docker for linux fundimental
'Cloud > docker' 카테고리의 다른 글
| kubernetes (0) | 2018.03.26 |
|---|---|
| Kuber (0) | 2017.10.19 |
| 네트워크 (0) | 2017.10.18 |
| 3 (0) | 2017.10.18 |
| docker 레지스트리 (0) | 2017.10.17 |
kubernetes
http://jeongchul.tistory.com/570
'Cloud > docker' 카테고리의 다른 글
| docker for linux fundimental (0) | 2018.04.12 |
|---|---|
| Kuber (0) | 2017.10.19 |
| 네트워크 (0) | 2017.10.18 |
| 3 (0) | 2017.10.18 |
| docker 레지스트리 (0) | 2017.10.17 |
Kuber
3개 노드면
1개는 master,
2개는 worker (컨테이너)
RC (리플리케이션 컨트롤러) 잘 안씀
Deployment 씀
Service : 포드간에 네트웍을 처리하는 개체
짝짓기 : label, selector
GCP에서 구성할때는 디폴트로 제공되는것 들이 많다 (ex: cAdvisor)
==Docker v 1.12 설치=================================
apt-get update
apt-get install apt-transport-https ca-certificates
apt-key adv \
--keyserver hkp://ha.pool.sks-keyservers.net:80 \
--recv-keys 58118E89F3A912897C070ADBF76221572C52609D
echo "deb https://apt.dockerproject.org/repo ubuntu-xenial main" | sudo tee /etc/apt/sources.list.d/docker.list
apt-get update
apt-get install -y linux-image-extra-$(uname -r) linux-image-extra-virtual
apt-get install -y docker-engine=1.12.0-0~xenial
==Kubernetes 설치==========================================
==모든 노드에서
apt-get update
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial main
EOF
apt-get update
apt-get install -y kubelet kubeadm kubernetes-cni
[설치]
도커 1.12버전이 쿠버와 안정적
==마스터에서
kubeadm init
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
export kubever=$(kubectl version | base64 | tr -d '\n')
kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$kubever"
kubectl get pods --all-namespaces 명령 결과 모든 요소의 설치가 완료될때까지 기다린다.
==노드에서
마스터의 kube init 결과로 나온 토큰 조인 구문을 실행한다.
ex)
kubeadm join --token 90deae.6aac5fc055c311ed 10.10.12.141:6443 --discovery-token-ca-cert-hash sha256:e6c3fec15d9d707eeb76ee466cf1f3713563399b96d8853aab720157630fd5cc
==문제 발생시
kubeadm reset
/etc/systemd/system/kubelet.service.d/10-kubeadm.conf 파일에 다음을 추가
Environment="KUBELET_EXTRA_ARGS=--fail-swap-on=false"
systemctl daemon-reload
systemctl restart kubelet
Desired Status :1 이면
- pod나 docker container를 아무리 지워도 1로 유지됨
---------------------------------------------------------------------------------------------------------------------------------------
root@host14-01:~# scp 10.10.12.171:/test/* /test/
root@10.10.12.171's password:
busybox-ns.yaml 100% 371 0.4KB/s 00:00
curlpod.yml
.....
---------------------------------------------------------------------------------------------------------------------------------------
root@host14-01:~# kubectl create -f /test/simple-pod.yml
pod "simple" created
root@host14-01:~# kubectl get no
NAME STATUS ROLES AGE VERSION
host14-01.cloud.com Ready master 14h v1.8.1
host14-02.cloud.com Ready <none> 14h v1.8.1
host14-03.cloud.com Ready <none> 14h v1.8.1
root@host14-01:~# kubectl get po
NAME READY STATUS RESTARTS AGE
simple 0/1 ContainerCreating 0 43s
---------------------------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------------------------------
root@host14-01:~# kubectl describe po simple
Name: simple
Namespace: default
Node: host14-02.cloud.com/10.10.12.142
Start Time: Fri, 20 Oct 2017 11:43:58 +0900
Labels: <none>
Annotations: <none>
Status: Running
IP: 10.44.0.1
Containers:
web:
Container ID: docker://a089ef160476ae3b1d492bed6724ea0ffd50f229bbef241fcc203dd0ed27a03a
Image: nginx
Image ID: docker-pullable://nginx@sha256:004ac1d5e791e705f12a17c80d7bb1e8f7f01aa7dca7deee6e65a03465392072
Ports: 80/TCP, 443/TCP
State: Running
Started: Fri, 20 Oct 2017 11:49:05 +0900
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-k7qw2 (ro)
Conditions:
Type Status
Initialized True
Ready True
PodScheduled True
Volumes:
default-token-k7qw2:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-k7qw2
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.alpha.kubernetes.io/notReady:NoExecute for 300s
node.alpha.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 5m default-scheduler Successfully assigned simple to host14-02.cloud.com
Normal SuccessfulMountVolume 5m kubelet, host14-02.cloud.com MountVolume.SetUp succeeded for volume "default-token-k7qw2"
Normal Pulling 5m kubelet, host14-02.cloud.com pulling image "nginx"
Normal Pulled 22s kubelet, host14-02.cloud.com Successfully pulled image "nginx"
Normal Created 22s kubelet, host14-02.cloud.com Created container
Normal Started 21s kubelet, host14-02.cloud.com Started container
root@host14-01:~# kubectl get po -o wide
NAME READY STATUS RESTARTS AGE IP NODE
simple 1/1 Running 0 5m 10.44.0.1 host14-02.cloud.com
---------------------------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------------------------------
포트내 컨테이너 통신은 port로 가능
---------------------------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------------------------------
root@host14-01:/test# kubectl create -f multi.yml
pod "multi" created
root@host14-01:/test# kubectl get po
NAME READY STATUS RESTARTS AGE
multi 0/2 ContainerCreating 0 23s
simple 1/1 Running 0 12m
---------------------------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------------------------------
root@host14-01:/test# kubectl create -f nodejs-controller.yaml
replicationcontroller "node-js" created
root@host14-01:/test#
root@host14-01:/test# kubectl get rc
NAME DESIRED CURRENT READY AGE
node-js 3 3 0 14s
=> 3은 pod 개수
root@host14-01:/test# kubectl get pod
NAME READY STATUS RESTARTS AGE
multi 0/2 ErrImagePull 0 9m
node-js-695kl 0/1 ContainerCreating 0 30s
node-js-rdrkk 0/1 ContainerCreating 0 30s
node-js-shq4v 0/1 ContainerCreating 0 30s
simple 1/1 Running 0 21m
root@host14-01:/test# kubectl get pod
NAME READY STATUS RESTARTS AGE
multi 0/2 ErrImagePull 0 15m
node-js-695kl 0/1 ContainerCreating 0 6m
node-js-rdrkk 0/1 ContainerCreating 0 6m
node-js-shq4v 0/1 ContainerCreating 0 6m
simple 1/1 Running 0 27m
root@host14-01:/test# kubectl create -f nodejs-rc-service.yaml
service "node-js" created
root@host14-01:/test# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 14h
node-js LoadBalancer 10.103.138.190 <pending> 80:31057/TCP 14s <== internal ip
root@host14-01:/test# kubectl delete svc node-js
root@host14-01:/test# cat mysql-password.yml
apiVersion: v1
kind: Secret
metadata:
name: mysql-passwords
type: Opaque
data:
root: cm9vdC1wYXNzd29yZA==
wordpress: d29yZHByZXNzLXBhc3N3b3Jk
-----------------------------------------------------
root@host14-01:/test# kubectl create -f multi-secret.yml
pod "multi-secrets" created
root@host14-01:/test# kubectl get po
NAME READY STATUS RESTARTS AGE
multi 2/2 Running 0 2h
multi-secrets 0/2 ContainerCreating 0 13s
node-js-695kl 1/1 Running 0 2h
node-js-rdrkk 1/1 Running 0 2h
node-js-shq4v 1/1 Running 0 2h
simple 1/1 Running 0 2h
root@host14-01:/test# kubectl get po
NAME READY STATUS RESTARTS AGE
multi 2/2 Running 0 2h
multi-secrets 2/2 Running 0 24s
node-js-695kl 1/1 Running 0 2h
node-js-rdrkk 1/1 Running 0 2h
node-js-shq4v 1/1 Running 0 2h
simple 1/1 Running 0 2h
root@host14-01:/test# kubectl exec multi-secrets -c db -it bash
root@multi-secrets:/# hostname
multi-secrets
root@multi-secrets:/# env
NODE_JS_PORT_80_TCP=tcp://10.96.94.67:80
HOSTNAME=multi-secrets
NODE_JS_PORT=tcp://10.96.94.67:80
KUBERNETES_PORT=tcp://10.96.0.1:443
KUBERNETES_PORT_443_TCP_PORT=443
MYSQL_VERSION=5.7.20-1debian8
NODE_JS_PORT_80_TCP_PROTO=tcp
KUBERNETES_SERVICE_PORT=443
MYSQL_DATABASE=wordpress
KUBERNETES_SERVICE_HOST=10.96.0.1
MYSQL_PASSWORD=wordpress-password
NODE_JS_PORT_80_TCP_PORT=80
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
SHLVL=1
HOME=/root
KUBERNETES_PORT_443_TCP_PROTO=tcp
MYSQL_MAJOR=5.7
KUBERNETES_SERVICE_PORT_HTTPS=443
GOSU_VERSION=1.7
NODE_JS_SERVICE_HOST=10.96.94.67
MYSQL_USER=wordpress
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
NODE_JS_PORT_80_TCP_ADDR=10.96.94.67
MYSQL_ROOT_PASSWORD=root-password
NODE_JS_SERVICE_PORT=80
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
_=/usr/bin/env
root@multi-secrets:/#
root@host14-01:/test# kubectl exec multi-secrets -c wordpress -it bash
root@multi-secrets:/var/www/html# env
NODE_JS_PORT_80_TCP=tcp://10.96.94.67:80
HOSTNAME=multi-secrets
NODE_JS_PORT=tcp://10.96.94.67:80
KUBERNETES_PORT=tcp://10.96.0.1:443
KUBERNETES_PORT_443_TCP_PORT=443
PHP_INI_DIR=/usr/local/etc/php
PHP_ASC_URL=https://secure.php.net/get/php-5.6.31.tar.xz.asc/from/this/mirror
NODE_JS_PORT_80_TCP_PROTO=tcp
KUBERNETES_SERVICE_PORT=443
WORDPRESS_DB_PASSWORD=wordpress-password
KUBERNETES_SERVICE_HOST=10.96.0.1
PHP_CFLAGS=-fstack-protector-strong -fpic -fpie -O2
NODE_JS_PORT_80_TCP_PORT=80
PHP_MD5=
PHPIZE_DEPS=autoconf dpkg-dev file g++ gcc libc-dev libpcre3-dev make pkg-config re2c
PHP_URL=https://secure.php.net/get/php-5.6.31.tar.xz/from/this/mirror
WORDPRESS_DB_HOST=127.0.0.1
WORDPRESS_VERSION=4.8.2
PHP_LDFLAGS=-Wl,-O1 -Wl,--hash-style=both -pie
APACHE_ENVVARS=/etc/apache2/envvars
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
GPG_KEYS=0BD78B5F97500D450838F95DFE857D9A90D90EC1 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3
PHP_CPPFLAGS=-fstack-protector-strong -fpic -fpie -O2
PWD=/var/www/html
WORDPRESS_DB_USER=wordpress
SHLVL=1
HOME=/root
PHP_SHA256=c464af61240a9b7729fabe0314cdbdd5a000a4f0c9bd201f89f8628732fe4ae4
WORDPRESS_SHA1=a99115b3b6d6d7a1eb6c5617d4e8e704ed50f450
KUBERNETES_PORT_443_TCP_PROTO=tcp
APACHE_CONFDIR=/etc/apache2
KUBERNETES_SERVICE_PORT_HTTPS=443
PHP_EXTRA_BUILD_DEPS=apache2-dev
NODE_JS_SERVICE_HOST=10.96.94.67
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
NODE_JS_PORT_80_TCP_ADDR=10.96.94.67
NODE_JS_SERVICE_PORT=80
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
PHP_VERSION=5.6.31
PHP_EXTRA_CONFIGURE_ARGS=--with-apxs2
_=/usr/bin/env
root@multi-secrets:/var/www/html#
'Cloud > docker' 카테고리의 다른 글
| docker for linux fundimental (0) | 2018.04.12 |
|---|---|
| kubernetes (0) | 2018.03.26 |
| 네트워크 (0) | 2017.10.18 |
| 3 (0) | 2017.10.18 |
| docker 레지스트리 (0) | 2017.10.17 |
네트워크
overlay
vxlan : cisco, vmware 가 만듬, 마켓쉐어 높음
L2, L3
네트워크 가상화
cf) gre : ms가 만듬
브릿지 : 쓰면안됨. 보안X
OVS (open v switch) : 오픈소스, 내장된 스위치
쿠버네티스의 스토리지와 네트워크가 따로 있다
네트웍을 호스트 네트웍을 쓴다 : 베어메탈 처럼 쓸수있다. but, 보안 취약
쿠버의 pod는 컨테이너들이 호스트의 ip를 공유한다.
내가 네트웍 직접 만들때 위를 참고 (default)
shutdown 하면 지워짐. 다시 start하면 다시 연결
nameserver 127.0.0.11 는 내장 DNS
[Router]
frontend 와 backend 를 연결해주려면 별도의 라우터가 필요
[MYSQL]
'Cloud > docker' 카테고리의 다른 글
| docker for linux fundimental (0) | 2018.04.12 |
|---|---|
| kubernetes (0) | 2018.03.26 |
| Kuber (0) | 2017.10.19 |
| 3 (0) | 2017.10.18 |
| docker 레지스트리 (0) | 2017.10.17 |
3
inspect 위에는 image 또는 container
container면 뒤에 런타임 정보가 더 붙는다
[Volume]
위방법은 잘안씀
unmanaged volume : 관리가 잘 안됨
3번째 방법 권장 : volume을 먼저 만들고 매핑하자 (office)
댕글링볼륨 지우기 (옵션사용 또는 prune)
[공유볼륨]
볼륨을 지울때 -fv 옵션을 사용해도 해당 볼륨을 참조하는 컨테이너가 있다면 안지워진다.
'Cloud > docker' 카테고리의 다른 글
| docker for linux fundimental (0) | 2018.04.12 |
|---|---|
| kubernetes (0) | 2018.03.26 |
| Kuber (0) | 2017.10.19 |
| 네트워크 (0) | 2017.10.18 |
| docker 레지스트리 (0) | 2017.10.17 |
docker 레지스트리
이미지를 배포하는 방법
1. 레지스트리
=> 궁극적으로는 레지스트리가 있어야 한다.
2. tar 파일 (임시적인 방편)
docker history 로 레이어를 볼 수 있다.
ctrl+p => ctrl+q
종료하지 않고 나옴
살아있음
[컨테이너를 stateful 하게 쓰는 방법]
1. commit
but, 일반적인 방법이 아님
2. volume을 사용
- 일반스토리지를 쓴다 (layered filesystem말고)
마이나스 v (-v) 옵션을 쓴다.
-------------------------------------------------------------------------------------
exec : 연결 + 실행
attach : 연결만
[commit]
-v 옵션으로 다시 죽이고 띄워도 홈페이지는 열린다 (p161)
[Docker File]
- 각각의 Instruction은 레이어가 된다 (MAINTAINER 제외 : 연락처정보)
-
inpect 위에 image/container
container 면 런타임정보가 추가적으로 더 있다
'Cloud > docker' 카테고리의 다른 글
| docker for linux fundimental (0) | 2018.04.12 |
|---|---|
| kubernetes (0) | 2018.03.26 |
| Kuber (0) | 2017.10.19 |
| 네트워크 (0) | 2017.10.18 |
| 3 (0) | 2017.10.18 |
