forked from cnych/kubernetes-learning
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
13 changed files
with
1,277 additions
and
222 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,266 @@ | ||
| # 10. Docker Swarm | ||
|
|
||
| ## 基本概念 | ||
| `Swarm`是使用[SwarmKit](https://github.com/docker/swarmkit/)构建的 Docker 引擎内置(原生)的集群管理和编排工具。`Docker Swarm`是 Docker 官方三剑客项目之一,提供 Docker 容器集群服务,是 Docker 官方对容器云生态进行支持的核心方案。 | ||
|
|
||
| 使用它,用户可以将多个 Docker 主机封装为单个大型的虚拟 Docker 主机,快速打造一套容器云平台。Swarm mode 内置 kv 存储功能,提供了众多的新特性,比如:具有容错能力的去中心化设计、内置服务发现、负载均衡、路由网格、动态伸缩、滚动更新、安全传输等。使得 Docker 原生的 Swarm 集群具备与`Mesos`、`Kubernetes`竞争的实力。使用 Swarm 集群之前需要了解以下几个概念。 | ||
|
|
||
| ### 节点 | ||
| 运行 Docker 的主机可以主动初始化一个 Swarm 集群或者加入一个已存在的 Swarm 集群,这样这个运行 Docker 的主机就成为一个 Swarm 集群的节点 (node) 。节点分为`管理 (manager) 节点和工作 (worker) 节点`。 | ||
|
|
||
| 管理节点用于`Swarm`集群的管理,`docker swarm`命令基本只能在管理节点执行(节点退出集群命令`docker swarm leave`可以在工作节点执行)。一个 Swarm 集群可以有多个管理节点,但只有一个管理节点可以成为`leader`,leader 通过`raft`协议实现。 | ||
|
|
||
| 工作节点是任务执行节点,管理节点将服务 (`service`) 下发至工作节点执行。管理节点默认也作为工作节点。你也可以通过配置让服务只运行在管理节点。来自`Docker`官网的这张图片形象的展示了集群中管理节点与工作节点的关系。 | ||
|  | ||
|
|
||
| | ||
| ### 服务和任务 | ||
| `任务(Task)`是 Swarm 中的最小的调度单位,目前来说就是一个单一的容器;`服务(Services)`是指一组任务的集合,服务定义了任务的属性。服务有两种模式: | ||
|
|
||
| * `replicated services`按照一定规则在各个工作节点上运行指定个数的任务。 | ||
| * `global services`每个工作节点上运行一个任务 | ||
|
|
||
| 两种模式通过`docker service create`的`--mode`参数指定。来自 Docker 官网的这张图片形象的展示了容器、任务、服务的关系。 | ||
|  | ||
| | ||
|
|
||
| ## 初始化集群 | ||
| 我们这里利用上一节的`docker machine`来充当集群的主机,首先先创建一个`manager`节点,然后在该节点上执行初始化集群命令: | ||
| ```shell | ||
| ☁ ~ docker-machine create -d virtualbox manager | ||
| Running pre-create checks... | ||
| Creating machine... | ||
| (manager) Copying /Users/ych/.docker/machine/cache/boot2docker.iso to /Users/ych/.docker/machine/machines/manager/boot2docker.iso... | ||
| (manager) Creating VirtualBox VM... | ||
| (manager) Creating SSH key... | ||
| (manager) Starting the VM... | ||
| (manager) Check network to re-create if needed... | ||
| (manager) Waiting for an IP... | ||
| Waiting for machine to be running, this may take a few minutes... | ||
| Detecting operating system of created instance... | ||
| Waiting for SSH to be available... | ||
| Detecting the provisioner... | ||
| Provisioning with boot2docker... | ||
| Copying certs to the local machine directory... | ||
| Copying certs to the remote machine... | ||
| Setting Docker configuration on the remote daemon... | ||
| Checking connection to Docker... | ||
| Docker is up and running! | ||
| To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: docker-machine env manager | ||
| ☁ ~ docker-machine env manager | ||
| export DOCKER_TLS_VERIFY="1" | ||
| export DOCKER_HOST="tcp://192.168.99.101:2376" | ||
| export DOCKER_CERT_PATH="/Users/ych/.docker/machine/machines/manager" | ||
| export DOCKER_MACHINE_NAME="manager" | ||
| # Run this command to configure your shell: | ||
| # eval $(docker-machine env manager) | ||
| ☁ ~ eval $(docker-machine env manager) | ||
| ☁ ~ docker-machine ssh manager | ||
| ## . | ||
| ## ## ## == | ||
| ## ## ## ## ## === | ||
| /"""""""""""""""""\___/ === | ||
| ~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ / ===- ~~~ | ||
| \______ o __/ | ||
| \ \ __/ | ||
| \____\_______/ | ||
| _ _ ____ _ _ | ||
| | |__ ___ ___ | |_|___ \ __| | ___ ___| | _____ _ __ | ||
| | '_ \ / _ \ / _ \| __| __) / _` |/ _ \ / __| |/ / _ \ '__| | ||
| | |_) | (_) | (_) | |_ / __/ (_| | (_) | (__| < __/ | | ||
| |_.__/ \___/ \___/ \__|_____\__,_|\___/ \___|_|\_\___|_| | ||
| Boot2Docker version 18.03.1-ce, build HEAD : cb77972 - Thu Apr 26 16:40:36 UTC 2018 | ||
| Docker version 18.03.1-ce, build 9ee9f40 | ||
| docker@manager:~$ docker swarm init --advertise-addr 192.168.99.101 | ||
| Swarm initialized: current node (3gsjpckj5ag1vvdg44fgzylow) is now a manager. | ||
| To add a worker to this swarm, run the following command: | ||
| docker swarm join --token SWMTKN-1-1aqikkhsz91l4n7k9ig3xinjz0iv0fh4gcrlhp9mk3643rblca-aqgqldlrw33k8heiao7yx27w5 192.168.99.101:2377 | ||
| To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions. | ||
| ``` | ||
| 执行`docker swarm init`命令的节点自动成为管理节点。 | ||
| ## 增加工作节点 | ||
| 管理节点初始化完成后,然后同样的用`docker-machine`创建工作节点,然后将其加入到管理节点之中去即可: | ||
| ```shell | ||
| ☁ ~ docker-machine create -d virtualbox worker1 | ||
| Running pre-create checks... | ||
| Creating machine... | ||
| (worker1) Copying /Users/ych/.docker/machine/cache/boot2docker.iso to /Users/ych/.docker/machine/machines/worker1/boot2docker.iso... | ||
| (worker1) Creating VirtualBox VM... | ||
| (worker1) Creating SSH key... | ||
| (worker1) Starting the VM... | ||
| (worker1) Check network to re-create if needed... | ||
| (worker1) Waiting for an IP... | ||
| Waiting for machine to be running, this may take a few minutes... | ||
| Detecting operating system of created instance... | ||
| Waiting for SSH to be available... | ||
| Detecting the provisioner... | ||
| Provisioning with boot2docker... | ||
| Copying certs to the local machine directory... | ||
| Copying certs to the remote machine... | ||
| Setting Docker configuration on the remote daemon... | ||
| Checking connection to Docker... | ||
| Docker is up and running! | ||
| To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: docker-machine env worker1 | ||
| ☁ ~ docker-machine ssh worker1 | ||
| ## . | ||
| ## ## ## == | ||
| ## ## ## ## ## === | ||
| /"""""""""""""""""\___/ === | ||
| ~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ / ===- ~~~ | ||
| \______ o __/ | ||
| \ \ __/ | ||
| \____\_______/ | ||
| _ _ ____ _ _ | ||
| | |__ ___ ___ | |_|___ \ __| | ___ ___| | _____ _ __ | ||
| | '_ \ / _ \ / _ \| __| __) / _` |/ _ \ / __| |/ / _ \ '__| | ||
| | |_) | (_) | (_) | |_ / __/ (_| | (_) | (__| < __/ | | ||
| |_.__/ \___/ \___/ \__|_____\__,_|\___/ \___|_|\_\___|_| | ||
| Boot2Docker version 18.03.1-ce, build HEAD : cb77972 - Thu Apr 26 16:40:36 UTC 2018 | ||
| Docker version 18.03.1-ce, build 9ee9f40 | ||
| docker@worker1:~$ docker swarm join --token SWMTKN-1-1aqikkhsz91l4n7k9ig3xinjz0iv0fh4gcrlhp9mk364 | ||
| 3rblca-aqgqldlrw33k8heiao7yx27w5 192.168.99.101:2377 | ||
| This node joined a swarm as a worker. | ||
| ``` | ||
| 我们可以看到上面的提示信息:**This node joined a swarm as a worker.**,表明节点已经加入到`swarm`集群之中了。 | ||
| ## 查看集群 | ||
| 经过上边的两步,我们已经拥有了一个最小的 Swarm 集群,包含一个管理节点和两个工作节点。 | ||
| 管理节点使用`docker node ls`查看集群: | ||
| ```shell | ||
| ☁ ~ docker node ls | ||
| ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION | ||
| 3gsjpckj5ag1vvdg44fgzylow * manager Ready Active Leader 18.03.1-ce | ||
| cxmj5lr0vbwo1em9y9oang5m8 worker1 Ready Active 18.03.1-ce | ||
| ksruum3uc1c265ywm4kn9a88g worker2 Ready Active 18.03.1-ce | ||
| ☁ ~ docker service ls | ||
| ID NAME MODE REPLICAS IMAGE PORTS | ||
| ☁ ~ docker service create --replicas 3 -p 80:80 --name nginx nginx:1.13.7-alpine | ||
| 4k9cbna8ive87p4or9mny9kfs | ||
| overall progress: 3 out of 3 tasks | ||
| 1/3: running [==================================================>] | ||
| 2/3: running [==================================================>] | ||
| 3/3: running [==================================================>] | ||
| verify: Service converged | ||
| ☁ ~ docker-machine ls | ||
| NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS | ||
| manager * virtualbox Running tcp://192.168.99.101:2376 v18.03.1-ce | ||
| worker1 - virtualbox Running tcp://192.168.99.102:2376 v18.03.1-ce | ||
| worker2 - virtualbox Running tcp://192.168.99.103:2376 v18.03.1-ce | ||
| ☁ ~ docker service ls | ||
| ID NAME MODE REPLICAS IMAGE PORTS | ||
| 4k9cbna8ive8 nginx replicated 3/3 nginx:1.13.7-alpine *:80->80/tcp | ||
| ☁ ~ docker service ps nginx | ||
| ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS | ||
| r7hmzkqsri8p nginx.1 nginx:1.13.7-alpine worker1 Running Running about a minute ago | ||
| y0xgrfwmjfrj nginx.2 nginx:1.13.7-alpine worker2 Running Running about a minute ago | ||
| j8k7be8xkbg3 nginx.3 nginx:1.13.7-alpine manager Running Running about a minute ago | ||
| ``` | ||
| 使用`docker service logs`来查看某个服务的日志。 | ||
| ```shell | ||
| ☁ ~ docker service logs nginx | ||
| ``` | ||
| 使用`docker service rm`来从 Swarm 集群移除某个服务: | ||
| ```shell | ||
| ☁ ~ docker service rm nginx | ||
| nginx | ||
| ``` | ||
| 正如之前使用`docker-compose.yml`来一次配置、启动多个容器,在`Swarm`集群中也可以使用`compose`文件(docker-compose.yml)来配置、启动多个服务。 | ||
| 上一节中,我们使用`docker service create`一次只能部署一个服务,使用`docker-compose.yml`我们可以一次启动多个关联的服务。 | ||
| 我们以在`Swarm`集群中部署`WordPress`为例进行说明:(docker-compose.yml) | ||
| ```yaml | ||
| version: "3" | ||
| services: | ||
| wordpress: | ||
| image: wordpress | ||
| ports: | ||
| - 80:80 | ||
| networks: | ||
| - overlay | ||
| environment: | ||
| WORDPRESS_DB_HOST: db:3306 | ||
| WORDPRESS_DB_USER: wordpress | ||
| WORDPRESS_DB_PASSWORD: wordpress | ||
| deploy: | ||
| mode: replicated | ||
| replicas: 3 | ||
| db: | ||
| image: mysql | ||
| networks: | ||
| - overlay | ||
| volumes: | ||
| - db-data:/var/lib/mysql | ||
| environment: | ||
| MYSQL_ROOT_PASSWORD: somewordpress | ||
| MYSQL_DATABASE: wordpress | ||
| MYSQL_USER: wordpress | ||
| MYSQL_PASSWORD: wordpress | ||
| deploy: | ||
| placement: | ||
| constraints: [node.role == manager] | ||
| visualizer: | ||
| image: dockersamples/visualizer:stable | ||
| ports: | ||
| - "8080:8080" | ||
| stop_grace_period: 1m30s | ||
| volumes: | ||
| - "/var/run/docker.sock:/var/run/docker.sock" | ||
| deploy: | ||
| placement: | ||
| constraints: [node.role == manager] | ||
| volumes: | ||
| db-data: | ||
| networks: | ||
| overlay: | ||
| ``` | ||
| 其中**constraints: [node.role == manager]**是调度策略,文档地址:https://docs.docker.com/swarm/scheduler/filter/ | ||
| 在 Swarm 集群管理节点新建该文件,其中的 visualizer 服务提供一个可视化页面,我们可以从浏览器中很直观的查看集群中各个服务的运行节点。 | ||
| 在 Swarm 集群中使用 docker-compose.yml 我们用`docker stack`命令,下面我们对该命令进行详细讲解。 | ||
| ### 部署服务 | ||
| 部署服务使用`docker stack deploy`,其中`-c`参数指定 compose 文件名。 | ||
| ```shell | ||
| $ docker stack deploy -c docker-compose.yml wordpress | ||
| ``` | ||
| ### 查看服务 | ||
| ```shell | ||
| $ docker stack ls | ||
| NAME SERVICES | ||
| wordpress 3 | ||
| ``` | ||
| ### 移除服务 | ||
| 要移除服务,使用`docker stack down`: | ||
| ```shell | ||
| $ docker stack down wordpress | ||
| Removing service wordpress_db | ||
| Removing service wordpress_visualizer | ||
| Removing service wordpress_wordpress | ||
| Removing network wordpress_overlay | ||
| Removing network wordpress_default | ||
| ``` | ||
| 该命令不会移除服务所使用的`数据卷`,如果你想移除数据卷请使用`docker volume rm`。 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,92 @@ | ||
| # 11. 图形化管理和监控 | ||
| 下面我们介绍几个可以用图形化的方式来管理`Docker`的工具。 | ||
|
|
||
| > Shipyard:https://github.com/shipyard/shipyard(已停止维护) | ||
| ## Portainer | ||
| [Portainer](https://portainer.io/)(基于 Go)是一个轻量级的管理界面,可让您轻松管理`Docker`主机或`Swarm`集群。 | ||
|
|
||
| `Portainer`的使用意图是简单部署。它包含可以在任何 Docker 引擎上运行的单个容器(Docker for Linux 和 Docker for Windows)。 | ||
|
|
||
| `Portainer`允许您管理 Docker 容器、image、volume、network 等。 它与独立的 Docker 引擎和 Docker Swarm 兼容。 | ||
|
|
||
| Docker 命令安装: | ||
| ```shell | ||
| $ docker volume create portainer_data | ||
| $ docker run -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer | ||
| ``` | ||
|
|
||
| Swarm集群部署: | ||
| ```shell | ||
| $ docker volume create portainer_data | ||
| $ docker service create \ | ||
| --name portainer \ | ||
| --publish 9000:9000 \ | ||
| --replicas=1 \ | ||
| --constraint 'node.role == manager' \ | ||
| --mount type=bind,src=//var/run/docker.sock,dst=/var/run/docker.sock \ | ||
| --mount type=volume,src=portainer_data,dst=/data \ | ||
| portainer/portainer \ | ||
| -H unix:///var/run/docker.sock | ||
| ``` | ||
|
|
||
| Docker Compose 部署: | ||
| ```yaml | ||
| version: '2' | ||
| services: | ||
| portainer: | ||
| image: portainer/portainer | ||
| command: -H unix:///var/run/docker.sock | ||
| volumes: | ||
| - /var/run/docker.sock:/var/run/docker.sock | ||
| - portainer_data:/data | ||
| volumes: | ||
| portainer_data: | ||
| ``` | ||
|  | ||
| ## Rancher | ||
| `Rancher`是一个开源的企业级容器管理平台。通过`Rancher`,企业不必自己使用一系列的开源软件去从头搭建容器服务平台。`Rancher`提供了在生产环境中使用管理`Docker`和`Kubernetes`的全栈化容器部署与管理平台。 | ||
|  | ||
|
|
||
| 在后面学习`kubernetes`的课程的时候会给大家演示,用于我们快速搭建一个可运行`kubernetes`集群环境,非常方便。 | ||
|
|
||
| ## cAdvisor | ||
| `cAdvisor`是`Google`开发的容器监控工具,我们来看看 cAdvisor 有什么能耐。 | ||
|
|
||
| * 监控 Docker Host | ||
| cAdvisor 会显示当前 host 的资源使用情况,包括 CPU、内存、网络、文件系统等。 | ||
|
|
||
| * 监控容器 | ||
| 点击 Docker Containers 链接,显示容器列表。点击某个容器,比如 sysdig,进入该容器的监控页面。 | ||
|
|
||
| 以上就是 cAdvisor 的主要功能,总结起来主要两点: | ||
| * 展示 Host 和容器两个层次的监控数据。 | ||
| * 展示历史变化数据。 | ||
|
|
||
| 由于`cAdvisor`提供的操作界面略显简陋,而且需要在不同页面之间跳转,并且只能监控一个 host,这不免会让人质疑它的实用性。但 cAdvisor 的一个亮点是它可以将监控到的数据导出给第三方工具,由这些工具进一步加工处理。 | ||
|
|
||
| 我们可以把 cAdvisor 定位为一个监控数据收集器,收集和导出数据是它的强项,而非展示数据。 | ||
| cAdvisor 支持很多第三方工具,其中就包括后面我们重点要学习的`Prometheus`。 | ||
| ```shell: | ||
| $ docker run \ | ||
| --volume=/:/rootfs:ro \ | ||
| --volume=/var/run:/var/run:rw \ | ||
| --volume=/sys:/sys:ro \ | ||
| --volume=/var/lib/docker/:/var/lib/docker:ro \ | ||
| --volume=/dev/disk/:/dev/disk:ro \ | ||
| --publish=8080:8080 \ | ||
| --detach=true \ | ||
| --name=cadvisor \ | ||
| google/cadvisor:latest | ||
| ``` | ||
|
|
||
| 通过访问地址:http://127.0.0.1:8080/containers/ 可以查看所有容器信息: | ||
|  | ||
| | ||
| 除此之外,cAdvisor 还提供了一个 Rest API:https://github.com/google/cadvisor/blob/master/docs/api.md | ||
|
|
||
| cAdvisor 通过该 REST API 暴露监控数据,格式如下: | ||
| ``` | ||
| http://<hostname>:<port>/api/<version>/<request> | ||
| ``` |
Oops, something went wrong.