Docker入门-三

Docker compose deploy

Stack 是基于 Docker Swarm 之上来完成应用的部署,deploy,ls,ps, rm,services

• endpoint_mode
• mode
• placement 限制条件
• resources 资源限制
• restart_policy 重启条件
• update_config service更新原则

docker service 更新
docker service update --image update_docker_package docker_container_name # 集群会出现旧服务和新服务并存情况
docker service update --publish-rm 8080:5000 --publish-add 8088:5000 web # 端口更新无法做到业务不中断
也可以更新compose file然后重新stack deploy
 

Secret Managment

• 存在Swarm Manager节点Raft database里。
• Secret可以assign给一个service，这个service就能看到这 个secret
• 在container内部Secret看起来像文件，但是实际是在内存

docker secret create name passwordfile
or
echo 'password' | docker secret create name -
docker service create --name client --secret name ..... # 文件存在于/run/secrets/
docker service create --name some-mysql -e MYSQL_ROOT_PASSWORD_FILE=/run/secrets/name

Docker Cloud

Caas Container-as-a-Service

• Standard模式。一个Node就是一个Docker Host
• Swarm模式（beta），多个Node组成的Swarm Cluster

minikube

# 进入 /etc/resolv.conf 添加
nameserver 8.8.8.8

kubectl config view 
kubectl config get-contexts
kubectl cluster-info
kubectl version
kubectl create -f labs/pod-basic/pod_nginx.yml 创建
kubectl delete -f
kubectl get pods // 问题：pods is pending 最后重装重启解决，原因未发现
kubectl api-resources 
//https://kubernetes.io/zh/docs/tasks/debug-application-cluster/debug-application/
// https://stackoverflow.com/questions/36377784/pod-in-kubernetes-always-in-pending-state
kubectl describe pod nginx
kubectl get pod -o wide // 显示ip

进入容器

minikube ssh 
or
kubectl exec -it nginx bash
kubectl exec -h

kubectl port-forward nginx 8080:80

kubectl get rc   # replication controllers
kubectl get pods 
kubectl delete pods name 删除会自动重启
kubectl scale rc nginx --replicas=4

• 在新版本的 Kubernetes 中建议使用 ReplicaSet（也简称为 rs）来取代 ReplicationController。ReplicaSet 跟 ReplicationController 没有本质的不同，只是名字不一样，并且 ReplicaSet 支持集合式的 selector（ReplicationController 仅支持等式）。

Deployment

Deployment 为 Pod 和 ReplicaSet 提供了一个声明式定义 (declarative) 方法，用来替代以前的 ReplicationController 来方便的管理应用。

kubectl get deployment
kubectl get rs
kubectl get pods
# 升级
kubectl set image deployment nginx-deployment nginx=nginx:1.13
# 查看记录
kubectl rollout history deployment nginx-deployment
# 回滚
kubectl rollout  undo history deployment nginx-deployment
# 暴露端口,创建一个service
kubectl expose deployment nginx-deployment --type=NodePort
kubectl get svc 查看service

kubectl config get-contexts 获取集群节点
kubectl config use-context minikube
kubectl get node 
kubectl completion zsh

• 当我们使用ReplicaSet或者ReplicationController做水平扩 展scale的时候，Pods有可能会被terminated
• 当我们使用Deployment的时候，我们去更新Docker Image Version,旧的Pods会被terminated，然后新的 PodS创建
• 所以我们需要Service

  • kubectl expoese命令，会给我们的pod创建一个Service,供外部访问。
    

  • Service主要有三种类型：一种叫ClusterIP(外部不可访问)，一种叫NodePort，一种叫外部的LoadBalancer
  • 另外也可以使用DNS，但是需要DNS的add-on

kubectl edit deployment service-test 有中断，不是滚动更新

kubectl create -f service_nginx.yml 用文件创建service
apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  ports:
  - port: 8080
    nodePort: 8080
    targetPort: nginx-port
    protocol: TCP
  selector:
    app: nginx
  type: NodePort

kubectl get nodes 
kubectl label node *** key=value

keepalived

global_defs {
 router_id keepalive-master
}
# 如果三秒检测一次，失败权重-2
vrrp_script check_apiserver {  
 script "/etc/keepalived/check-apiserver.sh"
 interval 3
 weight -2
}

vrrp_instance VI-kube-master {
   state MASTER
   interface eth0
   virtual_router_id 68
   priority 100 # 当前优先级
   dont_track_primary
   advert_int 3
   virtual_ipaddress {
     192.168.8.188
   }
   track_script {
       check_apiserver
   }
}

[root@vm511 ~]# yum install -y kubeadm-1.14.0-0 kubelet-1.14.0-0 kubectl-1.14.0-0 --disableexcludes=kubernetes --setopt=obsoletes=0
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package kubeadm.x86_64 0:1.14.0-0 will be installed
--> Processing Dependency: kubernetes-cni >= 0.7.5 for package: kubeadm-1.14.0-0.x86_64
---> Package kubectl.x86_64 0:1.14.0-0 will be installed
---> Package kubelet.x86_64 0:1.14.0-0 will be installed
--> Processing Dependency: kubernetes-cni = 0.7.5 for package: kubelet-1.14.0-0.x86_64
--> Running transaction check
---> Package kubelet.x86_64 0:1.14.0-0 will be installed
--> Processing Dependency: kubernetes-cni = 0.7.5 for package: kubelet-1.14.0-0.x86_64
---> Package kubernetes-cni.x86_64 0:0.8.6-0 will be installed
--> Finished Dependency Resolution
Error: Package: kubelet-1.14.0-0.x86_64 (kubernetes)
           Requires: kubernetes-cni = 0.7.5
           Available: kubernetes-cni-0.3.0.1-0.07a8a2.x86_64 (kubernetes)
               kubernetes-cni = 0.3.0.1-0.07a8a2
           Available: kubernetes-cni-0.5.1-0.x86_64 (kubernetes)
               kubernetes-cni = 0.5.1-0
           Available: kubernetes-cni-0.5.1-1.x86_64 (kubernetes)
               kubernetes-cni = 0.5.1-1
           Available: kubernetes-cni-0.6.0-0.x86_64 (kubernetes)
               kubernetes-cni = 0.6.0-0
           Available: kubernetes-cni-0.7.5-0.x86_64 (kubernetes)
               kubernetes-cni = 0.7.5-0
           Installing: kubernetes-cni-0.8.6-0.x86_64 (kubernetes)
               kubernetes-cni = 0.8.6-0
 You could try using --skip-broken to work around the problem
** Found 4 pre-existing rpmdb problem(s), 'yum check' output follows:
libsemanage-2.5-14.el7.x86_64 is a duplicate with libsemanage-2.5-8.el7.x86_64
libsemanage-python-2.5-14.el7.x86_64 is a duplicate with libsemanage-python-2.5-8.el7.x86_64
libsepol-2.5-10.el7.x86_64 is a duplicate with libsepol-2.5-6.el7.x86_64
setools-libs-3.3.8-4.el7.x86_64 is a duplicate with setools-libs-3.3.8-1.1.el7.x86_64

yum install -y kubeadm-1.14.0-0 kubelet-1.14.0-0 kubectl-1.14.0-0 --disableexcludes=kubernetes 安装时报错。

解决方法，是得分开按顺序逐个安装。

yum install kubelet-1.14.0-0 -y && yum install kubectl-1.14.0-0 -y && yum install kubeadm-1.14.0-0 -y

dig @10.254.0.2  服务名+空间名+集群域名 # 测试dns
kubectl get namespaces
kubectl get pods
kubectl describe pod redis-slave-gn9pt
kubectl get services | rc 
kubectl delete pod [pod name] --force --grace-period=0 -n [namespace]

换国内源

##使用阿里云镜像加速器  新增或者修改daemon.json文件
[root@localhost ~]# mkdir -p /etc/docker
[root@localhost ~]# tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://9cpn8tt6.mirror.aliyuncs.com"]
}
EOF
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart docker