8 posts tagged with "docker"

python Dockerfile

February 11, 2022 · One min read

FROM python:3.10.0-slim

RUN sed -i 's/deb.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list \
    && sed -i 's/security.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list

RUN mkdir ~/.pip \
    && echo '[global]\n \
trusted-host=mirrors.aliyun.com\n \
index-url=https://mirrors.aliyun.com/pypi/simple\n \
' > ~/.pip/pip.conf

RUN apt-get update -y \
    && apt-get install -y gcc curl \
    && apt-get install -y --no-install-recommends vim tree \
    && rm -rf /var/lib/apt/lists/*


RUN curl -s -L -o ~/rocketmq-client-cpp-2.0.0.amd64.deb \
    'https://github.com.cnpmjs.org/apache/rocketmq-client-cpp/releases/download/2.0.0/rocketmq-client-cpp-2.0.0.amd64.deb' \
    && dpkg -i ~/rocketmq-client-cpp-2.0.0.amd64.deb \
    && rm -f ~/rocketmq-client-cpp-2.0.0.amd64.deb

ADD https://gfdcc-production-profile.oss-cn-shanghai.aliyuncs.com/profile/fonts/SourceHanSansCN-Normal.ttf /root/.fonts/
ADD https://gfdcc-production-profile.oss-cn-shanghai.aliyuncs.com/profile/fonts/SourceHanSansCN-Bold.ttf /root/.fonts/

RUN pip install --no-cache-dir --default-timeout=600 gunicorn==20.1.0 numpy==1.21.4 CPython

WORKDIR /www/backend-gim

COPY src/backend/requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# todo
#RUN apt-get -y --purge remove vim vim-runtime vim-common xxd cpp-8
#RUN apt-get autoremove -y

CMD ["gunicorn", "run:app", "-c", "./gunicorn.conf.py"]

# docker build -f __cicd__/gimc.rt.Dockerfile -t registry.cn-shanghai.aliyuncs.com/digital-web/gimc-rt:20211203-1148 .

k3s

December 16, 2019 · One min read

k3s

Lightweight Kubernetes

# start
k3s server --docker --no-deploy=traefik

# systemd /etc/systemd/system/k3s.service
journalctl -u k3s -f # 日志

config

cd /var/lib/rancher/k3s/server/manifests
/etc/rancher/k3s/k3s.yaml

install

curl -sfL https://get.k3s.io | sh -
# images
wget https://github.com/rancher/k3s/releases/download/v1.0.0/k3s-airgap-images-amd64.tar
docker load --input k3s-airgap-images-amd64.tar

# download k3s bin
wget https://github.com/rancher/k3s/releases/download/v1.17.4%2Bk3s1/k3s
cp k3s /usr/local/bin/
chmod 777 /usr/local/bin/k3s
curl -sfL https://get.k3s.io > ~/a.sh

# reinstall
cp /usr/local/bin/k3s ~/k3s
cp ~/k3s /usr/local/bin/k3s
INSTALL_K3S_SKIP_DOWNLOAD=true sh a.sh server --docker --no-deploy=traefik

[INFO]  Finding latest release
[INFO]  Using v1.0.0 as release
[INFO]  Downloading hash https://github.com/rancher/k3s/releases/download/v1.0.0/sha256sum-amd64.txt
[INFO]  Downloading binary https://github.com/rancher/k3s/releases/download/v1.0.0/k3s
[INFO]  Verifying binary download
[INFO]  Installing k3s to /usr/local/bin/k3s
which: no kubectl in (/root/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
[INFO]  Creating /usr/local/bin/kubectl symlink to k3s
which: no crictl in (/root/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
[INFO]  Creating /usr/local/bin/crictl symlink to k3s
which: no ctr in (/root/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
[INFO]  Creating /usr/local/bin/ctr symlink to k3s
[INFO]  Creating killall script /usr/local/bin/k3s-killall.sh
[INFO]  Creating uninstall script /usr/local/bin/k3s-uninstall.sh
[INFO]  env: Creating environment file /etc/systemd/system/k3s.service.env
[INFO]  systemd: Creating service file /etc/systemd/system/k3s.service
[INFO]  systemd: Enabling k3s unit
Created symlink from /etc/systemd/system/multi-user.target.wants/k3s.service to /etc/systemd/system/k3s.service.
[INFO]  systemd: Starting k3s

k8s

October 10, 2019 · One min read

auth api

# cd /var/run/secrets/kubernetes.io/serviceaccount 默认token目录
CA_CERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)

curl --cacert $CA_CERT -H "Authorization: Bearer $TOKEN" "https://10.10.18.158:6443/api/v1/namespaces/$NAMESPACE/services/"
# 失败 需要 bind role
k get clusterroles
k -nccm-perf create rolebinding my-view --serviceaccount=ccm-perf:default --clusterrole=view
k -nccm-perf create rolebinding my-view --serviceaccount=ccm-perf:default --clusterrole=admin
k get rolebinding

log app

基于 Golang 的云原生日志采集服务设计与实践 https://mp.weixin.qq.com/s/3sCyWg-HwfZ4ymm8T9s4zg

/var/lib/docker/containers/{}/{}-json.log
/var/lib/kubelet/pods/{}/volumes/kubernetes.io~empty-dir/log

pvc

volumes:
  - name: mypd
    persistentVolumeClaim:
      claimName: pvc-oss-test
volumeMounts:
  - name: mypd
    mountPath: "/pvvv-test"

helm

## install
wget https://get.helm.sh/helm-v2.16.0-linux-amd64.tar.gz
tar -zxvf helm-v2.16.0-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/

## helm init
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
helm init --service-account tiller --upgrade
helm install stable/redis --name redis

kubectl

March 23, 2019 · 2 min read

kubectl

备忘录 https://kubernetes.io/docs/reference/kubectl/cheatsheet/

export KUBECONFIG=~/Desktop/www/work-book/env/sandbox/1_kubernetes/kubeconfig

kubectl get pod -A

kubectl run hello-minikube --image=zx5435/go-fs:v1 --port=8080

kubectl delete -n default deployment hello-minikube

kubectl logs -f pod-gim-uat-app-2
kubectl logs --tail=50 -f pod-gim-uat-app-2

install

curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.16.0/bin/windows/amd64/kubectl.exe

config

namespace

kubectl config set-context --current --namespace=$(basename $PWD)
kubectl config set-context --current --namespace=ccm-perf
kubectl config set-context $(kubectl config current-context) --namespace=ccm-perf

run

kubectl run hello-minikube --image=zx5435/go-fs:v1 --port=8080

delete 批量

kubectl -nccm-uat get pod --field-selector=status.phase!=Running
kubectl -nccm-uat get pod --field-selector=status.phase==Failed

port-forward

# outside:inside 左外右内
kubectl -nzx5435 port-forward --address 0.0.0.0 service/air-ticket 7777:80

kubectl -nzx5435 expose deployment air-ticket --type=LoadBalancer --name=my-service

configmap

kubectl -nccm-perf create configmap mq-conf --from-file=activemq

kustomize

kubectl builtins

# kustomization.yaml
# k apply -k config/
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generatorOptions:
# disableNameSuffixHash: true
labels:
  type: generated
annotations:
  note: generated
configMapGenerator:
- name: gim-fs
  files:
    - pii.yml
    - activemq.xml
    - broker.ks
- name: ept-env
  literals:
    - ACTIVEMQ_PASSWORD=admin

install

# install
curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"  | bash

kustomize build | kubectl apply -f -

config tpl

# kustomization.yaml
namespace: gimc-prod
generatorOptions:
  # disableNameSuffixHash: true
  labels:
    type: generated
  annotations:
    note: generated
configMapGenerator:
  - name: gimc-cfgs
    files:
      - pii.yml
  - name: ept-env
    literals:
      - MYSQL_DB_NAME=gimc-prod
secretGenerator:
  - name: gimc-https
    files:
      - tls.key
      - tls.crt

docker app

March 22, 2018 · 2 min read

infrastructure

portainer 管理

docker run -d --restart=unless-stopped --name portainer -p 1234:9000 -v "/var/run/docker.sock:/var/run/docker.sock" portainer/portainer-ce:2.6.0
docker run -d --restart=unless-stopped --name portainer -p 1234:9000 -v "/var/run/docker.sock:/var/run/docker.sock" portainer/portainer:1.23.2
# //./pipe/docker_engine
# "hosts": ["tcp://0.0.0.0:2375"]
server {
    listen       80;
    charset      utf-8;
    server_name  uat.docker.manager;
    location / {
        proxy_pass http://127.0.0.1:1234;

        proxy_http_version 1.1;
        proxy_set_header Connection "";

        proxy_set_header Host $host;
        proxy_set_header Scheme $scheme;
    }
}

registry

DOCKER_OPTS="--insecure-registry 192.168.1.19:5000"
docker run -d -p 5000:5000 --restart=always --name registry registry:2.6.2

docker push 192.168.199.115:5000/r1
docker rmi  192.168.199.115:5000/r1
docker pull 192.168.199.115:5000/r1

# /var/lib/registry/docker/registry/v2 # tree -L 4

cadvisor

sudo docker run \
  --volume=/:/rootfs:ro \
  --volume=/var/run:/var/run:rw \
  --volume=/sys:/sys:ro \
  --volume=/var/lib/docker/:/var/lib/docker:ro \
  --volume=/dev/disk/:/dev/disk:ro \
  --publish=2345:8080 \
  --detach=true \
  --name=cadvisor \
  google/cadvisor:v0.28.3

db

mysql

docker run --restart=unless-stopped --name mysql-1 -it -d \
  -v "$PWD":/var/lib/mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=password -e TZ=Asia/Shanghai mysql:8.0.15 \
  --character-set-server=utf8mb4 --collation-server=utf8mb4_general_ci
# --character-set-server=utf8 --collation-server=utf8_general_ci

redis

docker run --restart=unless-stopped --name redis-1 -d -p 6379:6379 redis:6.0.3-alpine
docker run --restart=unless-stopped --name redis-1 -d -p 6379:6379 redis:3.2.9-alpine
docker run --name some-redis -d redis:alpine
docker run -it --link some-redis:redis --rm redis:alpine redis-cli -h 139.196.14.14 -p 6379

docker run --restart=unless-stopped -v "$PWD/redis.conf":/usr/local/etc/redis/redis.conf -v "$PWD":/data --name redis-2 -d -p 6379:6379 redis:3.2.9-alpine redis-server /usr/local/etc/redis/redis.conf

redis-server --requirepass 12345

mongodb

docker run --restart=unless-stopped --name mongo-1 -d -p 27017:27017 -v "$PWD":/etc/mongo mongo:3.6.4
# 常用命令
show dbs # 全部db
use test # 进database
db # 查看当前database
db.stats(); # 显示当前db状态
db.dropDatabase();  #删除当前使用数据库

# user
show users; # 显示当前所有用户
db.createUser({user:"ynh-test",pwd:"ynh-test",roles:[{role:"userAdmin",db:"ynh-test"}]}); # 创建用户
db.removeUser("userName"); # 删除用户

db.tb_test.insert({"_id":"520","name":"xiaoming"})
db.tb_test.find();

phpmyadmin

docker run --restart=unless-stopped --name pmd -d -p 33060:80 phpmyadmin/phpmyadmin:4.7
-e PMA_HOST=139.196.14.10
vi /etc/phpmyadmin/config.user.inc.php
supervisorctl restart all

other

zentao 禅道

docker run -d -p 8880:80 \
        -e USER="root" -e PASSWD="password" \
        -e BIND_ADDRESS="false" \
        -e SMTP_HOST="163.177.90.125 smtp.exmail.qq.com" \
        -v "$PWD":/opt/zbox/ \
        --name zentao-server \
        idoop/zentao:latest

docker-compose

March 22, 2018 · One min read

docker-compose

docker-compose ps

docker-compose logs --tail=100 -f
docker-compose logs --tail=100 -f svc-web

docker-compose restart svc-web

install

# https://docs.docker.com/compose/install/#install-compose
yum install -y docker-compose
sudo curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose --version

tpl

java + redis + influxdb

version: "3"

services:

  svc-web:
    image: ghcr.io/wolanx/iothub-echo
    ports:
      - 1883:1883
      - 18830:8080
    entrypoint: java -cp /app/resources:/app/classes:/app/libs/* com.wolanx.echo.iothub.IotHubApplication
    volumes:
      - .:/root
    environment:
      - TZ=utc-8
      - JVM=-XX:+UseContainerSupport
      - REDIS_HOST=svc-redis
      - INFLUXDB_HOST=svc-influxdb
    networks:
      - mynet

  svc-redis:
    image: redis:6.0.3-alpine
    ports:
      - 6379:6379
    networks:
      - mynet

  svc-influxdb:
    image: influxdb:1.7.11
    ports:
      - 8086:8086
    environment:
      - TZ=utc-8
      - INFLUXDB_ADMIN_USER=root
      - INFLUXDB_ADMIN_PASSWORD=root
      - INFLUXDB_DB=iothub
      - INFLUXDB_HTTP_ENABLED=true
      - INFLUXDB_HTTP_AUTH_ENABLED=true
    networks:
      - mynet

networks:
  mynet:

loki + grafana

version: "3"

services:

  svc-loki:
    image: grafana/loki:2.4.0
    ports:
      - "3100:3100"
      - "9095:9095"
    command: -config.file=/etc/loki/local-config.yaml
    networks:
      - loki

  svc-grafana:
    image: grafana/grafana:latest
    ports:
      - "3000:3000"
    networks:
      - loki

networks:
  loki:

docker 基础

March 22, 2018 · 2 min read

doc

Docker学习笔记 https://segmentfault.com/a/1190000005930858
Docker 核心技术与实现原理 https://draveness.me/docker
Docker 问答录（100问） https://blog.lab99.org/post/docker-2016-07-14-faq.html
Docker 实践系列文章 https://segmentfault.com/a/1190000006449675

install

centos

sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum list docker-ce --showduplicates | sort -r
sudo yum install -y docker-ce

debian

# Debian Bullseye 11 (stable)
# Debian Buster 10 (oldstable)
# https://docs.docker.com/engine/install/debian/
apt-get install ca-certificates curl gnupg lsb-release
mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update
apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin

开机启动

systemctl status docker
systemctl enable docker

service docker restart
kill -SIGHUP $(pidof dockerd)

config

cat > /etc/docker/daemon.json << EOF
{
  "registry-mirrors": ["https://registry.docker-cn.com"],
  "log-opts": {"max-size": "500m", "max-file": "2"}
}
EOF

{
  "debug": true,
  "registry-mirrors": [
    "https://registry.docker-cn.com"
  ],
  "log-driver": "loki",
  "log-opts": {
    "max-size": "500m",
    "max-file": "2",
    "loki-url": "http://192.168.2.238:3100/loki/api/v1/push"
  }
}

root

docker exec -it --user=root 114 sh

timezone 时区问题

# docker-compose.yml
environment:
  - TZ=utc-8

# k8s.yml
env:
  - name: TZ
    value: "utc-8"

# dpkg-reconfigure -f noninteractive tzdata
apk add tzdata --no-cache \
  && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
  && echo "Asia/Shanghai" > /etc/timezone

ops - maintain

log

# 查看log大小
docker ps -q | xargs docker inspect --format="{{.LogPath}}" | xargs ls -lh

# nginx forward
RUN ln -sf /dev/stdout /var/log/nginx/access.log \
    && ln -sf /dev/stderr /var/log/nginx/error.log

prune

docker system prune -f

docker image prune
docker image prune -a --filter "until=72h" --filter ""
docker images | grep 'registry.cn' | awk '{print $3}' | xargs docker image rm
docker rmi $(docker images | grep "gimc-code" | awk '{print $3}')

docker container prune -a --filter "until=72h"
docker volume prune --filter "label!=keep"
docker network prune --filter "until=24h"

image proxy

echo $CR_PAT | docker login ghcr.io -u zx5435 --password-stdin
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.16.0
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.16.0 gcr.io/kubernetes-helm/tiller:v2.16.0

network

iptables -t nat -L DOCKER -n --line-numbers
iptables -nL -t nat

tools

ctop - container-top

# https://github.com/bcicen/ctop
sudo wget https://github.com/bcicen/ctop/releases/download/v0.7.7/ctop-0.7.7-linux-amd64 -O /usr/local/bin/ctop
sudo chmod +x /usr/local/bin/ctop

php Dockerfile

March 22, 2018 · 2 min read

2019-04-04 zst php:7.1.11

docker pull zx5435/php:7.1.10

All version is small about 100mb, quick to download and running fast. They are cover my work in everywhere, you can try it. include:

mysql
postgres
redis
mongo
apcu
gd
xdebug
bcmath
zip

FROM php:7.1.11-fpm-alpine

RUN apk add --no-cache freetype libpng libjpeg-turbo freetype-dev libpng-dev libjpeg-turbo-dev \
    && apk add --no-cache --virtual .build-deps autoconf g++ libssh2 openssl openssl-dev make pcre-dev tree curl \
    && apk add --no-cache postgresql-dev \
    && docker-php-ext-configure gd \
        --with-gd \
        --with-freetype-dir=/usr/include/ \
        --with-png-dir=/usr/include/ \
        --with-jpeg-dir=/usr/include/ \
    && pecl install mongodb-1.5.2 redis apcu xdebug \
    && docker-php-ext-enable mongodb redis apcu xdebug \
    && docker-php-ext-install gd pdo_mysql opcache bcmath pgsql pdo_pgsql zip sockets \
    && apk del .build-deps \
    && pecl clear-cache \
    && docker-php-source delete

RUN curl https://getcomposer.org/composer.phar -o /usr/local/bin/composer \
    && chmod +x /usr/local/bin/composer \
    && mkdir -p /var/runtime && chmod -R 777 /var/runtime \
    && alias ll='ls -l'

# COPY __cicd__/php/php.ini /usr/local/etc/php/
# COPY __cicd__/php/www.conf /usr/local/etc/php-fpm.d/
# docker build -f Dockerfile.php -t zx5435/php:7.1.11 .

2019-03-07 amqp error

librabbitmq
pecl install amqp
composer config -g repo.packagist composer https://packagist.phpcomposer.com

2018-10-09 bitdata php:7.1.10

FROM php:7.1.10-fpm-alpine

RUN apk add --no-cache freetype libpng libjpeg-turbo freetype-dev libpng-dev libjpeg-turbo-dev \
    && apk add --no-cache --virtual .build-deps autoconf g++ libssh2 openssl openssl-dev make pcre-dev \
    && apk add --no-cache postgresql-dev \
    && docker-php-ext-configure gd \
        --with-gd \
        --with-freetype-dir=/usr/include/ \
        --with-png-dir=/usr/include/ \
        --with-jpeg-dir=/usr/include/ \
    && pecl install mongodb-1.5.2 redis apcu xdebug \
    && docker-php-ext-enable mongodb redis apcu xdebug \
    && docker-php-ext-install gd pdo_mysql opcache bcmath pgsql pdo_pgsql zip \
    && apk del .build-deps \
    && pecl clear-cache \
    && docker-php-source delete

RUN curl https://getcomposer.org/composer.phar -o /usr/local/bin/composer \
    && chmod +x /usr/local/bin/composer \
    && mkdir -p /var/runtime && chmod -R 777 /var/runtime

# COPY __cicd__/php/php.ini /usr/local/etc/php/
# COPY __cicd__/php/www.conf /usr/local/etc/php-fpm.d/
# docker build -f __cicd__/php/Dockerfile.runtime -t zx5435/php:7.1.10 .

k3s​

config​

install​

auth api​

log app​

pvc​

helm​

kubectl​

install​

config​

namespace​

run​

delete 批量​

port-forward​

configmap​

kustomize​

kubectl builtins​

install​

config tpl​

infrastructure​

portainer 管理​

registry​

cadvisor​

db​

mysql​

redis​

mongodb​

phpmyadmin​

other​

zentao 禅道​

docker-compose​

install​

tpl​

java + redis + influxdb​

loki + grafana​

doc​

install​

centos​

debian​

开机启动​

config​

root​

timezone 时区问题​

ops - maintain​

log​

prune​

image proxy​

network​

tools​

ctop - container-top​

2019-04-04 zst php:7.1.11​

2019-03-07 amqp error​

2018-10-09 bitdata php:7.1.10​

k3s

config

install

auth api

log app

pvc

helm

kubectl

install

config

namespace

run

delete 批量

port-forward

configmap

kustomize

kubectl builtins

install

config tpl

infrastructure

portainer 管理

registry

cadvisor

db

mysql

redis

mongodb

phpmyadmin

other

zentao 禅道

docker-compose

install

tpl

java + redis + influxdb

loki + grafana

doc

install

centos

debian

开机启动

config

root

timezone 时区问题

ops - maintain

log

prune

image proxy

network

tools

ctop - container-top

2019-04-04 zst php:7.1.11

2019-03-07 amqp error

2018-10-09 bitdata php:7.1.10