有相当多的容器管理系统可供选择,包括AmazonEC2ContainerService、Rancher、Kubernetes等。在这里选择Kubernetes是因为它可以安装在多个环境中,而不会将您锁定在一个供应商中。多年来,我一直使用物理服务器来提供Apache、Bind、MySQL和PHP等基础服务。当然,有时候出于成本考虑,我也会做服务器迁移。然而,在服务器上托管多个网站通常会使更新工作变得更加困难,因为它们各自依赖于不同的PHP版本。考虑到这些问题,我通常坚持使用某些服务器以避免迁移的麻烦。相信大家在实际工作中经常会遇到这样的场景。我一直在关注Docker生态系统的状态,并意识到一旦我迁移到容器,我的问题就会得到解决。考虑到这一点,我首先将3个托管在法国的Gentoo迁移到1个托管在美国的Debian和1个托管在法国的Gentoo。今天,我将向大家介绍如何使用Kubernetes安装Docker,实现容器管理。目前有相当多的容器管理系统可供选择,包括AmazonEC2ContainerService、Rancher、Kubernetes等。在这里选择Kubernetes是因为它可以安装在多个环境中,而不会将您锁定在一个供应商中。安装Docker的第一步非常简单。在Debian上安装Docker:apt-getinstalldocker.io在Gentoo上安装Docker:emerge-vdocker下一步是安装Kubernetes。安装Kubernetes如果选择使用Docker的简单安装方式,则不需要使用集群,但这也会让你错过Kubernetes的优势。多Docker环境显然是最佳选择。该环境首先会启动etcd和flannel与Docker服务,启用共享网络并允许Kubernetes管理和共享其配置。root@c1:/home/shared#etcdctlmemberlisteacd7f155934262:name=b5.loopingz.compeerURLs=http://91.121.82.118:2380clientURLs=http://91.121.82.118:2379,http://91.121.82.118:40012f0f8b23fecname=cname.loopingz.compeerURLs=http://198.245.51.134:2380clientURLs=http://198.245.51.134:2379,http://198.245.51.134:400188314cdfe9bc1797:name=defaultpeerURLs=http://142.4.223http:129:=//142.4.214.129:2379,http://142.4.214.129:4001现在每个人都有多套不同的网络:0.0.0/16代表Kubernetesservice/loadbalancer1.0.0/16是集群的每个节点的pod创建location在上面,每个pod的地址将是10.1.xx.0/24。flannel.1Linkencap:EthernetHWaddrc2:67:be:06:2c:11inetaddr:10.1.72.0Bcast:0.0.0.0Mask:255.255.0.0inet6addr:fe80::c067:beff:fe06:2c11/64Scope:LinkUPBROADCASTRUNNINGMULTICASTETTMTU?:1420M54errors:0dropped:0overruns:0frame:0TXpackets:4174530errors:0dropped:21overruns:0carrier:0collisions:0txqueuelen:0RXbytes:1651767659(1.5GiB)TXbytes:3453452284(3.2FSGiB根据配置节点)安装Gluster可以创建每个容器在任何集群节点上。这意味着每个人都需要在不同的节点之间共享存储资源。在这方面有很多选项可供选择,包括AmazonEFS(仍处于beta测试阶段)、GoogleCloudStorage、GlusterFS等。GlusterFS是一个开放的共享存储解决方案。它可以作为守护进程运行并使用UDP端口24007。安装防火墙规则为了一次更新所有服务器上的防火墙,我创建了一组小的shell脚本,旨在监视etcd节点上的变化并根据规则更新防火墙和集群节点。更新防火墙配置防火墙通过fw.conf文件配置并在GlusterFS卷上共享:#!/bin/shMD5_TARGET=`md5sum/home/shared/configs/firewall/fw.conf|awk'{print$1}'`MD5_NEW=`md5sumfw.conf|awk'{print$1}'`if["$MD5_TARGET"=="$MD5_NEW"];thenecho"Notconfigchange"exit0ficpfw.conf/home/shared/configs/firewall/etcdctlset/cluster/firewall/update$MD5_NEW其中带有?wait=true的curl命令将在上述脚本更改值时超时。之后,它将更新主机上的防火墙:while:docurl-Lhttp://127.0.0.1:4001/v2/keys/cluster/firewall/update?wait=trueNEW_HASH=`etcdctlget/cluster/firewall/update`if["$NEW_HASH"!="$FW_HASH"];thenecho"Updatethefirewall"source/usr/local/bin/firewall_builderFW_HASH=$NEW_HASHfidone安装Docker库要使用Kubernetes保存容器定义,最好自己构建容器库。那么让我们使用Kubernetes部署我们的第一个pod:默认格式是YAML,但我个人更喜欢JSON。以下为docker-rc.json文件内容:{"apiVersion":"v1","kind":"ReplicationController","metadata":{"name":"docker-repository","labels":{"app":"docker-repository","version":"v1"}},"spec":{"replicas":1,"selector":{"app":"docker-repository","version":"v1"},"template":{"metadata":{"labels":{"app":"docker-repository","version":"v1"}},"spec":{"volumes":[{"name":"config","hostPath":{"path":"/home/shared/configs/docker"}},{"name":"data","hostPath":{"path":"/home/shared/docker"}}],"containers":[{"name":"registry","image":"registry:2.2.1","volumeMounts":[{"name":"config","mountPath":"/etc/docker/"},{"name":"data","mountPath":"/var/lib/registry"}],“资源”:{“限制”:{“cpu”:“100m”,“内存”:“50Mi”},“请求”:{“cpu”:“100m”,“内存”:“50Mi”}},"ports":[{"containerPort":5000}]}]}}}}接下来是docker-svc.json文件内容:{"apiVersion":"v1","kind":"Service","metadata":{"name":"docker-repository","labels":{"app":"docker-repository"}},"spec":{"type":"LoadBalancer","selector":{"app":"docker-repository"},"clusterIP":"10.0.0.204","ports":[{"protocol":"TCP","port":5000,"targetPort":5000}]}}安装nginx代理为了在服务器上托管各种域,自然需要反向代理安装nginx很简单,但是需要注意添加几个header:在我的例子中,第一个host是docker.loopingz.com:server{listen443;server_namedocker.loopingz.com;access_log/var/log/nginx/docker.loopingz.com_access_logmain;error_log/var/log/nginx/docker.loopingz.com_error_loginfo;client_max_body_size0;chunked_transfer_encodingon;location/{include/etc/nginx/conf.d/dev-auth;proxy_passhttp://10.0.0.204:5000;proxy_set_headerX-Real-IP$remote_addr;proxy_set_headerX-Forwarded-Host$host;proxy_set_headerX-Forwarded-Server$host;proxy_set_headerX-Forwarded-Proto$scheme;proxy_set_headerX-Forwarded-For$proxy_add_x_forwarded_for;add_header'Docker版本''registry/2.0'always;}ssl_ciphersECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;ssl_prefer_server_cipherson;ssl_certificate/etc/letsencrypt/live/docker.loopingz.com/fullchain.pem;ssl_certificate_key/etc/letsencrypt/live/docker.loopingz.com/privkey.pem;}从文件中可以看出,我们使用IP10.0.0.204作为docker-svc.json文件中定义的集群IP地址Kubernetes会将此IP映射到我们的Docker注册表容器。我希望将nginx部署到所有集群节点上,让所有节点都可以通过http/https入口指向集群。因此,我们需要为nginx定义一个replicationController。{"apiVersion":"v1","kind":"ReplicationController","metadata":{"name":"nginx","labels":{"app":"nginx","version":"v1"}},"spec":{"replicas":3,"selector":{"app":"nginx","version":"v1"},"template":{"metadata":{"labels":{"app":"nginx","version":"v1"}},"spec":{"volumes":[{"name":"config","hostPath":{"path":"/home/shared/configs/nginx/"}},{"name":"logs","hostPath":{"path":"/home/shared/logs/nginx/"}},{"name":"certs","hostPath":{"path":"/home/shared/letsencrypt/"}},{"name":"static","hostPath":{"路径":"/home/shared/nginx/"}}],"containers":[{"name":"nginx","image":"nginx:latest","volumeMounts":[{"name":"static","re??adOnly":true,"mountPath":"/var/www/"},{"name":"certs","re??adOnly":true,"mountPath":"/etc/letsencrypt"},{"name":"logs","mountPath":"/var/log/nginx/"},{"name":"config","re??adOnly":true,"mountPath":"/etc/nginx/conf.d/"}],"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"100m","memory":"50Mi"}},"ports":[{"containerPort":80,"hostPort":80},{"containerPort":443,"hostPort":443}]}]}}}}用于所有加密启用虚拟主机上的SSL,我们现在需要利用let'sencrypt来获得免费的三个月SSL证书排序可以自动完成,因此所有nginx主机的配置文件中将包含以下内容:location/.well-known/acme-challenge{add_header"内容-Type:""application/jose+json"always;root/etc/nginx/conf.d;}现在您知道如何安装Kubernetes-现在就试试吧!原标题:InstallingKubernetes:MovingFromPhysicalServerstoContainer【.com独家翻译,合作站点转载请注明出处】
