本文整理在 Ubuntu 16.04.x LTS 操作系统上容器相关部署手册

容器平台

Rancher
Kubernetes
Helm
Docker

容器服务

prometheus
grafana
postgresql

1.Docker#

1.1.apt source#

更换apt源大多数情况下可以加快软件下载速度。

1
cp /etc/apt/sources.list /etc/apt/sources.list.bak
2

3
# 阿里源
4
tee > /etc/apt/sources.list << EOF
5
deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted universe multiverse
6
deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted universe multiverse
7
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted universe multiverse
8
deb http://mirrors.aliyun.com/ubuntu/ xenial-proposed main restricted universe multiverse
9
deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse
10
#deb-src http://mirrors.aliyun.com/ubuntu/ xenial main restricted universe multiverse
11
#deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted universe multiverse
12
#deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted universe multiverse
13
#deb-src http://mirrors.aliyun.com/ubuntu/ xenial-proposed main restricted universe multiverse
14
#deb-src http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse
15
EOF
16

17
# 清华源
18
tee > /etc/apt/sources.list << EOF
19
#deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
20
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
21
#deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
22
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
23
#deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
24
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
25
#deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
26
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
27
#deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
28
EOF
29

30
# 中科大源
31
tee > /etc/apt/sources.list << EOF
32
deb https://mirrors.ustc.edu.cn/ubuntu/ bionic main restricted universe multiverse
33
#deb-src https://mirrors.ustc.edu.cn/ubuntu/ bionic main restricted universe multiverse
34
deb https://mirrors.ustc.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
35
#deb-src https://mirrors.ustc.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
36
deb https://mirrors.ustc.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
37
#deb-src https://mirrors.ustc.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
38
deb https://mirrors.ustc.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
39
#deb-src https://mirrors.ustc.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
40
deb https://mirrors.ustc.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
41
#deb-src https://mirrors.ustc.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
42
EOF
43

44
# 网易源
45
tee > /etc/apt/sources.list << EOF
46
deb http://mirrors.163.com/ubuntu/ bionic main restricted universe multiverse
47
deb http://mirrors.163.com/ubuntu/ bionic-security main restricted universe multiverse
48
deb http://mirrors.163.com/ubuntu/ bionic-updates main restricted universe multiverse
49
deb http://mirrors.163.com/ubuntu/ bionic-proposed main restricted universe multiverse
50
deb http://mirrors.163.com/ubuntu/ bionic-backports main restricted universe multiverse
51
#deb-src http://mirrors.163.com/ubuntu/ bionic main restricted universe multiverse
52
#deb-src http://mirrors.163.com/ubuntu/ bionic-security main restricted universe multiverse
53
#deb-src http://mirrors.163.com/ubuntu/ bionic-updates main restricted universe multiverse
54
#deb-src http://mirrors.163.com/ubuntu/ bionic-proposed main restricted universe multiverse
55
#deb-src http://mirrors.163.com/ubuntu/ bionic-backports main restricted universe multiverse
56
EOF
57

58
apt update
59
# apt upgrade

备注：

“tee”可以替换成“cat”，有些操作系统可以用“tee”但是没有“cat”。

“>”表示覆写文件，“>>”表示在文件尾部添加。“tee”可以省略“>”来覆写，“cat”不能省略。

“deb”是指deb包目录；“deb-src”是源码目录，一般注释掉。

1.2.install docker#

官网

https://docs.docker.com/engine/install/ubuntu/

1
sudo apt-get install \
2
    apt-transport-https \
3
    ca-certificates \
4
    curl \
5
    gnupg-agent \
6
    software-properties-common
7

8

9
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
10

11

12
sudo add-apt-repository \
13
   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
14
   $(lsb_release -cs) \
15
   stable"
16

17

18
sudo apt-get update
19

20
sudo apt-get install docker-ce docker-ce-cli containerd.io

指定版本

1
apt-cache madison docker-ce
2
sudo apt-get install docker-ce=<VERSION_STRING> docker-ce-cli=<VERSION_STRING> containerd.io

1.3.docker source#

配置镜像加速器

https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors

1
sudo mkdir -p /etc/docker
2
sudo tee /etc/docker/daemon.json <<-'EOF'
3
{
4
  "registry-mirrors": ["https://aykfevb9.mirror.aliyuncs.com"],
5
  "insecure-registries":["https://10.22.224.66"]
6
}
7
EOF
8
sudo systemctl daemon-reload
9
sudo systemctl restart docker

1.4.postgresql#

docker hub

https://hub.docker.com/_/postgres

1
docker run -d \
2
  --name postgres \
3
  -p 5432:5432 -it -e POSTGRES_PASSWORD=password \
4
  postgres

备注：

“—rm”表示 Automatically remove the container when it exits。表示临时运行容器，和“-d”后台运行“冲突”。-“-rm”等价于当容器在前台运行，退出后执行了 docker rm -v

“-e”表示环境变量

“-i”表示以“交互模式”运行容器，让容器的标准输入保持打开

“-t”表示容器启动后会进入其命令行，让Docker分配一个伪终端（pseudo-tty）并绑定到容器的标准输入上

1
docker exec -it postgres bash
2
psql -U postgres
3

4
postgres=# create table test (id int primary key not null, value text not null);
5
CREATE TABLE
6
postgres=# insert into test values (1, 'value1');
7
INSERT 0 1
8
postgres=# select * from test;
9
 id | value
10
----+--------
11
  1 | value1
12
(1 row)
13

14
\q
15
exit

1.4.1.pgagent#

制作镜像

1
mkdir /dockerfile
2
tee > Dockerfile << EOF
3
FROM postgres
4
RUN apt-get update
5
RUN apt-get install -y pgagent
6
EOF
7
docker build -t pg-pgagent .

绑定插件

1
docker run --name mypgpgagent -e POSTGRES_PASSWORD=123456 -p 5432:5432 -d pg-pgagent
2

3
docker exec -it mypgpgagent /bin/bash
4
psql -U postgres
5
CREATE EXTENSION pgagent;
6
\q
7
/usr/bin/pgagent hostaddr=127.0.0.1 dbname=postgres user=postgres password=123456 -s ./pgagent.log
8
exit

在pgadmin中选择远程连接要执行定时任务的host, port, dbname, user, password,…

测试时pgagent.log中没有写入

1.4.2.pgadmin#

1
docker run -p 5050:80 \
2
  -e "PGADMIN_DEFAULT_EMAIL=user@domain.com" \
3
  -e "PGADMIN_DEFAULT_PASSWORD=SuperSecret" \
4
  -d dpage/pgadmin4

1.5.prometheus#

*可以在rancher中快速配置

“prometheus.yml”中定义了要监控的对象，以“job_name”进行分类。

1
vim /path/prometheus.yml
2

3
docker run  -d \
4
  --name prometheus \
5
  -p 9090:9090 \
6
  -v /path/prometheus.yml:/etc/prometheus/prometheus.yml  \
7
  prom/prometheus

备注：

“-p”表示端口映射，“:”左边的端口理解为目标端口，在这里是主机的端口；右边的端口是容器内 prometheus 程序暴露的端口。一般修改左边的端口，用以暴露服务。

“-v”表示挂载，“:”左边是本机路径；右边是容器内路径。

prometheus.yml 示例

1
scrape_configs:
2
  - job_name: prometheus
3
    static_configs:
4
      - targets: ['10.22.224.71:9090']
5

6
  - job_name: postgres_exporter
7
    static_configs:
8
      - targets: ['10.22.224.71:9187']
9

10
  - job_name: node_exporter
11
    static_configs:
12
      - targets: ['10.22.224.71:9100']

kubernetes_sd_config

https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config

使用容器运行 prometheus 不能动态刷新 prometheus.yml

—web.enable-lifecycle

https://prometheus.io/docs/prometheus/latest/management_api/

https://www.cnblogs.com/wurijie/p/11795711.html

kill -HUP pid

curl -X POST http://10.22.224.71:3001/-/reload

1.5.1.postgres_exporter#

官网

https://github.com/wrouesnel/postgres_exporter

1
docker run -d \
2
  --name postgres_exporter \
3
  -p 9187:9187 \
4
  -e DATA_SOURCE_NAME="postgresql://postgres:password@192.168.0.100:5432/postgres?sslmode=disable" \
5
  wrouesnel/postgres_exporter

1.5.2.node_exporter#

1
docker run -d \
2
  --name node_exporter \
3
  --net="host" \
4
  -p 9100:9100 \
5
  -v "/proc:/host/proc:ro" \
6
  -v "/sys:/host/sys:ro" \
7
  -v "/:/rootfs:ro" \
8
  prom/node-exporter

1.6.grafana#

*可以在rancher中快速配置

1
docker run -d \
2
  --name=grafana \
3
  -p 3000:3000 \
4
  grafana/grafana

默认用户名密码 admin/admin

1.6.1.alert - dingding#

钉钉开发文档

https://ding-doc.dingtalk.com/doc#/serverapi2/qf2nxq

仅在pc端dingding客户端上能创建webhook 在左上角处选择“机器人管理”—>“自定义”，“安全设置”选择“自定义关键词”，即包含该关键词才能发送报警，记住最终生成的webhook
grafana配置报警
1. 配置全局的dingding报警，输入webhook
2. 在具体的图表中配置报警选择已配置的dingding报警

1.6.2.dashboard template#

https://grafana.com/grafana/dashboards?orderBy=name&direction=asc

https://grafana.com/grafana/dashboards/11376

基于docker 搭建Prometheus+Grafana

https://www.cnblogs.com/xiao987334176/p/9930517.html

Grafana + Prometheus 监控PostgreSQL

https://www.cnblogs.com/ilifeilong/p/10543876.html

2.rancher#

官网

https://rancher.com/docs/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/

1
docker run -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher:stable

如果下载慢，可以换源

1
docker run -d --restart=unless-stopped -p 80:80 -p 443:443 registry.cn-hangzhou.aliyuncs.com/rancher/rancher:v2.4.2

在rancher中可以快速创建k8s集群，rancher会生成一段命令，把命令复制到目标节点就可以快速创建集群。

3.Kubernetes#

本地运行 k8s https://github.com/kubernetes/community/blob/master/contributors/devel/running-locally.md

3.1.prepare env#

port

1
vim /etc/ssh/sshd_config
2
service ssh restart
3
sudo reboot

hostname

1
hostnamectl set-hostname master01
2
sudo reboot

hosts

1
cat > /etc/hosts << EOF
2
10.22.243.114 master01
3
10.22.243.124 node01
4
10.22.243.125 node02
5
EOF

scp 分发

1
scp -P 5022 /etc/hosts root@node01:/etc/hosts

确认已经关闭 firewall, swap, selinux, iptables

3.2.docker#

见1.2

3.3.tools#

https://v1-16.docs.kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/

1
apt-get update && apt-get install -y apt-transport-https curl
2

3
sudo curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -
4

5
cat > /etc/apt/sources.list.d/kubernetes.list <<EOF
6
deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main
7
EOF
8

9
apt-get update && apt-get install -y kubelet kubeadm kubectl
10

11
apt-mark hold kubelet kubeadm kubectl

3.4.init cluster#

1
kubeadm init --apiserver-advertise-address 10.22.224.113 \
2
  --pod-network-cidr=10.244.0.0/16 \
3
  --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$ (id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.

Run “kubectl apply -f [podnetwork].yaml” with one of the options listed at:

https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 10.22.224.113:6443 —token peyc01.8mgmnj6k6zntq84s \

—discovery-token-ca-cert-hash sha256

1
mkdir -p $HOME/.kube
2
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
3
sudo chown $(id -u):$(id -g) $HOME/.kube/config

3.5.flannel#

https://v1-16.docs.kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/

https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml

1
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

flannel镜像下载慢可以在一个节点下载然后分发，见4.2

3.6.join cluster#

1
 kubeadm join 10.22.224.113:6443 --token peyc01.8mgmnj6k6zntq84s \
2
   --discovery-token-ca-cert-hash sha256:ff2b928d246d5fdd8c27c152ab013df5fd665bb13f01184d8fb498f3d50fb554

3.7.dashboard#

无证书dashboard火狐可以访问

1
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta5/aio/deploy/recommended.yaml
2
kubectl patch svc -n kubernetes-dashboard kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}'
3
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
4
kubectl get svc -n kubernetes-dashboard

有证书dashboard

https://github.com/kubernetes/dashboard/releases

https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc1/aio/deploy/recommended.yaml

1
mkdir keys
2
cd keys
3

4
# 创建空白证书
5
openssl genrsa -out ca.key 2048
6
openssl req -new -x509 -key ca.key -out ca.crt -days 3650 -subj "/C=CN/ST=HB/L=WH/O=DM/OU=YPT/CN=CA"
7

8
# 创建 dashboard 证书
9
(umask 077; openssl genrsa -out dashboard.key 2048)
10
openssl req -new -key dashboard.key  -out dashboard.csr -subj "/O=zhixin/CN=dashboard"
11
openssl  x509 -req -in dashboard.csr -CA ca.crt -CAkey ca.key  -CAcreateserial -out dashboard.crt -days 3650
12

13

14
kubectl create namespace kubernetes-dashboard
15

16
kubectl create secret generic kubernetes-dashboard-certs -n kubernetes-dashboard --from-file=dashboard.crt=./dashboard.crt  --from-file=dashboard.key=./dashboard.key
17
kubectl get secret -n kubernetes-dashboard |grep dashboard
18

19
kubectl create serviceaccount kubernetes-dashboard -n kubernetes-dashboard
20
kubectl get sa -n kubernetes-dashboard |grep kubernetes-dashboard
21

22
kubectl create clusterrolebinding kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:kubernetes-dashboard
23

24
kubectl get secret -n kubernetes-dashboard |grep dashboard
25
kubectl describe secret kubernetes-dashboard-token-tptw4 -n kubernetes-dashboard
26

27
kubectl apply -f recommended.yaml
28
kubectl get svc -n kubernetes-dashboard

删除dashboard

1
kubectl delete ns kubernetes-dashboard

3.8.helm#

https://helm.sh/docs/intro/install/

1
sudo snap install helm --classic
2
helm repo add stable https://kubernetes-charts.storage.googleapis.com/
3
# helm pull stable/stolon

3.9.stolon - helm#

https://hub.helm.sh/charts/stable/stolon

在rancher中提前配置好“storageClassName”和“PV”

1
helm pull stable/stolon
2

3
vim value.yaml
4
#########################
5
image:
6
  repository: sorintlab/stolon
7
  tag: v0.16.0-pg10
8

9
````````````````````````
10

11
persistence:
12
  enabled: true
13
  storageClassName: "local-storage-class"
14
  accessModes:
15
  - ReadWriteOnce
16
  size: 50Gi
17

18
````````````````````````
19

20
superuserUsername: "stolon"
21
superuserPassword: "admin163"
22
replicationUsername: "repluser"
23
replicationPassword: "admin163"
24
#############################
25

26
helm install -n stolon my-stolon ./stolon

备注：

stolon的“—dry-run”可以“simulate an install”生成yml文件

helm install xxx-release-name ./stolon —dry-run

appendix

手动生成“StorageClass”和“PersistentVolume”

1
---
2
kind: StorageClass
3
apiVersion: storage.k8s.io/v1
4
metadata:
5
  name: local-storage
6
provisioner: kubernetes.io/no-provisioner
7
volumeBindingMode: WaitForFirstConsumer
8
---
9
apiVersion: v1
10
kind: PersistentVolume
11
metadata:
12
  name: stolonpv1
13
spec:
14
  capacity:
15
    storage: 10Gi
16
  accessModes:
17
    - ReadWriteOnce
18
  persistentVolumeReclaimPolicy: Retain
19
  storageClassName: sc
20
  local:
21
    path: /stolon
22
  nodeAffinity:
23
    required:
24
      nodeSelectorTerms:
25
      - matchExpressions:
26
        - key: kubernetes.io/hostname
27
          operator: In
28
          values:
29
          - node01

*通过helm安装不需要手动同步？？？？？？？？？？？？？？？

待定，需要测试一下

*如果按照stolon的示例，仅使用yml文件部署，需要初始化stolon，否则数据库不会同步

https://github.com/sorintlab/stolon/tree/master/examples/kubernetes

1
kubectl exec -it release-name-stolon-keeper-0 -- /bin/bash
2
stolonctl  --cluster-name=release-name-stolon --store-backend=kubernetes --kube-resource-kind=configmap init

“—cluster-name”要去configmap里看一下，要对应上

stolon init 之后，pg的默认user，dbname和密码都重置了，重置为helm install时的配置，

数据的数据？

手动改掉pg的密码之后，stolon不能识别了！怎么办？

3.10 manage k8s#

windows
ubuntu

1
sudo curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -
2

3
cat > /etc/apt/sources.list.d/kubernetes.list <<EOF
4
deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main
5
EOF
6

7
apt-get update && apt-get install -y kubectl

4.command#

4.1.linux#

查看端口使用

netstat -ntpa

netstat -ntpl

高性能模式

apt-get install cpufrequtils

cpufreq-info

cpufreq-set -g performance

apt-get install sysfsutils

echo -e ‘devices/system/cpu/cpu0/cpufreq/scaling_governor = performance’ /etc/sysfs.conf

修改端口

vim /etc/ssh/sshd_config

service ssh restart

4.2.docker#

docker 运维笔记

https://www.cnblogs.com/kevingrace/p/5715326.html

进入容器

docker exec -it [ID] /bin/bash

查看容器完整 command

docker ps -a —no-trunc

停止删除所有容器

docker stop $(docker ps -aq)

docker rm $(docker ps -aq)

批量删除镜像

docker image rm $(docker image ls -a -q)

docker rmi $(docker image ls -a -q)

导出导入镜像

docker save -o flannel.tar quay.io/coreos/flannel.11.0-amd64

docker load < flannel.tar

修改容器为一直启动

docker container update —restart=always 容器名字

4.3.kubernetes#

kubectl scale —current-replicas=2 —replicas=3 statefulset/ironman-stolon-keeper -n njupt-stolon

kubectl scale —current-replicas=2 —replicas=3 -n njupt-stolon deployment ironman-stolon-proxy

kubectl patch svc -n njupt-stolon ironman-stolon-proxy -p ’{“spec”:{“type”:“NodePort”}}’

or https://www.jianshu.com/p/75af95641c91

kubectl expose deployment [xxxxxxxx] —type=NodePort

pv状态转换

kubectl edit pv pgv3

删去spec.clainRef

released—>available