1. Stand-alone operation of Docker
Container deployment is now in progress, most open source applications support vessel deployment
is often used docker cli docker-compose and manage a small machine at the scene, a "stand-alone management"
machine slightly more points will adopt the Docker Swarm cluster, after all k8s slightly heavier
if there are more machines under circumstances generally be applied k8s the way
individuals, startups, small teams of scene we tend to have a small amount of virtual machine servers on multiple clouds, home, vps, all running on these servers a docker example
, although we can also use the public network vpn, zerotier other ways to get through the various regions of the machine to form a network, so as to build a "cluster", but the reality is not so much bandwidth, which can not "load balancing", so the actual actual or used independently
restricted to the public network bandwidth is very small, only stand-alone
we have access to some of 4G mobile traffic this situation eDGE edge of the scene, the IoT is also running these instances Docker
then under these NAT network environments Docker instance, Docker instances under public IP environment, whether centralized management?
Certainly, it is very easy to use Portainer
2. Portainer management platform as an example of practical steps Docker
2.1 -Portainer server master installation master node
H and 7x24 is selected from a public IP address of the master node running Portainer server
docker run -d -p 8000:8000 -p 9000:9000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock -v /data/appdata/portainer:/data portainer/portainer9000 port for the web management interface port
port 8000 access ports for the Agent
This two-port public IP firewall must be released
Open a web browser management interface
HTTP: // Portainer Server host public network IP: 9000
First visit to set a password, you need to select the connected docker after setting a password
option and then click Connect Local first
to enter the Home menu, click on the Local access to other local docker instance management
Portainer official Installation Manual Reference
2.2 Configuring https nginx proxy (optional)
If you do not configure https can skip this section
http: // your public IP: 9000 Default no unsafe https
planning for a domain name such as https access https://portainer.iamle.com
with nginx as a reverse proxy access to http: // portainerip: 9000
the following is an example of the configuration nginx portainer (which contains the required websocket proxy)
# portainer.iamle.com.conf
map $http_upgrade $connection_upgrade {
default Upgrade;
'' close;
}
upstream portainer {
server 127.0.0.1:9000;
}
server {
listen 80;
server_name portainer.iamle.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name portainer.iamle.com;
ssl_certificate ssl/iamle.com.cer;
ssl_certificate_key ssl/iamle.com.key;
#ssl_session_cache shared:SSL:10m;
#ssl_session_timeout 10m;
#ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5:!EXPORT56:!EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Request-Id $request_id;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 60m;
proxy_send_timeout 60m;
proxy_http_version 1.1;
proxy_pass http://portainer;
break;
}
error_log /data/logs/portainer.iamle.com-error.log;
access_log /data/logs/portainer.iamle.com.log access;
}The master node 2.3 - NAT arranged in a client network Agent
We have already configured node having a management control Portainer public IP network
then it Docker instance the network (NAT, IoT), public cloud, vps like to run Access Control Node Manager
A picture is worth a thousand words, the official presentation drawing
the graph of this Portainer managed Agent 2 a network of
one of the Swarm is a cluster, the other is a stand-alone
Add a Edge Agent Server on Portainer
Endpoints menu "Add endpoint" Edge Agent
Name:为自定义
Portainer server URL:默认为当前Portainer server ip (如果用nginx配置了https可以使用https不加端口号)
》 Add endpoint
增加端点后出现
部署客户端agent 有2种选择 Standalone 和 Swarm
如果已经组过Swarm那么选Swarm,默认就是Standalone
先点击 “Copy command” 复制命令,在Agent客户端去执行
Public IP: 如果有可以设置,这样在以后部署了docker容器暴露的端口可以自动生成url
2.4 被管理节点-需要被管理的Docker实例客户端机
在被管理的客户端终端上执行(内网(NAT、IOT)、公网环境都可以,只要能连接上我们的Portainer server)
本例内网1台ip为 192.168.0.8的机器
docker run -d -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes -v /:/host --restart always -e EDGE=1 -e EDGE_ID=6ad0f1ff-6fea-4710-97e2-513ef1066fd8 -e CAP_HOST_MANAGEMENT=1 -p 8000:80 -v portainer_agent_data:/data --name portainer_edge_agent portainer/agent:1.5.1访问 http://192.168.0.8:8000(如果有公网ip用公网ip)
打开后会有个输入框
输入上一步获得的Join token
点击Submit 出现 Agent setup OK. You can close this page. 代表完成agent接入
回到 Portainer server管理界面等待上线
点击 iamle-lan-01 等待几秒钟
这样我们就可以管理多个docker实例了
3. 贴士
如果agent运行不起来,无限重启
需要根据docker logs portainer_edge_agent 获取到的错误信息排查, 官方github issue是个好去处
另外发现2019年10月19日16:55:01 pull 下来的portainer/agent:latest 也运行不起来 改为 portainer/agent:1.5.1正常Stacks粘贴docker-compose.yml进来后一直报version版本不对
目前只支持version 2 改为2即可
4. 参考
Portainer Edge Agent 官方发布
Portainer内网边缘节点配置说明书PDF
流水理鱼 发布!