DOCKER

Choosing a CNI Network Provider for Kubernetes

The Container Network Interface (CNI) is a library definition, and a set of tools under the umbrella of the Cloud Native Computing Foundation project. For more information visit their GitHub project. Kubernetes uses CNI as an interface between network providers and Kubernetes networking. Why Use CNI Kubernetes default networking provider, kubenet, is a simple network plugin that works with various cloud providers. Kubenet is a very basic network provider, and basic is good, but does not have very many features.

Dockering Java 8

Improve docker container detection and resource configuration usage https://blog.softwaremill.com/docker-support-in-new-java-8-finally-fd595df0ca54 https://www.oracle.com/technetwork/java/javase/8u191-relnotes-5032181.html

容器多种方式链接宿主网络

提示: 以下操作是在VirtualBox虚机环境,并做如下配置 网络 下拉高级设置,在”Adapter Type”选择PCnet-FAST III”, 而不是默认的e1000 (Intel PRO/1000). 另外”Promiscuous Mode”必须设置为”Allow All”. 否则通过网桥连接的容器无法工作, 因为虚拟网卡 会过滤掉掉所有带有不同MAC的数据包。 多网卡 每块网卡都要做上述调整 准备 安装util-linux sudo apt install util-linux /etc/network/interface cat interfaces # interfaces(5) file used by ifup(8) and ifdown(8) auto lo iface lo inet loopback auto enp0s3 iface enp0s3 inet static address 192.168.1.10 netmask 255.255.255.0 gateway 192.168.1.1 dns-nameservers 192.168.1.1 auto enp0s8 iface enp0s8 inet static address 192.168.1.16 netmask 255.

Docker Alpine

set date FROM alpine:3.8 RUN apk add --no-cache tzdata && rm -rf /var/cache/apk/* ENV TZ Asia/Shanghai RUN ln -s /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone docker run -it --rm -e TZ=Asia/Shanghai alpine:3.8 ash 创建/etc/localtime ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

Docker网络

docker默认的网络 桥接网络 Docker网络macvlan 网络macvlan Docker宿主网络 宿主网络 Docker覆盖网络 宿主端口绑定 绑定方式: -p 绑定形式 ip:hostPort:containerPort| ip::containerPort | hostPort:containerPort | containerPort containerPort必须指定 docker run --rm --name web -p 80:80 -v /home/bigo/site:/usr/share/nginx/html:ro -d nginx:1.14-alpine docker 会为端口绑定的容器自动启动docker-proxy进程 docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.17.0.2 -container-port 80

Docker网络macvlan

介绍 Macvlan支持从一个上层物理接口创建子接口,每个子接口有自己独立的MAC和IP地址。 应用程序,容器或虚机可以绑定到子接口,用子接口的IP和物理网络直接通信。 好处 现有的很多网络监控设备还不支持虚拟网络设备的监控,Macvlan支持 不需要新建iptable,nat,route单独管理容器网络 不足 交换机的每个端口上能连接的不同MAC有策略上限 网卡上过多的MAC会影响性能 Macvlan只支持LINUX 准备 需要4.0以上的内核 uname -r 4.15.0-45-generic 加载macvlan模块 sudo modprobe macvlan lsmod | grep macvlan ... macvlan 24576 0 ... 配置网卡为混杂模式 主机 IP PC 192.168.1.5/24 VM1 192.168.1.10/24 Container1 192.168.1.128/25 MACVLAN四种工作模式 Macvlan VEPA Macvlan Bridge Macvlan Passthru 创建macvlan ip addr show enp0s3 enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000 link/ether 08:00:27:c0:91:4c brd ff:ff:ff:ff:ff:ff inet 192.

Docker日志

Everything a containerized application writes to stdout and stderr is handled and redirected somewhere by a container engine. For example, the Docker container engine redirects those two streams to a logging driver The docker logs command is not available for drivers other than json-file and journald. logging driver To configure the Docker daemon to default to a specific logging driver, set the value of log-driver to the name of the logging driver in the daemon.

Docker Dockerfile ENTRYPOINT

Dockerfile ENTRYPOINT有两种形式 exec shell exec(preferred) shell ENTRYPOINT [“executable”, “param1”, “param2”] command param1 param2 Command line arguments to docker run appended not being used ENTRYPOINT will be started as a subcommand of /bin/sh -c default N/A /bin/sh -c (start it with exec to sned stop signal) CMD [“exec_cmd”, “p1_cmd”] exec_entry p1_entry exec_cmd p1_cmd /bin/sh -c exec_entry p1_entry ENTRYPOINT exec FROM alpine:3.

Docker Check Config

#!/usr/bin/env bash set -e EXITCODE=0 # bits of this were adapted from lxc-checkconfig # see also https://github.com/lxc/lxc/blob/lxc-1.0.2/src/lxc/lxc-checkconfig.in possibleConfigs=( '/proc/config.gz' "/boot/config-$(uname -r)" "/usr/src/linux-$(uname -r)/.config" '/usr/src/linux/.config' ) if [ $# -gt 0 ]; then CONFIG="$1" else : ${CONFIG:="${possibleConfigs[0]}"} fi if ! command -v zgrep &> /dev/null; then zgrep() { zcat "$2" | grep "$1" } fi kernelVersion="$(uname -r)" kernelMajor="${kernelVersion%%.*}" kernelMinor="${kernelVersion#$kernelMajor.}" kernelMinor="${kernelMinor%%.*}" is_set() { zgrep "CONFIG_$1=[y|m]" "$CONFIG" > /dev/null } is_set_in_kernel() { zgrep "CONFIG_$1=y" "$CONFIG" > /dev/null } is_set_as_module() { zgrep "CONFIG_$1=m" "$CONFIG" > /dev/null } color() { local codes=() if [ "$1" = 'bold' ]; then codes=( "${codes[@]}" '1' ) shift fi if [ "$#" -gt 0 ]; then local code= case "$1" in # see https://en.

Docker Notes

Multi-stage builds in Docker only support for Doceker version > 17.05 https://blog.alexellis.io/mutli-stage-docker-builds/ FROM golang:1.10 as builder # build env and make target FROM alpine:latest WORKDIR /root/ COPY --from=builder ./ busybox nslookup busybox:latest has bug on nslookup docker network create test 32024cd09daca748f8254468f4f00893afc2e1173c378919b1f378ed719f1618 docker run -dit --name nginx --network test nginx:alpine 7feaf1f0b4f3d421603bbb984854b753c7cbc6b581dd0a304d3b8fccf8c6604b $ docker run -it --rm --network test busybox:1.28 nslookup nginx Server: 127.0.0.11 Address 1: 127.0.0.11 Name: nginx Address 1: 172.