8dylni6k4cvs6domv9bv2rk3z9bncm5xd3iwtet9p-4f9ck9ouj6vlt0o21a0gc4w4m 172.20.230.69:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
#如果想添加一个管理节点,可以使用 docker swarm join-token manager进行管理
获取令牌:令牌的两种角色
docker swarm join-token manager
docker swarm join-token worker
#如果节点角色添加错误,使用如下命令离开集群
[root@iZ2vc78wcid7zh9m0ohptcZ ~]# docker swarm leave --force
Node left the swarm.
#在其他节点通过令牌加入集群
[root@iZ2vc78wcid7zh9m0ohptcZ ~]# docker swarm join --token SWMTKN-1-0b3vfe36f8dylni6k4cvs6domv9bv2rk3z9bncm5xd3iwtet9p-4f9ck9ouj6vlt0o21a0gc4w4m 172.20.230.69:2377
This node joined a swarm as a worker. #此节点作为工作节点加入集群
#在主节点查看节点信息
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
zk59xicx2g4i8otyc38y534up * iZ2vc78wcid7zh9m0ohptaZ Ready Active Leader 20.10.7
0562ncmx9wn7w4ujxe8kmr7ob iZ2vc78wcid7zh9m0ohptcZ Ready Active 20.10.7
#可以复制刚才的命令,也可以在主节点再次生成工作节点令牌
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker swarm join-token worker
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-0b3vfe36f8dylni6k4cvs6domv9bv2rk3z9bncm5xd3iwtet9p-4f9ck9ouj6vlt0o21a0gc4w4m 172.20.230.69:2377
#将第三台服务器加入集群
[root@iZ2vc78wcid7zh9m0ohptbZ ~]# docker swarm join --token SWMTKN-1-0b3vfe36f8dylni6k4cvs6domv9bv2rk3z9bncm5xd3iwtet9p-4f9ck9ouj6vlt0o21a0gc4w4m 172.20.230.69:2377
This node joined a swarm as a worker.
#主节点再次查看
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
zk59xicx2g4i8otyc38y534up * iZ2vc78wcid7zh9m0ohptaZ Ready Active Leader 20.10.7
zn6i80052i8efkqzh21cvzn40 iZ2vc78wcid7zh9m0ohptbZ Ready Active #没写就是工作节点 20.10.7
0562ncmx9wn7w4ujxe8kmr7ob iZ2vc78wcid7zh9m0ohptcZ Ready Active 20.10.7
#将第四台服务器作为主节点
#在主节点创建一个主节点令牌
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker swarm join-token manager
To add a manager to this swarm, run the following command:
docker swarm join --token SWMTKN-1-0b3vfe36f8dylni6k4cvs6domv9bv2rk3z9bncm5xd3iwtet9p-dujruc82bc5haxqaqanex7yyr 172.20.230.69:2377
[root@iZ2vc78wcid7zh9m0ohptdZ ~]# docker swarm join --token SWMTKN-1-0b3vfe36f8dylni6k4cvs6domv9bv2rk3z9bncm5xd3iwtet9p-dujruc82bc5haxqaqanex7yyr 172.20.230.69:2377
This node joined a swarm as a manager. #这个节点作为管理者加入了一个群
#再次从主节点查看节点信息
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
zk59xicx2g4i8otyc38y534up * iZ2vc78wcid7zh9m0ohptaZ Ready Active Leader 20.10.7
zn6i80052i8efkqzh21cvzn40 iZ2vc78wcid7zh9m0ohptbZ Ready Active 20.10.7
0562ncmx9wn7w4ujxe8kmr7ob iZ2vc78wcid7zh9m0ohptcZ Ready Active 20.10.7
ey0eah3z0oxa08grbqvumhpgu iZ2vc78wcid7zh9m0ohptdZ Ready Active Reachable 20.10.7
#Reachable是可触达的,也是manager节点, Leader和Reachable是可达的
#至此,集群搭建完毕
Raft一致性算法
- 当前双主双从搭建完毕,假设一个节点
down,其他节点能否可用? - Raft协议:保证大多数节点存活才可用!集群至少大于三台!
#假设docker-1主节点宕机
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# systemctl stop docker
#发现另外一个管理节点也不能用了
[root@iZ2vc78wcid7zh9m0ohptdZ ~]# docker node ls
Error response from daemon: rpc error: code = Unknown desc = The swarm does not have a leader. It's possible that too few managers are online. Make sure more than half of the managers are online.
#重启主节点
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# systemctl start docker
#重启之后Leader变成了iZ2vc78wcid7zh9m0ohptdZ
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
zk59xicx2g4i8otyc38y534up * iZ2vc78wcid7zh9m0ohptaZ Ready Active Reachable 20.10.7
zn6i80052i8efkqzh21cvzn40 iZ2vc78wcid7zh9m0ohptbZ Ready Active 20.10.7
0562ncmx9wn7w4ujxe8kmr7ob iZ2vc78wcid7zh9m0ohptcZ Ready Active 20.10.7
ey0eah3z0oxa08grbqvumhpgu iZ2vc78wcid7zh9m0ohptdZ Ready Active Leader 20.10.7
#将docker-3离开集群
[root@iZ2vc78wcid7zh9m0ohptbZ ~]# docker swarm leave
Node left the swarm.
#iZ2vc78wcid7zh9m0ohptbZ状态变为down
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
zk59xicx2g4i8otyc38y534up * iZ2vc78wcid7zh9m0ohptaZ Ready Active Reachable 20.10.7
zn6i80052i8efkqzh21cvzn40 iZ2vc78wcid7zh9m0ohptbZ Down Active 20.10.7
0562ncmx9wn7w4ujxe8kmr7ob iZ2vc78wcid7zh9m0ohptcZ Ready Active 20.10.7
ey0eah3z0oxa08grbqvumhpgu iZ2vc78wcid7zh9m0ohptdZ Ready Active Leader 20.10.7
#将iZ2vc78wcid7zh9m0ohptbZ也作为管理节点加入集群
#在管理节点生成令牌
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker swarm join-token manager
To add a manager to this swarm, run the following command:
docker swarm join --token SWMTKN-1-0b3vfe36f8dylni6k4cvs6domv9bv2rk3z9bncm5xd3iwtet9p-dujruc82bc5haxqaqanex7yyr 172.20.230.69:2377
#将iZ2vc78wcid7zh9m0ohptbZ作为管理节点加入
[root@iZ2vc78wcid7zh9m0ohptbZ ~]# docker swarm join --token SWMTKN-1-0b3vfe36f8dylni6k4cvs6domv9bv2rk3z9bncm5xd3iwtet9p-dujruc82bc5haxqaqanex7yyr 172.20.230.69:2377
This node joined a swarm as a manager.
#再次查看节点信息,中间显示down已经跟bz节点没有关系了
[root@iZ2vc78wcid7zh9m0ohptbZ ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
zk59xicx2g4i8otyc38y534up iZ2vc78wcid7zh9m0ohptaZ Ready Active Reachable 20.10.7
96l3fj0h78efdeii7wzez2812 * iZ2vc78wcid7zh9m0ohptbZ Ready Active Reachable 20.10.7
zn6i80052i8efkqzh21cvzn40 iZ2vc78wcid7zh9m0ohptbZ Down Active 20.10.7
0562ncmx9wn7w4ujxe8kmr7ob iZ2vc78wcid7zh9m0ohptcZ Ready Active 20.10.7
ey0eah3z0oxa08grbqvumhpgu iZ2vc78wcid7zh9m0ohptdZ Ready Active Leader 20.10.7
#目前3台机器设置为了管理节点,之前设置双主down掉一台就无法使用了,现在有三台再做一次测试
#再次停止主节点
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# systemctl stop docker
#主节点提示Unreachable不可达
#但是另外两台管理节点仍可用
[root@iZ2vc78wcid7zh9m0ohptdZ ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
zk59xicx2g4i8otyc38y534up iZ2vc78wcid7zh9m0ohptaZ Down Active Unreachable 20.10.7
96l3fj0h78efdeii7wzez2812 iZ2vc78wcid7zh9m0ohptbZ Ready Active Reachable 20.10.7
zn6i80052i8efkqzh21cvzn40 iZ2vc78wcid7zh9m0ohptbZ Down Active 20.10.7
0562ncmx9wn7w4ujxe8kmr7ob iZ2vc78wcid7zh9m0ohptcZ Ready Active 20.10.7
ey0eah3z0oxa08grbqvumhpgu * iZ2vc78wcid7zh9m0ohptdZ Ready Active Leader 20.10.7
[root@iZ2vc78wcid7zh9m0ohptbZ ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
zk59xicx2g4i8otyc38y534up iZ2vc78wcid7zh9m0ohptaZ Down Active Unreachable 20.10.7
96l3fj0h78efdeii7wzez2812 * iZ2vc78wcid7zh9m0ohptbZ Ready Active Reachable 20.10.7
zn6i80052i8efkqzh21cvzn40 iZ2vc78wcid7zh9m0ohptbZ Down Active 20.10.7
0562ncmx9wn7w4ujxe8kmr7ob iZ2vc78wcid7zh9m0ohptcZ Ready Active 20.10.7
ey0eah3z0oxa08grbqvumhpgu iZ2vc78wcid7zh9m0ohptdZ Ready Active Leader 20.10.7
- 集群,可用!至少3个主节点 随时 >1台管理节点存活!否则不可用!
- Raft协议:保证大多数节点存活,才可以使用,高可用!
Swarm集群弹性创建服务(扩缩容)
docker service --help
| 参数 | 说明 |
|---|---|
create |
创建新服务 |
inspect |
显示一个或多个服务的详细信息 |
logs |
获取服务或任务的日志 |
ls |
列出服务 |
ps |
列出一个或多个服务的任务 |
rm |
删除一个或多个服务 |
rollback |
恢复对服务配置的更改 |
scale |
扩展一个或多个复制服务 |
update |
更新服务 |
#通过docker service启动一个项目
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker service create -p 8888:80 --name my-nginx nginx
m7hheqvgr99y9kf28w38hid0d
overall progress: 1 out of 1 tasks
1/1: running [==================================================>]
verify: Service converged
#docker run 容器启动!不具备扩缩容容器
#docker service 服务!具有扩缩容器,滚动更新
#查看服务
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker service ps my-nginx
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
39jbwrwdln02 my-nginx.1 nginx:latest iZ2vc78wcid7zh9m0ohptcZ Running Running 2 minutes ago
#REPLICAS副本,只存在一个节点上
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
m7hheqvgr99y my-nginx replicated 1/1 nginx:latest *:8888->80/tcp
#查看详细信息
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker service inspect my-nginx
#副本启动再cz上,是随机分部在管理节点上的
[root@iZ2vc78wcid7zh9m0ohptcZ ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2100d7739f58 nginx:latest "/docker-entrypoint.…" 6 minutes ago Up 6 minutes 80/tcp my-nginx.1.39jbwrwdln0275oj1e2rycncm
#动态扩缩容,创建三个副本
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker service update --replicas 3 my-nginx
my-nginx
overall progress: 3 out of 3 tasks
1/3: running [==================================================>]
2/3: running [==================================================>]
3/3: running [==================================================>]
verify: Service converged
#使用docker ps 在其余节点查看服务分配情况
- 访问四台服务器的ip都可以
- 端口号需要在阿里云安全组放行
#动态扩容10个副本
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker service update --replicas 10 my-nginx
my-nginx
overall progress: 10 out of 10 tasks
1/10: running [==================================================>]
2/10: running [==================================================>]
3/10: running [==================================================>]
4/10: running [==================================================>]
5/10: running [==================================================>]
6/10: running [==================================================>]
7/10: running [==================================================>]
8/10: running [==================================================>]
9/10: running [==================================================>]
10/10: running [==================================================>]
verify: Service converged
#只要是个服务,集群中的任意节点都可以访问!服务可用有多个副本动态扩缩容实现高可用
#动态缩容
#实现服务的高可用
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker service update --replicas 1 my-nginx
my-nginx
overall progress: 1 out of 1 tasks
1/1: running [==================================================>]
verify: Service converged
#当前只有一个副本,可用使用scale进行扩容,与update同样的用法
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
m7hheqvgr99y my-nginx replicated 1/1 nginx:latest *:8888->80/tcp
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker service scale my-nginx=5
my-nginx scaled to 5
overall progress: 5 out of 5 tasks
1/5: running [==================================================>]
2/5: running [==================================================>]
3/5: running [==================================================>]
4/5: running [==================================================>]
5/5: running [==================================================>]
verify: Service converged
#移除服务
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker service rm my-nginx
my-nginx
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
概念总结
Swarm- 集群的管理和编号。docker可以初始化一个swarm集群,其他节点可以加入。(管理、工作者)
Node- 就是一个docker节点,多个节点组成一个网络集群
Service- 任务,可用在管理节点或工作节点运行,核心,用户访问!
Task任务- 容器内部的命令,细节任务!
- 容器内部的命令,细节任务!
- 命令 -> 管理 -> api -> 调度 -> 工作节点(创建Task容器维护创建)
服务副本与全局服务
- 调整service以什么方式运行
--mode string
service mode (replicated or globa1) (default "replicated")
docker service create --mode rep7icated --name mytom tomcat:7 默认的
docker service create --mode global --name haha alpine ping baidu.com
#场景?日志收集
每一个节点有自己的日志收集器,过滤。把所有日志最终再传给日志中心
服务监控,状态性能。
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker service create -p 8888:80 --name my-nginx nginx
#查看详细信息
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker service inspect my-nginx
#动态扩容
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker service scale my-nginx=5
#再次查看细节
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker service inspect my-nginx
#网络模式
"PublishMode":"ingress"
Swarm中有三个重要的网络
默认ingress网络
ingress:特殊的Overlay网络,具有负载均衡的功能!
[root@iZ2vc78wcid7zh9m0ohptaZ ~]# docker network inspect ingress
虽然docker在4台机器上,实际上网络是同一个!ingress网络,是一个特殊的Overlay网络
网络变成一个整体!
Docker Stack
Docker-compose单机部署项目Docker Stack部署,集群部署!
docker stack
| 参数 | 说明 |
|---|---|
deploy |
部署新堆栈或更新现有堆栈 |
ls |
列出堆栈 |
ps |
列出堆栈中的任务 |
rm |
移除一个或多个堆栈 |
services |
列出堆栈中的服务 |
#单机
docker-compose up -d wordpress.yaml
#集群
docker stack deploy wordpress.yaml
#例
version: '3.4'
services:
mongo:
image: mongo
restart: always
networks:
- mongo_network
deploy:
restart_policy:
condition: on-failure
replicas: 2 #副本数为两个
mongo-express:
image: mongo-express
restart: always
networks:
- mongo_network
ports:
- target: 8081
published: 80
protocol: tcp
mode: ingress
environment:
ME_CONFIG_MONGODB_SERVER: mongo
ME_CONFIG_MONGODB_PORT: 27017
deploy:
restart_policy:
condition: on-failure
replicas: 1
networks:
mongo_network:
external: true
Docker Secret
- 安全!配置密码加密,证书等!
docker secret --help
| 参数 | 说明 |
|---|---|
create |
创建一个证书 |
inspect |
查看证书细节内容 |
ls |
列出证书 |
rm |
删除一个或多个证书 |