资源
https://docs.docker.com/docker-for-mac/release-notes/
常用工具
dive:一款按层分析docker镜像的工具
镜像加速
- 网易 Docker 镜像库:https://hub-mirror.c.163.com
- 中国科学技术大学(USTC) Docker 镜像库:https://docker.mirrors.ustc.edu.cn
- Azure 中国 Docker 镜像库:https://dockerhub.azk8s.cn
- 七牛 Docker 镜像库:https://reg-mirror.qiniu.com
仓库
https://c.163yun.com/hub#/m/home/
开源镜像服务
容器tag说明
alpine
表明镜像的操作系统是alpine linux,alpine linux本身很小,alpine镜像的大小是5M
oraclelinux7
表明镜像的操作系统是Oracle Linux 7,从jdk12开始,openjdk官方开始提供基于Oracle Linux 7的jdk镜像
slim(不完整版本)
表明当前的jre并非标准jre版本,而是headless版本,该版本的特点是去掉了UI、键盘、鼠标相关的库,因此更加精简,适合服务端应用使用,官方的建议是除非有明确的体积限制是再考虑使用该版本;
仅安装运行特定工具所需的最少软件包,如果有空间限制并且不需要完整版本,请使用此tag,但是使用前需要经过完整测试,如果没时间测试,就使用上面的完整版本
Jessie(Debian8版本)
stretch(对应Debian9版本-稳定版本推荐使用)
buster(对应Debian稳定的发行版是10.7(2020-12-05))
bullseye(正在开发但尚未稳定的未来版本是Bullseye和Bookworm和Trixie)
操作系统基础镜像
| 镜像名称 | 大小 | 使用场景 |
|---|---|---|
| busybox | 1.15MB | 临时测试用 |
| alpine | 4.41MB | 主要用于测试,也可用于生产环境 |
| centos | 200MB | 主要用于生产环境,支持CentOS/Red Hat,常用于追求稳定性的企业应用 |
| ubuntu | 81.1MB | 主要用于生产环境,常用于人工智能计算和企业应用 |
| debian | 101MB | 主要用于生产环境 |
| rockylinux | 84.3MB | 替代centos新版本 |
docker pull rockylinux/rockylinux:8
busybox
- 描述:可以将busybox理解为一个超级简化版嵌入式Linux系统。
- 官网:https://www.busybox.net/
- 镜像:https://hub.docker.com/_/busybox/
-
Alpine
描述:Alpine是一个面向安全的、轻量级的Linux系统,基于musl libc和busybox。
- 官网:https://www.alpinelinux.org/
- 镜像:https://hub.docker.com/_/alpine/
-
CentOS
描述:可以理解CentOS是RedHat的社区版
- 官网:https://www.centos.org/
- 镜像:https://hub.docker.com/_/centos/
- 包管理命令:yum, rpm
Ubuntu
- 描述:另一个非常出色的Linux发行版
- 官网:http://www.ubuntu.com/
- 镜像:https://hub.docker.com/_/ubuntu/
-
Debian
描述:另一个非常出色的Linux发行版
- 官网:https://www.debian.org/
- 镜像:https://hub.docker.com/_/debian/
-
Java基础镜像
https://hub.docker.com/_/openjdk/
NodeJs基础镜像
https://hub.docker.com/_/node/
Go基础镜像
Mac
https://docs.docker.com/toolbox/
https://github.com/docker/kitematic/releases
启动参数配置文件:
vim ~/Library/Group\ Containers/group.com.docker/settings.json
常用命令
docker build
docker build -t [dockerGroup]/[dokerName]:[dockerTag] .
镜像生成
# 基于已修改的生成镜像docker commit -m='add nginx' -a='qizai' [dockerId] registry.cn-shenzhen.aliyuncs.com/[groupId]/[dockerName]:[镜像版本号]#docker login --username=username registry.cn-shenzhen.aliyuncs.comdocker tag [ImageId] registry.cn-shenzhen.aliyuncs.com/[groupId]/[dockerName]:[镜像版本号]docker push registry.cn-shenzhen.aliyuncs.com/[groupId]/[dockerName]:[镜像版本号]
状态监控
# 运行docker run -it --rm registry.cn-shenzhen.aliyuncs.com/[groupId]/[dockerName]:[镜像版本号]# 进入容器docker exec -it [docker_id/docker_name] /bin/bash# 查看容器地址docker inspect -f '{{ .NetworkSettings.IPAddress }}' [docker_id/docker_name]# 应用运行状态:CPU、内存、网络docker stats $(docker ps --format={{.Names}}) --no-streamdocker stats --no-stream --format "{\"container\":\"{{ .Container }}\",\"name\":\"{{ .Name }}\",\"memory\":{\"raw\":\"{{ .MemUsage }}\",\"percent\":\"{{ .MemPerc }}\"},\"cpu\":\"{{ .CPUPerc }}\"}"# 获取当前机器所有docker使用的内存总量docker stats --no-stream --format "{{ .MemUsage }}" |awk '{if($1 < 10){sum += $1*1024;}else{sum += $1;}};END{print sum}'
常见问题
基于镜像做二次修改
# 在对docker进行修改后通过commit保存,并指定标签docker commit -m="has update" -a="qizai" [docker ID] qizai/demo:v2# 推送到仓库docker push qizai/demo:v2
如何使用root运行dokcer中文件
sudo docker exec -u root -it {id} bash -c 'bash.sh'# percona-server-mongodb启用认证docker exec -u root -it [ID] bash -c "/usr/bin/percona-server-mongodb-enable-auth.sh"
Dockerfile 运行jar
FROM openjdk:8-jdk-alpineENV TIME_ZONE="Asia/Shanghai"RUN ln -snf /usr/share/zoneinfo/$TIME_ZONE /etc/localtime && echo $TIME_ZONE > /etc/timezone && mkdir -p /www/web/logsWORKDIR /www/webARG JAR_FILE=target/*.jarCOPY ${JAR_FILE} app.jarENV PARAMS=""ENV JAVA_OPTS=""RUN echo -e "#!/bin/sh \nnohup java \$JAVA_OPTS -jar /www/web/app.jar \$PARAMS > logs/start.out 2>&1 </dev/null" >> /www/web/docker-entrypoint.sh && chmod +x /www/web/docker-entrypoint.shENTRYPOINT ["/www/web/docker-entrypoint.sh"]
Dockerfile springboot分层构建
FROM openjdk:8-jdk-alpine as builderWORKDIR applicationARG JAR_FILE=target/*.jarCOPY ${JAR_FILE} app.jarRUN java -Djarmode=layertools -jar app.jar extractFROM openjdk:8-jdk-alpineMAINTAINER qizaiENV PARAMS=""ENV JAVA_OPTS="-server"ENV TIME_ZONE="Asia/Shanghai"RUN ln -snf /usr/share/zoneinfo/$TIME_ZONE /etc/localtime && echo $TIME_ZONE > /etc/timezone && mkdir -p /www/web/logsWORKDIR /www/webCOPY --from=builder application/dependencies/ ./COPY --from=builder application/spring-boot-loader/ ./COPY --from=builder application/snapshot-dependencies/ ./COPY --from=builder application/application/ ./RUN echo -e "#!/bin/sh \nnohup java \$JAVA_OPTS org.springframework.boot.loader.JarLauncher \$PARAMS > logs/start.out 2>&1 </dev/null" >> /www/web/docker-entrypoint.sh && chmod +x /www/web/docker-entrypoint.shENTRYPOINT ["/www/web/docker-entrypoint.sh"]
安装常见问题
MacOS 下登陆私有Docker
方法一:在图形界面打开Docker.app-Preferences-General,取消勾选的Securely store Docker logins in macOS keychain,此后的登陆便不会验证证书.方法二:在launchpad中搜索Keychain Access并打开,然后在搜索栏中搜索仓库的证书,关键字为仓库的domain.搜到后添加信任,并编辑.docker/config.json文件,将其中的"credsStore": "osxkeychain"字段删除,便可登陆.可以把证书下载到mac中sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain domain.crt
时区相关
# 宿主机器修改timedatectltimedatectl set-timezone Asia/Shanghaidate#调整时间date -s "2016-12-13 21:54:20"#时间同步,不执行则无法生效clock -wtimedatectl# Dockerfile修改#定义环境变量ENV TIME_ZONE Asiz/Shanghai
docker安装
yum remove docker docker-common container-selinux docker-selinux docker-engineyum install -y yum-utils device-mapper-persistent-data lvm2yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo#yum-config-manager --enable docker-ce-edge#yum-config-manager --enable docker-ce-test#yum-config-manager --disable docker-ce-edgeyum makecache fast# centos8默认使用podman代替docker,所以需要containerd.io# centos8 特别处理yum install https://download.docker.com/linux/fedora/30/x86_64/stable/Packages/containerd.io-1.2.6-3.3.fc30.x86_64.rpmyum install docker-ce docker-ce-cli containerd.ioyum list docker-ce --showduplicates | sort -rsystemctl start dockerdocker run hello-world# 阿里云内网安装curl -sSL http://acs-public-mirror.oss-cn-hangzhou.aliyuncs.com/docker-engine/intranet | sh -
Install Compose
# on Linux systemssudo curl -L "https://github.com/docker/compose/releases/download/1.25.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-composesudo chmod +x /usr/local/bin/docker-composesudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
kubernetes集群安装
docker images
docker pull kubeimage/kube-proxy-amd64:v1.18.8 docker pull kubeimage/kube-controller-manager-amd64:v1.18.8 docker pull kubeimage/kube-scheduler-amd64:v1.18.8 docker pull kubeimage/kube-apiserver-amd64:v1.18.8 docker pull kubeimage/kubernetes-dashboard-amd64:v1.8.2 docker pull kubeimage/pause-amd64:3.2 docker pull coredns/coredns:1.7.1 docker pull elcolio/etcd:2.0.10
修改hosts
echo ‘10.0.1.12 k8s-master 10.0.1.12 etcd 10.0.1.12 registry 10.0.1.13 k8s-node-1 10.0.1.14 k8s-node-2’>> /etc/hosts
修改hostname
hostnamectl —static set-hostname k8s-master hostnamectl —static set-hostname k8s-node-1 hostnamectl —static set-hostname k8s-node-2
关闭防火墙
systemctl disable firewalld.service
systemctl stop firewalld.service
部署etcd
集群:http://www.cnblogs.com/zhenyuyaodidiao/p/6237019.html
yum install etcd vim -y
修改配置文件
vi /etc/etcd/etcd.conf
[member]
ETCD_NAME=”master”
ETCD_LISTEN_CLIENT_URLS=”http://0.0.0.0:2379,http://0.0.0.0:4001“[cluster]
ETCD_ADVERTISE_CLIENT_URLS=”http://etcd:2379,http://etcd:4001“
启动并验证状态
systemctl start etcd etcdctl set testdir/testkey0 0 etcdctl get testdir/testkey0 etcdctl -C http://etcd:4001 cluster-health etcdctl -C http://etcd:2379 cluster-health
部署master
yum install docker kubernetes vim -y
配置文件更新
vim /etc/sysconfig/docker# Modify these options if you want to change the way the docker daemon runsOPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false'if [ -z "${DOCKER_CERT_PATH}" ]; thenDOCKER_CERT_PATH=/etc/dockerfi# 增加下面OPTIONS='--insecure-registry registry:5000'vim /etc/kubernetes/apiserver# 修改下面KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"KUBE_API_PORT="--port=8080"KUBE_ETCD_SERVERS="--etcd-servers=http://etcd:2379"KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"vim /etc/kubernetes/config# 修改下面KUBE_MASTER="--master=http://k8s-master:8080"
启动服务
systemctl enable docker.service systemctl start docker.service systemctl enable kube-apiserver.service systemctl start kube-apiserver.service systemctl enable kube-controller-manager.service systemctl start kube-controller-manager.service systemctl enable kube-scheduler.service systemctl start kube-scheduler.service
以下再部署完node后再启动
systemctl enable kubelet.service systemctl start kubelet.service systemctl enable kube-proxy.service systemctl start kube-proxy.service
部署node
先参照master安装docker和kubernetes
配置文件修改
vim /etc/kubernetes/configKUBE_MASTER="--master=http://k8s-master:8080"vim /etc/kubernetes/kubeletKUBELET_ADDRESS="--address=0.0.0.0"KUBELET_HOSTNAME="--hostname-override=k8s-node-1"KUBELET_API_SERVER="--api-servers=http://k8s-master:8080"
集群状态查看
kubectl -s http://k8s-master:8080 get node kubectl get nodes
Flannel-覆盖网络
master和node都安装
yum install flannel -y
配置文件修改
vim /etc/sysconfig/flanneldFLANNEL_ETCD_ENDPOINTS="http://etcd:2379"FLANNEL_ETCD_PREFIX="/atomic.io/network"
注意
Flannel使用Etcd进行配置,来保证多个Flannel实例之间的配置一致性,所以需要在etcd上进行如下配置:(‘/atomic.io/network/config’这个key与上文/etc/sysconfig/flannel中的配置项FLANNEL_ETCD_PREFIX是相对应的,错误的话启动就会出错)
设置
etcdctl mk /atomic.io/network/config ‘{ “Network”: “10.0.0.0/16” }’
启动Flannel之后,需要依次重启docker、kubernete
master
systemctl enable flanneld.service systemctl start flanneld.service service docker restart systemctl restart kube-apiserver.service systemctl restart kube-controller-manager.service systemctl restart kube-scheduler.service
node
systemctl enable flanneld.service systemctl start flanneld.service service docker restart systemctl restart kubelet.service systemctl restart kube-proxy.service
若有收获,就点个赞吧
0 人点赞
