Docker (5) docker集群管理

最新推荐文章于 2025-07-09 19:50:21 发布

原创最新推荐文章于 2025-07-09 19:50:21 发布 · 766 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#linux #docker

docker 专栏收录该内容

10 篇文章

订阅专栏

本文介绍如何利用Docker Swarm进行应用部署及管理，包括构建Harbor仓库、使用docker stack部署服务、实现灰度更新，并介绍了Portainer作为可视化管理工具的安装与使用。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

文章目录

构建habor仓库

1 下载
2 生成所需要的证书

[root@server1 docker]# pwd
/etc/docker
[root@server1 docker]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout reg.westos.org.key -x509 -days 365 -out reg.westos.org.crt
Generating a 4096 bit RSA private key
..............++
...........................................................++
writing new private key to 'reg.westos.org.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:ShannXi    
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:reg.westos.org
Email Address []:root@westos.org

3 修改habor.yml

hostname: reg.westos.org

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80

# https related config
https:
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
  certificate: /etc/docker/reg.westos.org.crt
  private_key: /etc/docker/reg.westos.org.key

# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433

# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: westos

# Harbor DB configuration
database:
  # The password for the root user of Harbor DB. Change this before any production use.
  password: westos

测试
在server1配置证书和认证

[root@server1 ~]# cd /etc/docker/
[root@server1 docker]# ls
daemon.json  key.json  reg.westos.org.crt  reg.westos.org.key
[root@server1 docker]# mkdir certs.d
[root@server1 docker]# mkdir certs.d/reg.westos.org
[root@server1 docker]# cp reg.westos.org.crt certs.d/reg.westos.org/ca.crt

此时server1 可以上传镜像

docker stack部署

docker stack 简介

基于 Docker Swarm 之上来完成应用的部署,面向大规模场景下的多服务部署和管理。

stack和compose区别：
Docker stack不支持“build”指令，它是需要镜像是预先已经构建好的，所以docker-compose更适合于开发场景；
Docker Compose是一个Python项目，使用Docker API规范来操作容器。
Docker Stack功能包含在Docker引擎中，是swarm mode的一部分。
Docker stack不支持基于第2版写的docker-compose.yml ，也就是version版本至少为3。然而Docker Compose对版本为2和3的文件仍然可以处理；
docker stack把docker compose的所有工作都做完了，因此docker stack将占主导地位。

[root@server1 compose]# cat docker-compose.yml 
version: '3'
services:
  web:
    image: nginx:latest
    ports:
      - "8000:80"
    volumes:
      - webdata:/usr/share/nginx/html
    networks:
      - webnet
    deploy:
      replicas: 6
      update_config:
        parallelism: 2
        delay: 2s
      restart_policy:
        condition: on-failure
      resources:
        limits:
          cpus: '0.50'
          memory: 50M
    
volumes:
  webdata:

networks:
  webnet:
[root@server1 compose]# cat vlz.yml 
version: '3'
services:
  vlz:
    image: dockersamples/visualizer
    ports:
      - "8080:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
    deploy:
      replicas: 1
      placement:
        constraints: [node.role == manager]

[root@server1 compose]# docker stack deploy -c docker-compose.yml web
Creating network web_webnet
Creating service web_web
[root@server1 compose]# docker service 
create    inspect   logs      ls        ps        rm        rollback  scale     update    
[root@server1 compose]# docker service ps web_web 
ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE            ERROR               PORTS
ivtc6msma7ov        web_web.1           nginx:latest        server1             Running             Running 2 seconds ago                        
uiz7rklazg1l        web_web.2           nginx:latest        server3             Running             Running 7 seconds ago                        
89jdfl0mjx8k        web_web.3           nginx:latest        server2             Running             Starting 3 seconds ago                       
slgqc68nup06        web_web.4           nginx:latest        server1             Running             Running 3 seconds ago                        
uz7i5695qyo8        web_web.5           nginx:latest        server3             Running             Running 7 seconds ago                        
k59ozqa1cjl8        web_web.6           nginx:latest        server2             Running             Starting 4 seconds ago                       
[root@server1 compose]# docker stack deploy -c vlz.yml vlz
Creating network vlz_default
Creating service vlz_vlz
[root@server1 compose]# docker service ps vlz_vlz
ID                  NAME                IMAGE                             NODE                DESIRED STATE       CURRENT STATE           ERROR               PORTS
uiplgaghgvdo        vlz_vlz.1           dockersamples/visualizer:latest   server1             Running             Starting 1 second ago

在这里插入图片描述

 zhq@Manjaro  ~  curl server1:8000       
server2
 zhq@Manjaro  ~  curl server1:8000
server2
 zhq@Manjaro  ~  curl server1:8000
server1
 zhq@Manjaro  ~  curl server1:8000
server1
 zhq@Manjaro  ~  curl server1:8000
server3
 zhq@Manjaro  ~  curl server1:8000
server3
 zhq@Manjaro  ~  curl server1:8000
server2
 zhq@Manjaro  ~  curl server1:8000
server2

可以看到是负载均衡的，但是只有节点之内是共享数据卷，如果要节点之间共享数据需要做nfs+convey

灰度更新

只需要把web 配置文件更改为：

version: '3'
services:
  web:
    image: httpd:latest
    ports:
      - "8000:80"
    #volumes:
    #  - webdata:/usr/share/nginx/html

执行：

[root@server1 compose]# docker stack deploy -c docker-compose.yml web
Updating service web_web (id: sibjtofa34e6mdbby9bslbbuh)

在这里插入图片描述

使用Portainer替代Visualizer

Portainer是Docker的图形化管理工具，提供状态显示面板、应用模板快速部署、容器镜像网络数据卷的基本操作（包括上传下载镜像，创建容器等操作）、事件日志显示、容器控制台操作、Swarm集群和服务等集中管理和操作、登录用户管理和控制等功能。功能十分全面，基本能满足中小型单位对容器管理的全部需求。

安装Portainer

下载运行文件

curl -L https://downloads.portainer.io/portainer-agent-stack.yml -o portainer-agent-stack.yml

安装这两个镜像

[root@server1 docker]# docker search portainer
NAME                                DESCRIPTION                                     STARS               OFFICIAL            AUTOMATED
portainer/portainer-ce                 Making Docker management easy. https://porta…   1974                                    
portainer/agent                     An agent used to manage all the resources in…   77

方便起见建立habor仓库

[root@server1 ~]# docker push reg.westos.org/portainer/agent:latest 
The push refers to repository [reg.westos.org/portainer/agent]
04f84617c77f: Pushed 
e11ec55ae395: Pushed 
0c72dcf9654a: Pushed 
dd4969f97241: Pushed 
latest: digest: sha256:8f994457bc32480bff351f0b1d371557238e69f5902037addfe76fa7bd930b9d size: 1153
[root@server1 ~]# docker push reg.westos.org/portainer/portainer-ce:latest 
The push refers to repository [reg.westos.org/portainer/portainer]
5c40d26fba08: Pushed 
dd4969f97241: Mounted from portainer/agent 
latest: digest: sha256:02c51e3116cddbeff35da5a968ce909fcb07ff1b9688faa2eaaa2c237e9f7548 size: 739

在这里插入图片描述 - 运行

[root@server1 compose]# docker stack  deploy -c portainer-agent-stack.yml portainer
Creating network portainer_agent_network
Creating service portainer_agent
Creating service portainer_portainer

在这里插入图片描述