Write in front
- Well, I'm going to take the cka certificate. I took a class and spent a month's salary. I'm so distressed. I must pass the exam.
- This blog is the notes sorted out after attending the class. It is suitable for review.
- The content of the blog involves docker, k8s;
- I wrote a little too much, because I pasted the code, so I can only publish it separately
- This section covers the review of docker and k8s cluster construction
- Blog design mirror small partner can leave a message if necessary
The meaning of life is to learn to live truly, and the meaning of life is to find the meaning of life - mountains and rivers are all right
1, docker Foundation
1. Container= docker
What is the container? What is docker? The startup disk partners are not unfamiliar. The computer system is broken and can't start the machine. We can insert a startup disk. There are some basic software in this startup disk. Here, the startup disk we use can be understood as something similar to a mirror. This startup disk runs a system on the computer, and the win PE system is a container, The physical memory CPU required for the operation of this system is obtained from the physical machine, that is, the computer we can't open.
In the real scene, we need to manage more containers and images. What should we do? We can't put one image into one U SB flash disk. Here, we need a runtime, that is, a software used to manage containers, such as runc lxc gvisor kata. They can only manage containers, not images. They are called low-level runtime.
The low-level runtime has a single function and cannot manage images. At this time, a high-level runtime, such as docker podman containerd.., is required to call runc to manage the low-level runtime, which can manage both containers and images. k8s is used to manage high-level runtime.
Close Screensaver
setterm -blank 0
Configure yum source
rm -rf /etc/yum.repos.d/ wget ftp://ftp.rhce.cc/k8s/* -P /etc/yum.repos.d/
Configure docker accelerator
sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://2tefyfv7.mirror.aliyuncs.com"] } EOF sudo systemctl daemon-reload sudo systemctl restart docker
Use domestic warehouse
Hua Weiyun | ![]() |
Netease cloud | ![]() |
Alibaba cloud | ![]() |
2.docker image management
┌──(liruilong㉿Liruilong)-[/mnt/c/Users/lenovo] └─$ ssh root@192.168.26.55 Last login: Fri Oct 1 16:39:16 2021 from 192.168.26.1 ┌──[root@liruilongs.github.io]-[~] └─$ systemctl status docker ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2021-09-26 02:07:56 CST; 1 weeks 0 days ago Docs: https://docs.docker.com Main PID: 1004 (dockerd) Memory: 136.1M CGroup: /system.slice/docker.service └─1004 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock . . . . . . . ┌──[root@liruilongs.github.io]-[~] └─$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ┌──[root@liruilongs.github.io]-[~] └─$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE ┌──[root@liruilongs.github.io]-[~] └─$
docker image management | |
---|---|
How mirrors are named | Default docker.io, |
docker pull image | Pull mirror |
docker tag image | Tagging and renaming are similar to the hard connection in linxu |
docker rmi image | delete |
docker save image name > filename.tar | Save, backup |
docker load -i filename.tar | Import |
docker export container name > filename.tar | Export container as image: |
Import cat filename.tar | docker import - image name |
docker history xxxx --no-trunc | The complete build content can be displayed |
┌──[root@liruilongs.github.io]-[~] └─$ docker images | grep -v TAG | awk '{print $1":"$2}' nginx:latest mysql:latest
Back up all mirrors
docker images | grep -v TAG | awk '{print $1":"$2}' | xargs docker save >all.tar
┌──[root@liruilongs.github.io]-[~/docker] └─$ docker images | grep -v TAG | awk '{print $1":"$2}' | xargs docker save >all.tar ┌──[root@liruilongs.github.io]-[~/docker] └─$ ls all.tar docker_images_util_202110032229_UCPY4C5k.sh
Delete all mirrors
docker images | grep -v TAG | awk '{print $1":"$2}' | xargs docker rmi
┌──[root@liruilongs.github.io]-[~/docker] └─$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest f8f4ffc8092c 5 days ago 133MB mysql latest 2fe463762680 5 days ago 514MB ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker images | grep -v TAG | awk '{print $1":"$2}' | xargs docker rmi Untagged: nginx:latest Untagged: nginx@sha256:765e51caa9e739220d59c7f7a75508e77361b441dccf128483b7f5cce8306652 Deleted: sha256:f8f4ffc8092c956ddd6a3a64814f36882798065799b8aedeebedf2855af3395b Deleted: sha256:f208904eecb00a0769d263e81b8234f741519fefa262482d106c321ddc9773df Deleted: sha256:ed6dd2b44338215d30a589d7d36cb4ffd05eb28d2e663a23108d03b3ac273d27 Deleted: sha256:c9958d4f33715556566095ccc716e49175a1fded2fa759dbd747750a89453490 Deleted: sha256:c47815d475f74f82afb68ef7347b036957e7e1a1b0d71c300bdb4f5975163d6a Deleted: sha256:3b06b30cf952c2f24b6eabdff61b633aa03e1367f1ace996260fc3e236991eec Untagged: mysql:latest Untagged: mysql@sha256:4fcf5df6c46c80db19675a5c067e737c1bc8b0e78e94e816a778ae2c6577213d Deleted: sha256:2fe4637626805dc6df98d3dc17fa9b5035802dcbd3832ead172e3145cd7c07c2 Deleted: sha256:e00bdaa10222919253848d65585d53278a2f494ce8c6a445e5af0ebfe239b3b5 Deleted: sha256:83411745a5928b2a3c2b6510363218fb390329f824e04bab13573e7a752afd50 Deleted: sha256:e8e521a71a92aad623b250b0a192a22d54ad8bbeb943f7111026041dce20d94f Deleted: sha256:024ee0ef78b28663bc07df401ae3a258ae012bd5f37c2960cf638ab4bc04fafd Deleted: sha256:597139ec344c8cb622127618ae21345b96dd23e36b5d04b071a3fd92d207a2c0 Deleted: sha256:28909b85bd680fc47702edb647a06183ae5f3e3020f44ec0d125bf75936aa923 Deleted: sha256:4e007ef1e2a3e1e0ffb7c0ad8c9ea86d3d3064e360eaa16e7c8e10f514f68339 Deleted: sha256:b01d7bbbd5c0e2e5ae10de108aba7cd2d059bdd890814931f6192c97fc8aa984 Deleted: sha256:d98a368fc2299bfa2c34cc634fa9ca34bf1d035e0cca02e8c9f0a07700f18103 Deleted: sha256:95968d83b58ae5eec87e4c9027baa628d0e24e4acebea5d0f35eb1b957dd4672 Deleted: sha256:425adb901baf7d6686271d2ce9d42b8ca67e53cffa1bc05622fd0226ae40e9d8 Deleted: sha256:476baebdfbf7a68c50e979971fcd47d799d1b194bcf1f03c1c979e9262bcd364 ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE ┌──[root@liruilongs.github.io]-[~/docker]
Import all mirrors
docker load -i all.tar
┌──[root@liruilongs.github.io]-[~/docker] └─$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker load -i all.tar 476baebdfbf7: Loading layer 72.53MB/72.53MB 525950111558: Loading layer 64.97MB/64.97MB 0772cb25d5ca: Loading layer 3.072kB/3.072kB 6e109f6c2f99: Loading layer 4.096kB/4.096kB 88891187bdd7: Loading layer 3.584kB/3.584kB 65e1ea1dc98c: Loading layer 7.168kB/7.168kB Loaded image: nginx:latest f2f5bad82361: Loading layer 338.4kB/338.4kB 96fe563c6126: Loading layer 9.557MB/9.557MB 44bc6574c36f: Loading layer 4.202MB/4.202MB e333ff907af7: Loading layer 2.048kB/2.048kB 4cffbf4e4fe3: Loading layer 53.77MB/53.77MB 42417c6d26fc: Loading layer 5.632kB/5.632kB c786189c417d: Loading layer 3.584kB/3.584kB 2265f824a3a8: Loading layer 378.8MB/378.8MB 6eac57c056e6: Loading layer 5.632kB/5.632kB 92b76bd444bf: Loading layer 17.92kB/17.92kB 0b282e0f658a: Loading layer 1.536kB/1.536kB Loaded image: mysql:latest ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest f8f4ffc8092c 5 days ago 133MB mysql latest 2fe463762680 5 days ago 514MB ┌──[root@liruilongs.github.io]-[~/docker] └─$
A mysql image will run a mysql process, CMD ["mysqld"]
┌──[root@liruilongs.github.io]-[~/docker] └─$ docker history mysql IMAGE CREATED CREATED BY SIZE COMMENT 2fe463762680 5 days ago /bin/sh -c #(nop) CMD ["mysqld"] 0B <missing> 5 days ago /bin/sh -c #(nop) EXPOSE 3306 33060 0B <missing> 5 days ago /bin/sh -c #(nop) ENTRYPOINT ["docker-entry... 0B <missing> 5 days ago /bin/sh -c ln -s usr/local/bin/docker-entryp... 34B <missing> 5 days ago /bin/sh -c #(nop) COPY file:345a22fe55d3e678... 14.5kB <missing> 5 days ago /bin/sh -c #(nop) COPY dir:2e040acc386ebd23b... 1.12kB <missing> 5 days ago /bin/sh -c #(nop) VOLUME [/var/lib/mysql] 0B <missing> 5 days ago /bin/sh -c { echo mysql-community-server m... 378MB <missing> 5 days ago /bin/sh -c echo 'deb http://repo.mysql.com/a... 55B <missing> 5 days ago /bin/sh -c #(nop) ENV MYSQL_VERSION=8.0.26-... 0B <missing> 5 days ago /bin/sh -c #(nop) ENV MYSQL_MAJOR=8.0 0B <missing> 5 days ago /bin/sh -c set -ex; key='A4A9406876FCBD3C45... 1.84kB <missing> 5 days ago /bin/sh -c apt-get update && apt-get install... 52.2MB <missing> 5 days ago /bin/sh -c mkdir /docker-entrypoint-initdb.d 0B <missing> 5 days ago /bin/sh -c set -eux; savedAptMark="$(apt-ma... 4.17MB <missing> 5 days ago /bin/sh -c #(nop) ENV GOSU_VERSION=1.12 0B <missing> 5 days ago /bin/sh -c apt-get update && apt-get install... 9.34MB <missing> 5 days ago /bin/sh -c groupadd -r mysql && useradd -r -... 329kB <missing> 5 days ago /bin/sh -c #(nop) CMD ["bash"] 0B <missing> 5 days ago /bin/sh -c #(nop) ADD file:99db7cfe7952a1c7a... 69.3MB ┌──[root@liruilongs.github.io]-[~/docker] └─$
3.docker management container
command | describe |
---|---|
docker run image | The simplest container |
docker run -it --rm hub.c.163.com/library/centos /bin/bash | There are terminals and interactions |
docker run -dit -h node --name=c1 image name command | Add a name, do not enter after creation, enter -- attach, do not enter -- detach, daemon mode |
docker run -dit --restart=always image name command | When exiting, the container is still active, and automatic restart is set |
docker run -it --rm image name command | Process end, delete |
docker run -dit --restart=always -e variable 1 = value 1 -e variable 2 = value 2 | Variable transfer |
┌──[root@liruilongs.github.io]-[~/docker] └─$ docker pull centos Using default tag: latest latest: Pulling from library/centos a1d0c7532777: Pull complete Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177 Status: Downloaded newer image for centos:latest docker.io/library/centos:latest ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker run -it --name=c1 centos WARNING: IPv4 forwarding is disabled. Networking will not work. [root@f418f094e0d8 /]# ls bin etc lib lost+found mnt proc run srv tmp var dev home lib64 media opt root sbin sys usr [root@f418f094e0d8 /]# exit exit ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f418f094e0d8 centos "/bin/bash" 51 seconds ago Exited (0) 4 seconds ago c1 ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker run -it --restart=always --name=c2 centos WARNING: IPv4 forwarding is disabled. Networking will not work. [root@ecec30685687 /]# exit exit ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ecec30685687 centos "/bin/bash" 5 seconds ago Up 1 second c2 f418f094e0d8 centos "/bin/bash" About a minute ago Exited (0) About a minute ago c1 ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker rm c1 c1 ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker rm c2 Error response from daemon: You cannot remove a running container ecec30685687c9f0af08ea721f6293a3fb635c8290bee3347bb54f11ff3e32fa. Stop the container before attempting removal or force remove ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker run -itd --restart=always --name=c2 centos docker: Error response from daemon: Conflict. The container name "/c2" is already in use by container "ecec30685687c9f0af08ea721f6293a3fb635c8290bee3347bb54f11ff3e32fa". You have to remove (or rename) that container to be able to reuse that name. See 'docker run --help'. ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker run -itd --restart=always --name=c3 centos WARNING: IPv4 forwarding is disabled. Networking will not work. 97ffd93370d4e23e6a3d2e6a0c68030d482cabb8ab71b5ceffb4d703de3a6b0c ┌──[root@liruilongs.github.io]-[~/docker] └─$
Create a mysql container
┌──[root@liruilongs.github.io]-[~/docker] └─$ docker run -dit --name=db --restart=always -e MYSQL_ROOT_PASSWORD=liruilong -e MYSQL_DATABASE=blog mysql WARNING: IPv4 forwarding is disabled. Networking will not work. 0a79be3ed7dbd9bdf19202cda74aa3b3db818bd23deca23248404c673c7e1ff7 ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 0a79be3ed7db mysql "docker-entrypoint.s..." 3 seconds ago Up 2 seconds 3306/tcp, 33060/tcp db 97ffd93370d4 centos "/bin/bash" 17 minutes ago Up 17 minutes c3 ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker logs db 2021-10-03 16:49:41+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 8.0.26-1debian10 started. 2021-10-03 16:49:41+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql' 2021-10-03 16:49:41+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 8.0.26-1debian10 started. 2021-10-03 16:49:41+00:00 [Note] [Entrypoint]: Initializing database files 2021-10-03T16:49:41.391137Z 0 [System] [MY-013169] [Server] /usr/sbin/mysqld (mysqld 8.0.26) initializing of server in progress as process 41 2021-10-03T16:49:41.400419Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started. 2021-10-03T16:49:42.345302Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended. 2021-10-03T16:49:46.187521Z 0 [Warning] [MY-013746] [Server] A deprecated TLS version TLSv1 is enabled for channel mysql_main 2021-10-03T16:49:46.188871Z 0 [Warning] [MY-013746] [Server] A deprecated TLS version TLSv1.1 is enabled for channel mysql_main 2021-10-03T16:49:46.312124Z 6 [Warning] [MY-010453] [Server] root@localhost is created with an empty password ! Please consider switching off the --initialize-insecure option. 2021-10-03 16:49:55+00:00 [Note] [Entrypoint]: Database files initialized 2021-10-03 16:49:55+00:00 [Note] [Entrypoint]: Starting temporary server mysqld will log errors to /var/lib/mysql/0a79be3ed7db.err ┌──[root@liruilongs.github.io]-[~/docker] └─$
nginx installation
┌──[root@liruilongs.github.io]-[~/docker] └─$ docker run -dit --restart=always -p 80 nginx WARNING: IPv4 forwarding is disabled. Networking will not work. c7570bd68368f3e4c9a4c8fdce67845bcb5fee12d1cc785d6e448979592a691e ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c7570bd68368 nginx "/docker-entrypoint...." 4 seconds ago Up 2 seconds 0.0.0.0:49153->80/tcp, :::49153->80/tcp jovial_solomon 0a79be3ed7db mysql "docker-entrypoint.s..." 3 minutes ago Up 3 minutes 3306/tcp, 33060/tcp db 97ffd93370d4 centos "/bin/bash" 20 minutes ago Up 20 minutes c3 ┌──[root@liruilongs.github.io]-[~/docker] └─$
4. Common commands for managing containers
command | describe |
---|---|
docker exec xxxx command | The new process enters the container |
docker start xxxx | Start container |
docker stop xxxxx | Stop container |
docker restart xxxxx | Restart the container. You can restart the container when you need to restart the service |
docker top xxxxx | View process |
docker logs -f node | journal |
docker inspect container | Container details, ip, etc |
┌──[root@liruilongs.github.io]-[~/docker] └─$ mysql -uroot -pliruilong -h172.17.0.2 -P3306 ERROR 2059 (HY000): Authentication plugin 'caching_sha2_password' cannot be loaded: /usr/lib64/mysql/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker exec -it db /bin/bash root@0a79be3ed7db:/# mysql -uroot -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 14 Server version: 8.0.26 MySQL Community Server - GPL Copyright (c) 2000, 2021, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> ALTER USER 'root'@'%' IDENTIFIED BY 'password' PASSWORD EXPIRE NEVER; Query OK, 0 rows affected (0.02 sec) mysql> ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY 'liruilong'; Query OK, 0 rows affected (0.01 sec) mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.01 sec) mysql> exit Bye root@0a79be3ed7db:/# eixt bash: eixt: command not found root@0a79be3ed7db:/# exit exit ┌──[root@liruilongs.github.io]-[~/docker] └─$ mysql -uroot -pliruilong -h172.17.0.2 -P3306 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MySQL connection id is 15 Server version: 8.0.26 MySQL Community Server - GPL Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MySQL [(none)]> use blog Database changed MySQL [blog]>
┌──[root@liruilongs.github.io]-[~/docker] └─$ docker top db UID PID PPID C STIME TTY TIME CMD polkitd 15911 15893 1 00:49 ? 00:00:45 mysqld ┌──[root@liruilongs.github.io]-[~/docker] └─$
┌──[root@liruilongs.github.io]-[~/docker] └─$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c7570bd68368 nginx "/docker-entrypoint...." 43 minutes ago Up 43 minutes 0.0.0.0:49153->80/tcp, :::49153->80/tcp jovial_solomon 0a79be3ed7db mysql "docker-entrypoint.s..." 46 minutes ago Up 46 minutes 3306/tcp, 33060/tcp db 97ffd93370d4 centos "/bin/bash" About an hour ago Up About an hour c3 ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker stop db db ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c7570bd68368 nginx "/docker-entrypoint...." 43 minutes ago Up 43 minutes 0.0.0.0:49153->80/tcp, :::49153->80/tcp jovial_solomon 97ffd93370d4 centos "/bin/bash" About an hour ago Up About an hour c3 ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker start db db ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c7570bd68368 nginx "/docker-entrypoint...." 44 minutes ago Up 44 minutes 0.0.0.0:49153->80/tcp, :::49153->80/tcp jovial_solomon 0a79be3ed7db mysql "docker-entrypoint.s..." 47 minutes ago Up 2 seconds 3306/tcp, 33060/tcp db 97ffd93370d4 centos "/bin/bash" About an hour ago Up About an hour c3 ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker restart db db ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c7570bd68368 nginx "/docker-entrypoint...." 44 minutes ago Up 44 minutes 0.0.0.0:49153->80/tcp, :::49153->80/tcp jovial_solomon 0a79be3ed7db mysql "docker-entrypoint.s..." 47 minutes ago Up 2 seconds 3306/tcp, 33060/tcp db 97ffd93370d4 centos "/bin/bash" About an hour ago Up About an hour c3 ┌──[root@liruilongs.github.io]-[~/docker] └─$
Delete all containers
┌──[root@liruilongs.github.io]-[~] └─$ docker ps | grep -v IMAGE 5b3557283314 nginx "/docker-entrypoint...." About an hour ago Up About an hour 80/tcp web c7570bd68368 nginx "/docker-entrypoint...." 9 hours ago Up 9 hours 0.0.0.0:49153->80/tcp, :::49153->80/tcp jovial_solomon 0a79be3ed7db mysql "docker-entrypoint.s..." 9 hours ago Up 8 hours 3306/tcp, 33060/tcp db 97ffd93370d4 centos "/bin/bash" 9 hours ago Up 9 hours c3 ┌──[root@liruilongs.github.io]-[~] └─$ docker ps | grep -v IMAGE | awk '{print $1}' 5b3557283314 c7570bd68368 0a79be3ed7db 97ffd93370d4 ┌──[root@liruilongs.github.io]-[~] └─$ docker ps | grep -v IMAGE | awk '{print $1}'| xargs docker rm -f 5b3557283314 c7570bd68368 0a79be3ed7db 97ffd93370d4 ┌──[root@liruilongs.github.io]-[~] └─$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ┌──[root@liruilongs.github.io]-[~] └─$
5. Use of data volume
command | describe |
---|---|
docker run -dit --restart=always -v p_path1:c_path2 image name command | Similar to port mapping, the host directory is mapped directly |
docker run -dit --restart=always -v c_path2 image name command | When only one is written, you can view the mapping through docker inspect, including the mounts attribute |
docker volume create v1 | Customize the shared volume and mount it |
The data will be written to the container layer, the container will be deleted, and the container data will also be deleted
┌──[root@liruilongs.github.io]-[~/docker] └─$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c7570bd68368 nginx "/docker-entrypoint...." 44 minutes ago Up 44 minutes 0.0.0.0:49153->80/tcp, :::49153->80/tcp jovial_solomon 0a79be3ed7db mysql "docker-entrypoint.s..." 47 minutes ago Up 2 seconds 3306/tcp, 33060/tcp db 97ffd93370d4 centos "/bin/bash" About an hour ago Up About an hour c3 ┌──[root@liruilongs.github.io]-[~/docker] └─$ find / -name liruilong.html ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker exec -it c7570bd68368 /bin/bash root@c7570bd68368:/# echo "liruilong" > liruilong.html root@c7570bd68368:/# exit exit ┌──[root@liruilongs.github.io]-[~/docker] └─$ find / -name liruilong.html /var/lib/docker/overlay2/56de0e042c7c5b9704df156b6473b528ca7468d8b1085cb43294f9111b270540/diff/liruilong.html /var/lib/docker/overlay2/56de0e042c7c5b9704df156b6473b528ca7468d8b1085cb43294f9111b270540/merged/liruilong.html ┌──[root@liruilongs.github.io]-[~/docker] └─$
docker run -itd --name=web -v /root/docker/liruilong:/liruilong:rw nginx
┌──[root@liruilongs.github.io]-[~/docker] └─$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c7570bd68368 nginx "/docker-entrypoint...." 8 hours ago Up 8 hours 0.0.0.0:49153->80/tcp, :::49153->80/tcp jovial_solomon 0a79be3ed7db mysql "docker-entrypoint.s..." 8 hours ago Up 7 hours 3306/tcp, 33060/tcp db 97ffd93370d4 centos "/bin/bash" 8 hours ago Up 8 hours c3 ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker rm -f web web ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker run -itd --name=web -v /root/docker/liruilong:/liruilong:rw nginx WARNING: IPv4 forwarding is disabled. Networking will not work. 5949fba8c9c810ed3a06fcf1bc8148aef22893ec99450cec2443534b2f9eb063 ┌──[root@liruilongs.github.io]-[~/docker] └─$ ls all.tar docker_images_util_202110032229_UCPY4C5k.sh liruilong ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5949fba8c9c8 nginx "/docker-entrypoint...." 57 seconds ago Up 4 seconds 80/tcp web c7570bd68368 nginx "/docker-entrypoint...." 8 hours ago Up 8 hours 0.0.0.0:49153->80/tcp, :::49153->80/tcp jovial_solomon 0a79be3ed7db mysql "docker-entrypoint.s..." 8 hours ago Up 7 hours 3306/tcp, 33060/tcp db 97ffd93370d4 centos "/bin/bash" 8 hours ago Up 8 hours c3 ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker exec -it web /bin/bash root@5949fba8c9c8:/# ls bin docker-entrypoint.d home liruilong opt run sys var boot docker-entrypoint.sh lib media proc sbin tmp dev etc lib64 mnt root srv usr root@5949fba8c9c8:/#
docker volume create v1
┌──[root@liruilongs.github.io]-[~/docker] └─$ ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker volume list DRIVER VOLUME NAME local 9e939eda6c4d8c574737905857d57014a1c4dda10eef77520e99804c7c67ac39 local 34f699eb0535315b651090afd90768f4e4cfa42acf920753de9015261424812c ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker volume create v1 v1 ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker volume list DRIVER VOLUME NAME local 9e939eda6c4d8c574737905857d57014a1c4dda10eef77520e99804c7c67ac39 local 34f699eb0535315b651090afd90768f4e4cfa42acf920753de9015261424812c local v1 ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker volume inspect v1 [ { "CreatedAt": "2021-10-04T08:46:55+08:00", "Driver": "local", "Labels": {}, "Mountpoint": "/var/lib/docker/volumes/v1/_data", "Name": "v1", "Options": {}, "Scope": "local" } ] ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker run -itd --name=web -v v1:/liruilong:ro nginx WARNING: IPv4 forwarding is disabled. Networking will not work. 5b3557283314d5ab745855f3827d070559cd3340f6a2d5a420941e717dc2145b ┌──[root@liruilongs.github.io]-[~/docker] └─$ ls all.tar docker_images_util_202110032229_UCPY4C5k.sh liruilong ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker exec -it web bash root@5b3557283314:/# touch /liruilong/liruilong.sql touch: cannot touch '/liruilong/liruilong.sql': Read-only file system root@5b3557283314:/# exit exit ┌──[root@liruilongs.github.io]-[~/docker] └─$ touch /var/lib/docker/volumes/v1/_data/liruilong.sql ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker exec -it web bash root@5b3557283314:/# ls /liruilong/ liruilong.sql root@5b3557283314:/#
The host can see the processes in the container
┌──[root@liruilongs.github.io]-[~/docker] └─$ ps aux | grep -v grep | grep mysqld polkitd 16727 1.6 9.6 1732724 388964 pts/0 Ssl+ 06:48 2:10 mysqld ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5b3557283314 nginx "/docker-entrypoint...." 12 minutes ago Up 12 minutes 80/tcp web c7570bd68368 nginx "/docker-entrypoint...." 8 hours ago Up 8 hours 0.0.0.0:49153->80/tcp, :::49153->80/tcp jovial_solomon 0a79be3ed7db mysql "docker-entrypoint.s..." 8 hours ago Up 7 hours 3306/tcp, 33060/tcp db 97ffd93370d4 centos "/bin/bash" 8 hours ago Up 8 hours c3 ┌──[root@liruilongs.github.io]-[~/docker] └─$
6.docker network management
command | describe |
---|---|
docker network list | View all network cards |
docker network inspect 6f70229c85f0 | View network card information |
man -k docker | Help manual |
man docker-network-create | Create network |
docker network create -d bridge --subnet=10.0.0.0/24 mynet | Create network |
docker run --net=mynet --rm -it centos /bin/bash | Designated network |
docker run -dit -p physical machine port: container port image | Specify port |
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf;sysctl -p | In NAT mode, route forwarding needs to be enabled |
echo 1 > /proc/sys/net/ipv4/ip_forward | In NAT mode, route forwarding needs to be enabled. Both are OK |
┌──[root@liruilongs.github.io]-[~] └─$ ifconfig docker0 # Bridge network card docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 inet6 fe80::42:38ff:fee1:6cb2 prefixlen 64 scopeid 0x20<link> ether 02:42:38:e1:6c:b2 txqueuelen 0 (Ethernet) RX packets 54 bytes 4305 (4.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 74 bytes 5306 (5.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ┌──[root@liruilongs.github.io]-[~] └─$ docker network inspect bridge [ { "Name": "bridge", "Id": "ebc5c96c853aa5271006387393b3b2dddcbfbc3b6f1f9ecba44bf87f550ed134", "Created": "2021-09-26T02:07:56.019076931+08:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.17.0.0/16", "Gateway": "172.17.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "0a79be3ed7dbd9bdf19202cda74aa3b3db818bd23deca23248404c673c7e1ff7": { "Name": "db", "EndpointID": "8fe3dbabc838c14a6e23990abd860824d505d49bd437d47c45a85eed06de2aba", "MacAddress": "02:42:ac:11:00:02", "IPv4Address": "172.17.0.2/16", "IPv6Address": "" }, "5b3557283314d5ab745855f3827d070559cd3340f6a2d5a420941e717dc2145b": { "Name": "web", "EndpointID": "3f52014a93e20c1f71fff7bda51a169648db932a72101e06d2c33633ac778c5b", "MacAddress": "02:42:ac:11:00:05", "IPv4Address": "172.17.0.5/16", "IPv6Address": "" }, "97ffd93370d4e23e6a3d2e6a0c68030d482cabb8ab71b5ceffb4d703de3a6b0c": { "Name": "c3", "EndpointID": "3dca7f002ebf82520ecc0b28ef4e19cd3bc867d1af9763b9a4969423b4e2a5f6", "MacAddress": "02:42:ac:11:00:03", "IPv4Address": "172.17.0.3/16", "IPv6Address": "" }, "c7570bd68368f3e4c9a4c8fdce67845bcb5fee12d1cc785d6e448979592a691e": { "Name": "jovial_solomon", "EndpointID": "56be0daa5a7355201a0625259585561243a4ce1f37736874396a3fb0467f26fe", "MacAddress": "02:42:ac:11:00:04", "IPv4Address": "172.17.0.4/16", "IPv6Address": "" } }, "Options": { "com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500" }, "Labels": {} } ] ┌──[root@liruilongs.github.io]-[~] └─$
Create network
┌──[root@liruilongs.github.io]-[~] └─$ docker network create -d bridge --subnet=10.0.0.0/24 mynet 4b3da203747c7885a7942ace7c72a2fdefd2f538256cfac1a545f7fd3a070dc5 ┌──[root@liruilongs.github.io]-[~] └─$ ifconfig br-4b3da203747c: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255 ether 02:42:f4:31:01:9f txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8 bytes 648 (648.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Specify the network runtime container
┌──[root@liruilongs.github.io]-[~] └─$ docker history busybox:latest IMAGE CREATED CREATED BY SIZE COMMENT 16ea53ea7c65 2 weeks ago /bin/sh -c #(nop) CMD ["sh"] 0B <missing> 2 weeks ago /bin/sh -c #(nop) ADD file:c9e0c3d3badfd458c... 1.24MB ┌──[root@liruilongs.github.io]-[~] └─$ docker run -it --rm --name=c1 busybox WARNING: IPv4 forwarding is disabled. Networking will not work. / # ifconfig eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02 inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:648 (648.0 B) TX bytes:0 (0.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) / # exit ┌──[root@liruilongs.github.io]-[~] └─$ docker run -it --rm --name=c2 --network=mynet busybox WARNING: IPv4 forwarding is disabled. Networking will not work. / # ifconfig eth0 Link encap:Ethernet HWaddr 02:42:0A:00:00:02 inet addr:10.0.0.2 Bcast:10.0.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:13 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1086 (1.0 KiB) TX bytes:0 (0.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) / # exit ┌──[root@liruilongs.github.io]-[~] └─$
Configure routing forwarding
┌──[root@liruilongs.github.io]-[~] └─$ cat /proc/sys/net/ipv4/ip_forward 0 ┌──[root@liruilongs.github.io]-[~] └─$ cat /etc/sysctl.conf # sysctl settings are defined through files in # /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/. # # Vendors settings live in /usr/lib/sysctl.d/. # To override a whole file, create a new file with the same in # /etc/sysctl.d/ and put new settings there. To override # only specific settings, add a file with a lexically later # name in /etc/sysctl.d/ and put new settings there. # # For more information, see sysctl.conf(5) and sysctl.d(5). ┌──[root@liruilongs.github.io]-[~] └─$ echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf;sysctl -p net.ipv4.ip_forward = 1 ┌──[root@liruilongs.github.io]-[~] └─$ docker run -it --rm --name=c2 --network=mynet busybox / # ping www.baidu.com PING www.baidu.com (220.181.38.150): 56 data bytes 64 bytes from 220.181.38.150: seq=0 ttl=127 time=34.047 ms 64 bytes from 220.181.38.150: seq=1 ttl=127 time=20.363 ms 64 bytes from 220.181.38.150: seq=2 ttl=127 time=112.075 ms ^C --- www.baidu.com ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 20.363/55.495/112.075 ms / # exit ┌──[root@liruilongs.github.io]-[~] └─$ cat /proc/sys/net/ipv4/ip_forward 1 ┌──[root@liruilongs.github.io]-[~] └─$
Use container to build wrodpress blog
┌──[root@liruilongs.github.io]-[~/docker] └─$ docker ps | grep -v IMAGE | awk '{print $1}'| xargs docker rm -f 1ce97e8dc071 0d435b696a7e ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker run -dit --name=db --restart=always -v $PWD/db:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=liruilong -e WORDPRESS_DATABASE=wordpress hub.c.163.com/library/mysql 8605e77f8d50223f52619e6e349085566bc53a7e74470ac0a44340620f32abe8 ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8605e77f8d50 hub.c.163.com/library/mysql "docker-entrypoint.s..." 6 seconds ago Up 4 seconds 3306/tcp db ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker run -itd --name=blog --restart=always -v $PWD/blog:/var/www/html -p 80 -e WORDPRESS_DB_HOST=172.17.0.2 -e WORDPRESS_DB_USER=root -e WORDPRESS_DB_PASSWORD=liruilong -e WORDPRESS_DB_NAME=wordpress hub.c.163.com/library/wordpr ess a90951cdac418db85e9dfd0e0890ec1590765c5770faf9893927a96ea93da9f5 ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a90951cdac41 hub.c.163.com/library/wordpress "docker-entrypoint.s..." 3 seconds ago Up 2 seconds 0.0.0.0:49271->80/tcp, :::49271->80/tcp blog 8605e77f8d50 hub.c.163.com/library/mysql "docker-entrypoint.s..." 2 minutes ago Up 2 minutes 3306/tcp db ┌──[root@liruilongs.github.io]-[~/docker] └─$ ┌──[root@liruilongs.github.io]-[~/docker] └─$
Container network configuration
pattern | describe |
---|---|
bridge | Bridging mode |
host | Host mode |
none | Isolation mode |
docker network list
┌──[root@liruilongs.github.io]-[~] └─$ docker network list NETWORK ID NAME DRIVER SCOPE ebc5c96c853a bridge bridge local 25037835956b host host local ba07e9427974 none null local
Bridge, bridge mode
┌──[root@liruilongs.github.io]-[~] └─$ docker run -it --rm --name c1 centos /bin/bash [root@62043df180e4 /]# ifconfig bash: ifconfig: command not found [root@62043df180e4 /]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 17: eth0@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:04 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.4/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever [root@62043df180e4 /]# exit exit
Host, shared host network space
┌──[root@liruilongs.github.io]-[~] └─$ docker run -it --rm --name c1 --network host centos /bin/bash [root@liruilongs /]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:c9:6f:ae brd ff:ff:ff:ff:ff:ff inet 192.168.26.55/24 brd 192.168.26.255 scope global ens32 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fec9:6fae/64 scope link valid_lft forever preferred_lft forever 3: br-4b3da203747c: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:8e:25:1b:19 brd ff:ff:ff:ff:ff:ff inet 10.0.0.1/24 brd 10.0.0.255 scope global br-4b3da203747c valid_lft forever preferred_lft forever 4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:0a:63:cf:de brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:aff:fe63:cfde/64 scope link valid_lft forever preferred_lft forever 14: veth9f0ef36@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether 16:2f:a6:23:3b:88 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 fe80::142f:a6ff:fe23:3b88/64 scope link valid_lft forever preferred_lft forever 16: veth37a0e67@if15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether 56:b4:1b:74:cf:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1 inet6 fe80::54b4:1bff:fe74:cf3f/64 scope link valid_lft forever preferred_lft forever [root@liruilongs /]# exit exit
none: isolated from the host, different separate networks
┌──[root@liruilongs.github.io]-[~] └─$ docker run -it --rm --name c1 --network none centos /bin/bash [root@7f955d36625e /]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever [root@7f955d36625e /]# exit exit ┌──[root@liruilongs.github.io]-[~] └─$
Container interconnection
docker run -it --rm --name=h1 centos /bin/bash | Create a container h1 |
Create a container h2 and communicate with h1 in two ways | |
docker inspect h1 | grep -i ipaddr |
docker run -it --rm --name=h2 centos ping 172.17.0.4 | |
docker run -it --rm --name=h2 --link h1:h1 centos ping h1 |
┌──[root@liruilongs.github.io]-[~] └─$ docker run -it --rm --name=h1 centos /bin/bash [root@207dbbda59af /]#
┌──[root@liruilongs.github.io]-[~] └─$ docker inspect h1 | grep -i ipaddr "SecondaryIPAddresses": null, "IPAddress": "172.17.0.4", "IPAddress": "172.17.0.4", ┌──[root@liruilongs.github.io]-[~] └─$ docker run -it --rm --name=h2 centos ping -c 3 172.17.0.4 PING 172.17.0.4 (172.17.0.4) 56(84) bytes of data. 64 bytes from 172.17.0.4: icmp_seq=1 ttl=64 time=0.284 ms 64 bytes from 172.17.0.4: icmp_seq=2 ttl=64 time=0.098 ms 64 bytes from 172.17.0.4: icmp_seq=3 ttl=64 time=0.142 ms --- 172.17.0.4 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 0.098/0.174/0.284/0.080 ms ┌──[root@liruilongs.github.io]-[~] └─$ docker run -it --rm --name=h2 --link h1:h1 centos ping -c 3 h1 PING h1 (172.17.0.4) 56(84) bytes of data. 64 bytes from h1 (172.17.0.4): icmp_seq=1 ttl=64 time=0.124 ms 64 bytes from h1 (172.17.0.4): icmp_seq=2 ttl=64 time=0.089 ms 64 bytes from h1 (172.17.0.4): icmp_seq=3 ttl=64 time=0.082 ms --- h1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 0.082/0.098/0.124/0.020 ms ┌──[root@liruilongs.github.io]-[~] └─$ docker run -it --rm --name=h2 --link h1 centos ping -c 3 h1 PING h1 (172.17.0.4) 56(84) bytes of data. 64 bytes from h1 (172.17.0.4): icmp_seq=1 ttl=64 time=0.129 ms 64 bytes from h1 (172.17.0.4): icmp_seq=2 ttl=64 time=0.079 ms 64 bytes from h1 (172.17.0.4): icmp_seq=3 ttl=64 time=0.117 ms --- h1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1999ms rtt min/avg/max/mdev = 0.079/0.108/0.129/0.022 ms ┌──[root@liruilongs.github.io]-[~] └─$
Using containers to build wrodpress Blogs: a simple way
┌──[root@liruilongs.github.io]-[~] └─$ docker run -dit --name=db --restart=always -v $PWD/db:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=liruil ong -e WORDPRESS_DATABASE=wordpress hub.c.163.com/library/mysql c4a88590cb21977fc68022501fde1912d0bb248dcccc970ad839d17420b8b08d ┌──[root@liruilongs.github.io]-[~] └─$ docker run -dit --name blog --link=db:mysql -p 80:80 hub.c.163.com/library/wordpress 8a91caa1f9fef1575cc38788b0e8739b7260729193cf18b094509dcd661f544b ┌──[root@liruilongs.github.io]-[~] └─$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8a91caa1f9fe hub.c.163.com/library/wordpress "docker-entrypoint.s..." 6 seconds ago Up 4 seconds 0.0.0.0:80->80/tcp, :::80->80/tcp blog c4a88590cb21 hub.c.163.com/library/mysql "docker-entrypoint.s..." About a minute ago Up About a minute 3306/tcp db ┌──[root@liruilongs.github.io]-[~]
These use the container link method, and the default alias is mysql; You can see the image description.
┌──[root@liruilongs.github.io]-[~] └─$ docker exec -it db env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin HOSTNAME=c4a88590cb21 TERM=xterm MYSQL_ROOT_PASSWORD=liruilong WORDPRESS_DATABASE=wordpress GOSU_VERSION=1.7 MYSQL_MAJOR=5.7 MYSQL_VERSION=5.7.18-1debian8 HOME=/root ┌──[root@liruilongs.github.io]-[~] └─$ docker exec -it blog env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin HOSTNAME=8a91caa1f9fe TERM=xterm MYSQL_PORT=tcp://172.17.0.2:3306 MYSQL_PORT_3306_TCP=tcp://172.17.0.2:3306 MYSQL_PORT_3306_TCP_ADDR=172.17.0.2 MYSQL_PORT_3306_TCP_PORT=3306 MYSQL_PORT_3306_TCP_PROTO=tcp MYSQL_NAME=/blog/mysql MYSQL_ENV_MYSQL_ROOT_PASSWORD=liruilong MYSQL_ENV_WORDPRESS_DATABASE=wordpress MYSQL_ENV_GOSU_VERSION=1.7 MYSQL_ENV_MYSQL_MAJOR=5.7 MYSQL_ENV_MYSQL_VERSION=5.7.18-1debian8 PHPIZE_DEPS=autoconf dpkg-dev file g++ gcc libc-dev libpcre3-dev make pkg-config re2c PHP_INI_DIR=/usr/local/etc/php APACHE_CONFDIR=/etc/apache2 APACHE_ENVVARS=/etc/apache2/envvars PHP_EXTRA_BUILD_DEPS=apache2-dev PHP_EXTRA_CONFIGURE_ARGS=--with-apxs2 PHP_CFLAGS=-fstack-protector-strong -fpic -fpie -O2 PHP_CPPFLAGS=-fstack-protector-strong -fpic -fpie -O2 PHP_LDFLAGS=-Wl,-O1 -Wl,--hash-style=both -pie GPG_KEYS=0BD78B5F97500D450838F95DFE857D9A90D90EC1 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3 PHP_VERSION=5.6.31 PHP_URL=https://secure.php.net/get/php-5.6.31.tar.xz/from/this/mirror PHP_ASC_URL=https://secure.php.net/get/php-5.6.31.tar.xz.asc/from/this/mirror PHP_SHA256=c464af61240a9b7729fabe0314cdbdd5a000a4f0c9bd201f89f8628732fe4ae4 PHP_MD5= WORDPRESS_VERSION=4.8.1 WORDPRESS_SHA1=5376cf41403ae26d51ca55c32666ef68b10e35a4 HOME=/root ┌──[root@liruilongs.github.io]-[~] └─$
7. User defined image
The docker image is superimposed by the file system, and the bottom end is a boot file system bootfs. Docker users almost never interact with boot files. In fact, when a container is started, it will be moved to memory, and the boot file system will be unmounted to reserve more memory for initrd disk image.
Docker also looks like a typical Linux virtualization stack. In fact, the second layer of docker image is the root file system rootfs, which is located above the boot file system.
rootfs can operate on one or more operating systems, such as Debian or ubuntu file systems. In the traditional Linux boot process, the root file system will be loaded in the read-only mode first. After the boot is completed and the integrity check is completed, it will be switched to the read-write mode. In Docker, the root file system can always be read-only, and Docker will load more read-only file systems on the root file system layer by using the union mount technology.
Federated loading refers to loading multiple file systems at the same time, but from the outside, you can only see one file system. Federated loading superimposes layers of file systems together.
Docker calls such a file system a mirror. One mirror can be placed on top of another. The image below is called the parent image, and so on until the bottom of the image stack. The image at the bottom is called the base image. Finally, when the container is started from an image, docker will load a read-write file system at the top of the image. The program we want to run in docker is executed in this read-write layer.
When Docker starts a container for the first time, the initial read-write layer is empty. When the file system changes, these changes will be applied to this layer. For example, if you want to modify a file
- This file will first be copied from the read-only layer below the read-write layer to the read-write layer. The read-only version of the file still exists, but has been hidden by the copy of the file in the read-write layer. This mechanism is usually called copy on write, which is one of the technologies that makes Docker so powerful.
- Each read-only mirror layer is read-only and will never change in the future. When creating a new container, Docker will build an image stack and add a read-write layer at the top of the stack. This read-write layer, together with the underlying image layer and some configuration data, constitutes a container.
command |
---|
docker build -t v4 . -f filename |
docker build -t name . |
CMD effect
┌──[root@liruilongs.github.io]-[~/docker] └─$ docker run -it --rm --name c1 centos_ip_2 [root@4683bca411ec /]# exit exit ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker run -it --rm --name c1 centos_ip_2 /bin/bash [root@08e12bb46bcd /]# exit exit ┌──[root@liruilongs.github.io]-[~/docker] └─$ docker run -it --rm --name c1 centos_ip_2 echo liruilong liruilong
The smaller the number of layers, the smaller the memory consumption. Each RUN command is one layer. Try to write it in one layer.
┌──[root@liruilongs.github.io]-[~/docker] └─$ cat Dockerfile FROM hub.c.163.com/library/centos MAINTAINER liruilong RUN yum -y install net-tools && \ yum -y install iproute -y CMD ["/bin/bash"] ┌──[root@liruilongs.github.io]-[~/docker] └─$
When using the yum command, it is best to use yum clean all to clear the cache
┌──[root@liruilongs.github.io]-[~/docker] └─$ docker images | grep centos_ centos_ip_3 latest 93e0d06f7dd5 3 minutes ago 216MB centos_ip_2 latest 8eea343337d7 6 minutes ago 330MB ┌──[root@liruilongs.github.io]-[~/docker] └─$ cat Dockerfile FROM hub.c.163.com/library/centos MAINTAINER liruilong RUN yum -y install net-tools && \ yum -y install iproute -y && \ yum clean all CMD ["/bin/bash"] ┌──[root@liruilongs.github.io]-[~/docker] └─$
The meaning of COPY and ADD is the same. ADD has automatic decompression function, and COPY has no automatic decompression function
Build an Nginx image
FROM centos MAINTAINER liruilong RUN yum -y install nginx && \ yum clean all EXPOSE 80 CMD ["nginx", "-g","daemon off;"]
Build an SSH enabled image
8. Configure docker local warehouse
docker pull registry |
docker run -d --name registry -p 5000:5000 --restart=always -v /myreg:/var/lib/registry registry |
Install warehouse image
┌──[root@vms56.liruilongs.github.io]-[~] └─#yum -y install docker-ce Loaded plugins: fastestmirror kubernetes/signature | 844 B 00:00:00 Retrieving key from https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg Importing GPG key 0x307EA071: Userid : "Rapture Automatic Signing Key (cloud-rapture-signing-key-2021-03-01-08_01_09.pub)" Fingerprint: 7f92 e05b 3109 3bef 5a3c 2d38 feea 9169 307e a071 From : https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg Retrieving key from https://mirrors.aliyun.com/kubernetes/yum/doc/ ................. Complete! ┌──[root@vms56.liruilongs.github.io]-[~] └─#sudo tee /etc/docker/daemon.json <<-'EOF' > { > "registry-mirrors": ["https://2tefyfv7.mirror.aliyuncs.com"] > } > EOF { "registry-mirrors": ["https://2tefyfv7.mirror.aliyuncs.com"] } ┌──[root@vms56.liruilongs.github.io]-[~] └─#sudo systemctl daemon-reload ┌──[root@vms56.liruilongs.github.io]-[~] └─#sudo systemctl restart docker ┌──[root@vms56.liruilongs.github.io]-[~] └─#docker pull hub.c.163.com/library/registry:latest latest: Pulling from library/registry 25728a036091: Pull complete 0da5d1919042: Pull complete e27a85fd6357: Pull complete d9253dc430fe: Pull complete 916886b856db: Pull complete Digest: sha256:fce8e7e1569d2f9193f75e9b42efb07a7557fc1e9d2c7154b23da591e324f3d1 Status: Downloaded newer image for hub.c.163.com/library/registry:latest hub.c.163.com/library/registry:latest ┌──[root@vms56.liruilongs.github.io]-[~] └─#docker run -dit --name=myreg -p 5000:5000 -v $PWD/myreg:^Cr ┌──[root@vms56.liruilongs.github.io]-[~] └─#docker history hub.c.163.com/library/registry:latest IMAGE CREATED CREATED BY SIZE COMMENT 751f286bc25e 4 years ago /bin/sh -c #(nop) CMD ["/etc/docker/registr... 0B <missing> 4 years ago /bin/sh -c #(nop) ENTRYPOINT ["/entrypoint.... 0B <missing> 4 years ago /bin/sh -c #(nop) COPY file:7b57f7ab1a8cf85c... 155B <missing> 4 years ago /bin/sh -c #(nop) EXPOSE 5000/tcp 0B <missing> 4 years ago /bin/sh -c #(nop) VOLUME [/var/lib/registry] 0B <missing> 4 years ago /bin/sh -c #(nop) COPY file:6c4758d509045dc4... 295B <missing> 4 years ago /bin/sh -c #(nop) COPY file:b99d4fe47ad1addf... 22.8MB <missing> 4 years ago /bin/sh -c set -ex && apk add --no-cache... 5.61MB <missing> 4 years ago /bin/sh -c #(nop) CMD ["/bin/sh"] 0B <missing> 4 years ago /bin/sh -c #(nop) ADD file:89e72bfc19e81624b... 4.81MB ┌──[root@vms56.liruilongs.github.io]-[~] └─#docker run -dit --name=myreg -p 5000:5000 -v $PWD/myreg:/var/lib/registry hub.c.163.com/library/registry 317bcc7bd882fd0d29cf9a2898e5cec4378431f029a796b9f9f643762679a14d ┌──[root@vms56.liruilongs.github.io]-[~] └─#docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 317bcc7bd882 hub.c.163.com/library/registry "/entrypoint.sh /etc..." 5 seconds ago Up 3 seconds 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp myreg └─# └─#
selinux, firewall settings
┌──[root@vms56.liruilongs.github.io]-[~] └─#getenforce Disabled ┌──[root@vms56.liruilongs.github.io]-[~] └─#systemctl status firewalld.service ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2021-10-06 12:57:44 CST; 15min ago Docs: man:firewalld(1) Main PID: 608 (firewalld) Memory: 1.7M CGroup: /system.slice/firewalld.service └─608 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid Oct 06 13:05:18 vms56.liruilongs.github.io firewalld[608]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C PREROUTING -m addrtype --dst-type LOCAL -j DOCKER' fa...that name. Oct 06 13:05:18 vms56.liruilongs.github.io firewalld[608]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C OUTPUT -m addrtype --dst-type LOCAL -j DOCKER ! --dst...that name. Oct 06 13:05:18 vms56.liruilongs.github.io firewalld[608]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -o docker0 -j DOCKER' failed: iptables: No...that name. Oct 06 13:05:18 vms56.liruilongs.github.io firewalld[608]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -o docker0 -m conntrack --ctstate RELATED,...t chain?). Oct 06 13:05:18 vms56.liruilongs.github.io firewalld[608]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -j DOCKER-ISOLATION-STAGE-1' failed: iptab...that name. Oct 06 13:05:18 vms56.liruilongs.github.io firewalld[608]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -...that name. Oct 06 13:05:18 vms56.liruilongs.github.io firewalld[608]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP' faile...t chain?). Oct 06 13:08:01 vms56.liruilongs.github.io firewalld[608]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C DOCKER -p tcp -d 0/0 --dport 5000 -j DNAT --to-destin...that name. Oct 06 13:08:01 vms56.liruilongs.github.io firewalld[608]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C DOCKER ! -i docker0 -o docker0 -p tcp -d 172.17.0....t chain?). Oct 06 13:08:01 vms56.liruilongs.github.io firewalld[608]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C POSTROUTING -p tcp -s 172.17.0.2 -d 172.17.0.2 --dpor...that name. Hint: Some lines were ellipsized, use -l to show in full. ┌──[root@vms56.liruilongs.github.io]-[~] └─#systemctl disable firewalld.service --now Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. ┌──[root@vms56.liruilongs.github.io]-[~] └─#
Mirror push protocol settings
┌──[root@liruilongs.github.io]-[~] └─$ cat /etc/docker/daemon.json { "registry-mirrors": ["https://2tefyfv7.mirror.aliyuncs.com"] } ┌──[root@liruilongs.github.io]-[~] └─$ vim /etc/docker/daemon.json ┌──[root@liruilongs.github.io]-[~] └─$ cat /etc/docker/daemon.json { "registry-mirrors": ["https://2tefyfv7.mirror.aliyuncs.com"], "insecure-registries": ["192.168.26.56:5000"] } ┌──[root@liruilongs.github.io]-[~] └─$ ┌──[root@liruilongs.github.io]-[~] └─$ systemctl restart docker ┌──[root@liruilongs.github.io]-[~]
API, view scripting
┌──[root@liruilongs.github.io]-[~/docker] └─$ vim dockerimages.sh ┌──[root@liruilongs.github.io]-[~/docker] └─$ sh dockerimages.sh 192.168.26.56 192.168.26.56:5000/db/mysql:v1 192.168.26.56:5000/os/centos:latest ┌──[root@liruilongs.github.io]-[~/docker] └─$ curl http://192.168.26.56:5000/v2/_catalog {"repositories":["db/mysql","os/centos"]} ┌──[root@liruilongs.github.io]-[~/docker] └─$ curl -XGET http://192.168.26.56:5000/v2/_catalog {"repositories":["db/mysql","os/centos"]} ┌──[root@liruilongs.github.io]-[~/docker] └─$ curl -XGET http://192.168.26.56:5000/v2/os/centos/tags/list {"name":"os/centos","tags":["latest"]} ┌──[root@liruilongs.github.io]-[~/docker] └─$
┌──[root@liruilongs.github.io]-[~/docker] └─$ cat dockerimages.sh #!/bin/bash file=$(mktemp) curl -s $1:5000/v2/_catalog | jq | egrep -v '\{|\}|\[|]' | awk -F\" '{print $2}' > $file while read aa ; do tag=($(curl -s $1:5000/v2/$aa/tags/list | jq | egrep -v '\{|\}|\[|]|name' | awk -F\" '{print $2}')) for i in ${tag[*]} ; do echo $1:5000/${aa}:$i done done < $file rm -rf $file ┌──[root@liruilongs.github.io]-[~/docker] └─$ yum -y install jq
Delete image in local warehouse
curl https://raw.githubusercontent.com/burnettk/delete-docker-registry-image/master/delete_docker_registry_image.py | sudo tee /usr/local/bin/delete_docker_registry_image >/dev/null sudo chmod a+x /usr/local/bin/delete_docker_registry_image
export REGISTRY_DATA_DIR=/opt/data/registry/docker/registry/v2
delete_docker_registry_image --image testrepo/awesomeimage --dry-run delete_docker_registry_image --image testrepo/awesomeimage delete_docker_registry_image --image testrepo/awesomeimage:supertag
9. Use of harbor
Install and start docker and install docker compose |
Upload offline package of harbor |
Import image of harbor |
Edit harbor.yml |
Modify the hostname to your own host name. You need to comment out https without a certificate |
harbor_admin_password login password |
Install compose |
Run the script. / install.sh |
Enter the IP address in the browser |
docker login IP -- there will be a. docker folder under the home directory |
┌──[root@vms56.liruilongs.github.io]-[/] └─#ls bin dev harbor-offline-installer-v2.0.6.tgz lib machine-id mnt proc run srv tmp var boot etc home lib64 media opt root sbin sys usr ┌──[root@vms56.liruilongs.github.io]-[/] └─#tar zxvf harbor-offline-installer-v2.0.6.tgz harbor/harbor.v2.0.6.tar.gz harbor/prepare harbor/LICENSE harbor/install.sh harbor/common.sh harbor/harbor.yml.tmpl ┌──[root@vms56.liruilongs.github.io]-[/] └─#docker load -i harbor/harbor.v2.0.6.tar.gz
Modify profile
┌──[root@vms56.liruilongs.github.io]-[/] └─#cd harbor/ ┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#ls common.sh harbor.v2.0.6.tar.gz harbor.yml.tmpl install.sh LICENSE prepare ┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#cp harbor.yml.tmpl harbor.yml ┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#ls common.sh harbor.v2.0.6.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare ┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#vim harbor.yml ┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#
harbor.yml
4 # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. 5 hostname: 192.168.26.56 6 7 # http related config ....... 12 # https related config 13 #https: 14 # https port for harbor, default is 443 15 # port: 443 16 # The path of cert and key files for nginx 17 # certificate: /your/certificate/path 18 # private_key: /your/private/key/path .... 33 # Remember Change the admin password from UI after launching Harbor. 34 harbor_admin_password: Harbor12345 35 36 # Harbor DB configuration
./prepare && ./install.sh
┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#./prepare prepare base dir is set to /harbor WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml Generated and saved secret to file: /data/secret/keys/secretkey Successfully called func: create_root_cert Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir ┌──[root@vms56.liruilongs.github.io]-[/harbor] └─#./install.sh [Step 0]: checking if docker is installed ... Note: docker version: 20.10.9 [Step 1]: checking docker-compose is installed ...
![]() |
![]() |
┌──[root@liruilongs.github.io]-[~/docker] └─$ docker push 192.168.26.56/library/mysql Using default tag: latest The push refers to repository [192.168.26.56/library/mysql] 8129a85b4056: Pushed 3c376267ac82: Pushed fa9efdcb088a: Pushed 9e615ff77b4f: Pushed e5de8ba20fae: Pushed 2bee3420217b: Pushed 904af8e2b2d5: Pushed daf31ec3573d: Pushed da4155a7d640: Pushed 3b7c5f5acc82: Pushed 295d6a056bfd: Pushed latest: digest: sha256:c0806ac73235043de2a6cb4738bb2f6a74f71d9c7aa0f19c8e7530fd6c299e75 size: 2617 ┌──[root@liruilongs.github.io]-[~/docker] └─$
![]() |
10. Limit container resources
Use Cgroup to restrict resources |
---|
docker run -itd --name=c3 --cpuset-cpus 0 -m 200M centos |
docker run -itd --name=c2 -m 200M centos |
Understand the use of Cgroup
- Memory limitations
/etc/systemd/system/memload.service.d cat 00-aa.conf [Service] MemoryLimit=512M
- CPU affinity restrictions
ps mo pid,comm,psr $(pgrep httpd) /etc/systemd/system/httpd.service.d cat 00-aa.conf [Service] CPUAffinity=0
How are containers restricted
┌──[root@liruilongs.github.io]-[/] └─$ docker exec -it c1 bash [root@55e45b34d93d /]# ls bin etc lib lost+found mnt proc run srv tmp var dev home lib64 media opt root sbin sys usr [root@55e45b34d93d /]# cd opt/ [root@55e45b34d93d opt]# ls memload-7.0-1.r29766.x86_64.rpm [root@55e45b34d93d opt]# rpm -ivh memload-7.0-1.r29766.x86_64.rpm Verifying... ################################# [100%] Preparing... ################################# [100%] Updating / installing... 1:memload-7.0-1.r29766 ################################# [100%] [root@55e45b34d93d opt]# exit exit ┌──[root@liruilongs.github.io]-[/] └─$ docker stats CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS 55e45b34d93d c1 0.00% 8.129MiB / 3.843GiB 0.21% 648B / 0B 30.4MB / 11.5MB 1
[root@55e45b34d93d /]# memload 1000 Attempting to allocate 1000 Mebibytes of resident memory... ^C [root@55e45b34d93d /]# ┌──[root@liruilongs.github.io]-[/] └─$ docker stats CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS 55e45b34d93d c1 0.02% 165.7MiB / 3.843GiB 4.21% 648B / 0B 30.5MB / 11.5MB 3
Memory limit
┌──[root@liruilongs.github.io]-[/] └─$ docker run -itd --name=c2 -m 200M centos 3b2df1738e84159f4fa02dadbfc285f6da8ddde4d94cb449bc775c9a70eaa4ea ┌──[root@liruilongs.github.io]-[/] └─$ docker stats CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS 3b2df1738e84 c2 0.00% 528KiB / 200MiB 0.26% 648B / 0B 0B / 0B 1 55e45b34d93d c1 0.00% 8.684MiB / 3.843GiB 0.22% 648B / 0B 30.5MB / 11.5MB 2
Restrictions on container CPU
┌──[root@liruilongs.github.io]-[/] └─$ ps mo pid,psr $(pgrep cat) ┌──[root@liruilongs.github.io]-[/] └─$ docker run -itd --name=c3 --cpuset-cpus 0 -m 200M centos a771eed8c7c39cd410bd6f43909a67bfcf181d87fcafffe57001f17f3fdff408
11. Monitoring container
cadvisor, read the host information
**docker pull hub.c.163.com/xbingo/cadvisor:lates**t
docker run \ -v /var/run:/var/run \ -v /sys:/sys:ro \ -v /var/lib/docker:/var/lib/docker:ro \ -d -p 8080:8080 --name=mon \ hub.c.163.com/xbingo/cadvisor:latest
![]() |
![]() |
weavescope
┌──[root@liruilongs.github.io]-[/] └─$ chmod +x ./scope ┌──[root@liruilongs.github.io]-[/] └─$ ./scope launch Unable to find image 'weaveworks/scope:1.13.1' locally 1.13.1: Pulling from weaveworks/scope c9b1b535fdd9: Pull complete 550073704c23: Pull complete 8738e5bbaf1d: Pull complete 0a8826d26027: Pull complete 387c1aa951b4: Pull complete e72d45461bb9: Pull complete 75cc44b65e98: Pull complete 11f7584a6ade: Pull complete a5aa3ebbe1c2: Pull complete 7cdbc028c8d2: Pull complete Digest: sha256:4342f1c799aba244b975dcf12317eb11858f9879a3699818e2bf4c37887584dc Status: Downloaded newer image for weaveworks/scope:1.13.1 3254bcd54a7b2b1a5ece2ca873ab18c3215484e6b4f83617a522afe4e853c378 Scope probe started The Scope App is not responding. Consult the container logs for further details. ┌──[root@liruilongs.github.io]-[/] └─$
![]() |
2, kubernetes installation
ansible configuration
Here we use ansible to install
- Configure ssh encryption free from control machine to controlled machine
- Configure ansible configuration file, host list
[root@vms81 ~]# ls anaconda-ks.cfg calico_3_14.tar calico.yaml one-client-install.sh set.sh [root@vms81 ~]# mkdir ansible [root@vms81 ~]# cd ansible/ [root@vms81 ansible]# ls [root@vms81 ansible]# vim ansible.cfg [root@vms81 ansible]# cat ansible.cfg [defaults] # The host list file is the list of hosts to be controlled inventory=inventory # The user name of the remote that connects to the managed machine remote_user=root # Role directory roles_path=roles # Set user's su authorization [privilege_escalation] become=True become_method=sudo become_user=root become_ask_pass=False [root@vms81 ansible]# vim inventory [root@vms81 ansible]# cat inventory [node] 192.168.26.82 192.168.26.83 [master] 192.168.26.81 [root@vms81 ansible]#
[root@vms81 ansible]# ansible all --list-hosts hosts (3): 192.168.26.82 192.168.26.83 192.168.26.81 [root@vms81 ansible]# ansible all -m ping 192.168.26.81 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 192.168.26.83 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 192.168.26.82 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } [root@vms81 ansible]#
All node operations
Close the firewall, selinux, and set hosts |
Close swap |
Set yum source |
Install docker CE and import the missing image |
Set parameters |
Install related software packages |
┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$vim init_k8s_playbook.yml ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ls ansible.cfg init_k8s_playbook.yml inventory ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$vim daemon.json ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$cat daemon.json { "registry-mirrors": ["https://2tefyfv7.mirror.aliyuncs.com"] } ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$vim hosts ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$car hosts -bash: car: command not found ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$cat hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.26.81 vms81.liruilongs.github.io vms81 192.168.26.82 vms82.liruilongs.github.io vms82 192.168.26.83 vms83.liruilongs.github.io vms83 ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$vim k8s.conf ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$cat k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$cat init_k8s_playbook.yml - name: init k8s hosts: all tasks: # Turn off firewall - shell: firewall-cmd --set-default-zone=trusted # Close selinux - shell: getenforce register: out - debug: msg="{{out}}" - shell: setenforce 0 when: out.stdout != "Disabled" - replace: path: /etc/selinux/config regexp: "SELINUX=enforcing" replace: "SELINUX=disabled" - shell: cat /etc/selinux/config register: out - debug: msg="{{out}}" - copy: src: ./hosts dest: /etc/hosts force: yes # Close swap partition - shell: swapoff -a - shell: sed -i '/swap/d' /etc/fstab - shell: cat /etc/fstab register: out - debug: msg="{{out}}" # Configure yum source - shell: tar -cvf /etc/yum.tar /etc/yum.repos.d/ - shell: rm -rf /etc/yum.repos.d/* - shell: wget ftp://ftp.rhce.cc/k8s/* -P /etc/yum.repos.d/ # Install docker CE - yum: name: docker-ce state: present # Configure docker acceleration - shell: mkdir /etc/docker - copy: src: ./daemon.json dest: /etc/docker/daemon.json - shell: systemctl daemon-reload - shell: systemctl restart docker # Configure properties and install k8s related packages - copy: src: ./k8s.conf dest: /etc/sysctl.d/k8s.conf - shell: yum install -y kubelet-1.21.1-0 kubeadm-1.21.1-0 kubectl-1.21.1-0 --disableexcludes=kubernetes # Missing Mirror import - copy: src: ./coredns-1.21.tar dest: /root/coredns-1.21.tar - shell: docker load -i /root/coredns-1.21.tar # Start service - shell: systemctl restart kubelet - shell: systemctl enable kubelet ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ls ansible.cfg coredns-1.21.tar daemon.json hosts init_k8s_playbook.yml inventory k8s.conf ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$
![]() |
init_k8s_playbook.yml
- name: init k8s hosts: all tasks: # Turn off firewall - shell: firewall-cmd --set-default-zone=trusted # Close selinux - shell: getenforce register: out - debug: msg="{{out}}" - shell: setenforce 0 when: out.stdout != "Disabled" - replace: path: /etc/selinux/config regexp: "SELINUX=enforcing" replace: "SELINUX=disabled" - shell: cat /etc/selinux/config register: out - debug: msg="{{out}}" - copy: src: ./hosts dest: /etc/hosts force: yes # Close swap partition - shell: swapoff -a - shell: sed -i '/swap/d' /etc/fstab - shell: cat /etc/fstab register: out - debug: msg="{{out}}" # Configure yum source - shell: tar -cvf /etc/yum.tar /etc/yum.repos.d/ - shell: rm -rf /etc/yum.repos.d/* - shell: wget ftp://ftp.rhce.cc/k8s/* -P /etc/yum.repos.d/ # Install docker CE - yum: name: docker-ce state: present # Configure docker acceleration - shell: mkdir /etc/docker - copy: src: ./daemon.json dest: /etc/docker/daemon.json - shell: systemctl daemon-reload - shell: systemctl restart docker - shell: systemctl enable docker --now # Configure properties and install k8s related packages - copy: src: ./k8s.conf dest: /etc/sysctl.d/k8s.conf - shell: yum install -y kubelet-1.21.1-0 kubeadm-1.21.1-0 kubectl-1.21.1-0 --disableexcludes=kubernetes # Missing Mirror import - copy: src: ./coredns-1.21.tar dest: /root/coredns-1.21.tar - shell: docker load -i /root/coredns-1.21.tar # Start service - shell: systemctl restart kubelet - shell: systemctl enable kubelet
Check it
┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ansible all -m shell -a "docker images" 192.168.26.83 | CHANGED | rc=0 >> REPOSITORY TAG IMAGE ID CREATED SIZE registry.aliyuncs.com/google_containers/coredns/coredns v1.8.0 296a6d5035e2 11 months ago 42.5MB 192.168.26.81 | CHANGED | rc=0 >> REPOSITORY TAG IMAGE ID CREATED SIZE registry.aliyuncs.com/google_containers/coredns/coredns v1.8.0 296a6d5035e2 11 months ago 42.5MB 192.168.26.82 | CHANGED | rc=0 >> REPOSITORY TAG IMAGE ID CREATED SIZE registry.aliyuncs.com/google_containers/coredns/coredns v1.8.0 296a6d5035e2 11 months ago 42.5MB ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$
master and node operations
┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ansible master -m shell -a "kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version=v1.21.1 --pod-network-cidr=10.244.0.0/16" 192.168.26.81 | CHANGED | rc=0 >> [init] Using Kubernetes version: v1.21.1 [preflight] Running pre-flight checks [preflight] Pulling images required for setting up a Kubernetes cluster [preflight] This might take a minute or two, depending on the speed of your internet connection [preflight] You can also perform this action in beforehand using 'kubeadm config images pull' [certs] Using certificateDir folder "/etc/kubernetes/pki" [certs] Generating "ca" certificate and key [certs] Generating "apiserver" certificate and key [certs] apiserver serving cert is signed for DNS names [kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local vms81.liruilongs.github.io] and IPs [10.96.0.1 192.168.26.81] [certs] Generating "apiserver-kubelet-client" certificate and key [certs] Generating "front-proxy-ca" certificate and key [certs] Generating "front-proxy-client" certificate and key [certs] Generating "etcd/ca" certificate and key [certs] Generating "etcd/server" certificate and key [certs] etcd/server serving cert is signed for DNS names [localhost vms81.liruilongs.github.io] and IPs [192.168.26.81 127.0.0.1 ::1] [certs] Generating "etcd/peer" certificate and key [certs] etcd/peer serving cert is signed for DNS names [localhost vms81.liruilongs.github.io] and IPs [192.168.26.81 127.0.0.1 ::1] [certs] Generating "etcd/healthcheck-client" certificate and key [certs] Generating "apiserver-etcd-client" certificate and key [certs] Generating "sa" key and public key [kubeconfig] Using kubeconfig folder "/etc/kubernetes" [kubeconfig] Writing "admin.conf" kubeconfig file [kubeconfig] Writing "kubelet.conf" kubeconfig file [kubeconfig] Writing "controller-manager.conf" kubeconfig file [kubeconfig] Writing "scheduler.conf" kubeconfig file [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env" [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [kubelet-start] Starting the kubelet [control-plane] Using manifest folder "/etc/kubernetes/manifests" [control-plane] Creating static Pod manifest for "kube-apiserver" [control-plane] Creating static Pod manifest for "kube-controller-manager" [control-plane] Creating static Pod manifest for "kube-scheduler" [etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests" [wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s [apiclient] All control plane components are healthy after 23.005092 seconds [upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace [kubelet] Creating a ConfigMap "kubelet-config-1.21" in namespace kube-system with the configuration for the kubelets in the cluster [upload-certs] Skipping phase. Please see --upload-certs [mark-control-plane] Marking the node vms81.liruilongs.github.io as control-plane by adding the labels: [node-role.kubernetes.io/master(deprecated) node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers] [mark-control-plane] Marking the node vms81.liruilongs.github.io as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule] [bootstrap-token] Using token: 8e0tvh.1n0oqtp4lzwauqh0 [bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles [bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes [bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials [bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token [bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster [bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace [kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key [addons] Applied essential addon: CoreDNS [addons] Applied essential addon: kube-proxy Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config Alternatively, if you are the root user, you can run: export KUBECONFIG=/etc/kubernetes/admin.conf You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then you can join any number of worker nodes by running the following on each as root: kubeadm join 192.168.26.81:6443 --token 8e0tvh.1n0oqtp4lzwauqh0 \ --discovery-token-ca-cert-hash sha256:7cdcd562e1f4d9a00a07e7b2c938ea3fbc81b8c42e475fe2b314863a764afe43 [WARNING Firewalld]: firewalld is active, please ensure ports [6443 10250] are open or your cluster may not function correctly [WARNING Service-Docker]: docker service is not enabled, please run 'systemctl enable docker.service' [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$mkdir -p $HOME/.kube ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ sudo chown $(id -u):$(id -g) $HOME/.kube/config ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$export KUBECONFIG=/etc/kubernetes/admin.conf ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$kubectl get nodes NAME STATUS ROLES AGE VERSION vms81.liruilongs.github.io NotReady control-plane,master 6m25s v1.21.1 ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$
Add node to cluster
Kubedm join IP: 6443 -- token token this command is prompted above
If you forget later, you can view it through kubedm token create -- print join command
┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$kubeadm token create --print-join-command kubeadm join 192.168.26.81:6443 --token j8poau.7praw6cppmvttbpa --discovery-token-ca-cert-hash sha256:7cdcd562e1f4d9a00a07e7b2c938ea3fbc81b8c42e475fe2b314863a764afe43 ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ansible node -m shell -a "kubeadm join 192.168.26.81:6443 --token j8poau.7praw6cppmvttbpa --discovery-token-ca-cert-hash sha256:7cdcd562e1f4d9a00a07e7b2c938ea3fbc81b8c42e475fe2b314863a764afe43" ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$kubectl get nodes NAME STATUS ROLES AGE VERSION vms81.liruilongs.github.io NotReady control-plane,master 11m v1.21.1 vms82.liruilongs.github.io NotReady <none> 12s v1.21.1 vms83.liruilongs.github.io NotReady <none> 11s v1.21.1 ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$
configure network
┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ansible all -m copy -a "src=./calico-3.19-img.tar dest=/root/calico-3.19-img.tar " 192.168.26.81 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "checksum": "d150c7938f45a4c4dba3985a3a507a4d3ac025a0", "dest": "/root/calico-3.19-img.tar", "gid": 0, "group": "root", "md5sum": "ab25fc92d9156e8c28119b0d66d44f3a", "mode": "0644", "owner": "root", "size": 399186944, "src": "/root/.ansible/tmp/ansible-tmp-1633540967.78-26777-3922197447943/source", "state": "file", "uid": 0 } 192.168.26.82 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "checksum": "d150c7938f45a4c4dba3985a3a507a4d3ac025a0", "dest": "/root/calico-3.19-img.tar", "gid": 0, "group": "root", "md5sum": "ab25fc92d9156e8c28119b0d66d44f3a", "mode": "0644", "owner": "root", "size": 399186944, "src": "/root/.ansible/tmp/ansible-tmp-1633540967.78-26773-26339453791576/source", "state": "file", "uid": 0 } 192.168.26.83 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "checksum": "d150c7938f45a4c4dba3985a3a507a4d3ac025a0", "dest": "/root/calico-3.19-img.tar", "gid": 0, "group": "root", "md5sum": "ab25fc92d9156e8c28119b0d66d44f3a", "mode": "0644", "owner": "root", "size": 399186944, "src": "/root/.ansible/tmp/ansible-tmp-1633540967.79-26775-207298273694843/source", "state": "file", "uid": 0 } ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ansible all -m shell -a "docker load -i /root/calico-3.19-img.tar" 192.168.26.81 | CHANGED | rc=0 >> Loaded image: calico/cni:v3.19.1 Loaded image: calico/pod2daemon-flexvol:v3.19.1 Loaded image: calico/node:v3.19.1 Loaded image: calico/kube-controllers:v3.19.1 192.168.26.83 | CHANGED | rc=0 >> Loaded image: calico/cni:v3.19.1 Loaded image: calico/pod2daemon-flexvol:v3.19.1 Loaded image: calico/node:v3.19.1 Loaded image: calico/kube-controllers:v3.19.1 192.168.26.82 | CHANGED | rc=0 >> Loaded image: calico/cni:v3.19.1 Loaded image: calico/pod2daemon-flexvol:v3.19.1 Loaded image: calico/node:v3.19.1 Loaded image: calico/kube-controllers:v3.19.1 ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$
Modify profile
vim calico.yaml ### Modify to defined LAN segment 3683 - name: CALICO_IPV4POOL_CIDR 3684 value: "10.244.0.0/16" 3685 # Disable file logging so `kubectl logs` works.
┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$kubectl apply -f calico.yaml configmap/calico-config created customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org created clusterrole.rbac.authorization.k8s.io/calico-kube-controllers created clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers created clusterrole.rbac.authorization.k8s.io/calico-node created clusterrolebinding.rbac.authorization.k8s.io/calico-node created daemonset.apps/calico-node created serviceaccount/calico-node created deployment.apps/calico-kube-controllers created serviceaccount/calico-kube-controllers created Warning: policy/v1beta1 PodDisruptionBudget is deprecated in v1.21+, unavailable in v1.25+; use policy/v1 PodDisruptionBudget poddisruptionbudget.policy/calico-kube-controllers created ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$kubectl get nodes NAME STATUS ROLES AGE VERSION vms81.liruilongs.github.io NotReady control-plane,master 30m v1.21.1 vms82.liruilongs.github.io NotReady <none> 19m v1.21.1 vms83.liruilongs.github.io Ready <none> 19m v1.21.1 ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$kubectl get nodes NAME STATUS ROLES AGE VERSION vms81.liruilongs.github.io Ready control-plane,master 30m v1.21.1 vms82.liruilongs.github.io Ready <none> 19m v1.21.1 vms83.liruilongs.github.io Ready <none> 19m v1.21.1 ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$
You can set vim /etc/profile with tab completion key
┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$vim /etc/profile ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$source /etc/profile ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$head -10 /etc/profile # /etc/profile # System wide environment and startup programs, for login setup # Functions and aliases go in /etc/bashrc # It's NOT a good idea to change this file unless you know what you # are doing. It's much better to create a custom.sh shell script in # /etc/profile.d/ to make custom changes to your environment, as this # will prevent the need for merging in future updates. source <(kubectl completion bash) ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$
Add source < (kubectl completion bash) to / etc/profile on the premise that bash-completion.noarch must be installed
Basic command
┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME vms81.liruilongs.github.io Ready control-plane,master 39m v1.21.1 192.168.26.81 <none> CentOS Linux 7 (Core) 3.10.0-693.el7.x86_64 docker://20.10.9 vms82.liruilongs.github.io Ready <none> 28m v1.21.1 192.168.26.82 <none> CentOS Linux 7 (Core) 3.10.0-693.el7.x86_64 docker://20.10.9 vms83.liruilongs.github.io Ready <none> 28m v1.21.1 192.168.26.83 <none> CentOS Linux 7 (Core) 3.10.0-693.el7.x86_64 docker://20.10.9 ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$kubeadm config view Command "view" is deprecated, This command is deprecated and will be removed in a future release, please use 'kubectl get cm -o yaml -n kube-system kubeadm-config' to get the kubeadm config directly. apiServer: extraArgs: authorization-mode: Node,RBAC timeoutForControlPlane: 4m0s apiVersion: kubeadm.k8s.io/v1beta2 certificatesDir: /etc/kubernetes/pki clusterName: kubernetes controllerManager: {} dns: type: CoreDNS etcd: local: dataDir: /var/lib/etcd imageRepository: registry.aliyuncs.com/google_containers kind: ClusterConfiguration kubernetesVersion: v1.21.1 networking: dnsDomain: cluster.local podSubnet: 10.244.0.0/16 serviceSubnet: 10.96.0.0/12 scheduler: {} ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$kubectl config view apiVersion: v1 clusters: - cluster: certificate-authority-data: DATA+OMITTED server: https://192.168.26.81:6443 name: kubernetes contexts: - context: cluster: kubernetes user: kubernetes-admin name: kubernetes-admin@kubernetes current-context: kubernetes-admin@kubernetes kind: Config preferences: {} users: - name: kubernetes-admin user: client-certificate-data: REDACTED client-key-data: REDACTED ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$kubectl version Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.1", GitCommit:"5e58841cce77d4bc13713ad2b91fa0d961e69192", GitTreeState:"clean", BuildDate:"2021-05-12T14:18:45Z", GoVersion:"go1.16.4", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.1", GitCommit:"5e58841cce77d4bc13713ad2b91fa0d961e69192", GitTreeState:"clean", BuildDate:"2021-05-12T14:12:29Z", GoVersion:"go1.16.4", Compiler:"gc", Platform:"linux/amd64"} ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$kubectl cluster-info Kubernetes control plane is running at https://192.168.26.81:6443 CoreDNS is running at https://192.168.26.81:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'. ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$kubectl api-versions admissionregistration.k8s.io/v1 admissionregistration.k8s.io/v1beta1 apiextensions.k8s.io/v1 apiextensions.k8s.io/v1beta1 apiregistration.k8s.io/v1 apiregistration.k8s.io/v1beta1 apps/v1 authentication.k8s.io/v1 authentication.k8s.io/v1beta1 authorization.k8s.io/v1 authorization.k8s.io/v1beta1 autoscaling/v1 autoscaling/v2beta1 autoscaling/v2beta2 batch/v1 batch/v1beta1 certificates.k8s.io/v1 certificates.k8s.io/v1beta1 coordination.k8s.io/v1 coordination.k8s.io/v1beta1 crd.projectcalico.org/v1 discovery.k8s.io/v1 discovery.k8s.io/v1beta1 events.k8s.io/v1 events.k8s.io/v1beta1 extensions/v1beta1 flowcontrol.apiserver.k8s.io/v1beta1 networking.k8s.io/v1 networking.k8s.io/v1beta1 node.k8s.io/v1 node.k8s.io/v1beta1 policy/v1 policy/v1beta1 rbac.authorization.k8s.io/v1 rbac.authorization.k8s.io/v1beta1 scheduling.k8s.io/v1 scheduling.k8s.io/v1beta1 storage.k8s.io/v1 storage.k8s.io/v1beta1 v1 ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$
Delete node
Delete node | |
---|---|
kubectl drain vms81.liruilongs.github.io --delete-local-data --force --ignore-daemonsets | Set node as non schedulable |
kubectl delete node vms81.liruilongs.github.io | Delete node |
Add node | |
---|---|
kubeadm reset | Reset |
kubeadm join 192.168.26.81:6443 --token j8poau.7praw6cppmvttbpa --discovery-token-ca-cert-hash sha256:7cdcd562e1f4d9a00a07e7b2c938ea3fbc81b8c42e475fe2b314863a764afe43 | Join cluster |
If the master node is deleted, you need to initialize kubedm init again, configure the network again, and install calico
Set metric server
View node status
curl -Ls https://api.github.com/repos/kubernetes-sigs/metrics-server/tarball/v0.3.6 -o metrics-server-v0.3.6.tar.gz docker pull mirrorgooglecontainers/metrics-server-amd64:v0.3.6
┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ansible all -m copy -a "src=./metrics-img.tar dest=/root/metrics-img.tar" ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ansible all -m shell -a "systemctl restart docker " 192.168.26.82 | CHANGED | rc=0 >> 192.168.26.83 | CHANGED | rc=0 >> 192.168.26.81 | CHANGED | rc=0 >> ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ansible all -m shell -a "docker load -i /root/metrics-img.tar" 192.168.26.83 | CHANGED | rc=0 >> Loaded image: k8s.gcr.io/metrics-server-amd64:v0.3.6 192.168.26.81 | CHANGED | rc=0 >> Loaded image: k8s.gcr.io/metrics-server-amd64:v0.3.6 192.168.26.82 | CHANGED | rc=0 >> Loaded image: k8s.gcr.io/metrics-server-amd64:v0.3.6 ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$
Modify metrics-server-deployment.yaml
┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$mv kubernetes-sigs-metrics-server-d1f4f6f/ metrics ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$cd metrics/ ┌──[root@vms81.liruilongs.github.io]-[~/ansible/metrics] └─$ls cmd deploy hack OWNERS README.md version code-of-conduct.md Gopkg.lock LICENSE OWNERS_ALIASES SECURITY_CONTACTS CONTRIBUTING.md Gopkg.toml Makefile pkg vendor ┌──[root@vms81.liruilongs.github.io]-[~/ansible/metrics] └─$cd deploy/1.8+/ ┌──[root@vms81.liruilongs.github.io]-[~/ansible/metrics/deploy/1.8+] └─$ls aggregated-metrics-reader.yaml metrics-apiservice.yaml resource-reader.yaml auth-delegator.yaml metrics-server-deployment.yaml auth-reader.yaml metrics-server-service.yaml ┌──[root@vms81.liruilongs.github.io]-[~/ansible/metrics/deploy/1.8+] └─$vim metrics-server-deployment.yaml ┌──[root@vms81.liruilongs.github.io]-[~/ansible/metrics/deploy/1.8+] └─$kubectl apply -f .
31 - name: metrics-server 32 image: k8s.gcr.io/metrics-server-amd64:v0.3.6 33 #imagePullPolicy: Always 34 imagePullPolicy: IfNotPresent 35 command: 36 - /metrics-server 37 - --metric-resolution=30s 38 - --kubelet-insecure-tls 39 - --kubelet-preferred-address-types=InternalIP 40 volumeMounts:
┌──[root@vms81.liruilongs.github.io]-[~/ansible/metrics/deploy/1.8+] └─$kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE calico-kube-controllers-78d6f96c7b-79xx4 1/1 Running 2 3h15m calico-node-ntm7v 1/1 Running 1 12h calico-node-skzjp 1/1 Running 4 12h calico-node-v7pj5 1/1 Running 1 12h coredns-545d6fc579-9h2z4 1/1 Running 2 3h15m coredns-545d6fc579-xgn8x 1/1 Running 2 3h16m etcd-vms81.liruilongs.github.io 1/1 Running 1 13h kube-apiserver-vms81.liruilongs.github.io 1/1 Running 2 13h kube-controller-manager-vms81.liruilongs.github.io 1/1 Running 4 13h kube-proxy-rbhgf 1/1 Running 1 13h kube-proxy-vm2sf 1/1 Running 1 13h kube-proxy-zzbh9 1/1 Running 1 13h kube-scheduler-vms81.liruilongs.github.io 1/1 Running 5 13h metrics-server-bcfb98c76-gttkh 1/1 Running 0 70m ┌──[root@vms81.liruilongs.github.io]-[~/ansible/metrics/deploy/1.8+] └─$kubectl top nodes W1007 14:23:06.102605 102831 top_node.go:119] Using json format to get metrics. Next release will switch to protocol-buffers, switch early by passing --use-protocol-buffers flag NAME CPU(cores) CPU% MEMORY(bytes) MEMORY% vms81.liruilongs.github.io 555m 27% 2025Mi 52% vms82.liruilongs.github.io 204m 10% 595Mi 15% vms83.liruilongs.github.io 214m 10% 553Mi 14% ┌──[root@vms81.liruilongs.github.io]-[~/ansible/metrics/deploy/1.8+] └─$
Understand namespace
Different namespace s are isolated from each other
kubectl config get-contexts
Kubectl config set context cluster name -- namespace = namespace
Kubectl config set context -- current -- namespace = namespace
Various pod s of kub system are the default space of kubamd. Pods are isolated from each other using namespaces
┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$kubectl get namespaces NAME STATUS AGE default Active 13h kube-node-lease Active 13h kube-public Active 13h kube-system Active 13h ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$kubectl get ns NAME STATUS AGE default Active 13h kube-node-lease Active 13h kube-public Active 13h kube-system Active 13h ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$
Namespace basic commands
┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$kubectl create ns liruilong namespace/liruilong created ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$kubectl get ns NAME STATUS AGE default Active 13h kube-node-lease Active 13h kube-public Active 13h kube-system Active 13h liruilong Active 4s ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$kubectl create ns k8s-demo namespace/k8s-demo created ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$kubectl get ns NAME STATUS AGE default Active 13h k8s-demo Active 3s kube-node-lease Active 13h kube-public Active 13h kube-system Active 13h liruilong Active 20s ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$kubectl delete ns k8s-demo namespace "k8s-demo" deleted ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$kubectl get ns NAME STATUS AGE default Active 13h kube-node-lease Active 13h kube-public Active 13h kube-system Active 13h liruilong Active 54s ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$