Create a Swarm cluster
Initialize management node
[root@k8s-master ~]# docker swarm init --advertise-addr 192.168.192.133
Swarm initialized: current node (vy95txqo3pglh478e4qew1h28) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-2kte699k2ldtsyklop1mvcg1ioekinv2nzoop9g83fu8vsrnms-87073ncbef748kvt6raj1mliy 192.168.192.133:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
[root@k8s-master ~]#
Add working node
The firewalls of both the management node and the worker node must be turned off.
$ systemctl stpo firewalld
In the previous step, we initialized a Swarm
cluster and had a management node. Next, we continue to execute the following commands on the two Docker hosts to create working nodes and add them to the cluster.
[root@localhost ~]# docker swarm join --token SWMTKN-1-2kte699k2ldtsyklop1mvcg1ioekinv2nzoop9g83fu8vsrnms-87073ncbef748kvt6raj1mliy 192.168.192.133:2377
This node joined a swarm as a worker.
View cluster
After the above two steps, we already have a minimal Swarm
cluster, including a management node and a worker node.
Use it on the management node docker node ls
to view the cluster
[root@k8s-master ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
o1j5nc40q4nqdoc4pvu86jgtu * k8s-master Ready Active Leader 18.06.1-ce
nnt0btawjgep1vn6kfftnp17m localhost.localdomain Ready Active 18.06.1-ce
Deployment service
We use docker service
the command to manage Swarm
services in the cluster. This command can only be run on the management node.
Create new service
Swarm
Run a service called in the created cluster nginx
.
[root@k8s-master ~]# docker service create --replicas 3 -p 80:80 --name nginx nginx:1.13.7-alpine
hpdegwsvi05bscs97wjrmv2dw
overall progress: 3 out of 3 tasks
1/3: running [==================================================>]
2/3: running [==================================================>]
3/3: running [==================================================>]
verify: Service converged
View services
Use docker service ls
to view Swarm
the services currently running in the cluster.
[root@k8s-master ~]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
hpdegwsvi05b nginx replicated 3/3 nginx:1.13.7-alpine *:80->80/tcp
Use docker service ps
to view details about a service.
[root@k8s-master ~]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
hpdegwsvi05b nginx replicated 3/3 nginx:1.13.7-alpine *:80->80/tcp
[root@k8s-master ~]# docker service ps nginx
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
hhwngdta2dje nginx.1 nginx:1.13.7-alpine k8s-master Running Running about a minute ago
kk3viynpynr2 nginx.2 nginx:1.13.7-alpine k8s-master Running Running about a minute ago
u6ddmugvrbpx \_ nginx.2 nginx:1.13.7-alpine localhost.localdomain Shutdown Rejected about a minute ago "error creating external conne…"
ju8twz34e4pk \_ nginx.2 nginx:1.13.7-alpine localhost.localdomain Shutdown Rejected about a minute ago "error creating external conne…"
qcnqsj1oh0ap \_ nginx.2 nginx:1.13.7-alpine localhost.localdomain Shutdown Rejected 2 minutes ago "error creating external conne…"
7csr1tjsiefl \_ nginx.2 nginx:1.13.7-alpine localhost.localdomain Shutdown Failed 2 minutes ago "error creating external conne…"
w6py7p1i8vfp nginx.3 nginx:1.13.7-alpine k8s-master Running Running about a minute ago
u9o91wc94z64 \_ nginx.3 nginx:1.13.7-alpine localhost.localdomain Shutdown Rejected 3 minutes ago "error creating external conne…"
Use docker service logs
to view the logs of a service
[root@k8s-master ~]# docker service logs nginx
nginx.1.hhwngdta2dje@k8s-master | 10.255.0.2 - - [14/Aug/2023:06:01:37 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36" "-"
nginx.1.hhwngdta2dje@k8s-master | 2023/08/14 06:01:37 [error] 6#6: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 10.255.0.2, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.192.133", referrer: "http://192.168.192.133/"
nginx.1.hhwngdta2dje@k8s-master | 10.255.0.2 - - [14/Aug/2023:06:01:37 +0000] "GET /favicon.ico HTTP/1.1" 404 571 "http://192.168.192.133/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36" "-"
[root@k8s-master ~]#
Service scaling
We can docker service scale
scale the number of containers a service runs using.
When business is at its peak, we need to scale the number of containers the service runs on.
$ docker service scale nginx=5
When business is stable, we need to reduce the number of containers the service runs.
$ docker service scale nginx=2
Delete service
Use docker service rm
to remove a service from Swarm
the cluster.
$ docker service rm nginx
Use compose files
Just as you used to docker-compose.yml
configure and start multiple containers at once, you can also use files ( ) to configure and start multiple services Swarm
in the cluster .compose
docker-compose.yml
Swarm
Deploying in a cluster is WordPress
used as an example to illustrate.
version: "3"
services:
wordpress:
image: wordpress
ports:
- 80:80
networks:
- overlay
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
deploy:
mode: replicated
replicas: 3
db:
image: mysql
networks:
- overlay
volumes:
- db-data:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
deploy:
placement:
constraints: [node.role == manager]
visualizer:
image: dockersamples/visualizer:stable
ports:
- "8080:8080"
stop_grace_period: 1m30s
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
deploy:
placement:
constraints: [node.role == manager]
volumes:
db-data:
networks:
overlay:
Create this file in Swarm
the cluster management node. The service in it visualizer
provides a visual page. We can intuitively view the running nodes of each service in the cluster from the browser.
Deployment service
Used by the deployment service docker stack deploy
, where -c
the parameter specifies the compose file name.
[root@k8s-master ~]# docker stack deploy -c docker-compose.yml wordpress
Creating network wordpress_overlay
Creating network wordpress_default
Creating service wordpress_wordpress
Creating service wordpress_db
Creating service wordpress_visualizer
[root@k8s-master ~]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
i3pmffagn5kj wordpress_db replicated 0/1 mysql:latest
arf56or4vgye wordpress_visualizer replicated 0/1 dockersamples/visualizer:stable *:8080->8080/tcp
ybl36pyvr14n wordpress_wordpress replicated 0/3 wordpress:latest *:80->80/tcp
Delete service
[root@k8s-master ~]# docker stack rm stop wordpress
Nothing found in stack: stop
Removing service wordpress_mysql
Removing service wordpress_web
Removing network wordpress_my-network
Manage keys
On dynamic, large-scale distributed clusters, managing and distributing 密码
sensitive 证书
information such as Traditional key distribution methods (such as placing keys in images, setting environment variables, dynamically mounting volumes, etc.) have potential huge security risks.
Docker currently provides secrets
management functions. Users can securely manage sensitive data such as passwords and key certificates in Swarm clusters, and allow shared access to specified sensitive data among multiple Docker container instances.
Note:
secret
Can also beDocker Compose
used in .
We can use docker secret
commands to manage sensitive information. Next, we introduce the use of this command in the Swarm cluster created in the above chapter.
mysql
Here we take deploying and services in the Swarm cluster wordpress
as an example.
Create secret
We use docker secret create
the command to create it in the form of a pipe charactersecret
[root@k8s-master ~]# openssl rand -base64 20 | docker secret create mysql_password -
pq1yxd5ztpcpu5ygucnintlsw
[root@k8s-master ~]# openssl rand -base64 20 | docker secret create mysql_root_password -
o1cazb12n97hpeyv5yfeg40hr
View secret
Use docker secret ls
the command to viewsecret
[root@k8s-master ~]# docker secret ls
ID NAME DRIVER CREATED UPDATED
pq1yxd5ztpcpu5ygucnintlsw mysql_password 35 seconds ago 35 seconds ago
o1cazb12n97hpeyv5yfeg40hr mysql_root_password 28 seconds ago 28 seconds ago
Create MySQL service
$ docker network create -d overlay mysql_private
$ docker service create \
--name mysql \
--replicas 1 \
--network mysql_private \
--mount type=volume,source=mydata,destination=/var/lib/mysql \
--secret source=mysql_root_password,target=mysql_root_password \
--secret source=mysql_password,target=mysql_password \
-e MYSQL_ROOT_PASSWORD_FILE="/run/secrets/mysql_root_password" \
-e MYSQL_PASSWORD_FILE="/run/secrets/mysql_password" \
-e MYSQL_USER="wordpress" \
-e MYSQL_DATABASE="wordpress" \
mysql:latest
If you do not target
explicitly specify a path in , it will be mounted to the container's directory secret
through the file system by default .tmpfs
/run/secrets
$ docker service create \
--name wordpress \
--replicas 1 \
--network mysql_private \
--publish target=30000,port=80 \
--mount type=volume,source=wpdata,destination=/var/www/html \
--secret source=mysql_password,target=wp_db_password,mode=0444 \
-e WORDPRESS_DB_USER="wordpress" \
-e WORDPRESS_DB_PASSWORD_FILE="/run/secrets/wp_db_password" \
-e WORDPRESS_DB_HOST="mysql:3306" \
-e WORDPRESS_DB_NAME="wordpress" \
wordpress:latest
Manage configuration information
On dynamic, large-scale distributed clusters, managing and distributing configuration files is also an important task. Traditional configuration file distribution methods (such as placing configuration files into images, setting environment variables, dynamic mounting of volumes, etc.) all reduce the versatility of images.
In Docker 17.06 and above, Docker has added docker config
a new subcommand to manage configuration information in the cluster. In the future, you can configure services without putting the configuration file into the image or mounting it into the container.
Note:
config
Can only be used in Swarm clusters.
Here we take deploying services in a Swarm cluster redis
as an example.
Create config
New redis.conf
file
port 6380
This item configures the Redis listening 6380
port
We use docker config create
the command to createconfig
[root@k8s-master ~]# docker config create redis.conf redis.conf
wjchg6thkm76p7rknrskkd751
View config
Use docker config ls
the command to viewconfig
[root@k8s-master ~]# docker config ls
ID NAME CREATED UPDATED
wjchg6thkm76p7rknrskkd751 redis.conf 27 seconds ago 27 seconds ago
Create redis service
$ docker service create \
--name redis \
# --config source=redis.conf,target=/etc/redis.conf \
--config redis.conf \
-p 6379:6380 \
redis:latest \
redis-server /redis.conf
If you do not target
explicitly specify a path in , the default is to mount the container redis.conf
using the file system .tmpfs
/config.conf
After testing, redis can be used normally.
In the past, when we configured Redis by listening to the host directory, we needed to place this file on each node of the cluster. If we use to docker config
manage the configuration information of the service, we only need to create it on the management node in the cluster config
. When deploying the service, the cluster will automatically The configuration file is distributed to each node running the service, which greatly reduces the difficulty of managing and distributing configuration information.
rolling upgrade
Now we want to NGINX
upgrade the version to 1.13.12
, so how to upgrade the service in Swarm mode?
You may think that if you stop the original service first and then deploy a service using a new image, wouldn't you complete the "upgrade" of the service?
The disadvantages of this are obvious. If there is a problem with the newly deployed service, it will be difficult to restore the original service after it is deleted. So how to perform a rolling upgrade of the service in Swarm mode?
The answer is to use docker service update
the command
[root@k8s-master ~]# docker service update --image nginx:1.13.12-alpine nginx
[root@k8s-master ~]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
068en74dtckx mysql replicated 0/1 mysql:5.7
w352biyrmaw6 nginx replicated 3/3 nginx:1.13.12-alpine *:80->80/tcp
v2d11uspjz68 redis replicated 1/1 redis:latest *:6379->6380/tcp
Service rollback
Now suppose we find that there are some problems nginx
when the service image is upgraded to . We can use the command to roll back with one click.nginx:1.13.12-alpine
[root@k8s-master ~]# docker service rollback nginx
nginx
[root@k8s-master ~]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
068en74dtckx mysql replicated 0/1 mysql:5.7
w352biyrmaw6 nginx replicated 2/3 nginx:1.13.7-alpine *:80->80/tcp
v2d11uspjz68 redis replicated 1/1 redis:latest *:6379->6380/tcp