Docker note

study note
Word count: 632   |   Reading time≈ 3 min

Docker

架构

  • 后台进程(dockerd)
  • REST API Server
  • CLI接口(docker)

Dockerfile

  • RUN
  • FROM
  • WORKDIR
  • ADD/COPY
  • ENV
  • VOLUME/EXPOSE
  • CMD/ENTRYPOINT

docker build -t rex/ubuntu .

example:

FROM ubuntu

RUN apt-get update && apt-get install -y stress

ENTRYPOINT [“/usr/bin/stress”]

CMD []

docker run -it imageid –vm 1

CMD

  • docker ps
  • docker images
  • docker run -d
  • docker commit
  • docker exec -it containerid ip a
  • docker stop containerid
  • docker inspect containerid
  • docker logs containerid
  • docker rm $(docker ps -aq)

Network Space

  • docker network ls : bridge host none
  • docker run –name web -d -p 80:80 nginx
  • host 内外一样,端口可能冲突
  • none 孤立
  • link 不需IP地址,直接通过name访问 –link containername
  • docker network create -d overlay demo
  • docker run -d –name test1 –net demo busybox

存储

Volume

  • docker run -v mysql:/var/lib/mysql -e MYSQL_ALLOW_EMPTY_PASSWORD=true

Bind Mouting

  • 同步映射
  • docker run -v $(pwd):/usr/share

Docker Compose

version: "3"

services:

  redis:
    image: redis

  web:
    build:
      context: .
      dockerfile: Dockerfile
    ports: ["8080"]
    environment:
      REDIS_HOST: redis

  lb:
    image: dockercloud/haproxy
    links:
      - web
    ports:
      - 80:80
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

docker compose up

docker compose down

docker compose u[ –scale web=3 -d]

  • Services
  • Networks
  • Volumes

容器编排

Swarm

架构

  • Manager>2(Raft 数据同步)

  • Worker(Gossip network)

  • Service

  • Replicas

CMD

docker swarm init –advertise-addr=192.168.0.23

docker service create –name demo busybox sh -c “while true;do sleep 3600;done”

  • create global ; run local

docker service ls

docker service ps demo

docker service scale demo=5

Create wordpress service

docker network create -d overlay demo

docker service create –name mysql –env MYSQL_ROOT_PASSWORD=root –env MYSQL_DATABASE=wordpress –network demo –mount type=volume,source=mysql-data,destination=/var/lib/mysql mysql:5.7

docker service create –name wordpress -p 80:80 –env WORDPRESS_DB_PASSWORD=root –env WORDPRESS_DB_HOST=mysql –network demo wordpress

Routing Mesh

  • Internal: Container之间通过overlay网络(DNS虚拟IP)
  • Ingress: 若绑定端口,则swarm节点均可访问

部署

docker stack deploy example –compose-file=docker-compose.yml

docker stack ls

docker stack service example

version: "3"
services:

  redis:
    image: redis:alpine
    ports:
      - "6379"
    networks:
      - frontend
    deploy:
      replicas: 2
      update_config:
        parallelism: 2
        delay: 10s
      restart_policy:
        condition: on-failure

  db:
    image: postgres:9.4
    volumes:
      - db-data:/var/lib/postgresql/data
    networks:
      - backend
    deploy:
      placement:
        constraints: [node.role == manager]

  vote:
    image: dockersamples/examplevotingapp_vote:before
    ports:
      - 5000:80
    networks:
      - frontend
    depends_on:
      - redis
    deploy:
      replicas: 2
      update_config:
        parallelism: 2
      restart_policy:
        condition: on-failure

  result:
    image: dockersamples/examplevotingapp_result:before
    ports:
      - 5001:80
    networks:
      - backend
    depends_on:
      - db
    deploy:
      replicas: 1
      update_config:
        parallelism: 2
        delay: 10s
      restart_policy:
        condition: on-failure

  worker:
    image: dockersamples/examplevotingapp_worker
    networks:
      - frontend
      - backend
    deploy:
      mode: replicated
      replicas: 1
      labels: [APP=VOTING]
      restart_policy:
        condition: on-failure
        delay: 10s
        max_attempts: 3
        window: 120s
      placement:
        constraints: [node.role == manager]

  visualizer:
    image: dockersamples/visualizer:stable
    ports:
      - "8080:8080"
    stop_grace_period: 1m30s
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
    deploy:
      placement:
        constraints: [node.role == manager]

networks:
  frontend:
  backend:

volumes:
  db-data:

Docker Secret

  • 存在Swarm Manager Raft database
  • 可以assign给service
  • Container内部secret看似文件,实为内存中存储

docker secret create secret-name file-name

docker secret ls

echo “adminadmin” | docker secret creat secret-name -

docker create service –secret secret-name

/run/secrets/

yml 设置secret

Service Update

  • 热更新

docker service update –image image-name:2.0 service-name

docker service update –publish-rm 8080:5000 –publish-add 8088:5000 service-name

docker stack deploy第二遍yml文件

  • Copyrights © 2019-2020 Rex