写在前面
嗯,准备考cka证书,报了个班,花了好些钱,一定要考过去。
这篇博客是报班听课后整理的笔记,适合温习。
博文内容涉及docker,k8s;
写得有点多了,因为粘贴了代码,所以只能分开发布
本部分内容涉及docker相关复习,k8s集群搭建
博文设计镜像小伙伴有需要可以留言
生活的意义就是学着真实地活下去,生命的意义就是寻找生活的意义-----山河已无恙
一、docker基础1、容器?=docker容器是什么?docker是什么?启动盘小伙伴都不陌生,电脑系统坏了,开不了机,我们插一个启动盘就可以了,这个启动盘里有一些基础的软件,那么这里,我们用的启动盘,就可以理解是一个类似镜像的东东,这个启动盘在电脑上运行一个系统,这个winPE系统就是一个容器,这个系统运行需要的物理内存CPU都是从物理机获取,也就是我们开不了机的那个电脑。
那现实场景中,我们要多管理容器和镜像,要怎么办,不能一个镜像放到一个U盘里吧,这里我们需要一个runtime(运行时),即用于管理容器的一种软件,比如runclxcgvisorkata这些,只能管理容器,不能管理镜像,他们被称为低级别运行时。
低级别的运行时功能单一,不能管理镜像,这时候需要有高级别的运行时,比如dockerpodmancontainerd..,用来调用管理低级别运行时runc等,即能管理容器,也能管理镜像。k8s是用来管理高级别运行时的。
关闭屏保
setterm-blank0
配置yum源
rm-rf/etc//wget*-P/etc//
配置docker加速器
sudomkdir-p/etc/dockersudotee/etc/docker/'EOF'{"registry-mirrors":[""]}EOFsudosystemctldaemon-reloadsudosystemctlrestartdocker使用国内仓库华为云
网易云
阿里云
┌──(liruilong㉿Liruilong)-[/mnt/c/Users/lenovo]└─$sshroot@192.168.26.55Lastlogin:FriOct116:39:162021┌──[root@]-[~]└─$systemctlstatusdocker●:loaded(/usr/lib/systemd/system/;enabled;vorpreset:disabled)Active:active(running)sinceSun2021-09-2602:07:56CST;1weeks0daysagoDocs:(dockerd)Memory:136.1MCGroup://└─1004/usr/bin/dockerd-Hfd://--containerd=/run/containerd/。。。。。。。┌──[root@]-[~]└─$dockerpsCONTAINERIDIMAGECOMMANDCREATEDSTATUSPORTSNAMES┌──[root@]-[~]└─$dockerimagesREPOSITORYTAGIMAGEIDCREATEDSIZE┌──[root@]-[~]└─$
docker镜像管理
镜像的命名方式
默认,
dockerpull镜像
拉镜像
dockertag镜像
打标签,重命名,类似于linxu里的硬连接
dockerrmi镜像
删除
dockersave镜像名
保存,备份
导入
dockerexport容器名
把容器导出为镜像:
导入
dockerimport-镜像名
dockerhistoryxxxx--no-trunc
可以显示完整的内容
┌──[root@]-[~]└─$dockerimages|grep-vTAG|awk'{print$1":"$2}'nginx:latestmysql:latest备份所有镜像
dockerimages|grep-vTAG|awk'{print$1":"$2}'|
┌──[root@]-[~/docker]└─$dockerimages|grep-vTAG|awk'{print$1":"$2}'|┌──[root@]-[~/docker]└─$_images_util_202110032229_删除所有镜像
dockerimages|grep-vTAG|awk'{print$1":"$2}'|xargsdockerrmi
┌──[root@]-[~/docker]└─$dockerimagesREPOSITORYTAGIMAGEIDCREATEDSIZEnginxlatestf8f4ffc8092c5daysago133MBmysqllatest2fe4637626805daysago514MB┌──[root@]-[~/docker]└─$dockerimages|grep-vTAG|awk'{print$1":"$2}'|xargsdockerrmiUntagged:nginx:latestUntagged:nginx@sha256:765e51caa9e739220d59c7f7a75508e77361b441dccf128483b7f5cce8306652Deleted:sha256:f8f4ffc8092c956ddd6a3a64814f36882798065799b8aedeebedf2855af3395bDeleted:sha256:f208904eecb00a0769d263e81b8234f741519fefa262482d106c321ddc9773dfDeleted:sha256:ed6dd2b44338215d30a589d7d36cb4ffd05eb28d2e663a23108d03b3ac273d27Deleted:sha256:c9958d4f337ccc716e49175a1fded2fa759dbd747750a89453490Deleted:sha256:c47815d475f74f82afb68ef7347b036957e7e1a1b0d71c300bdb4f5975163d6aDeleted:sha256:3b06b30cf952c2f24b6eabdff61b633aa03e1367f1ace996260fc3e236991eecUntagged:mysql:latestUntagged:mysql@sha256:4fcf5df6c46c80db19675a5c067e737c1bc8b0e78e94e816a778ae2c6577213dDeleted:sha256:2fe4637626805dc6df98d3dc17fa9b5035802dcbd3832ead172e3145cd7c07c2Deleted:sha256:e00bdaa10222919253848d65585d53278a2f494ce8c6a445e5af0ebfe239b3b5Deleted:sha256:83411745a5928b2a3c2b6510363218fb390329f824e04bab13573e7a752afd50Deleted:sha256:e8e521a71a92aad623b250b0a192a22d54ad8bbeb943f7111026041dce20d94fDeleted:sha256:024ee0ef78b28663bc07df401ae3a258ae012bd5f37c2960cf638ab4bc04fafdDeleted:sha256:597139ec344c8cb622127618ae21345b96dd23e36b5d04b071a3fd92d207a2c0Deleted:sha256:28909b85bd680fc47702edb647a06183ae5f3e3020f44ec0d125bf75936aa923Deleted:sha256:4e007ef1e2a3e1e0ffb7c0ad8c9ea86d3d3064e360eaa16e7c8e10f514f68339Deleted:sha256:b01d7bbbd5c0e2e5ae10de108aba7cd2d059bdd890814931f6192c97fc8aa984Deleted:sha256:d98a368fc2299bfa2c34cc634fa9ca34bf1d035e0cca02e8c9f0a07700f18103Deleted:sha256:95968d83b58ae5eec87e4c9027baa628d0e24e4acebea5d0f35eb1b957dd4672Deleted:sha256:425adb901baf7d6686271d2ce9d42b8ca67e53cffa1bc05622fd0226ae40e9d8Deleted:sha256:476baebdfbf7a68c50e979971fcd47d799d1b194bcf1f03c1c979e9262bcd364┌──[root@]-[~/docker]└─$dockerimagesREPOSITORYTAGIMAGEIDCREATEDSIZE┌──[root@]-[~/docker]导入所有镜像
┌──[root@]-[~/docker]└─$dockerimagesREPOSITORYTAGIMAGEIDCREATEDSIZE┌──[root@]-[~/docker]└─$:/72.53MB525950111558:/64.97MB0772cb25d5ca:/3.072kB6e109f6c2f99:/4.096kB88891187bdd7:/3.584kB65e1ea1dc98c:/7.168kBLoadedimage:nginx:latestf2f5bad82361:/338.4kB96fe563c6126:/9.557MB44bc6574c36f:/4.202MBe333ff907af7:/2.048kB4cffbf4e4fe3:/53.77MB42417c6d26fc:/5.632kBc786189c417d:/3.584kB2265f824a3a8:/378.8MB6eac57c056e6:/5.632kB92b76bd444bf:/17.92kB0b282e0f658a:/1.536kBLoadedimage:mysql:latest┌──[root@]-[~/docker]└─$dockerimagesREPOSITORYTAGIMAGEIDCREATEDSIZEnginxlatestf8f4ffc8092c5daysago133MBmysqllatest2fe4637626805daysago514MB┌──[root@]-[~/docker]└─$
一个mysql镜像会运行一个mysql进程,CMD[“mysqld”]
┌──[root@]-[~/docker]└─$dockerhistorymysqlIMAGECREATEDCREATEDBYSIZECOMMENT2fe4637626805daysago/bin/sh-c(nop)EXPOSE3306330600Bmissing5daysago/bin/sh-c(nop)COPYfile:345a22fe55d3e678…14.5kBmissing5daysago/bin/sh-c(nop)VOLUME[/var/lib/mysql]0Bmissing5daysago/bin/sh-c{echomysql-community-serverm…378MBmissing5daysago/bin/sh-cecho'deb…55Bmissing5daysago/bin/sh-c(nop)ENVMYSQL_MAJOR=8.00Bmissing5daysago/bin/sh-cset-ex;key='A4A9406876FCBD3C45…1.84kBmissing5daysago/bin/sh-capt-getupdateapt-getinstall…52.2MBmissing5daysago/bin/sh-cmkdir//bin/sh-cset-eux;savedAptMark="$(apt-ma…4.17MBmissing5daysago/bin/sh-c(nop)CMD["bash"]0Bmissing5daysago/bin/sh-clsbinetcliblost+foundmntprocrunsrvtmpvardevhomelib64mediaoptrootsbinsysusr[root@f418f094e0d8/]exitexit┌──[root@]-[~/docker]└─$dockerps-aCONTAINERIDIMAGECOMMANDCREATEDSTATUSPORTSNAMESecec30685687centos"/bin/bash"5secondsagoUp1secondc2f418f094e0d8centos"/bin/bash"AboutaminuteagoExited(0)Aboutaminuteagoc1┌──[root@]-[~/docker]└─$dockerrmc1c1┌──[root@]-[~/docker]└─$dockerrmc2Errorresponsefromdaemon:Youcannotremovearunningcontainere┌──[root@]-[~/docker]└─$dockerrun-itd--restart=always--name=c2centosdocker:Errorresponsefromdaemon:"/c2"isalreadyinusebycontainer"ecec30685687c9f0af08ea721f6293a3fb635c8290bee3347bb54f11ff3e32fa".Youhavetoremove(orrename)'dockerrun--help'.┌──[root@]-[~/docker]└─$dockerrun-itd--restart=always--name=c3centosWARNING:c┌──[root@]-[~/docker]└─$创建一个mysql容器
┌──[root@]-[~/docker]└─$dockerrun-dit--name=db--restart=always-eMYSQL_ROOT_PASSWORD=liruilong-eMYSQL_DATABASE=blogmysqlWARNING:7┌──[root@]-[~/docker]└─$dockerpsCONTAINERIDIMAGECOMMANDCREATEDSTATUSPORTSNAMES0a79be3ed7dbmysql"…"3secondsagoUp2seconds3306/tcp,33060/tcpdb97ffd93370d4centos"/bin/bash"17minutesagoUp17minutesc3┌──[root@]-[~/docker]└─$dockerlogsdb2021-10-0316:49:41+00:00[Note][Entrypoint]::49:41+00:00[Note][Entrypoint]:Switchingtodedicateduser'mysql'2021-10-0316:49:41+00:00[Note][Entrypoint]::49:41+00:00[Note][Entrypoint]:Initializingdatabasefiles2021-10-03T16:49:41.391137Z0[System][MY-013169][Server]/usr/sbin/mysqld()initializingofserverinprogressasprocess412021-10-03T16:49:41.400419Z1[System][MY-013576][InnoDB]:49:42.345302Z1[System][MY-013577][InnoDB]:49:46.187521Z0[Warning][MY-013746][Server]AdeprecatedTLSversionTLSv1isenabledforchannelmysql_main2021-10-03T16:49:46.188871Z0[Warning][MY-013746][Server]_main2021-10-03T16:49:46.312124Z6[Warning][MY-010453][Server]root@localhostiscreatedwithanemptypassword!:49:55+00:00[Note][Entrypoint]:Databasefilesinitialized2021-10-0316:49:55+00:00[Note][Entrypoint]:Startingtemporaryservermysqldwilllogerrorsto/var/lib/mysql/0┌──[root@]-[~/docker]└─$
nginx安装
┌──[root@]-[~/docker]└─$dockerrun-dit--restart=always-p80nginxWARNING:e┌──[root@]-[~/docker]└─$dockerpsCONTAINERIDIMAGECOMMANDCREATEDSTATUSPORTSNAMESc7570bd68368nginx"/docker-entrypoint.…"4:49153-80/tcp,:::49153-80/tcpjovial_solomon0a79be3ed7dbmysql"…"3minutesagoUp3minutes3306/tcp,33060/tcpdb97ffd93370d4centos"/bin/bash"20minutesagoUp20minutesc3┌──[root@]-[~/docker]└─$4.管理容器的常见命令
命令
描述
dockerexecxxxx命令
新的进程进入容器
dockerstartxxxx
启动容器
dockerstopxxxxx
停止容器
dockerrestartxxxxx
重启容器,当需要重启服务的时候就可以重启容器
dockertopxxxxx
查看进程
dockerlogs-fnode
日志
dockerinspect容器
容器详细信息,ip等
┌──[root@]-[~/docker]└─$(HY000):Authenticationplugin'caching_sha2_password'cannotbeloaded:/usr/lib64/mysql/plugin/caching_sha2_:cannotopensharedobjectfile:Nosuchfileordirectory┌──[root@]-[~/docker]└─$dockerexec-itdb/bin/bashroot@0a79be3ed7db:/eixtbash:eixt:commandnotfoundroot@0a79be3ed7db:/echo"liruilong"@c7570bd68368:/@5949fba8c9c8:/touch/liruilong/:cannottouch'/liruilong/':Read-onlyfilesystemroot@5b3557283314:/ls/liruilong/@5b3557283314:/桥接网卡docker0:flags=4163UP,BROADCAST,RUNNING,::42:38ff:fee1:6cb2prefixlen64scopeid0x20linkether02:42:38:e1:6c:b2txqueuelen0(Ethernet)RXpackets54bytes4305(4.2KiB)RXerrors0dropped0overruns0frame0TXpackets74bytes5306(5.1KiB)TXerrors0dropped0overruns0carrier0collisions0┌──[root@]-[~]└─$dockernetworkinspectbridge[{"Name":"bridge","Id":"ebc5c96c853aa5271006387393b3b2dddcbfbc3b6f1f9ecba44bf87f550ed134","Created":"2021-09-26T02:07:56.019076931+08:00","Scope":"local","Driver":"bridge","EnableIPv6":false,"IPAM":{"Driver":"default","Options":null,"Config":[{"Subnet":"172.17.0.0/16","Gateway":"172.17.0.1"}]},"Internal":false,"Attachable":false,"Ingress":false,"ConfigFrom":{"Network":""},"ConfigOnly":false,"Containers":{"0a79be3ed7dbd9bdf19202cda74aa3b3db818bd23deca23248404c673c7e1ff7":{"Name":"db","pointID":"8fe3dbabc838c14a6e23990abd860824d505d49bd437d47c45a85eed06de2aba","MacAddress":"02:42:ac:11:00:02","IPv4Address":"172.17.0.2/16","IPv6Address":""},"5b3557283314d5ab745855f3827d070559cd3340f6a2d5a420941e717dc2145b":{"Name":"web","pointID":"3f52014a93e20c1f71fff7bda51a169648db932a72101e06d2c33633ac778c5b","MacAddress":"02:42:ac:11:00:05","IPv4Address":"172.17.0.5/16","IPv6Address":""},"97ffd93370d4e23e6a3d2e6a0c68030d482cabb8ab71b5ceffb4d703de3a6b0c":{"Name":"c3","pointID":"3dca7f002ebf82520ecc0b28ef4e19cd3bc867d1af9763b9a4969423b4e2a5f6","MacAddress":"02:42:ac:11:00:03","IPv4Address":"172.17.0.3/16","IPv6Address":""},"c7570bd68368f3e4c9a4c8fdce67845bcb5fee12d1cc785d6e448979592a691e":{"Name":"jovial_solomon","pointID":"56be0daa5a7355201a0625259585561243a4ce1f37736874396a3fb0467f26fe","MacAddress":"02:42:ac:11:00:04","IPv4Address":"172.17.0.4/16","IPv6Address":""}},"Options":{"_bridge":"true","_icc":"true","_ip_masquerade":"true","_binding_ipv4":"0.0.0.0","":"docker0","":"1500"},"Labels":{}}]┌──[root@]-[~]└─$创建网络
┌──[root@]-[~]└─$dockernetworkcreate-dbridge--subnet=10.0.0.0/24mynet4b3da203747c7885a7942ace7c72a2fdefd2f538256cfac1a545f7fd3a070dc5┌──[root@]-[~]└─$ifconfigbr-4b3da203747c:flags=4099UP,BROADCAST,:42:f4:31:01:9ftxqueuelen0(Ethernet)RXpackets0bytes0(0.0B)RXerrors0dropped0overruns0frame0TXpackets8bytes648(648.0B)TXerrors0dropped0overruns0carrier0collisions0
指定网络运行容器
┌──[root@]-[~]└─$dockerhistorybusybox:latestIMAGECREATEDCREATEDBYSIZECOMMENT16ea53ea7c652weeksago/bin/sh-c(nop)ADDfile:c9e0c3d3badfd458c…1.24MB┌──[root@]-[~]└─$dockerrun-it--rm--name=c1busyboxWARNING:/exit┌──[root@]-[~]└─$dockerrun-it--rm--name=c2--network=mynetbusyboxWARNING:/exit┌──[root@]-[~]└─$
配置路由转发
┌──[root@]-[~]└─$cat/proc/sys/net/ipv4/ip_forward0┌──[root@]-[~]└─$cat/etc//usr/lib//,/run//,and/etc//.Vorssettingslivein/usr/lib//./etc///etc//,(5)(5).┌──[root@]-[~]└─$echo"_forward=1"/etc/;_forward=1┌──[root@]-[~]└─$dockerrun-it--rm--name=c2--network=mynetbusybox/exit┌──[root@]-[~]└─$cat/proc/sys/net/ipv4/ip_forward1┌──[root@]-[~]└─$
使用容器搭建wrodpress博客
┌──[root@]-[~/docker]└─$dockerps|grep-vIMAGE|awk'{print$1}'|xargsdockerrm-f1ce97e8dc0710d435b696a7e┌──[root@]-[~/docker]└─$dockerrun-dit--name=db--restart=always-v$PWD/db:/var/lib/mysql-eMYSQL_ROOT_PASSWORD=liruilong-eWORDPRESS_DATABASE=/library/mysql8605e77f8d50223f52619e6e349085566bc53a7e74470ac0a44340620f32abe8┌──[root@]-[~/docker]└─$docker/library/mysql"…"6secondsagoUp4seconds3306/tcpdb┌──[root@]-[~/docker]└─$dockerrun-itd--name=blog--restart=always-v$PWD/blog:/var/www/html-p80-eWORDPRESS_DB_HOST=172.17.0.2-eWORDPRESS_DB_USER=root-eWORDPRESS_DB_PASSWORD=liruilong-eWORDPRESS_DB_NAME=/library/wordpressa90951cdac418db85e9dfd0e0890ec1590765c5770faf9893927a96ea93da9f5┌──[root@]-[~/docker]└─$docker/library/wordpress"…"3:49271-80/tcp,:::49271-80//library/mysql"…"2minutesagoUp2minutes3306/tcpdb┌──[root@]-[~/docker]└─$┌──[root@]-[~/docker]└─$容器网络配置
模式
描述
bridge
桥接模式
host
主机模式
none
隔离模式
dockernetworklist
┌──[root@]-[~]└─$dockernetworklistNETWORKIDNAMEDRIVERSCOPEebc5c96c853abridgebridgelocal25037835956bhosthostlocalba07e9427974nonenulllocal
bridge,桥接模式
┌──[root@]-[~]└─$dockerrun-it--rm--namec1centos/bin/bash[root@62043df180e4/]ipa1:lo:LOOPBACK,UP,LOWER_UPmtu65536qdiscnoqueuestateUNKNOWNgroupdefaultqlen1link/loopback00:00:00:00:00:00brd00:00:00:00:00:00/8scopehostlovalid_lftforeverpreferred_lftforever17:eth0@if18:BROADCAST,MULTICAST,UP,LOWER_UPmtu1500qdiscnoqueuestateUPgroupdefaultlink/ether02:42:ac:11:00:04brdff:ff:ff:ff:ff:/16_lftforeverpreferred_lftforever[root@62043df180e4/]ipa1:lo:LOOPBACK,UP,LOWER_UPmtu65536qdiscnoqueuestateUNKNOWNgroupdefaultqlen1link/loopback00:00:00:00:00:00brd00:00:00:00:00:00/8scopehostlovalid_lftforeverpreferred_lftforeverinet6::1/128scopehostvalid_lftforeverpreferred_lftforever2:ens32:BROADCAST,MULTICAST,UP,LOWER_UPmtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether00:0c:29:c9:6f:aebrdff:ff:ff:ff:ff:/24_lftforeverpreferred_lftforeverinet6fe80::20c:29ff:fec9:6fae/64scopelinkvalid_lftforeverpreferred_lftforever3:br-4b3da203747c:NO-CARRIER,BROADCAST,MULTICAST,UPmtu1500qdiscnoqueuestateDOWNgroupdefaultlink/ether02:42:8e:25:1b:19brdff:ff:ff:ff:ff:/24_lftforeverpreferred_lftforever4:docker0:BROADCAST,MULTICAST,UP,LOWER_UPmtu1500qdiscnoqueuestateUPgroupdefaultlink/ether02:42:0a:63:cf:debrdff:ff:ff:ff:ff:/16_lftforeverpreferred_lftforeverinet6fe80::42:aff:fe63:cfde/64scopelinkvalid_lftforeverpreferred_lftforever14:veth9f0ef36@if13:BROADCAST,MULTICAST,UP,LOWER_UPmtu1500qdiscnoqueuemasterdocker0stateUPgroupdefaultlink/ether16:2f:a6:23:3b:88brdff:ff:ff:ff:ff:fflink-netnsid0inet6fe80::142f:a6ff:fe23:3b88/64scopelinkvalid_lftforeverpreferred_lftforever16:veth37a0e67@if15:BROADCAST,MULTICAST,UP,LOWER_UPmtu1500qdiscnoqueuemasterdocker0stateUPgroupdefaultlink/ether56:b4:1b:74:cf:3fbrdff:ff:ff:ff:ff:fflink-netnsid1inet6fe80::54b4:1bff:fe74:cf3f/64scopelinkvalid_lftforeverpreferred_lftforever[root@liruilongs/]ipa1:lo:LOOPBACK,UP,LOWER_UPmtu65536qdiscnoqueuestateUNKNOWNgroupdefaultqlen1link/loopback00:00:00:00:00:00brd00:00:00:00:00:00/8scopehostlovalid_lftforeverpreferred_lftforever[root@7f955d36625e/]
┌──[root@]-[~]└─$dockerinspecth1|grep-iipaddr"SecondaryIPAddresses":null,"IPAddress":"172.17.0.4","IPAddress":"172.17.0.4",┌──[root@]-[~]└─$dockerrun-it--rm--name=(172.17.0.4)56(84):icmp_seq=1ttl=64time=0.284:icmp_seq=2ttl=64time=0.098:icmp_seq=3ttl=64time=0.142,3received,0%packetloss,time2003msrttmin/avg/max/mdev=0.098/0.174/0.284/0.080ms┌──[root@]-[~]└─$dockerrun-it--rm--name=h2--linkh1:h1centosping-c3h1PINGh1(172.17.0.4)56(84)(172.17.0.4):icmp_seq=1ttl=64time=0.124ms64bytesfromh1(172.17.0.4):icmp_seq=2ttl=64time=0.089ms64bytesfromh1(172.17.0.4):icmp_seq=3ttl=64time=0.082ms---h1pingstatistics---3packetstransmitted,3received,0%packetloss,time2002msrttmin/avg/max/mdev=0.082/0.098/0.124/0.020ms┌──[root@]-[~]└─$dockerrun-it--rm--name=h2--linkh1centosping-c3h1PINGh1(172.17.0.4)56(84)(172.17.0.4):icmp_seq=1ttl=64time=0.129ms64bytesfromh1(172.17.0.4):icmp_seq=2ttl=64time=0.079ms64bytesfromh1(172.17.0.4):icmp_seq=3ttl=64time=0.117ms---h1pingstatistics---3packetstransmitted,3received,0%packetloss,time1999msrttmin/avg/max/mdev=0.079/0.108/0.129/0.022ms┌──[root@]-[~]└─$
使用容器搭建wrodpress博客:简单的方式
┌──[root@]-[~]└─$dockerrun-dit--name=db--restart=always-v$PWD/db:/var/lib/mysql-eMYSQL_ROOT_PASSWORD=liruilong-eWORDPRESS_DATABASE=/library/mysqlc4a88590cb21977fc68022501fde1912d0bb248dcccc970ad839d17420b8b08d┌──[root@]-[~]└─$dockerrun-dit--nameblog--link=db:mysql-p80:80/library/wordpress8a91caa1f9fef1575cc38788b0e8739b7260729193cf18b094509dcd661f544b┌──[root@]-[~]└─$docker/library/wordpress"…"6:80-80/tcp,:::80-80//library/mysql"…"AboutaminuteagoUpAboutaminute3306/tcpdb┌──[root@]-[~]
这几使用了容器链接的方式,默认别名为mysql;可以看看镜像说明。
┌──[root@]-[~]└─$dockerexec-itdbenvPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binHOSTNAME=c4a88590cb21TERM=xtermMYSQL_ROOT_PASSWORD=liruilongWORDPRESS_DATABASE=wordpressGOSU_VERSION=1.7MYSQL_MAJOR=5.7MYSQL_VERSION=5.7.18-1debian8HOME=/root┌──[root@]-[~]└─$dockerexec-itblogenvPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binHOSTNAME=8a91caa1f9feTERM=xtermMYSQL_PORT=tcp://172.17.0.2:3306MYSQL_PORT_3306_TCP=tcp://172.17.0.2:3306MYSQL_PORT_3306_TCP_ADDR=172.17.0.2MYSQL_PORT_3306_TCP_PORT=3306MYSQL_PORT_3306_TCP_PROTO=tcpMYSQL_NAME=/blog/mysqlMYSQL_ENV_MYSQL_ROOT_PASSWORD=liruilongMYSQL_ENV_WORDPRESS_DATABASE=wordpressMYSQL_ENV_GOSU_VERSION=1.7MYSQL_ENV_MYSQL_MAJOR=5.7MYSQL_ENV_MYSQL_VERSION=5.7.18-1debian8PHPIZE_DEPS=autoconfdpkg-devfileg++gcclibc-devlibpcre3-devmakepkg-configre2cPHP_INI_DIR=/usr/local/etc/phpAPACHE_CONFDIR=/etc/apache2APACHE_ENVVARS=/etc/apache2/envvarsPHP_EXTRA_BUILD_DEPS=apache2-devPHP_EXTRA_CONFIGURE_ARGS=--with-apxs2PHP_CFLAGS=-fstack-protector-strong-fpic-fpie-O2PHP_CPPFLAGS=-fstack-protector-strong-fpic-fpie-O2PHP_LDFLAGS=-Wl,-O1-Wl,--hash-style=both-pieGPG_KEYS=0BD78B5F97500D450838F95DFE857D9A90D90EC16E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3PHP_VERSION=5.6.31PHP_URL=┌──[root@]-[~]└─$7.自定义镜像
Docker镜像是由文件系统叠加而成,底端是一个引导文件系统bootfs。Docker用户几乎永远不会和引导文件交互。实际上,当一个容器启动.后,它将会被移到内存中,而引导文件系统则会被卸载(unmount),以留出更多的内存供initrd磁盘镜像使用。
Docker看起来还很像一个典型的Linux虚拟化栈。实际,Docker镜像的第二层是root文件系统rootfs,位于引导文件系统之上。
rootfs可以或多种操作系如Debian或者ubuntu文件系统)。在传统的Linux引导过程中,root文件系统会最先以只读的方式加载,当引导结束并完成了完整性检查之后,它才会被切换为读写模式是在Docker里,root文件系统永远只能是只读状态,并且Docker利用联合加载(unionmount)技术又会在root文件系统层上加载更多的只读文件系统。
联合加载是指同时加载多个文件系统,但是在外面看起术只能看到只有一个文件系统。联合加载会将各层文件系统叠加到一起。
当Docker第一次启动一个容器时,初始的读写层是空的。当文件系统发生变化时,这些变化都会应用到这一层上。比如,如果想修改一个文件
这个文件首先会从该读写层下面的只读层复制到该读写层。该文件的只读版本依然存在,但是已经被读写层中的该文件副本所隐藏。通常这种机制被称为写时复制(copyonwrite),这也是使Docker如此强大的技术之一。
每个只读镜像层都是只读的,并且以后永远不会变化。当创建一个新容器时,Docker会构建出一个镜像栈,并在栈的最顶端添加一个读写层。这个读写层再加上其下面的镜像层以及一些配置数据,就构成了一个容器。
命令
dockerbuild-tv4.-ffilename
dockerbuild-tname.
CMD作用
┌──[root@]-[~/docker]└─$dockerrun-it--rm--namec1centos_ip_2[root@4683bca411ec/]exitexit┌──[root@]-[~/docker]└─$dockerrun-it--rm--namec1centos_ip_2echoliruilongliruilong
层数越小,占用内存越小,每一个RUN命令是一层,尽量写在一层。
┌──[root@]-[~/docker]└─$/library/centosMAINTAINERliruilongRUNyum-yinstallnet-tools\yum-yinstalliproute-yCMD["/bin/bash"]┌──[root@]-[~/docker]└─$
使用yum命令时,最好使用yumcleanall清除一下缓存
┌──[root@]-[~/docker]└─$dockerimages|grepcentos_centos_ip_3latest93e0d06f7dd53minutesago216MBcentos_ip_2latest8eea343337d76minutesago330MB┌──[root@]-[~/docker]└─$/library/centosMAINTAINERliruilongRUNyum-yinstallnet-tools\yum-yinstalliproute-y\yumcleanallCMD["/bin/bash"]┌──[root@]-[~/docker]└─$
COPY和ADD的意思是一样,ADD带有自动解压功能,COPY没有自动解压功能
构建一个Nginx镜像
FROMcentosMAINTAINERliruilongRUNyum-yinstallnginx\yumcleanallEXPOSE80CMD["nginx","-g","daemonoff;"]
构建一个开启SSH的镜像
8.配置docker本地仓库dockerpullregistry
dockerrun-d--nameregistry-p5000:5000--restart=always-v/myreg:/var/lib/registryregistry
安装仓库镜像
┌──[root@]-[~]└─sudotee/etc/docker/'EOF'{"registry-mirrors":[""]}EOF{"registry-mirrors":[""]}┌──[root@]-[~]└─sudosystemctlrestartdocker┌──[root@]-[~]└─dockerrun-dit--name=myreg-p5000:5000-v$PWD/myreg:^Cr┌──[root@]-[~]└─(nop)CMD["/etc/docker/registr…0Bmissing4yearsago/bin/sh-c(nop)COPYfile:7b57f7ab1a8cf85c…155Bmissing4yearsago/bin/sh-c(nop)VOLUME[/var/lib/registry]0Bmissing4yearsago/bin/sh-c(nop)COPYfile:b99d4fe47ad1addf…22.8MBmissing4yearsago/bin/sh-cset-exapkadd--no-cache…5.61MBmissing4yearsago/bin/sh-c(nop)ADDfile:89e72bfc19e81624b…4.81MB┌──[root@]-[~]└─docker/library/registry"//etc…"5:5000-5000/tcp,:::5000-5000/tcpmyreg└─selinux、防火墙设置
┌──[root@]-[~]└─●:loaded(/usr/lib/systemd/system/;enabled;vorpreset:enabled)Active:active(running)sinceWed2021-10-0612:57:44CST;15minagoDocs:man:firewalld(1)MainPID:608(firewalld)Memory:1.7MCGroup://└─608/usr/bin/python-Es/usr/sbin/firewalld--nofork--nopidOct0613:05:18[608]:WARNING:COMMAND_FAILED:'/usr/sbin/iptables-w2-tnat-CPREROUTING-maddrtype--dst-typeLOCAL-jDOCKER':05:18[608]:WARNING:COMMAND_FAILED:'/usr/sbin/iptables-w2-tnat-COUTPUT-maddrtype--dst-typeLOCAL-jDOCKER!--:05:18[608]:WARNING:COMMAND_FAILED:'/usr/sbin/iptables-w2-tfilter-CFORWARD-odocker0-jDOCKER'failed:iptables::05:18[608]:WARNING:COMMAND_FAILED:'/usr/sbin/iptables-w2-tfilter-CFORWARD-odocker0-mconntrack--ctstateRELATED,tchain?).Oct0613:05:18[608]:WARNING:COMMAND_FAILED:'/usr/sbin/iptables-w2-tfilter-CFORWARD-jDOCKER-ISOLATION-STAGE-1'failed::05:18[608]:WARNING:COMMAND_FAILED:'/usr/sbin/iptables-w2-tfilter-CDOCKER-ISOLATION-STAGE-1-idocker0!-:05:18[608]:WARNING:COMMAND_FAILED:'/usr/sbin/iptables-w2-tfilter-CDOCKER-ISOLATION-STAGE-2-odocker0-jDROP'failetchain?).Oct0613:08:01[608]:WARNING:COMMAND_FAILED:'/usr/sbin/iptables-w2-tnat-CDOCKER-ptcp-d0/0--:08:01[608]:WARNING:COMMAND_FAILED:'/usr/sbin/iptables-w2-tfilter-CDOCKER!-?).Oct0613:08:01[608]:WARNING:COMMAND_FAILED:'/usr/sbin/:Somelineswereellipsized,use-ltoshowinfull.┌──[root@]-[~]└─
镜像push协议设置
┌──[root@]-[~]└─$cat/etc/docker/{"registry-mirrors":[""]}┌──[root@]-[~]└─$vim/etc/docker/┌──[root@]-[~]└─$cat/etc/docker/{"registry-mirrors":[""],"insecure-registries":["192.168.26.56:5000"]}┌──[root@]-[~]└─$┌──[root@]-[~]└─$systemctlrestartdocker┌──[root@]-[~]API使用,查看脚本编写
┌──[root@]-[~/docker]└─$┌──[root@]-[~/docker]└─$:5000/db/mysql::5000/os/centos:latest┌──[root@]-[~/docker]└─$curl{"repositories":["db/mysql","os/centos"]}┌──[root@]-[~/docker]└─$curl-XGET{"repositories":["db/mysql","os/centos"]}┌──[root@]-[~/docker]└─$curl-XGET{"name":"os/centos","tags":["latest"]}┌──[root@]-[~/docker]└─$┌──[root@]-[~/docker]└─$sbinsysusr┌──[root@]-[/]└─dockerload-iharbor/
修改配置文件
┌──[root@]-[/]└─┌──[root@]-[/harbor]└─┌──[root@]-[/harbor]└─
4:14port:44316certificate:/your/certificate/_admin_password:Harbor123453536./preparepreparebasedirissetto/harborWARNING:root:WARNING::/config/log/:/config/log/rsyslog_:/config/nginx/:/config/core/envGeneratedconfigurationfile:/config/core/:/config/registry/:/config/registryctl/envGeneratedconfigurationfile:/config/registryctl/:/config/db/envGeneratedconfigurationfile:/config/jobservice/envGeneratedconfigurationfile:/config/jobservice/:/data/secret/keys/secretkeySuccessfullycalledfunc:create_root_certGeneratedconfigurationfile:/compose_location/┌──[root@]-[/harbor]└─lsbinetcliblost+foundmntprocrunsrvtmpvardevhomelib64mediaoptrootsbinsysusr[root@55e45b34d93d/]_64.rpm[root@55e45b34d93dopt][100%]Preparing[100%][root@55e45b34d93dopt]memload1000Attemptingtoallocate1000Mebibytesofresidentmemory^C[root@55e45b34d93d/]_3_14.[root@vms81~]cdansible/[root@vms81ansible][root@vms81ansible]主机清单文件,就是要控制的主机列表inventory=inventory角色目录roles_path=rolesviminventory[root@vms81ansible]
[root@vms81ansible]|SUCCESS={"ansible_facts":{"discovered_interpreter_python":"/usr/bin/python"},"changed":false,"ping":"pong"}192.168.26.83|SUCCESS={"ansible_facts":{"discovered_interpreter_python":"/usr/bin/python"},"changed":false,"ping":"pong"}192.168.26.82|SUCCESS={"ansible_facts":{"discovered_interpreter_python":"/usr/bin/python"},"changed":false,"ping":"pong"}[root@vms81ansible]关闭防火墙-shell:firewall-cmd--set-default-zone=trusted关闭交换分区-shell:swapoff-a-shell:sed-i'/swap/d'/etc/fstab-shell:cat/etc/fstabregister:out-debug:msg="{{out}}"安装docker-ce-yum:name:docker-cestate:present配置属性,安装k8s相关包-copy:src:./:/etc//:=kubernetes启动服务-shell:systemctlrestartkubelet-shell:systemctlenablekubelet┌──[root@]-[~/ansible]└─$_k8s_┌──[root@]-[~/ansible]└─$
init_k8s_
-name:initk8shosts:alltasks:关闭selinux-shell:getenforceregister:out-debug:msg="{{out}}"-shell:setenforce0when:!="Disabled"-replace:path:/etc/selinux/configregexp:"SELINUX=enforcing"replace:"SELINUX=disabled"-shell:cat/etc/selinux/configregister:out-debug:msg="{{out}}"-copy:src:./hostsdest:/etc/hostsforce:yes配置yum源-shell:tar-cvf/etc//etc//-shell:rm-rf/etc//*-shell:wget*-P/etc//配置docker加速-shell:mkdir/etc/docker-copy:src:./:/etc/docker/:systemctldaemon-reload-shell:systemctlrestartdocker-shell:systemctlenabledocker--now缺少镜像导入-copy:src:./:/root/:dockerload-i/root/修改为定义的局域网段3683-name:CALICO_IPV4POOL_CIDR3684value:"10.244.0.0/16"3685/etc/profileFunctionsandaliasesgoin/etc/'(kubectlcompletionbash)┌──[root@]-[~/ansible]└─$添加source(kubectlcompletionbash)到/etc/profile,前提:必须要安装才行
基本命令
┌──[root@]-[~/ansible]└─$kubectlgetnodes-owideNAMESTATUSROLESAGEVERSIONINT,(Core)3.10.0-693._64docker://20.10.9(Core)3.10.0-693._64docker://20.10.9(Core)3.10.0-693._64docker://20.10.9┌──[root@]-[~/ansible]└─$kubeadmconfigviewCommand"view"isdeprecated,Thiscommandisdeprecatedandwillberemovedinafuturerelease,pleaseuse'kubectlgetcm-oyaml-nkube-systemkubeadm-config':extraArgs:authorization-mode:Node,RBACtimeoutForControlPlane:4m0sapiVersion:/v1beta2certificatesDir:/etc/kubernetes/pkiclusterName:kubernetescontrollerManager:{}dns:type:CoreDNSetcd:local:dataDir:/var/lib/etcdimageRepository:/google_containerskind:ClusterConfigurationkubernetesVersion::dnsDomain::10.244.0.0/16serviceSubnet:10.96.0.0/12scheduler:{}┌──[root@]-[~/ansible]└─$kubectlconfigviewapiVersion:v1clusters:-cluster:certificate-authority-data:DATA+OMITTEDserver::{}users:-name:kubernetes-adminuser:client-certificate-data:REDACTEDclient-key-data:REDACTED┌──[root@]-[~/ansible]└─$kubectlversionClientVersion:{Major:"1",Minor:"21",GitVersion:"",GitCommit:"5e58841cce77d4bc13713ad2b91fa0d961e69192",GitTreeState:"clean",BuildDate:"2021-05-12T14:18:45Z",GoVersion:"",Compiler:"gc",Platform:"linux/amd64"}ServerVersion:{Major:"1",Minor:"21",GitVersion:"",GitCommit:"5e58841cce77d4bc13713ad2b91fa0d961e69192",GitTreeState:"clean",BuildDate:"2021-05-12T14:12:29Z",GoVersion:"",Compiler:"gc",Platform:"linux/amd64"}┌──[root@]-[~/ansible]└─$kubectlcluster-infoKubernetescontrolplaneisrunningat'kubectlcluster-infodump'.┌──[root@]-[~/ansible]└─$//////v1beta1apps/////v1beta1autoscaling/v1autoscaling/v2beta1autoscaling/v2beta2batch/v1batch//////////v1beta1extensions//////v1beta1policy/v1policy///////v1beta1v1┌──[root@]-[~/ansible]└─$删除节点
删除节点
设置节点为不可调度
删除节点
添加节点
kubeadmreset
重置
:6443--:7cdcd562e1f4d9a00a07e7b2c938ea3fbc81b8c42e475fe2b314863a764afe43
加入集群
master节点删除的话,需要从新初始化kubeadminit,需要从新配置网络,安装calico
4.设置metricserver查看节点状态,我们使用docker的话可以通过dockerstats.那使用k8s的话,我们可以通过metricserver来查看
┌──[root@]-[~]└─$dockerstatsCONTAINERIDNAMECPU%MEMUSAGE/LIMITMEM%NETI/OBLOCKI/OPIDS781c898eea19k8s_kube-scheduler__kube-system_5bd71ffab3a1f1d18cb589aa74fe082b_180.15%23.22MiB/3.843%0B/0B0B/0B7acac8b21bb57k8s_kube-controller-manager__kube-system_93d9ae7b5a4ccec4429381d493b5d475_181.18%59.16MiB/3.843%0B/0B0B/0B6fe97754d3dabk8s_calico-node_calico-node-skzjp_kube-system_a211c8be-3ee1-44a0-a4ce-3573922b65b2_144.89%94.25MiB/3.843%0B/0B0B/4.1kB40
相关镜像
curl-Ls
┌──[root@]-[~/ansible]└─$ansibleall-mcopy-a"src=./=/root/"┌──[root@]-[~/ansible]└─$ansibleall-mshell-a"systemctlrestartdocker"192.168.26.82|CHANGED|rc=0192.168.26.83|CHANGED|rc=0192.168.26.81|CHANGED|rc=0┌──[root@]-[~/ansible]└─$ansibleall-mshell-a"dockerload-i/root/"192.168.26.83|CHANGED|rc=0Loadedimage:/metrics-server-amd64:|CHANGED|rc=0Loadedimage:/metrics-server-amd64:|CHANGED|rc=0Loadedimage:/metrics-server-amd64:┌──[root@]-[~/ansible]└─$
修改
┌──[root@]-[~/ansible]└─$mvkubernetes-sigs-metrics-server-d1f4f6f/metrics┌──[root@]-[~/ansible]└─$cdmetrics/┌──[root@]-[~/ansible/metrics]└─$_ALIASESSECURITY_┌──[root@]-[~/ansible/metrics]└─$cddeploy/1.8+/┌──[root@]-[~/ansible/metrics/deploy/1.8+]└─$┌──[root@]-[~/ansible/metrics/deploy/1.8+]└─$┌──[root@]-[~/ansible/metrics/deploy/1.8+]└─$kubectlapply-f.
31-name:metrics-server32image:/metrics-server-amd64:#imagePullPolicy:Always34imagePullPolicy:IfNotPresent35command:36-/metrics-server37---metric-resolution=30s38---kubelet-insecure-tls39---kubelet-preferred-address-types=InternalIP40volumeMounts:
┌──[root@]-[~/ansible/metrics/deploy/1.8+]└─$kubectlgetpods-nkube-systemNAMEREADYSTATUSRESTARTSAGEcalico-kube-controllers-78d6f96c7b-79xx41/1Running23h15mcalico-node-ntm7v1/1Running112hcalico-node-skzjp1/1Running412hcalico-node-v7pj51/1Running112hcoredns-545d6fc579-9h2z41/1Running23h15mcoredns-545d6fc579-xgn8x1/1/1/1/1Running413hkube-proxy-rbhgf1/1Running113hkube-proxy-vm2sf1/1Running113hkube-proxy-zzbh91/1/1Running513hmetrics-server-bcfb98c76-gttkh1/1Running070m┌──[root@]-[~/ansible/metrics/deploy/1.8+]└─$kubectltopnodesW100714:23:06.102605102831top_:119],switchearlybypassing--use-protocol-buffersflagNAMECPU(cores)CPU%MEMORY(bytes)MEMORY%%2025Mi52%%595Mi15%%553Mi14%┌──[root@]-[~/ansible/metrics/deploy/1.8+]└─$5.了解namespace
不同的namespace之间互相隔离
kubectlconfigget-contexts
kubectlconfigset-context集群名--namespace=命名空间
kubectlconfigset-context--current--namespace=命名空间
kub-system本身的各种pod,是kubamd默认的空间。pod使用命名空间相互隔离
┌──[root@]-[~/ansible]└─$kubectlgetnamespacesNAMESTATUSAGEdefaultActive13hkube-node-leaseActive13hkube-publicActive13hkube-systemActive13h┌──[root@]-[~/ansible]└─$kubectlgetnsNAMESTATUSAGEdefaultActive13hkube-node-leaseActive13hkube-publicActive13hkube-systemActive13h┌──[root@]-[~/ansible]└─$
命名空间基本命令
┌──[root@]-[~/ansible]└─$kubectlcreatensliruilongnamespace/liruilongcreated┌──[root@]-[~/ansible]└─$kubectlgetnsNAMESTATUSAGEdefaultActive13hkube-node-leaseActive13hkube-publicActive13hkube-systemActive13hliruilongActive4s┌──[root@]-[~/ansible]└─$kubectlcreatensk8s-demonamespace/k8s-democreated┌──[root@]-[~/ansible]└─$kubectlgetnsNAMESTATUSAGEdefaultActive13hk8s-demoActive3skube-node-leaseActive13hkube-publicActive13hkube-systemActive13hliruilongActive20s┌──[root@]-[~/ansible]└─$kubectldeletensk8s-demonamespace"k8s-demo"deleted┌──[root@]-[~/ansible]└─$kubectlgetnsNAMESTATUSAGEdefaultActive13hkube-node-leaseActive13hkube-publicActive13hkube-systemActive13hliruilongActive54s┌──[root@]-[~/ansible]└─$
文章版权声明:除非注明,否则均为纵投光影网原创文章,转载或复制请以超链接形式并注明出处。