文章目录
Docker CE 安装
# 安装必要的一些系统工具
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
# 添加软件源信息
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sudo yum makecache fast
# 安装 Docker CE
sudo yum -y install docker-ce
# 启动 Docker CE
sudo service docker start
# 查看 Docker 版本
sudo docker version
# 安装必要的一些系统工具
sudo apt-get update
sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common
# 安装GPG证书
curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
# 写入软件源信息
sudo add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
# 更新并安装Docker-CE
sudo apt-get -y update
sudo apt-get -y install docker-ce
Docker Compose 安装
# 安装必要的一些系统工具
sudo yum -y install epel-release
sudo yum -y install python-pip
# 安装 Docker Compose
sudo pip install docker-compose
# 查看 Docker Compose 版本
sudo docker-compose version
- Ubuntu
# 安装必要的一些系统工具
sudo apt-get install python-pip
# 安装 Docker Compose
sudo pip install docker-compose
# 查看 Docker Compose 版本
sudo docker-compose version
部署 Docker Registry
# 创建相应目录
mkdir -p /docker/auth
mkdir -p /docker/certs
cd /docker
# 生成证书 (Common Name 填写 Docker Registry 域名)
openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
-x509 -days 365 -out certs/domain.crt
# 生成用户和密码
sudo docker run \
--entrypoint htpasswd \
registry:2 -Bbn <用户名> <密码> > auth/htpasswd
# 启动 Docker Registry
sudo docker run -d \
-p <端口>:5000 \
--restart=always \
--name registry \
-v "$(pwd)"/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v "$(pwd)"/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2
- Linux: 将 domain.crt 证书复制到
/etc/docker/certs.d/<域名>:<端口>/ca.crt
,添加 hosts - MacOS: 将 domain.crt 证书获取到本地重命名为 ca.crt,然后执行
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ca.crt
,添加 hosts - Windows: 将 domain.crt 证书获取到本地,通过 Windows 证书管理器安装,添加 hosts
登陆 Docker 私有库
# 登陆
sudo docker login <域名>:<端口> -u <用户名> -p <密码>
创建 Docker Swarm
确保 manager-01、worker-01、worker-02 各个节点安装 Docker CE 和 Docker Compose并且是相互连通的
# 管理节点初始化 Swarm 服务,<IP> 最好填内网 IP
sudo docker swarm init --advertise-addr <IP>
# 查看添加工作节点命令
sudo docker swarm join-token worker
# 查看添加管理节点命令
sudo docker swarm join-token manager
# 查看个节点状态
sudo docker node ls
# 添加工作节点
sudo docker swarm join --token <TOKEN> <IP>:<端口>
部署 Docker UI – Portainer
# 创建 Portainer 的数据卷
sudo docker volume create portainer_data
# 启动 Portainer
sudo docker run -d -p <端口>:9000 \
--name portainer \
--restart always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v portainer_data:/data \
portainer/portainer
- Portainer 添加 Endpoint,管理远程 Docker (CentOS)
# 被添加节点的 Docker 需开启 2375 端口监听(禁止 2375 端口在公网可访问)
sudo vim /lib/systemd/system/docker.service
# ExecStart字段后添加 -H tcp://0.0.0.0:2375
ExecStart=XXXX -H tcp://0.0.0.0:2375
# 重新启动 Docker
sudo systemctl daemon-reload
sudo systemctl restart docker
部署 Docker Register UI – docker-registry-frontend
# 创建相应目录
mkdir -p register-ui
# 生成证书
openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout register-ui/server.key \
-x509 -days 365 -out register-ui/server.crt
# 启动 Docker Registry UI
sudo docker run -d --name register-ui \
--link registry \
-e ENV_DOCKER_REGISTRY_HOST=registry \
-e ENV_DOCKER_REGISTRY_PORT=5000 \
-e ENV_DOCKER_REGISTRY_USE_SSL=1 \
-e ENV_USE_SSL=yes \
-v $PWD/register-ui/server.crt:/etc/apache2/server.crt:ro \
-v $PWD/register-ui/server.key:/etc/apache2/server.key:ro \
-p <端口>:443 \
konradkleine/docker-registry-frontend:v2
Spring Boot 项目容器化改造
- 添加 Maven 插件
<properties>
<spring-boot-thin-layout.version>1.0.22.RELEASE</spring-boot-thin-layout.version>
<dockerfile.maven.version>1.4.10</dockerfile.maven.version>
</properties>
<build>
<plugins>
<!-- 添加 spring-boot-thin-layout 插件,将依赖库外置 -->
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<dependencies>
<dependency>
<groupId>org.springframework.boot.experimental</groupId>
<artifactId>spring-boot-thin-layout</artifactId>
<version>${spring-boot-thin-layout.version}</version>
</dependency>
</dependencies>
</plugin>
<!-- 添加 spring-boot-thin-layout 插件,将依赖库外置 -->
<plugin>
<groupId>org.springframework.boot.experimental</groupId>
<artifactId>spring-boot-thin-maven-plugin</artifactId>
<version>${spring-boot-thin-layout.version}</version>
<executions>
<execution>
<id>resolve</id>
<goals>
<goal>resolve</goal>
</goals>
<inherited>false</inherited>
</execution>
</executions>
</plugin>
<!-- 添加 dockerfile-maven-plugin 插件,编译打包时构建镜像 -->
<plugin>
<groupId>com.spotify</groupId>
<artifactId>dockerfile-maven-plugin</artifactId>
<version>${dockerfile.maven.version}</version>
<executions>
<execution>
<id>default</id>
<goals>
<goal>build</goal>
</goals>
</execution>
</executions>
<configuration>
<!-- 修改镜像名称 -->
<repository>saisimon/demo</repository>
<tag>${project.version}</tag>
<buildArgs>
<JAR_FILE>${project.build.finalName}.jar</JAR_FILE>
</buildArgs>
</configuration>
</plugin>
<!-- 添加 exec-maven-plugin 插件,构建镜像完成后清理旧镜像 -->
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<executions>
<execution>
<id>prune-images</id>
<phase>package</phase>
<configuration>
<executable>docker</executable>
<arguments>
<argument>image</argument>
<argument>prune</argument>
<argument>-f</argument>
</arguments>
</configuration>
<goals>
<goal>exec</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
- Maven 配置(
settings.xml
)中添加插件组支持
<pluginGroups>
<pluginGroup>com.spotify</pluginGroup>
</pluginGroups>
- 编写 Dockerfile
FROM openjdk:8-jdk-alpine
# jvm 参数
ARG JAVA_OPTS
ARG JAR_FILE
ENV JAVA_OPTS=$JAVA_OPTS
RUN mkdir /saisimon
COPY target/thin/root/repository /saisimon/repository
COPY target/thin/root/${JAR_FILE} /saisimon/demo.jar
ENTRYPOINT exec java $JAVA_OPTS -Dthin.root=/saisimon -Djava.security.egd=file:/dev/./urandom -jar /saisimon/demo.jar
- 编译打包构建镜像
mvn clean package
容器编排
- JAVA_OPTS - JVM 运行参数配置
- REVISION - 镜像版本,默认值为 latest
- 重启策略:容器失败重启3次
- 暴露网关 8080 端口
# docker-compose.yml
version: '3'
services:
# demo
demo:
image: saisimon/demo:${REVISION-latest}
environment:
- JAVA_OPTS=-Xms512m -Xmx512m -Xmn192m -Xss256k
networks:
- demo-overlay
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: on-failure
delay: 10s
max_attempts: 3
# zuul
zuul:
image: saisimon/zuul:${REVISION-latest}
environment:
- JAVA_OPTS=-Xms512m -Xmx512m -Xmn192m -Xss256k
networks:
- demo-overlay
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: on-failure
delay: 10s
max_attempts: 3
ports:
- "8080:8080"
networks:
demo-overlay:
# Docker Stack 部署
sudo docker stack deploy -c docker-compose.yml demo
# 查看详情
sudo docker stack ps demo