Docker swarm 集群

概述

Swarm 是 Docker 官方提供的一款集群管理工具,其主要作用是把若干台 Docker 主机抽象为一个整体,并且通过一个入口统一管理这些 Docker 主机上的各种 Docker 资源。Swarm 和 Kubernetes 比较类似,但是更加轻,具有的功能也较 kubernetes 更少一些。

Swarm 默认内置有加密的分布式集群存储(encrypted distributed cluster store)、加密网络(Encrypted Network)、公用TLS(Mutual TLS)、安全集群接入令牌 Secure Cluster Join Token)以及一套简化数字证书管理的 PKI(Public Key Infrastructure)。我们可以自如地添加或删除节点。
编排方面,Swarm 提供了一套丰富的 API 使得部署和管理复杂的微服务应用变得易如反掌。通过将应用定义在声明式配置文件中,就可以使用原生的 Docker 命令完成部署。此外,甚至还可以执行滚动升级回滚以及扩缩容操作,同样基于简单的命令即可完成

一些概念

swarm:集群的管理和编排、docker可以出实话一个swarm集群,其它节点可以加入。
node: docker节点,多个节点就组成了一个网络集群(管理者、工作者)
service: 任务,可以在管理阶段或者工作节点来运行,用户访问
task: 容器内命令,细节任务

工作模式

Docker swarm 集群_第1张图片
节点会被配置为管理节点(Manager)或工作节点(Worker)。管理节点负责集群控制面(Control Plane),进行诸如监控集群状态、分发任务至工作节点等操作。工作节点接收来自管理节点的任务并执行。

Raft 一致性算法

之前文章: https://note.youdao.com/s/SzixUuRP

集群搭建

阿里云服务器购买
Docker swarm 集群_第2张图片
docker-compose up启动一个单机项目。集群:swarm docker service
初始化集群:

[root@iZ2ze5mk7ud364tlbpyekuZ ~]# docker swarm init --advertise-addr 172.23.56.132
Docker swarm 集群_第3张图片
获取令牌:

docker swarm join-token manager
docker swarm join-token worker

加入后:

[root@iZ2ze5mk7ud364tlbpyekuZ ~]# docker node ls 
ID                            HOSTNAME                  STATUS    AVAILABILITY   MANAGER STATUS   ENGINE VERSION
c7e57z9se30awrv6agdi7snvd     iZ2ze5mk7ud364tlbpyekrZ   Ready     Active         Reachable        20.10.12
bquoqjgbw9ceayl4vq23b8rit     iZ2ze5mk7ud364tlbpyeksZ   Ready     Active                          20.10.12
8vioygnee92fv80a6qhn5cjvp     iZ2ze5mk7ud364tlbpyektZ   Ready     Active                          20.10.12
8ygskh5zryr69d4zlg5xrzn3e *   iZ2ze5mk7ud364tlbpyekuZ   Ready     Active         Leader           20.10.12

初始化参数:

Options:
      --advertise-addr string                  Advertised address (format: <ip|interface>[:port]) # 连接地址(公网、私网)
      --autolock                               Enable manager autolocking (requiring an unlock key
                                               to start a stopped manager)
      --availability string                    Availability of the node ("active"|"pause"|"drain")
                                               (default "active")
      --cert-expiry duration                   Validity period for node certificates
                                               (ns|us|ms|s|m|h) (default 2160h0m0s)
      --data-path-addr string                  Address or interface to use for data path traffic
                                               (format: <ip|interface>)
      --data-path-port uint32                  Port number to use for data path traffic (1024 -
                                               49151). If no value is set or is set to 0, the
                                               default port (4789) is used.
      --default-addr-pool ipNetSlice           default address pool in CIDR format (default [])
      --default-addr-pool-mask-length uint32   default address pool subnet mask length (default 24)
      --dispatcher-heartbeat duration          Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s)
      --external-ca external-ca                Specifications of one or more certificate signing
                                               endpoints
      --force-new-cluster                      Force create a new cluster from current state
      --listen-addr node-addr                  Listen address (format: <ip|interface>[:port])
                                               (default 0.0.0.0:2377)
      --max-snapshots uint                     Number of additional Raft snapshots to retain
      --snapshot-interval uint                 Number of log entries between Raft snapshots (default
                                               10000)
      --task-history-limit int                 Task history retention limit (default 5)
      ```
# docker service
```bash
[root@iZ2ze5mk7ud364tlbpyekuZ ~]# docker service --help 

Usage:  docker service COMMAND

Manage services

Commands:
  create      Create a new service
  inspect     Display detailed information on one or more services
  logs        Fetch the logs of a service or task
  ls          List services
  ps          List the tasks of one or more services
  rm          Remove one or more services
  rollback    Revert changes to a service's configuration
  scale       Scale one or multiple replicated services
  update      Update a service
Run 'docker service COMMAND --help' for more information on a command.

容器 => 服务!
容器 => 服务 => 副本(启动多个容器)
docker run 容器启动,不具备扩所容
docker service 服务,具有扩所容,滚动更新、回滚等

创建服务

Docker swarm 集群_第4张图片

[root@iZ2ze5mk7ud364tlbpyekuZ ~]# docker swarm init
Swarm initialized: current node (bxnq68s034j15xfn8tffx4ixo) is now a manager.

To add a worker to this swarm, run the following command:

    docker swarm join --token SWMTKN-1-4u38dabon1phds3tucygp3mqsr9mxhxm3g1rvze4ng5pfvtzha-e4x43wlj4uboxrwkrn63ke0tf 172.23.56.132:2377

To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.

[root@iZ2ze5mk7ud364tlbpyekuZ ~]# docker service create -p 8888:80 --name my-nginx nginx
5iekirjzc1dizalz2yn56ojtv
overall progress: 1 out of 1 tasks 
1/1: running   
verify: Service converged 


[root@iZ2ze5mk7ud364tlbpyekuZ ~]# docker service ps my-nginx 
ID             NAME         IMAGE          NODE                      DESIRED STATE   CURRENT STATE           ERROR     PORTS
ksbg1l4jxztf   my-nginx.1   nginx:latest   iZ2ze5mk7ud364tlbpyekuZ   Running         Running 2 minutes ago             
[root@iZ2ze5mk7ud364tlbpyekuZ ~]# docker service ls 
ID             NAME       MODE         REPLICAS   IMAGE          PORTS
5iekirjzc1di   my-nginx   replicated   1/1        nginx:latest   *:8888->80/tcp

动态扩缩容

新增副本数:

[root@iZ2ze5mk7ud364tlbpyekuZ ~]# docker service update --replicas 3 my-nginx 
my-nginx
overall progress: 1 out of 3 tasks 
1/3: preparing [=================================>                 ] 
2/3: preparing [=================================>                 ] 
3/3: running   [==================================================>]

也可以使用:docker service scale my-nginx=3

Docker swarm 集群_第5张图片

移除服务

[root@iZ2ze5mk7ud364tlbpyekuZ ~]# docker service rm my-nginx 
my-nginx
[root@iZ2ze5mk7ud364tlbpyekuZ ~]# docker service ls 
ID        NAME      MODE      REPLICAS   IMAGE     PORTS
[root@iZ2ze5mk7ud364tlbpyekuZ ~]# 

Stack

关系:Docker swarm 集群_第6张图片

任务与调度

Docker swarm 集群_第7张图片
Docker swarm 集群_第8张图片
逻辑是不变的
命令->管理->api->调度->工作节点(创建Tas容器维护、创建)

service模式

Docker swarm 集群_第9张图片
Docker swarm 集群_第10张图片

网络模式

ingress: 特殊的overlay网络,具有负载均衡的功能
overlay
swarm:
Docker swarm 集群_第11张图片
Docker swarm 集群_第12张图片

Docker stack

docker-compose是单机部署
docker-stack 集群部署

docker-stack 
Commands:
  deploy      Deploy a new stack or update an existing stack
  ls          List stacks
  ps          List the tasks in the stack
  rm          Remove one or more stacks
  services    List the services in the stack

Run 'docker stack COMMAND --help' for more information on a command.

文件:

version: '3.4'
services:
  mongo:
    image: mongo
    restart: always
    networks: 
      - mongo_network
    deploy:
      restart_policy:
        condition: on-failure
      replicas: 2
  mongo-express: 
    image: mongo-express
    restart: always
    networks: 
      - mongo_network
    ports:
      - target: 8081
        published: 80
        protocol: tcp
        mode: ingress
    environment:
      ME_CONFIG_MONGODB_SERVER: mongo
      ME_CONFIG_MONGODB_PORT: 27017
    deploy:
      restart_policy:
        condition: on-failure
      replicas: 1
networks:
  mongo_network:
    external: true

案例

部署flask应用、滚动升级、回滚等
创建一个文件夹demo, 包含app.py,requirements.txt, Dockerfile

app.py

import time

import redis
from flask import Flask

app = Flask(__name__)
cache = redis.Redis(host='redis', port=6379)

def get_hit_count():
    # 重试循环允许我们在redis服务不可用时多次尝试请求
    retries = 5
    while True:
        try:
            return cache.incr('hits')
        except redis.exceptions.ConnectionError as exc:
            if retries == 0:
                raise exc
            retries -= 1
            time.sleep(0.5)

@app.route('/')
def hello():
    count = get_hit_count()
    return 'version 4, Hello World! I have been seen {} times.\n'.format(count)

requirements.txt

flask
redis
# syntax=docker/dockerfile:1
FROM python:3.7-alpine
WORKDIR /code
ENV FLASK_APP=app.py
ENV FLASK_RUN_HOST=0.0.0.0
RUN apk add --no-cache gcc musl-dev linux-headers
COPY requirements.txt requirements.txt
RUN pip install -r requirements.txt
EXPOSE 5000
COPY . .
CMD ["flask", "run"]

打包 & 上传到镜像仓库

docker build -t flask-demo:v1 .

docker tag xxx registry.cn-hangzhou.aliyuncs.com/docker-dong/flask-demo:v1
docker push registry.cn-hangzhou.aliyuncs.com/docker-dong/flask-demo:v1

集群中:
my.yml

version: "3.8"
services:
  web:
    image: registry.cn-hangzhou.aliyuncs.com/docker-dong/flask-demo:v1
    restart: always
    ports:
      - "8888:5000"
    deploy:
      restart_policy:
        condition: on-failure
      replicas: 3
  redis:
    restart: always
    image: "redis:alpine"
    expose:
      - "3306"

启动部署

docker stack deploy -c my-compose.yml flask

访问web页面:
Docker swarm 集群_第13张图片更新&回滚,调整my-compose.yml

registry.cn-hangzhou.aliyuncs.com/docker-dong/flask-demo:v2

Docker config

[root@iZ2ze5mk7ud364tlbpyeksZ ~]# docker config 

Usage:  docker config COMMAND

Manage Docker configs

Commands:
  create      Create a config from a file or STDIN
  inspect     Display detailed information on one or more configs
  ls          List configs
  rm          Remove one or more configs

Run 'docker config COMMAND --help' for more information on a command.

docker secret

安全、配置密码、证书相关

[root@iZ2ze5mk7ud364tlbpyeksZ ~]# docker secret 

Usage:  docker secret COMMAND

Manage Docker secrets

Commands:
  create      Create a secret from a file or STDIN as content
  inspect     Display detailed information on one or more secrets
  ls          List secrets
  rm          Remove one or more secrets

Run 'docker secret COMMAND --help' for more information on a command.

你可能感兴趣的:(Docker,docker,kubernetes,容器)