Skip to main content

8 posts tagged with "docker"

View All Tags

· One min read
FROM python:3.10.0-slim

RUN sed -i 's/deb.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list \
&& sed -i 's/security.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list

RUN mkdir ~/.pip \
&& echo '[global]\n \
trusted-host=mirrors.aliyun.com\n \
index-url=https://mirrors.aliyun.com/pypi/simple\n \
' > ~/.pip/pip.conf

RUN apt-get update -y \
&& apt-get install -y gcc curl \
&& apt-get install -y --no-install-recommends vim tree \
&& rm -rf /var/lib/apt/lists/*


RUN curl -s -L -o ~/rocketmq-client-cpp-2.0.0.amd64.deb \
'https://github.com.cnpmjs.org/apache/rocketmq-client-cpp/releases/download/2.0.0/rocketmq-client-cpp-2.0.0.amd64.deb' \
&& dpkg -i ~/rocketmq-client-cpp-2.0.0.amd64.deb \
&& rm -f ~/rocketmq-client-cpp-2.0.0.amd64.deb

ADD https://gfdcc-production-profile.oss-cn-shanghai.aliyuncs.com/profile/fonts/SourceHanSansCN-Normal.ttf /root/.fonts/
ADD https://gfdcc-production-profile.oss-cn-shanghai.aliyuncs.com/profile/fonts/SourceHanSansCN-Bold.ttf /root/.fonts/

RUN pip install --no-cache-dir --default-timeout=600 gunicorn==20.1.0 numpy==1.21.4 CPython

WORKDIR /www/backend-gim

COPY src/backend/requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# todo
#RUN apt-get -y --purge remove vim vim-runtime vim-common xxd cpp-8
#RUN apt-get autoremove -y

CMD ["gunicorn", "run:app", "-c", "./gunicorn.conf.py"]

# docker build -f __cicd__/gimc.rt.Dockerfile -t registry.cn-shanghai.aliyuncs.com/digital-web/gimc-rt:20211203-1148 .

· One min read

k3s

Lightweight Kubernetes

# start
k3s server --docker --no-deploy=traefik

# systemd /etc/systemd/system/k3s.service
journalctl -u k3s -f # 日志

config

cd /var/lib/rancher/k3s/server/manifests
/etc/rancher/k3s/k3s.yaml

install

curl -sfL https://get.k3s.io | sh -
# images
wget https://github.com/rancher/k3s/releases/download/v1.0.0/k3s-airgap-images-amd64.tar
docker load --input k3s-airgap-images-amd64.tar

# download k3s bin
wget https://github.com/rancher/k3s/releases/download/v1.17.4%2Bk3s1/k3s
cp k3s /usr/local/bin/
chmod 777 /usr/local/bin/k3s
curl -sfL https://get.k3s.io > ~/a.sh

# reinstall
cp /usr/local/bin/k3s ~/k3s
cp ~/k3s /usr/local/bin/k3s
INSTALL_K3S_SKIP_DOWNLOAD=true sh a.sh server --docker --no-deploy=traefik
[INFO]  Finding latest release
[INFO] Using v1.0.0 as release
[INFO] Downloading hash https://github.com/rancher/k3s/releases/download/v1.0.0/sha256sum-amd64.txt
[INFO] Downloading binary https://github.com/rancher/k3s/releases/download/v1.0.0/k3s
[INFO] Verifying binary download
[INFO] Installing k3s to /usr/local/bin/k3s
which: no kubectl in (/root/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
[INFO] Creating /usr/local/bin/kubectl symlink to k3s
which: no crictl in (/root/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
[INFO] Creating /usr/local/bin/crictl symlink to k3s
which: no ctr in (/root/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
[INFO] Creating /usr/local/bin/ctr symlink to k3s
[INFO] Creating killall script /usr/local/bin/k3s-killall.sh
[INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh
[INFO] env: Creating environment file /etc/systemd/system/k3s.service.env
[INFO] systemd: Creating service file /etc/systemd/system/k3s.service
[INFO] systemd: Enabling k3s unit
Created symlink from /etc/systemd/system/multi-user.target.wants/k3s.service to /etc/systemd/system/k3s.service.
[INFO] systemd: Starting k3s

· One min read

auth api

# cd /var/run/secrets/kubernetes.io/serviceaccount 默认token目录
CA_CERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)

curl --cacert $CA_CERT -H "Authorization: Bearer $TOKEN" "https://10.10.18.158:6443/api/v1/namespaces/$NAMESPACE/services/"
# 失败 需要 bind role
k get clusterroles
k -nccm-perf create rolebinding my-view --serviceaccount=ccm-perf:default --clusterrole=view
k -nccm-perf create rolebinding my-view --serviceaccount=ccm-perf:default --clusterrole=admin
k get rolebinding

log app

/var/lib/docker/containers/{}/{}-json.log
/var/lib/kubelet/pods/{}/volumes/kubernetes.io~empty-dir/log

ingress gzip

# configmap nginx-configuration add
use-gzip: true

ingress limit

kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/limit-rpm: "1000"
nginx.ingress.kubernetes.io/limit-burst-multiplier: "1"

pvc

volumes:
- name: mypd
persistentVolumeClaim:
claimName: pvc-oss-test
volumeMounts:
- name: mypd
mountPath: "/pvvv-test"

helm

## install
wget https://get.helm.sh/helm-v2.16.0-linux-amd64.tar.gz
tar -zxvf helm-v2.16.0-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/

## helm init
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
helm init --service-account tiller --upgrade
helm install stable/redis --name redis

· 2 min read

kubectl

export KUBECONFIG=~/Desktop/www/work-book/env/sandbox/1_kubernetes/kubeconfig

kubectl get pod -A

kubectl run hello-minikube --image=zx5435/go-fs:v1 --port=8080

kubectl delete -n default deployment hello-minikube

kubectl logs -f pod-gim-uat-app-2
kubectl logs --tail=50 -f pod-gim-uat-app-2

install

curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.16.0/bin/windows/amd64/kubectl.exe

config

namespace

kubectl config set-context --current --namespace=$(basename $PWD)
kubectl config set-context --current --namespace=ccm-perf
kubectl config set-context $(kubectl config current-context) --namespace=ccm-perf

run

kubectl run hello-minikube --image=zx5435/go-fs:v1 --port=8080

delete 批量

kubectl -nccm-uat get pod --field-selector=status.phase!=Running
kubectl -nccm-uat get pod --field-selector=status.phase==Failed

port-forward

# outside:inside 左外右内
kubectl -nzx5435 port-forward --address 0.0.0.0 service/air-ticket 7777:80

kubectl -nzx5435 expose deployment air-ticket --type=LoadBalancer --name=my-service

configmap

kubectl -nccm-perf create configmap mq-conf --from-file=activemq

kustomize

kubectl builtins

# kustomization.yaml
# k apply -k config/
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generatorOptions:
# disableNameSuffixHash: true
labels:
type: generated
annotations:
note: generated
configMapGenerator:
- name: gim-fs
files:
- pii.yml
- activemq.xml
- broker.ks
- name: ept-env
literals:
- ACTIVEMQ_PASSWORD=admin

install

# install
curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash

kustomize build | kubectl apply -f -

config tpl

# kustomization.yaml
namespace: gimc-prod
generatorOptions:
# disableNameSuffixHash: true
labels:
type: generated
annotations:
note: generated
configMapGenerator:
- name: gimc-cfgs
files:
- pii.yml
- name: ept-env
literals:
- MYSQL_DB_NAME=gimc-prod
secretGenerator:
- name: gimc-https
files:
- tls.key
- tls.crt

· 2 min read

infrastructure

portainer 管理

docker run -d --restart=unless-stopped --name portainer -p 1234:9000 -v "/var/run/docker.sock:/var/run/docker.sock" portainer/portainer-ce:2.6.0
docker run -d --restart=unless-stopped --name portainer -p 1234:9000 -v "/var/run/docker.sock:/var/run/docker.sock" portainer/portainer:1.23.2
# //./pipe/docker_engine
# "hosts": ["tcp://0.0.0.0:2375"]
server {
listen 80;
charset utf-8;
server_name uat.docker.manager;
location / {
proxy_pass http://127.0.0.1:1234;

proxy_http_version 1.1;
proxy_set_header Connection "";

proxy_set_header Host $host;
proxy_set_header Scheme $scheme;
}
}

registry

DOCKER_OPTS="--insecure-registry 192.168.1.19:5000"
docker run -d -p 5000:5000 --restart=always --name registry registry:2.6.2

docker push 192.168.199.115:5000/r1
docker rmi 192.168.199.115:5000/r1
docker pull 192.168.199.115:5000/r1

# /var/lib/registry/docker/registry/v2 # tree -L 4

cadvisor

sudo docker run \
--volume=/:/rootfs:ro \
--volume=/var/run:/var/run:rw \
--volume=/sys:/sys:ro \
--volume=/var/lib/docker/:/var/lib/docker:ro \
--volume=/dev/disk/:/dev/disk:ro \
--publish=2345:8080 \
--detach=true \
--name=cadvisor \
google/cadvisor:v0.28.3

db

mysql

docker run --restart=unless-stopped --name mysql-1 -it -d \
-v "$PWD":/var/lib/mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=password -e TZ=Asia/Shanghai mysql:8.0.15 \
--character-set-server=utf8mb4 --collation-server=utf8mb4_general_ci
# --character-set-server=utf8 --collation-server=utf8_general_ci

redis

docker run --restart=unless-stopped --name redis-1 -d -p 6379:6379 redis:6.0.3-alpine
docker run --restart=unless-stopped --name redis-1 -d -p 6379:6379 redis:3.2.9-alpine
docker run --name some-redis -d redis:alpine
docker run -it --link some-redis:redis --rm redis:alpine redis-cli -h 139.196.14.14 -p 6379

docker run --restart=unless-stopped -v "$PWD/redis.conf":/usr/local/etc/redis/redis.conf -v "$PWD":/data --name redis-2 -d -p 6379:6379 redis:3.2.9-alpine redis-server /usr/local/etc/redis/redis.conf

redis-server --requirepass 12345

mongodb

docker run --restart=unless-stopped --name mongo-1 -d -p 27017:27017 -v "$PWD":/etc/mongo mongo:3.6.4
# 常用命令
show dbs # 全部db
use test # 进database
db # 查看当前database
db.stats(); # 显示当前db状态
db.dropDatabase(); #删除当前使用数据库

# user
show users; # 显示当前所有用户
db.createUser({user:"ynh-test",pwd:"ynh-test",roles:[{role:"userAdmin",db:"ynh-test"}]}); # 创建用户
db.removeUser("userName"); # 删除用户

db.tb_test.insert({"_id":"520","name":"xiaoming"})
db.tb_test.find();

phpmyadmin

docker run --restart=unless-stopped --name pmd -d -p 33060:80 phpmyadmin/phpmyadmin:4.7
-e PMA_HOST=139.196.14.10
vi /etc/phpmyadmin/config.user.inc.php
supervisorctl restart all

other

zentao 禅道

docker run -d -p 8880:80 \
-e USER="root" -e PASSWD="password" \
-e BIND_ADDRESS="false" \
-e SMTP_HOST="163.177.90.125 smtp.exmail.qq.com" \
-v "$PWD":/opt/zbox/ \
--name zentao-server \
idoop/zentao:latest

· One min read

docker-compose

docker-compose ps

docker-compose logs --tail=100 -f
docker-compose logs --tail=100 -f svc-web

docker-compose restart svc-web

install

# https://docs.docker.com/compose/install/#install-compose
yum install -y docker-compose
sudo curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose --version

tpl

java + redis + influxdb

version: "3"

services:

svc-web:
image: ghcr.io/wolanx/iothub-echo
ports:
- 1883:1883
- 18830:8080
entrypoint: java -cp /app/resources:/app/classes:/app/libs/* com.wolanx.echo.iothub.IotHubApplication
volumes:
- .:/root
environment:
- TZ=utc-8
- JVM=-XX:+UseContainerSupport
- REDIS_HOST=svc-redis
- INFLUXDB_HOST=svc-influxdb
networks:
- mynet

svc-redis:
image: redis:6.0.3-alpine
ports:
- 6379:6379
networks:
- mynet

svc-influxdb:
image: influxdb:1.7.11
ports:
- 8086:8086
environment:
- TZ=utc-8
- INFLUXDB_ADMIN_USER=root
- INFLUXDB_ADMIN_PASSWORD=root
- INFLUXDB_DB=iothub
- INFLUXDB_HTTP_ENABLED=true
- INFLUXDB_HTTP_AUTH_ENABLED=true
networks:
- mynet

networks:
mynet:

loki + grafana

version: "3"

services:

svc-loki:
image: grafana/loki:2.4.0
ports:
- "3100:3100"
- "9095:9095"
command: -config.file=/etc/loki/local-config.yaml
networks:
- loki

svc-grafana:
image: grafana/grafana:latest
ports:
- "3000:3000"
networks:
- loki

networks:
loki:

· 2 min read

doc

install

centos

sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum list docker-ce --showduplicates | sort -r
sudo yum install -y docker-ce

debian

# Debian Bullseye 11 (stable)
# Debian Buster 10 (oldstable)
# https://docs.docker.com/engine/install/debian/
apt-get install ca-certificates curl gnupg lsb-release
mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update
apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin

开机启动

systemctl status docker
systemctl enable docker

service docker restart
kill -SIGHUP $(pidof dockerd)

config

cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors": [
"https://registry.docker-cn.com"
],
"log-opts": {"max-size": "500m", "max-file": "2"}
}
EOF
{
"debug": true,
"registry-mirrors": [
"https://registry.docker-cn.com"
],
"log-driver": "loki",
"log-opts": {
"max-size": "500m",
"max-file": "2",
"loki-url": "http://192.168.2.238:3100/loki/api/v1/push"
}
}

root

docker exec -it --user=root 114 sh

timezone 时区问题

# docker-compose.yml
environment:
- TZ=utc-8

# k8s.yml
env:
- name: TZ
value: "utc-8"

# dpkg-reconfigure -f noninteractive tzdata
apk add tzdata --no-cache \
&& ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
&& echo "Asia/Shanghai" > /etc/timezone

ops - maintain

log

# 查看log大小
docker ps -q | xargs docker inspect --format="{{.LogPath}}" | xargs ls -lh

# nginx forward
RUN ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log

prune

docker system prune -f

docker container prune -a --filter "until=72h"
docker volume prune --filter "label!=keep"
docker network prune --filter "until=24h"

docker image prune
docker image prune --filter "dangling=true"
docker image prune -a --filter "until=72h"
docker rmi $(docker images | grep "gimc-code" | tail -n +20 | awk '{print $3}')

image proxy

echo $CR_PAT | docker login ghcr.io -u zx5435 --password-stdin
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.16.0
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.16.0 gcr.io/kubernetes-helm/tiller:v2.16.0

network

  • iptables -t nat -L DOCKER -n --line-numbers
  • iptables -nL -t nat

tools

ctop - container-top

# https://github.com/bcicen/ctop
sudo wget https://github.com/bcicen/ctop/releases/download/v0.7.7/ctop-0.7.7-linux-amd64 -O /usr/local/bin/ctop
sudo chmod +x /usr/local/bin/ctop

· 2 min read

2019-04-04 zst php:7.1.11

docker pull zx5435/php:7.1.10

All version is small about 100mb, quick to download and running fast. They are cover my work in everywhere, you can try it. include:

  • mysql
  • postgres
  • redis
  • mongo
  • apcu
  • gd
  • xdebug
  • bcmath
  • zip
FROM php:7.1.11-fpm-alpine

RUN apk add --no-cache freetype libpng libjpeg-turbo freetype-dev libpng-dev libjpeg-turbo-dev \
&& apk add --no-cache --virtual .build-deps autoconf g++ libssh2 openssl openssl-dev make pcre-dev tree curl \
&& apk add --no-cache postgresql-dev \
&& docker-php-ext-configure gd \
--with-gd \
--with-freetype-dir=/usr/include/ \
--with-png-dir=/usr/include/ \
--with-jpeg-dir=/usr/include/ \
&& pecl install mongodb-1.5.2 redis apcu xdebug \
&& docker-php-ext-enable mongodb redis apcu xdebug \
&& docker-php-ext-install gd pdo_mysql opcache bcmath pgsql pdo_pgsql zip sockets \
&& apk del .build-deps \
&& pecl clear-cache \
&& docker-php-source delete

RUN curl https://getcomposer.org/composer.phar -o /usr/local/bin/composer \
&& chmod +x /usr/local/bin/composer \
&& mkdir -p /var/runtime && chmod -R 777 /var/runtime \
&& alias ll='ls -l'

# COPY __cicd__/php/php.ini /usr/local/etc/php/
# COPY __cicd__/php/www.conf /usr/local/etc/php-fpm.d/
# docker build -f Dockerfile.php -t zx5435/php:7.1.11 .

2019-03-07 amqp error

librabbitmq
pecl install amqp
composer config -g repo.packagist composer https://packagist.phpcomposer.com

2018-10-09 bitdata php:7.1.10

FROM php:7.1.10-fpm-alpine

RUN apk add --no-cache freetype libpng libjpeg-turbo freetype-dev libpng-dev libjpeg-turbo-dev \
&& apk add --no-cache --virtual .build-deps autoconf g++ libssh2 openssl openssl-dev make pcre-dev \
&& apk add --no-cache postgresql-dev \
&& docker-php-ext-configure gd \
--with-gd \
--with-freetype-dir=/usr/include/ \
--with-png-dir=/usr/include/ \
--with-jpeg-dir=/usr/include/ \
&& pecl install mongodb-1.5.2 redis apcu xdebug \
&& docker-php-ext-enable mongodb redis apcu xdebug \
&& docker-php-ext-install gd pdo_mysql opcache bcmath pgsql pdo_pgsql zip \
&& apk del .build-deps \
&& pecl clear-cache \
&& docker-php-source delete

RUN curl https://getcomposer.org/composer.phar -o /usr/local/bin/composer \
&& chmod +x /usr/local/bin/composer \
&& mkdir -p /var/runtime && chmod -R 777 /var/runtime

# COPY __cicd__/php/php.ini /usr/local/etc/php/
# COPY __cicd__/php/www.conf /usr/local/etc/php-fpm.d/
# docker build -f __cicd__/php/Dockerfile.runtime -t zx5435/php:7.1.10 .