Swarm 是 Docker 官方提供的一款集群管理工具,其主要作用是把若干台 Docker 主机抽象为一个整体,并且通过一个入口统一管理这些 Docker 主机上的各种 Docker 资源。Swarm 和 Kubernetes 比较类似,但是更加轻,具有的功能也较 kubernetes 更少一些。
Swarm 默认内置有加密的分布式集群存储(encrypted distributed cluster store)、加密网络(Encrypted Network)、公用TLS(Mutual TLS)、安全集群接入令牌 Secure Cluster Join Token)以及一套简化数字证书管理的 PKI(Public Key Infrastructure)
。我们可以自如地添加或删除节点。
编排方面,Swarm 提供了一套丰富的 API 使得部署和管理复杂的微服务应用变得易如反掌。通过将应用定义在声明式配置文件中,就可以使用原生的 Docker 命令完成部署。此外,甚至还可以执行滚动升级
、回滚
以及扩缩容
操作,同样基于简单的命令即可完成
swarm:集群的管理和编排、docker可以出实话一个swarm集群,其它节点可以加入。
node: docker节点,多个节点就组成了一个网络集群(管理者、工作者)
service: 任务,可以在管理阶段或者工作节点来运行,用户访问
task: 容器内命令,细节任务
节点会被配置为管理节点(Manager)或工作节点(Worker)
。管理节点负责集群控制面(Control Plane),进行诸如监控集群状态、分发任务至工作节点等操作。工作节点接收来自管理节点的任务并执行。
之前文章: https://note.youdao.com/s/SzixUuRP
阿里云服务器购买
docker-compose up启动一个单机项目。集群:swarm docker service
初始化集群:
[root@iZ2ze5mk7ud364tlbpyekuZ ~]# docker swarm init --advertise-addr 172.23.56.132
获取令牌:
docker swarm join-token manager
docker swarm join-token worker
加入后:
[root@iZ2ze5mk7ud364tlbpyekuZ ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
c7e57z9se30awrv6agdi7snvd iZ2ze5mk7ud364tlbpyekrZ Ready Active Reachable 20.10.12
bquoqjgbw9ceayl4vq23b8rit iZ2ze5mk7ud364tlbpyeksZ Ready Active 20.10.12
8vioygnee92fv80a6qhn5cjvp iZ2ze5mk7ud364tlbpyektZ Ready Active 20.10.12
8ygskh5zryr69d4zlg5xrzn3e * iZ2ze5mk7ud364tlbpyekuZ Ready Active Leader 20.10.12
初始化参数:
Options:
--advertise-addr string Advertised address (format: <ip|interface>[:port]) # 连接地址(公网、私网)
--autolock Enable manager autolocking (requiring an unlock key
to start a stopped manager)
--availability string Availability of the node ("active"|"pause"|"drain")
(default "active")
--cert-expiry duration Validity period for node certificates
(ns|us|ms|s|m|h) (default 2160h0m0s)
--data-path-addr string Address or interface to use for data path traffic
(format: <ip|interface>)
--data-path-port uint32 Port number to use for data path traffic (1024 -
49151). If no value is set or is set to 0, the
default port (4789) is used.
--default-addr-pool ipNetSlice default address pool in CIDR format (default [])
--default-addr-pool-mask-length uint32 default address pool subnet mask length (default 24)
--dispatcher-heartbeat duration Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s)
--external-ca external-ca Specifications of one or more certificate signing
endpoints
--force-new-cluster Force create a new cluster from current state
--listen-addr node-addr Listen address (format: <ip|interface>[:port])
(default 0.0.0.0:2377)
--max-snapshots uint Number of additional Raft snapshots to retain
--snapshot-interval uint Number of log entries between Raft snapshots (default
10000)
--task-history-limit int Task history retention limit (default 5)
```
# docker service
```bash
[root@iZ2ze5mk7ud364tlbpyekuZ ~]# docker service --help
Usage: docker service COMMAND
Manage services
Commands:
create Create a new service
inspect Display detailed information on one or more services
logs Fetch the logs of a service or task
ls List services
ps List the tasks of one or more services
rm Remove one or more services
rollback Revert changes to a service's configuration
scale Scale one or multiple replicated services
update Update a service
Run 'docker service COMMAND --help' for more information on a command.
容器 => 服务!
容器 => 服务 => 副本(启动多个容器)
docker run 容器启动,不具备扩所容
docker service 服务,具有扩所容,滚动更新、回滚等
[root@iZ2ze5mk7ud364tlbpyekuZ ~]# docker swarm init
Swarm initialized: current node (bxnq68s034j15xfn8tffx4ixo) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-4u38dabon1phds3tucygp3mqsr9mxhxm3g1rvze4ng5pfvtzha-e4x43wlj4uboxrwkrn63ke0tf 172.23.56.132:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
[root@iZ2ze5mk7ud364tlbpyekuZ ~]# docker service create -p 8888:80 --name my-nginx nginx
5iekirjzc1dizalz2yn56ojtv
overall progress: 1 out of 1 tasks
1/1: running
verify: Service converged
[root@iZ2ze5mk7ud364tlbpyekuZ ~]# docker service ps my-nginx
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
ksbg1l4jxztf my-nginx.1 nginx:latest iZ2ze5mk7ud364tlbpyekuZ Running Running 2 minutes ago
[root@iZ2ze5mk7ud364tlbpyekuZ ~]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
5iekirjzc1di my-nginx replicated 1/1 nginx:latest *:8888->80/tcp
新增副本数:
[root@iZ2ze5mk7ud364tlbpyekuZ ~]# docker service update --replicas 3 my-nginx
my-nginx
overall progress: 1 out of 3 tasks
1/3: preparing [=================================> ]
2/3: preparing [=================================> ]
3/3: running [==================================================>]
也可以使用:docker service scale my-nginx=3
[root@iZ2ze5mk7ud364tlbpyekuZ ~]# docker service rm my-nginx
my-nginx
[root@iZ2ze5mk7ud364tlbpyekuZ ~]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
[root@iZ2ze5mk7ud364tlbpyekuZ ~]#
逻辑是不变的
命令->管理->api->调度->工作节点(创建Tas容器维护、创建)
ingress: 特殊的overlay网络,具有负载均衡的功能
overlay
swarm:
docker-compose是单机部署
docker-stack 集群部署
docker-stack
Commands:
deploy Deploy a new stack or update an existing stack
ls List stacks
ps List the tasks in the stack
rm Remove one or more stacks
services List the services in the stack
Run 'docker stack COMMAND --help' for more information on a command.
文件:
version: '3.4'
services:
mongo:
image: mongo
restart: always
networks:
- mongo_network
deploy:
restart_policy:
condition: on-failure
replicas: 2
mongo-express:
image: mongo-express
restart: always
networks:
- mongo_network
ports:
- target: 8081
published: 80
protocol: tcp
mode: ingress
environment:
ME_CONFIG_MONGODB_SERVER: mongo
ME_CONFIG_MONGODB_PORT: 27017
deploy:
restart_policy:
condition: on-failure
replicas: 1
networks:
mongo_network:
external: true
部署flask应用、滚动升级、回滚等
创建一个文件夹demo, 包含app.py,requirements.txt, Dockerfile
app.py
import time
import redis
from flask import Flask
app = Flask(__name__)
cache = redis.Redis(host='redis', port=6379)
def get_hit_count():
# 重试循环允许我们在redis服务不可用时多次尝试请求
retries = 5
while True:
try:
return cache.incr('hits')
except redis.exceptions.ConnectionError as exc:
if retries == 0:
raise exc
retries -= 1
time.sleep(0.5)
@app.route('/')
def hello():
count = get_hit_count()
return 'version 4, Hello World! I have been seen {} times.\n'.format(count)
requirements.txt
flask
redis
# syntax=docker/dockerfile:1
FROM python:3.7-alpine
WORKDIR /code
ENV FLASK_APP=app.py
ENV FLASK_RUN_HOST=0.0.0.0
RUN apk add --no-cache gcc musl-dev linux-headers
COPY requirements.txt requirements.txt
RUN pip install -r requirements.txt
EXPOSE 5000
COPY . .
CMD ["flask", "run"]
打包 & 上传到镜像仓库
docker build -t flask-demo:v1 .
docker tag xxx registry.cn-hangzhou.aliyuncs.com/docker-dong/flask-demo:v1
docker push registry.cn-hangzhou.aliyuncs.com/docker-dong/flask-demo:v1
集群中:
my.yml
version: "3.8"
services:
web:
image: registry.cn-hangzhou.aliyuncs.com/docker-dong/flask-demo:v1
restart: always
ports:
- "8888:5000"
deploy:
restart_policy:
condition: on-failure
replicas: 3
redis:
restart: always
image: "redis:alpine"
expose:
- "3306"
docker stack deploy -c my-compose.yml flask
访问web页面:
更新&回滚,调整my-compose.yml
registry.cn-hangzhou.aliyuncs.com/docker-dong/flask-demo:v2
[root@iZ2ze5mk7ud364tlbpyeksZ ~]# docker config
Usage: docker config COMMAND
Manage Docker configs
Commands:
create Create a config from a file or STDIN
inspect Display detailed information on one or more configs
ls List configs
rm Remove one or more configs
Run 'docker config COMMAND --help' for more information on a command.
安全、配置密码、证书相关
[root@iZ2ze5mk7ud364tlbpyeksZ ~]# docker secret
Usage: docker secret COMMAND
Manage Docker secrets
Commands:
create Create a secret from a file or STDIN as content
inspect Display detailed information on one or more secrets
ls List secrets
rm Remove one or more secrets
Run 'docker secret COMMAND --help' for more information on a command.