• Docker Zero Deployment and Secrets (二)


    一. 健康检测:

    (1)定义检测信息如下(案例,在Dockerfile中定义)

    FROM alpine:3.6
    ...
    HEALTHCHECK --interval=30s
         --timeout=10s
         --retries=3
         --start-period=60s
         CMD curl -f http://localhost:3000/health || exit 1
    ...


    (2)定义检测信息(案例,在Stackfile中定义)

    version: "3.5"
    services:
       web:
         image: example/web:1.0
         healthcheck:
           test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
           interval: 30s
           timeout: 10s
           retries: 3
           start_period: 60s
    ...


    2. 案例1

    (1)创建stack-health.yaml文件内容如下:

    version: "3.5"
    services:
       web:
         image: nginx:alpine
         healthcheck:
           test: ["CMD", "wget", "-qO", "-", "http://localhost"]
           interval: 5s
           timeout: 2s
           retries: 3
           start_period: 15s


    (2)进行部署

    xiodi@c720131:~/docker$ sudo docker stack deploy -c stack-health.yaml myapp
    [sudo] password for xiodi:
    Creating network myapp_default
    Creating service myapp_web


    (3) 查看服务所运行在哪个节点上

    xiodi@c720131:~/docker$ sudo docker stack ps myapp
    ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE                ERROR               PORTS
    rrjsvx4ox1j4        myapp_web.1         nginx:alpine        ubuntu              Running             Running about a minute ago  


    (4)在服务运行的节点查看容器状态,可以看到我们创建的服务所在的容器后面的状态有(healthy)

    image


    二. Rollback (回退)

    1. stack-rollback.yaml文件内容如下, 相比之前的部署应用,此次多了failure_action:rollback 和monitor: 10s选项。

    version: "3.5"
    services:
       web:
         image: nginx:1.12-alpine
         ports:
           - 80:80
         deploy:
           replicas: 10
           update_config:
             parallelism: 2
             delay: 10s

            failure_action: rollback
             monitor: 10s

        healthcheck:
           test: ["CMD", "wget", "-qO", "-", "http://localhost"]
           interval: 2s
           timeout: 2s
           retries: 3
           start_period: 2s


    2. 第1步文件定义了,rolling update的详细信息、健康检测、和回退的行为。

    并定义了在检测多少秒后,认为不健康,开始回退。


    三.  Blue-green deployment

    简单的可以这样理解,前端使用一个负载均衡器,当更新时,将worker1置于失效状态,将所有服务都转发于worker2.

    当worker更新完成后,进行上线,将所有服务都转发到worker1;再将worker2置于失效状态,进行更新。如下图所示:



    四. Canary releases

    该方法更新可以看成rolling update的一个变种,它是先更新一小部分服务器,然后将百分之10%的客户流量引入到新更新的服务器,如果没有问题,再渐渐的加大客户的流量 。直到完全切换完成。


    五. 密钥

    1. 创建密钥

    (1)使用命令创建密钥

    root@c720131:~# echo "sample secret value" | docker secret create sample-secret -
    8mv1d8emvauy4zfnip807tbx1


    (2)使用文件来创建密钥

    root@c720131:~# docker secret create other-secret ~/my-secrets/secret-value.txt
    1jvidw2ilzq3a2mh9goaobvg2


    (3)列出所有密钥

    root@c720131:~# docker secret ls
    ID                          NAME                DRIVER              CREATED             UPDATED
    1jvidw2ilzq3a2mh9goaobvg2   other-secret                            40 seconds ago      40 seconds ago
    8mv1d8emvauy4zfnip807tbx1   sample-secret                           2 minutes ago       2 minutes ago


    (4)检查密钥的详细信息

    root@c720131:~# docker secret inspect other-secret
    [
         {
             "ID": "1jvidw2ilzq3a2mh9goaobvg2",
             "Version": {
                 "Index": 252
             },
             "CreatedAt": "2018-06-06T15:01:35.150023544Z",
             "UpdatedAt": "2018-06-06T15:01:35.150023544Z",
             "Spec": {
                 "Name": "other-secret",
                 "Labels": {}
             }
         }
    ]


    2. 使用密钥

    (1)创建一个服务,并关联一个密钥给它

    root@c720131:~# docker service create --name web
    > --secret api-secret-key
    > --publish 8000:8000
    > fundamentalsofdocker/whoami:latest
    secret not found: api-secret-key

    从上面报错信息看到,由于我们提前没有创建api-secret-key 密钥,所以报错。


    (2)创建一个所需的密钥

    root@c720131:~# echo "my secret key" | docker secret create api-secret-key -
    umrr30un8bixwt1iq2aevw3xx


    (3) 再次执行创建服务并关联密钥

    root@c720131:~# docker service create --name web --secret api-secret-key --publish 8000:8000 fundamentalsofdocker/whoami:latest
    vfwjk0nt1sg8i65w1w7rgfgj7
    overall progress: 1 out of 1 tasks
    1/1: running   [==================================================>]
    verify: Service converged


    (4)可以在服务所在的容器查看密钥信息

    xiodi@c720132:~$ sudo docker container exec -it afd89b8000e0 cat /run/secrets/api-secret-key
    my secret key


    (5)假如想要改密钥挂载在容器中的位置,可以通过以下方式进行更改。

    root@c720131:~# docker service create --name web --name web -p 8000:8000 --secret source=api-secret-key,target=/run/my-secrets/api-secret-key fundamentalsofdocker/whoami:latest
    cz7edxdfeggyw5nx9e2ws0k1m
    overall progress: 1 out of 1 tasks
    1/1: running   [==================================================>]
    verify: Service converged


    3. 更新密钥(改变密钥)

    (1)创建密钥

    root@c720131:~# echo "newPass0rD" | docker secret create db-password-v2 -
    nj3kwya8bc25kgm2sjz2d647r


    (2)原先的服务创建时如下所示:使用的密钥是db-passwd

    root@c720131:~# docker service create --name web --publish 80:80 --secret db-password nginx:alpine
    pqetnrds6mr1n63abz3qz81im
    overall progress: 1 out of 1 tasks
    1/1: running   [==================================================>]
    verify: Service converged


    (3)删除老的密钥

    root@c720131:~# docker service update --secret-rm db-password web
    web
    overall progress: 1 out of 1 tasks
    1/1: running   [==================================================>]
    verify: Service converged


    (4)添加新的密钥

    root@c720131:~# docker service update
    > --secret-add source=db-password-v2,target=db-password
    > web
    web
    overall progress: 1 out of 1 tasks
    1/1: running   [==================================================>]
    verify: Service converge

  • 相关阅读:
    Python 不同数据类型比较
    计算机外语收集
    d3.js学习-联系力学图
    d3.js学习11
    d3.js学习10
    d3.js学习9
    d3.js学习8
    [springboot jpa] [bug] Could not open JPA EntityManager for transaction
    [spring cloud feign] [bug] 使用对象传输get请求参数
    [ethereum源码分析](5) 创建新账号
  • 原文地址:https://www.cnblogs.com/zangxueyuan/p/9148036.html
Copyright © 2020-2023  润新知