一. 健康检测:
(1)定义检测信息如下(案例,在Dockerfile中定义)
FROM alpine:3.6
...
HEALTHCHECK --interval=30s
--timeout=10s
--retries=3
--start-period=60s
CMD curl -f http://localhost:3000/health || exit 1
...
(2)定义检测信息(案例,在Stackfile中定义)
version: "3.5"
services:
web:
image: example/web:1.0
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 60s
...
2. 案例1
(1)创建stack-health.yaml文件内容如下:
version: "3.5"
services:
web:
image: nginx:alpine
healthcheck:
test: ["CMD", "wget", "-qO", "-", "http://localhost"]
interval: 5s
timeout: 2s
retries: 3
start_period: 15s
(2)进行部署
xiodi@c720131:~/docker$ sudo docker stack deploy -c stack-health.yaml myapp
[sudo] password for xiodi:
Creating network myapp_default
Creating service myapp_web
(3) 查看服务所运行在哪个节点上
xiodi@c720131:~/docker$ sudo docker stack ps myapp
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
rrjsvx4ox1j4 myapp_web.1 nginx:alpine ubuntu Running Running about a minute ago
(4)在服务运行的节点查看容器状态,可以看到我们创建的服务所在的容器后面的状态有(healthy)
二. Rollback (回退)
1. stack-rollback.yaml文件内容如下, 相比之前的部署应用,此次多了failure_action:rollback 和monitor: 10s选项。
version: "3.5"
services:
web:
image: nginx:1.12-alpine
ports:
- 80:80
deploy:
replicas: 10
update_config:
parallelism: 2
delay: 10sfailure_action: rollback
monitor: 10shealthcheck:
test: ["CMD", "wget", "-qO", "-", "http://localhost"]
interval: 2s
timeout: 2s
retries: 3
start_period: 2s
2. 第1步文件定义了,rolling update的详细信息、健康检测、和回退的行为。
并定义了在检测多少秒后,认为不健康,开始回退。
三. Blue-green deployment
简单的可以这样理解,前端使用一个负载均衡器,当更新时,将worker1置于失效状态,将所有服务都转发于worker2.
当worker更新完成后,进行上线,将所有服务都转发到worker1;再将worker2置于失效状态,进行更新。如下图所示:
四. Canary releases
该方法更新可以看成rolling update的一个变种,它是先更新一小部分服务器,然后将百分之10%的客户流量引入到新更新的服务器,如果没有问题,再渐渐的加大客户的流量 。直到完全切换完成。
五. 密钥
1. 创建密钥
(1)使用命令创建密钥
root@c720131:~# echo "sample secret value" | docker secret create sample-secret -
8mv1d8emvauy4zfnip807tbx1
(2)使用文件来创建密钥
root@c720131:~# docker secret create other-secret ~/my-secrets/secret-value.txt
1jvidw2ilzq3a2mh9goaobvg2
(3)列出所有密钥
root@c720131:~# docker secret ls
ID NAME DRIVER CREATED UPDATED
1jvidw2ilzq3a2mh9goaobvg2 other-secret 40 seconds ago 40 seconds ago
8mv1d8emvauy4zfnip807tbx1 sample-secret 2 minutes ago 2 minutes ago
(4)检查密钥的详细信息
root@c720131:~# docker secret inspect other-secret
[
{
"ID": "1jvidw2ilzq3a2mh9goaobvg2",
"Version": {
"Index": 252
},
"CreatedAt": "2018-06-06T15:01:35.150023544Z",
"UpdatedAt": "2018-06-06T15:01:35.150023544Z",
"Spec": {
"Name": "other-secret",
"Labels": {}
}
}
]
2. 使用密钥
(1)创建一个服务,并关联一个密钥给它
root@c720131:~# docker service create --name web
> --secret api-secret-key
> --publish 8000:8000
> fundamentalsofdocker/whoami:latest
secret not found: api-secret-key从上面报错信息看到,由于我们提前没有创建api-secret-key 密钥,所以报错。
(2)创建一个所需的密钥
root@c720131:~# echo "my secret key" | docker secret create api-secret-key -
umrr30un8bixwt1iq2aevw3xx
(3) 再次执行创建服务并关联密钥
root@c720131:~# docker service create --name web --secret api-secret-key --publish 8000:8000 fundamentalsofdocker/whoami:latest
vfwjk0nt1sg8i65w1w7rgfgj7
overall progress: 1 out of 1 tasks
1/1: running [==================================================>]
verify: Service converged
(4)可以在服务所在的容器查看密钥信息
xiodi@c720132:~$ sudo docker container exec -it afd89b8000e0 cat /run/secrets/api-secret-key
my secret key
(5)假如想要改密钥挂载在容器中的位置,可以通过以下方式进行更改。
root@c720131:~# docker service create --name web --name web -p 8000:8000 --secret source=api-secret-key,target=/run/my-secrets/api-secret-key fundamentalsofdocker/whoami:latest
cz7edxdfeggyw5nx9e2ws0k1m
overall progress: 1 out of 1 tasks
1/1: running [==================================================>]
verify: Service converged
3. 更新密钥(改变密钥)
(1)创建密钥
root@c720131:~# echo "newPass0rD" | docker secret create db-password-v2 -
nj3kwya8bc25kgm2sjz2d647r
(2)原先的服务创建时如下所示:使用的密钥是db-passwd
root@c720131:~# docker service create --name web --publish 80:80 --secret db-password nginx:alpine
pqetnrds6mr1n63abz3qz81im
overall progress: 1 out of 1 tasks
1/1: running [==================================================>]
verify: Service converged
(3)删除老的密钥
root@c720131:~# docker service update --secret-rm db-password web
web
overall progress: 1 out of 1 tasks
1/1: running [==================================================>]
verify: Service converged
(4)添加新的密钥
root@c720131:~# docker service update
> --secret-add source=db-password-v2,target=db-password
> web
web
overall progress: 1 out of 1 tasks
1/1: running [==================================================>]
verify: Service converge