rootsongjc
/
kubernetes-handbook
mirror of https://github.com/rootsongjc/kubernetes-handbook.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

重大改版

pull/20/head
Jimmy Song 2017-05-20 21:03:25 +08:00
parent 45ff444e65
commit 299d064bb8
111 changed files with 464 additions and 3899 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
Makefile
View File

@ -1,42 +0,0 @@
BOOK_NAME := kubernetes-handbook
BOOK_OUTPUT := _book
.PHONY: build
build:
gitbook build . $(BOOK_OUTPUT)
.PHONY: serve
serve:
gitbook serve . $(BOOK_OUTPUT)
.PHONY: epub
epub:
gitbook epub . $(BOOK_NAME).epub
.PHONY: pdf
pdf:
gitbook pdf . $(BOOK_NAME).pdf
.PHONY: mobi
mobi:
gitbook mobi . $(BOOK_NAME).pdf
.PHONY: install
install:
npm install gitbook-cli -g
gitbook install
.PHONY: clean
clean:
rm -rf $(BOOK_OUTPUT)
.PHONY: help
help:
@echo "Help for make"
@echo "make - Build the book"
@echo "make build - Build the book"
@echo "make serve - Serving the book on localhost:4000"
@echo "make install - Install gitbook and plugins"
@echo "make epub - Build epub book"
@echo "make pdf - Build pdf book"
@echo "make clean - Remove generated files"

48
README.md
View File

@ -1,30 +1,22 @@
# Kubernetes Handbook
Kubernetes是谷歌开源的容器集群管理系统是Google多年大规模容器管理技术Borg的开源版本也是CNCF最重要的组件之一主要功能包括
[Kubernetes](http://kubernetes.io)是Google基于[Borg](https://research.google.com/pubs/pub43438.html)开源的容器编排调度引擎,作为[CNCF](http://cncf.io)Cloud Native Computing Foundation最重要的组件之一它的目标不仅仅是一个编排系统而是提供一个规范可以让你来描述集群的架构定义服务的最终状态它将自动得将系统达到和维持在这个状态。
- 基于容器的应用部署、维护和滚动升级
- 负载均衡和服务发现
- 跨机器和跨地区的集群调度
- 自动伸缩
- 无状态服务和有状态服务
- 广泛的Volume支持
- 插件机制保证扩展性
本书记录了本人从零开始学习和使用Kubernetes的心路历程着重于经验分享和总结同时也会有相关的概念解析希望能够帮助大家少踩坑少走弯路。
Kubernetes发展非常迅速已经成为容器编排领域的领导者。Kubernetes的中文资料也非常丰富但系统化和紧跟社区更新的则就比较少见了。《Kubernetes指南》开源电子书旨在整理平时在开发和使用Kubernetes时的参考指南和实践心得更是为了形成一个系统化的参考指南以方便查阅。欢迎大家关注更欢迎大家一起添加更多更好的内容。
本书所有的组件安装、示例和操作等都基于**Kubernetes1.6.0**版本。
文章同步更新到[gitbook](https://www.gitbook.com/book/rootsongjc/kubernetes-handbook/details)方便大家浏览和下载PDF。
GitHub地址https://github.com/rootsongjc/kubernetes-handbook
在写作本书时,安装的所有组件、所用示例和操作等皆基于**Kubernetes1.6.0**版本。
[文章目录](SUMMARY.md)
## 如何阅读
GitHub地址https://github.com/rootsongjc/kubernetes-handbook
Gitbook在线浏览https://www.gitbook.com/book/rootsongjc/kubernetes-handbook/
## 如何使用本书
**在线浏览**
访问gitbookhttps://www.gitbook.com/book/rootsongjc/kubernetes-handbook/
访问[gitbook](https://www.gitbook.com/book/rootsongjc/kubernetes-handbook/)
文中涉及的配置文件和代码链接在gitbook中会无法打开请下载github源码后在MarkDown编辑器中打开点击链接将跳转到你的本地目录推荐使用[typora](www.typorai.o)。
@ -56,11 +48,11 @@ gitbook pdf . ./kubernetes-handbook.pdf
- **On Windows**
需要用到的工具:`calibre`, `phantomjs`
需要用到的工具[calibre](http://calibre-ebook.com/)[phantomjs](http://phantomjs.org/download.html)
1. 将上述2个安装,calibre默认安装的路径C:\Program Files\Calibre2,[phantomjs](http://phantomjs.org/download.html)为你解压路径
2. 并将其目录均加入到系统变量path中,参考:目录添加到系统变量path中
3. 在cmd打开你需要转pdf的文件夹,输入gitbook pdf即可
1. 将上述2个安装calibre默认安装的路径`C:\Program Files\Calibre2`为你解压路径;
2. 并将其目录均加入到系统变量path中,参考:目录添加到系统变量path中
3. 在cmd打开你需要转pdf的文件夹,输入`gitbook pdf`即可
**生成单个章节的pdf**
@ -82,24 +74,20 @@ pandoc --latex-engine=xelatex --template=pm-template input.md -o output.pdf
### 贡献文档
**本书文档的组织规则**
#### 文档的组织规则
- 如果要创建一个大的主题就在最顶层创建一个目录;
- 所有的图片都放在最顶层的`images`目录下,原则上文章中用到的图片都保存在本地;
- 所有的文档的文件名使用英文命名,可以包含数字和中划线不要使用下划线为了生成网站时分享URL时候的方便中文会重新编码
- `etc`、`manifests`目录专门用来保存配置文件;
- 所有的文档的文件名使用英文命名,可以包含数字和中划线;
- `etc`、`manifests`目录专门用来保存配置文件和文档中用到的其他相关文件
**添加文档**
#### 添加文档
1. 在该文章相关主题的目录下创建文档;
2. 在`SUMMARY.md`中在相应的章节下添加文章链接;
3. 在文章相应的主题的头文档,即以该主题命名的文档中添加链接;
4. 执行`gitbook server`测试是否保存,然后访问 http://localhost:4000 查看该文档是否出现在相应主题的目录下;
5. 对该文档有卓越贡献的人将被加入到**贡献者**名单中;
## 贡献者
## 关于
[Jimmy Song](http://rootsongjc.github.io/about)

146
SUMMARY.md
View File

@ -1,103 +1,53 @@
# Summary
- [前言](README.md)
- [1. Kubernetes简介](introduction/index.md)
- [1.1 核心概念](introduction/concepts.md)
- [1.2 Kubernetes 101](introduction/101.md)
- [1.3 Kubernetes 201](introduction/201.md)
- [1.4 Kubernetes集群](introduction/cluster.md)
- [2. 核心原理](architecture/index.md)
- [2.1 设计理念](architecture/concepts.md)
- [2.2 主要概念](architecture/objects.md)
- [1. 前言](README.md)
- [2. 概念原理](concepts/index.md)
- [2.1 设计理念](concepts/concepts.md)
- [2.2 主要概念](concepts/objects.md)
- 2.2.1 Pod
- 2.2.2 Node
- 2.2.3 Namespace
- [2.2.4 Service](architecture/service.md)
- [2.2.5 Volume和Persistent Volume](architecture/volume.md)
- [2.2.6 Deployment](architecture/deployment.md)
- [2.2.7 Secret](architecture/secret.md)
- [2.2.8 StatefulSet](architecture/statefulset.md)
- [2.2.9 DaemonSet](architecture/daemonset.md)
- [2.2.10 ServiceAccount](architecture/serviceaccount.md)
- [2.2.11 ReplicationController和ReplicaSet](architecture/replicaset.md)
- [2.2.12 Job](architecture/job.md)
- [2.2.13 CronJob](architecture/cronjob.md)
- [2.2.14 Ingress](architecture/ingress.md)
- SecurityContext
- Resource Quota
- Pod Security Policy
- Horizontal Pod Autoscaling
- Network Policy
- Ingress
- ThirdPartyResources
- [2.3 核心组件的工作原理](components/index.md)
- Etcd
- API Server
- Scheduler
- Controller Manager
- Kubelet
- Kube Proxy
- Kube DNS
- hyperkube
- Federation
- [kubeadm](architecture/kubeadm.md)
- [3. 插件指南](plugins/index.md)
- [3.1 认证和授权插件](plugins/auth.md)
- [3.2 网络插件](plugins/network.md)
- [3.3 Volume插件](plugins/volume.md)
- [3.4 Container Runtime Interface](plugins/CRI.md)
- 3.5 Network Policy
- 3.6 Ingress Controller
- 3.7 Cloud Provider
- 3.8 Scheduler
- [3.9 其他](plugins/other.md)
- [4. 最佳实践](deploy/index.md)
- [4.1 部署](deploy/index.md)
- [4.1.1 单机部署](deploy/single.md)
- [4.1.2 集群部署](deploy/cluster.md)
- [4.1.3 kubeadm](deploy/kubeadm.md)
- [4.1.4 附加组件](addons/index.md)
- [ 4.2 在CentOS上部署kubernetes1.6集群](deploy/centos/install-kbernetes1.6-on-centos.md)
- [4.2.1 创建TLS证书和秘钥](deploy/centos/create-tls-and-secret-key.md)
- [4.2.2 创建kubeconfig 文件](deploy/centos/create-kubeconfig.md)
- [4.2.3 创建高可用etcd集群](deploy/centos/etcd-cluster-installation.md)
- [4.2.4 安装kubectl命令行工具](deploy/centos/kubectl-installation.md)
- [4.2.5 部署高可用master集群](deploy/centos/master-installation.md)
- [4.2.6 部署node节点](deploy/centos/node-installation.md)
- [4.2.7 安装kubedns插件](deploy/centos/kubedns-addon-installation.md)
- [4.2.8 安装dashboard插件](deploy/centos/dashboard-addon-installation.md)
- [4.2.9 安装heapster插件](deploy/centos/heapster-addon-installation.md)
- [4.2.10 安装EFK插件](deploy/centos/efk-addon-installation.md)
- [4.2 监控](monitor/index.md)
- [4.3 日志](deploy/logging.md)
- [4.4 高可用](ha/index.md)
- [4.5 调试](debugging/index.md)
- [4.6 kubernetes配置最佳实践](deploy/kubernetes-configuration-best-practice.md)
- [4.7 安全配置](security/security-configuration.md)
* [5.1 Kubernetes中的RBAC支持](./security/rbac-support-in-kubernetes.md)
- [4.8 网络配置](network/index.md)
* [6.1 Kubernetes中的网络模式解析](network/network-modes-in-kubernetes.md)
- [4.9 存储配置](storage/index.md)
- [7.1 使用glusterfs做持久化存储](storage/using-glusterfs-for-persistent-storage.md)
- [5. 服务发现与负载均衡](service-discovery-lb/index.md)
* [5.1 安装Traefik ingress](service-discovery-lb/traefik-ingress-installation.md)
* [5.2 分布式负载测试](service-discovery-lb/distributed-load-test.md)
* [5.3 网络和集群性能测试](service-discovery-lb/network-and-cluster-perfermance-test.md)
* [5.4 边缘节点配置](service-discovery-lb/edge-node-configuration.md)
- [6. 开发指南](dev/index.md)
- [6.1 开发环境搭建](dev/index.md)
- [6.2 单元测试和集成测试](dev/testing.md)
- [6.3 社区贡献](dev/contribute.md)
- [7. 应用管理](apps/index.md)
- [7.1 Helm](apps/helm-app.md)
- [7.2 Deis workflow](apps/deis.md)
- [8. 运维管理](ops/index.md)
- [8.1 服务滚动升级](ops/service-rolling-update.md)
- [8.2 应用日志收集](ops/app-log-collection.md)
- [9. 附录](appendix/index.md)
- [9.1 awesome-docker](appendix/awesome-docker.md)
- [9.2 awesome-kubernetes](appendix/awesome-kubernetes.md)
- [9.3 Kubernetes ecosystem](appendix/ecosystem.md)
- [9.4 Docker最佳实践](appendix/docker-best-practice.md)
- [9.4 参考文档](reference.md)
- [9.5 问题记录](issues.md)
- [2.2.4 Service](concepts/service.md)
- [2.2.5 Volume和Persistent Volume](concepts/volume.md)
- [2.2.6 Deployment](concepts/deployment.md)
- [2.2.7 Secret](concepts/secret.md)
- [2.2.8 StatefulSet](concepts/statefulset.md)
- [2.2.9 DaemonSet](concepts/daemonset.md)
- [2.2.10 ServiceAccount](concepts/serviceaccount.md)
- [2.2.11 ReplicationController和ReplicaSet](concepts/replicaset.md)
- [2.2.12 Job](concepts/job.md)
- [2.2.13 CronJob](concepts/cronjob.md)
- [2.2.14 Ingress](concepts/ingress.md)
- [2.2.15 ConfigMap](concepts/configmap.md)
- [3. 用户指南](guide/index.md)
- [4. 最佳实践](practice/index.md)
- [ 4.1 在CentOS上部署kubernetes1.6集群](practice/install-kbernetes1.6-on-centos.md)
- [4.1.1 创建TLS证书和秘钥](practice/create-tls-and-secret-key.md)
- [4.1.2 创建kubeconfig文件](practice/create-kubeconfig.md)
- [4.1.3 创建高可用etcd集群](practice/etcd-cluster-installation.md)
- [4.1.4 安装kubectl命令行工具](practice/kubectl-installation.md)
- [4.1.5 部署高可用master集群](practice/master-installation.md)
- [4.1.6 部署node节点](practice/node-installation.md)
- [4.1.7 安装kubedns插件](practice/kubedns-addon-installation.md)
- [4.1.8 安装dashboard插件](practice/dashboard-addon-installation.md)
- [4.1.9 安装heapster插件](practice/heapster-addon-installation.md)
- [4.1.10 安装EFK插件](practice/efk-addon-installation.md)
- [4.2 服务发现与负载均衡](practice/service-discovery-and-loadbalancing.md)
- [4.2.1 安装Traefik ingress](practice/traefik-ingress-installation.md)
- [4.2.2 分布式负载测试](practice/distributed-load-test.md)
- [4.2.3 网络和集群性能测试](practice/network-and-cluster-perfermance-test.md)
- [4.2.4 边缘节点配置](practice/edge-node-configuration.md)
- [4.3 运维管理](practice/operation.md)
- [4.3.1 服务滚动升级](practice/service-rolling-update.md)
- [4.3.2 应用日志收集](practice/app-log-collection.md)
- [4.4 存储管理](practice/storage.md)
- [4.4.1 使用glusterfs做持久化存储](practice/using-glusterfs-for-persistent-storage.md)
- [5. 领域应用](usecases/index.md)
- [6. 开发指南](develop/index.md)
- [6.1 开发环境搭建](develop/developing-environment.md)
- [6.2 单元测试和集成测试](develop/testing.md)
- [6.3 社区贡献](develop/contribute.md)
- [7. 附录](appendix/index.md)
- [7.1 Docker最佳实践](appendix/docker-best-practice.md)
- [7.2 问题记录](issues.md)

42
addons/dashboard.md
View File

@ -1,42 +0,0 @@
# Kubernetes Dashboard
Kubernetes Dashboard的部署非常简单只需要运行
```
kubectl create -f https://git.io/kube-dashboard
```
稍等一会dashborad就会创建好
```
$ kubectl -n kube-system get service kubernetes-dashboard
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard 10.101.211.212 <nodes> 80:32729/TCP 1m
$ kubectl -n kube-system describe service kubernetes-dashboard
Name: kubernetes-dashboard
Namespace: kube-system
Labels: app=kubernetes-dashboard
Annotations: <none>
Selector: app=kubernetes-dashboard
Type: NodePort
IP: 10.101.211.212
Port: <unset> 80/TCP
NodePort: <unset> 32729/TCP
Endpoints: 10.244.1.3:9090
Session Affinity: None
Events: <none>
```
然后就可以通过`http://nodeIP:32729`来访问了。
## https
通常情况下建议Dashboard服务以https的方式运行在访问它之前我们需要将证书导入系统中:
```
openssl pkcs12 -export -in apiserver-kubelet-client.crt -inkey apiserver-kubelet-client.key -out kube.p12
curl -sSL -E ./kube.p12:password -k https://nodeIP:6443/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard
```
将kube.p12导入系统就可以用浏览器来访问了。注意如果nodeIP不在证书CN里面则需要做个hosts映射。

3
addons/efk.md
View File

@ -1,3 +0,0 @@
# Elasticsearch Fluentd Kibana (EFK)
配置文件见<https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/fluentd-elasticsearch>.

7
addons/heapster.md
View File

@ -1,7 +0,0 @@
# Heapster
```
git clone https://github.com/kubernetes/heapster
cd heapster
kubectl create -f deploy/kube-config/influxdb/
```

6
addons/index.md
View File

@ -1,6 +0,0 @@
# Kubernetes Addons
- [Dashboard](dashboard.html)
- [Heapster](heapster.html)
- [EFK](efk.html)

759
appendix/awesome-docker.md
View File

@ -1,759 +0,0 @@
# Awesome Docker
https://github.com/veggiemonk/awesome-docker
> A curated list of Docker resources and projects
> Inspired by [@sindresorhus](https://github.com/sindresorhus)' [awesome][sindresorhus] and improved by these **[amazing contributors](https://github.com/veggiemonk/awesome-docker/graphs/contributors)**.
It's now a GitHub project because it's considerably easier for other people to edit, fix and expand on Docker using GitHub. Just click [README.md][editREADME] to submit a [pull request][editREADME].
If this list is not complete, you can [contribute][editREADME] to make it so.
> **Please**, help organize these resources so that they are _easy to find_ and _understand_ for new comers. See how to **[Contribute](https://github.com/veggiemonk/awesome-docker/blob/master/CONTRIBUTING.md)** for tips!
#### *If you see a link here that is not (any longer) a good fit, you can fix it by submitting a [pull request][editREADME] to improve this file. Thank you!*
The creators and maintainers of this list do not receive and should not receive any form of payment to accept a change made by any contributor. The goal of this repo is to index articles, learning materials and projects, not to advertise for profit. **All pull requests are merged by default** and removed if inappropriate or unavailable, or fixed when necessary.
All the links are monitored and tested with [awesome_bot](https://github.com/dkhamsing/awesome_bot) made by [@dkhamsing](https://github.com/dkhamsing)
# What is Docker ?
> Docker is an open platform for developers and sysadmins to build, ship, and run distributed applications. Consisting of Docker Engine, a portable, lightweight runtime and packaging tool, and Docker Hub, a cloud service for sharing applications and automating workflows, Docker enables apps to be quickly assembled from components and eliminates the friction between development, QA, and production environments. As a result, IT can ship faster and run the same app, unchanged, on laptops, data center VMs, and any cloud.
_Source:_ [What is Docker](https://www.docker.com/what-docker)
# Where to start ?
* [10-minute Interactive Tutorial](https://docs.docker.com/docker-for-mac/)
* [Docker Training](http://training.docker.com/)
* Read this complete article: [Basics Docker, Containers, Hypervisors, CoreOS](http://etherealmind.com/basics-docker-containers-hypervisors-coreos/)
* Watch the video: [Docker for Developers][docker4dev] (54:26) by [@jpetazzo][jpetazzo]
* [Docker Jumpstart](https://github.com/odewahn/docker-jumpstart/): a quick introduction
* [Docker Curriculum](http://prakhar.me/docker-curriculum/): A comprehensive tutorial for getting started with Docker. Teaches how to use Docker and deploy dockerized apps on AWS with Elastic Beanstalk and Elastic Container Service.
* [Install Docker on your machine](docker-cheat-sheet#installation) and play with a few [Useful Images](#useful-images)
* Try [Panamax: Docker Management for Humans][panamax.io] It will install a CoreOS VM with VirtualBox and has nice front end
* [Install Docker Toolbox](https://www.docker.com/products/docker-toolbox) Docker Toolbox is an installer to quickly and easily install and setup a Docker environment on your computer. Available for both Windows and Mac, the Toolbox installs Docker Client, Machine, Compose (Mac only), Kitematic and VirtualBox.
* Check out: [Docker Cheat Sheet][docker-cheat-sheet] by [@wsargent][wsargent] __MUST SEE__
* [Project Web Dev][projwebdev] : (Article series) How to create your own website based on Docker
* [Docker Containers on the desktop][jessblog] by [@jfrazelle][jfrazelle]) The **funniest way** to
learn
about docker! (Tips: checkout her [dotfiles][jfrazelledotfiles] and her [dockerfiles][jfrazelledockerfiles])
* [Container Hacks and Fun Images][jessvid] by [@jfrazelle][jfrazelle] @ DockerCon 2015 **MUST WATCH VIDEO** (38:50)
* [Learn Docker](https://github.com/dwyl/learn-docker) Full environment set up, screenshots, step-by-step tutorial and more resources (video, articles, cheat sheets) by [@dwyl](https://github.com/dwyl)
* [Docker Caveats](http://docker-saigon.github.io/post/Docker-Caveats/) What You Should Know About Running Docker In Production (written 11 APRIL 2016) __MUST SEE__
* [How to Whale](https://howtowhale.com/) Learn Docker in your web browser, no setup or installation required.
# MENU
- [What is Docker ?](#what-is-docker-)
- [Where to start ?](#where-to-start-)
- [MENU](#menu)
- [Useful Articles](#useful-articles)
- [Main Resources](#main-resources)
- [General Articles](#general-articles)
- [Deep Dive](#deep-dive)
- [Networking](#networking)
- [Metal](#metal)
- [Multi-Server](#multi-server)
- [Cloud Infrastructure](#cloud-infrastructure)
- [Good Tips](#good-tips)
- [Newsletter](#newsletter)
- [Continuous Integration](#continuous-integration)
- [Optimizing Images](#optimizing-images)
- [Service Discovery](#service-discovery)
- [Security](#security)
- [Performances](#performances)
- [Raspberry Pi & ARM](#raspberry-pi--arm)
- [Other](#other)
- [Books](#books)
- [Tools](#tools)
- [Terminal User Interface](#terminal-user-interface)
- [Dev Tools](#dev-tools)
- [Continuous Integration / Continuous Delivery](#continuous-integration--continuous-delivery)
- [Deployment](#deployment)
- [Hosting for repositories (registries)](#hosting-for-repositories-registries)
- [Hosting for containers](#hosting-for-containers)
- [Reverse Proxy](#reverse-proxy)
- [Web Interface](#web-interface)
- [Local Container Manager](#local-container-manager)
- [Volume management and plugins](#volume-management-and-plugins)
- [Useful Images](#useful-images)
- [Dockerfile](#dockerfile)
- [Storing Images and Registries](#storing-images-and-registries)
- [Monitoring](#monitoring)
- [Networking](#networking)
- [Logging](#logging)
- [Deployment and Infrastructure](#deployment-and-infrastructure)
- [PaaS](#paas)
- [Remote Container Manager / Orchestration](#remote-container-manager--orchestration)
- [Security](#security)
- [Service Discovery](#service-discovery)
- [Metadata](#metadata)
- [Slides](#slides)
- [Videos](#videos)
- [Main Account](#main-account)
- [Useful videos](#useful-videos)
- [Interactive Learning Environments](#interactive-learning-environments)
- [Interesting Twitter Accounts](#interesting-twitter-accounts)
- [People](#people)
# Useful Articles
## Main Resources
* [Docker Weekly](https://blog.docker.com/docker-weekly-archives/) Huge resource
* [Docker Cheat Sheet][docker-cheat-sheet] by [@wsargent][wsargent] __MUST SEE__
* [Docker Printable Refcard][docker-quick-ref] by [@dimonomid][dimonomid]
* [CenturyLink Labs](https://labs.ctl.io/category/docker/)
* [Valuable Docker Links](http://www.nkode.io/2014/08/24/valuable-docker-links.html) Very complete
* [Docker Ecosystem](https://www.mindmeister.com/389671722/docker-ecosystem) (Mind Map) __MUST SEE__
* [Docker Ecosystem](http://comp.photo777.org/wp-content/uploads/2015/09/Docker-ecosystem-8.5.1.pdf) (PDF) __MUST SEE__ find it on [blog](http://comp.photo777.org/docker-ecosystem/) by Bryzgalov Peter.
* [Blog](https://blog.jessfraz.com/) of [@frazelledazzell][jfrazelle]
* [Blog](http://jpetazzo.github.io/) of [@jpetazzo][jpetazzo]
* [Blog](http://progrium.com/blog/) of [@progrium][progrium]
* [Blog](http://jasonwilder.com/) of [@jwilder][jwilder]
* [Blog](http://crosbymichael.com/) of [@crosbymichael][crosbymichael]
* [Blog](http://gliderlabs.com/blog/) of [@gliderlabs][gliderlabs]
* [Blog](http://sebgoa.blogspot.be/) of [@sebgoa][sebgoa]
* [Blog](https://blog.codeship.com/) of [@codeship](https://github.com/codeship)
* [Digital Ocean Community](https://www.digitalocean.com/community/search?q=docker&type=tutorials)
* [Container42](http://container42.com/)
* [Container solutions](http://container-solutions.com/blog/)
* [DockerOne](http://dockone.io/) Docker Community (in Chinese) by [@LiYingJie](http://dockone.io/people/%E6%9D%8E%E9%A2%96%E6%9D%B0)
* [Project Web Dev][projwebdev] : (Article series) How to create your own website based on Docker
* [Docker vs. VMs? Combining Both for Cloud Portability Nirvana](http://www.rightscale.com/blog/cloud-management-best-practices/docker-vs-vms-combining-both-cloud-portability-nirvana)
* [Docker Containers on the desktop][jessblog] by [@jfrazelle][jfrazelle] The **funniest way** to learn
about docker! (Tips: checkout her [dotfiles][jfrazelledotfiles] and her [dockerfiles][jfrazelledockerfiles]))
* [Awesome Linux Container](https://github.com/Friz-zy/awesome-linux-containers) more general about container than this repo, by [@Friz-zy](https://github.com/Friz-zy).
## General Articles
* [Getting Started with Docker](https://serversforhackers.com/getting-started-with-docker) by [@fideloper](https://github.com/fideloper) -- [Servers For Hackers](https://serversforhackers.com/editions) is valuable resource. At some point, every programmer finds themselves needing to know their way around a server.
* [What is Docker and how do you monitor it?](http://axibase.com/docker-monitoring/)
* [How to Use Docker on OS X: The Missing Guide](https://www.viget.com/articles/how-to-use-docker-on-os-x-the-missing-guide)
* [Docker for (Java) Developers](https://ro14nd.de/Docker-for-Developers)
* [Deploying NGINX with Docker](https://www.nginx.com/blog/deploying-nginx-nginx-plus-docker/)
* [Eight Docker Development Patterns](http://hokstad.com/docker/patterns)
* [Rails Development Environment for OS X using Docker](https://allenan.com/docker-rails-dev-environment-for-osx/)
* [Logging on Docker: What You Need to Know](https://dzone.com/articles/logging-docker-what-you-need) + see the
[video][loggingDocker] (~50min)
* [Comparing Five Monitoring Options for Docker](http://rancher.com/comparing-monitoring-options-for-docker-deployments/)
* [Minimalistic data-only container for Docker Compose](http://dockermeetupsinbordeaux.github.io/docker-compose/data-container/2015/03/01/minimalistic-docker-data-container.html) (Written Mar 1, 2015)
* [Running Docker Containers with Systemd](http://container-solutions.com/running-docker-containers-with-systemd/)
* [Dockerizing Flask With Compose and Machine - From Localhost to the Cloud](https://realpython.com/blog/python/dockerizing-flask-with-compose-and-machine-from-localhost-to-the-cloud/) -- [GitHub](https://github.com/realpython/orchestrating-docker) Learn how to deploy an application using Docker Compose and Docker Machine (written 17 April 2015)
* [Why and How to use Docker for Development](https://medium.com/iron-io-blog/why-and-how-to-use-docker-for-development-a156c1de3b24) (written 28 APR 2015)
* [Automating Docker Logging: ElasticSearch, Logstash, Kibana, and Logspout](https://nathanleclaire.com/blog/2015/04/27/automating-docker-logging-elasticsearch-logstash-kibana-and-logspout/) (written 27 APR 2015)
* [Docker Host Volume Synchronization](http://oliverguenther.de/2015/05/docker-host-volume-synchronization/) (written 1 JUN 2015)
* [From Local Development to Remote Deployment with Docker Machine and Compose](https://developer.rackspace.com/blog/dev-to-deploy-with-docker-machine-and-compose/) (written 2 JUL 2015)
* [Docker: Build, Ship and Run Any App, Anywhere](http://delftswa.github.io/chapters/docker/index.html) by [Martijn Dwars](https://github.com/MartijnDwars), [Wiebe van Geest](https://github.com/wrvangeest), [Rik Nijessen](https://github.com/gewoonrik), and [Rick Wieman](https://github.com/RickWieman) from [Delft University of Technology](http://www.tudelft.nl/) (written 2 JUL 2015)
* [Joining the Docker Ship](http://thenewstack.io/joining-the-docker-ship-and-go/) Learn how to contribute to docker (written 9 JUL 2015)
* [Continuous Deployment with Gradle and Docker](https://github.com/gesellix/pipeline-with-gradle-and-docker/blob/master/README.md) Describes a complete pipeline from source to production deploy (includes a complete Spring Boot example project) by
[@gesellix][gesellix]
* [Containerization and the PaaS Cloud](https://www.computer.org/cms/Computer.org/ComputingNow/issues/2015/09/mcd2015030024.pdf) -- This article discusses the requirements that arise from having to facilitate applications through distributed multicloud platforms.
* [Docker for Development: Common Problems and Solutions](https://medium.com/@rdsubhas/docker-for-development-common-problems-and-solutions-95b25cae41eb) by [@rdsubhas](https://github.com/rdsubhas)
* [Docker Adoption Data](https://www.datadoghq.com/docker-adoption/) A study by Datadog on the real world Docker usage stastics and deployment patterns.
* [How to monitor Docker](https://www.datadoghq.com/blog/the-docker-monitoring-problem/) (4-part series)
* [Using Ansible with Docker Machine to Bootstrap Host Nodes](https://nathanleclaire.com/blog/2015/11/10/using-ansible-with-docker-machine-to-bootstrap-host-nodes/) by [@nathanleclaire](https://github.com/nathanleclaire)
* [Swarm v. Fleet v. Kubernetes v. Mesos](https://www.oreilly.com/ideas/swarm-v-fleet-v-kubernetes-v-mesos) Comparing different orchestration tools. (written OCT 2015)
* [The Shortlist of Docker Hosting](https://blog.codeship.com/the-shortlist-of-docker-hosting) There are so many specialized and optimized Docker hosting services available, its high time for a review to see whats on offer (by Chris Ward).
## Portuguese Articles
* [Uma rápida introdução ao Docker e instalação no Ubuntu](https://woliveiras.com.br/posts/uma-rapida-introducao-ao-docker-e-instalacao-no-ubuntu/)
* [O que é uma imagem e o que é um container Docker?](https://woliveiras.com.br/posts/imagem-docker-ou-um-container-docker/)
* [Criando uma imagem Docker personalizada](https://woliveiras.com.br/posts/Criando-uma-imagem-Docker-personalizada/)
* [Comandos mais utilizados no Docker](https://woliveiras.com.br/posts/comandos-mais-utilizados-no-docker/)
## Deep Dive
* [Creating containers - Part 1](http://crosbymichael.com/creating-containers-part-1.html) This is part one of a series of blog posts detailing how docker creates containers. By [@crosbymichael][crosbymichael]
* [Data-only container madness](http://container42.com/2014/11/18/data-only-container-madness/)
## Networking
* [Using Docker Machine with Weave 0.10](https://www.weave.works/using-docker-machine-with-weave-0-10/) (written 22 APR 2015)
* [How to Route Traffic through a Tor Docker container](https://blog.jessfraz.com/post/routing-traffic-through-tor-docker-container/) by [@jfrazelle][jfrazelle] (writtent 20 JUN 2015)
## Metal
* [How to use Docker on Full Metal](http://blog.bigstep.com/use-docker-full-metal-cloud/)
## Multi-Server
* [A Docker based mini-PaaS](http://shortcircuit.net.au/~prologic/blog/article/2015/03/24/a-docker-based-mini-paas/)
by [@prologic][prologic]
* [A multi-host scalable web services demo using Docker swarm, Docker compose, NGINX, and Blockbridge](https://www.blockbridge.com/a-scalable-web-services-demo-using-docker-swarm-compose-and-blockbridge/)
## Cloud Infrastructure
* [Cloud Infrastructure Automation for Docker Nodes](https://blog.tutum.co/2015/04/29/cloud-infrastructure-automation-for-docker-nodes/)
## Good Tips
* [24 random docker tips](https://csabapalfi.github.io/random-docker-tips/) by [@csabapalfi](https://github.com/csabapalfi)
* [GUI Apps with Docker](http://fabiorehm.com/blog/2014/09/11/running-gui-apps-with-docker/) by [@fgrehm][fgrehm]
* [Automated Nginx Reverse Proxy for Docker](http://jasonwilder.com/blog/2014/03/25/automated-nginx-reverse-proxy-for-docker/) by [@jwilder][jwilder]
* [Using NSEnter with Boot2Docker](https://ro14nd.de/NSEnter-with-Boot2Docker)
* [A Simple Way to Dockerize Applications](http://jasonwilder.com/blog/2014/10/13/a-simple-way-to-dockerize-applications/) by [@jwilder][jwilder]
* [Building good docker images](http://jonathan.bergknoff.com/journal/building-good-docker-images) by [@jbergknoff](https://github.com/jbergknoff)
* [10 Things Not To Forget Before Deploying Docker In Production](http://www.slideshare.net/rightscale/docker-meetup-40826948)
* [Docker CIFS How to Mount CIFS as a Docker Volume](http://backdrift.org/docker-cifs-howto-mount-cifs-volume-docker-container)
* [Nginx Proxy for Docker](https://blog.danivovich.com/2015/07/09/nginx-proxy-for-docker-containers/) (written 9 JUL 2015)
* [Dealing with linked containers dependency in docker-compose](http://brunorocha.org/python/dealing-with-linked-containers-dependency-in-docker-compose.html) by [@rochacbruno](https://github.com/rochacbruno)
* [Docker Tips](http://www.mervine.net/notes/docker-tips) by [@jmervine](https://github.com/jmervine)
* [Docker on Windows behind a firewall](http://toedter.com/2015/05/11/docker-on-windows-behind-a-firewall/) by [@kaitoedter](https://twitter.com/kaitoedter)
* [Pulling Git into a Docker image without leaving SSH keys behind](http://blog.cloud66.com/pulling-git-into-a-docker-image-without-leaving-ssh-keys-behind/) by [@khash](https://github.com/khash)
* [6 Million Ways To Log In Docker](http://www.slideshare.net/raychaser/6-million-ways-to-log-in-docker-nyc-docker-meetup-12172014) by [@raychaser](https://twitter.com/raychaser)
* [Dockerfile Generator](http://jrruethe.github.io/blog/2015/09/20/dockerfile-generator/) (ruby script)
* [Running Production Hadoop Clusters in Docker Containers](http://conferences.oreilly.com/strata/big-data-conference-ca-2015/public/schedule/detail/38521)
* [10 practical docker tips](http://www.smartjava.org/content/10-practical-docker-tips-day-day-docker-usage) (Dec 2015) by [@josdirksen](https://github.com/josdirksen)
* [Kubernetes Cheatsheet](http://k8s.info/cs.html) - A great resource for managing your Kubernetes installation
* [Container Best Practices](http://docs.projectatomic.io/container-best-practices/) - Red Hat's Project Atomic created a Container Best Practices guide which applies to everything and is updated regurlary.
* [Production Meteor and Node Using Docker, Part I](https://projectricochet.com/blog/production-meteor-and-node-using-docker-part-i) by [@projectricochet](https://github.com/projectricochet)
* [Resource Management in Docker](https://goldmann.pl/blog/2014/09/11/resource-management-in-docker/) by [@marekgoldmann](https://twitter.com/marekgoldmann)
## Newsletter
* [Docker Team](https://www.docker.com/)
* [CenturyLink Labs](https://labs.ctl.io/)
* [Tutum](https://dashboard.tutum.co/)
* [DevOps Weekly](http://www.devopsweekly.com)
* [Shippable](http://blog.shippable.com/)
* [WebOps weekly](http://webopsweekly.com/)
## Continuous Integration
* [Docker and Phoenix: How to Make Your Continuous Integration More Awesome](https://ariya.io/2014/12/docker-and-phoenix-how-to-make-your-continuous-integration-more-awesome)
* [Jenkins 2.0 - Screencast Series](http://theremotelab.com/blog/jenkins2.0-screencast-series/) by [Virendra Bhalothia](https://twitter.com/bhalothiaa)
* [Pushing to ECR Using Jenkins Pipeline Plugin](https://blog.mikesir87.io/2016/04/pushing-to-ecr-using-jenkins-pipeline-plugin/) by [@mikesir87](https://github.com/mikesir87)
## Optimizing Images
* [Create the smallest possible Docker container](http://blog.xebia.com/create-the-smallest-possible-docker-container/)
* [Creating a Docker image from your code](https://blog.tutum.co/2014/04/10/creating-a-docker-image-from-your-code/)
* [Optimizing Docker Images](https://www.ctl.io/developers/blog/post/optimizing-docker-images/)
* [How to Optimize Your Dockerfile](https://blog.tutum.co/2014/10/22/how-to-optimize-your-dockerfile/) by [@tutumcloud](https://github.com/tutumcloud)
* [Building Docker Images for Static Go Binaries](https://medium.com/@kelseyhightower/optimizing-docker-images-for-static-binaries-b5696e26eb07) by [@kelseyhightower](https://github.com/kelseyhightower)
* [Squashing Docker Images](http://jasonwilder.com/blog/2014/08/19/squashing-docker-images/) by [@jwilder][jwilder]
* [Dockerfile Golf (or optimizing the Docker build process)](http://www.davidmkerr.com/2014/08/dockerfile-golf-or-optimizing-docker.html)
* [ImageLayers](https://imagelayers.iron.io/) Visualize Docker images and the layers that compose them.
* [DockerSlim](https://github.com/docker-slim/docker-slim) shrinks fat Docker images creating the smallest possible images.
* [SkinnyWhale](https://github.com/djosephsen/skinnywhale) Skinnywhale helps you make smaller (as in megabytes) Docker containers.
## Service Discovery
* [@progrium][progrium] Service Discovery articles series:
* [Consul Service Discovery with Docker](http://progrium.com/blog/2014/08/20/consul-service-discovery-with-docker/)
* [Understanding Modern Service Discovery with Docker](http://progrium.com/blog/2014/07/29/understanding-modern-service-discovery-with-docker/)
* [Automatic Docker Service Announcement with Registrator](http://progrium.com/blog/2014/09/10/automatic-docker-service-announcement-with-registrator/)
## Security
* [Docker and SELinux](http://www.projectatomic.io/docs/docker-and-selinux/)
* [Bringing new security features to Docker](https://opensource.com/business/14/9/security-for-docker)
* [Docker Secure Deployment Guidelines](https://github.com/GDSSecurity/Docker-Secure-Deployment-Guidelines)
* [Security Best Practices for Building Docker Images](https://linux-audit.com/tag/docker/)
* [Docker Security: Are Your Containers Tightly Secured to the Ship? SlideShare](http://fr.slideshare.net/MichaelBoelen/docker-security-are-your-containers-tightly-secured-to-the-ship)
* [Tuning Docker with the newest security enhancements](https://opensource.com/business/15/3/docker-security-tuning)
* [Lynis is an open source security auditing tool including Docker auditing](https://cisofy.com/lynis/)
* [Understanding Docker security and best practices](https://blog.docker.com/2015/05/understanding-docker-security-and-best-practices/) (written 5 MAY 2015)
* [Docker Security Cheat Sheet] (https://github.com/konstruktoid/Docker/blob/master/Security/CheatSheet.adoc)
* [How CVE's are handled on Offical Docker Images](https://github.com/docker-library/official-images/issues/1448)
* [Improving Docker Security with Authenticated Volumes](https://www.blockbridge.com/improving-docker-security-with-authenticated-volumes/)
## Performances
* [Performance Analysis of Docker on Red Hat Enterprise Linux 7](http://developerblog.redhat.com/2014/08/19/performance-analysis-docker-red-hat-enterprise-linux-7/)
* [Distrubuted JMeter testing using Docker](http://srivaths.blogspot.fr/2014/08/distrubuted-jmeter-testing-using-docker.html?m=1)
* [nsinit: per-container resource monitoring of Docker containers on RHEL/Fedora](http://www.breakage.org/2014/09/03/nsinit-per-container-resource-monitoring-of-docker-containers-on-rhelfedora/)
## Raspberry Pi & ARM
* [git push docker containers to linux devices](https://resin.io/) Modern DevOps for IoT, leveraging git and Docker.
* [Docker Pirates ARMed with explosive stuff](http://blog.hypriot.com/) Huge resource on clustering, swarm, docker, pre-installed image for SD card on Raspberry Pi
* [Docker on Raspberry Pi](http://blog.xebia.com/docker-on-a-raspberry-pi/)
* [Fool-Proof Recipe: Docker on the Raspberry Pi](https://www.voxxed.com/blog/2015/04/fool-proof-recipe-docker-on-the-raspberry-pi/) Same article as above but more opinionated.
* [Raspberry Pi with Docker 1.5.0](http://blog.hypriot.com/post/heavily-armed-after-major-upgrade-raspberry-pi-with-docker-1-dot-5-0/)
* [Swarming Raspberry Pi Part 1](http://matthewkwilliams.com/index.php/2015/03/21/swarming-raspberry-pi-part-1/)
* [Swarming Raspberry Pi, Part 2: Registry & Mirror](http://matthewkwilliams.com/index.php/2015/03/29/swarming-raspberry-pi-part-2-registry-mirror/)
* [Swarming Raspberry Pi: Docker Swarm Discovery Options](http://matthewkwilliams.com/index.php/2015/04/03/swarming-raspberry-pi-docker-swarm-discovery-options/)
* [Uniform Development by Docker & QEMU](http://www.instructables.com/id/Uniform-Development-by-Docker-QEMU/)
* [Get Docker up and running on the RaspberryPi in three steps](https://github.com/umiddelb/armhf/wiki/Get-Docker-up-and-running-on-the-RaspberryPi-%28ARMv6%29-in-three-steps)
* [Installing, running, using Docker on armhf (ARMv7) devices](https://github.com/umiddelb/armhf/wiki/Installing,-running,-using-docker-on-armhf-(ARMv7)-devices)
* [How to run 2500 webservers on a Raspberry Pi](http://blog.loof.fr/2015/10/how-to-run-2500-webservers-on-raspberry.html)
## Other
* Presentation: Docker and JBoss - the perfect combination
* [Vidéo](https://www.youtube.com/watch?v=4uQ6gR_xZhE)
* [Code source](https://github.com/goldmann/goldmann.pl/tree/master/.presentations/2014-vjbug-docker/demos)
* [JBoss and Docker Presentation](https://goldmann.pl/presentations/2014-vjbug-docker/ )
# Books
## In English
* [Docker Book](https://dockerbook.com/) by James Turnbul ([@kartar][kartar])
* [Docker Cookbook](http://shop.oreilly.com/product/0636920036791.do) by Sébastien Goasguen ([@sebgoa][sebgoa]) (Publisher: O'Reilly)
* [Docker Cookbook](http://dockercookbook.github.io/) by Neependra Khare ([@neependra](https://twitter.com/neependra)) (Publisher: Packt)
* [Docker in Action](https://www.manning.com/books/docker-in-action) by Jeff Nickoloff ([@allingeek](https://twitter.com/allingeek))
* [Docker in Practice](https://www.manning.com/books/docker-in-practice) by Ian Miell ([@ianmiell][ianmiell]) and Aidan Hobson Sayers ([@aidanhs](https://github.com/aidanhs)). ==> [Website](http://docker-in-practice.github.io/)
* [Docker Up & Running](https://newrelic.com/docker-book) by [Karl Matthias](https://twitter.com/relistan) and [Sean P. Kane](https://twitter.com/spkane)
* [Using Docker](http://shop.oreilly.com/product/0636920035671.do) by Adrian Mouat ([@adrianmouat](https://twitter.com/adrianmouat)) (Publisher: O'Reilly)
* [Docker Security](https://www.openshift.com/promotions/docker-security.html) by Adrian Mouat ([@adrianmouat](https://twitter.com/adrianmouat)) (Publisher: O'Reilly)
* [Kubernetes](https://www.openshift.com/promotions/kubernetes.html) by [David Rensin](http://research.google.com/pubs/DavidRensin.html) (Publisher: O'Reilly)
* [Docker in Production: Lessons from the Trenches](http://www.amazon.com/Docker-Production-Trenches-Joe-Johnston-ebook/dp/B0141W6KYC) by Joe Johnston (Author), John Fiedler (Author), Milos Gajdos (Author), Antoni Batchelli (Author), Justin Cormack (Author)
* [Mastering Docker](https://www.packtpub.com/virtualization-and-cloud/mastering-docker) by Scott Gallagher (Publisher: Packt)
* [Learning Docker](https://www.packtpub.com/virtualization-and-cloud/learning-docker) by Pethuru Raj, Jeeva S. Chelladhurai and Vinod Singh (Publisher: Packt)
* [Troubleshooting Docker](https://www.packtpub.com/virtualization-and-cloud/troubleshooting-docker) by John Wooten, Navid Shaikh (Publisher: Packt)
* [Orchestrating Docker](https://www.packtpub.com/virtualization-and-cloud/orchestrating-docker) by Shrikrishna Holla (Publisher: Packt)
* [Extending Docker](https://www.packtpub.com/networking-and-servers/extending-docker) by Russ McKendrick (Publisher: Packt)
* [Securing Docker](https://www.packtpub.com/virtualization-and-cloud/securing-docker) by Scott Gallagher (Publisher: Packt)
* [Learning Docker Networking](https://www.packtpub.com/networking-and-servers/learning-docker-networking) by Rajdeep Dua, Vaibhav Kohli and Santosh Kumar Konduri (Publisher: Packt)
* [Docker High Performance](https://www.packtpub.com/networking-and-servers/docker-high-performance) by Allan Espinosa (Publisher: Packt)
* [Kubernetes Up and Running: Dive into the Future of Infrastructure](http://shop.oreilly.com/product/0636920043874.do) by Kelsey Hightower ([@kelseyhightower](https://twitter.com/kelseyhightower)) (Publisher: O'Reilly)
## Chinese
* [The Source Code Analysis of Docker](https://www.amazon.cn/图书/dp/B012ROMRUM) (Chinese) by [Allen Sun](https://github.com/allencloud)
* [Docker Container and Container Cloud](https://www.amazon.cn/图书/dp/B014ETH1IG) (Chinese) by [Harry Zhang](https://twitter.com/resouer) & Jianbo Sun & Zhejiang University SEL Laboratory
## German
* [Docker: Container-Infrastruktur für Microservices](http://www.bee42.com/dockerbook/) by Peter Roßbach ([@PRossbach](https://twitter.com/PRossbach))
## Portuguese
* [Containers com Docker do desenvolvimento à produção](https://www.casadocodigo.com.br/products/livro-docker) by Daniel Romero ([@infoslack](https://twitter.com/infoslack))
* [Aprendendo Docker: Do básico à orquestração de contêineres](http://aprendendodocker.com.br/) by Wellington F. Silva ([@_wsilva](https://twitter.com/_wsilva)) (Publisher: Editora Novatec)
* [Docker para Desenvolvedores](https://leanpub.com/dockerparadesenvolvedores) by Rafael Gomes ([@kelseyhightower](https://twitter.com/gomex)) (Publisher: Leanpub) - 55% finished
# Tools
* [Docker](https://github.com/docker/docker)
* [Docker Images](https://hub.docker.com)
* [Docker Compose](https://github.com/docker/compose/) (Define and run multi-container applications with Docker)
* [Docker Machine](https://github.com/docker/machine) (Machine management for a container-centric world)
* [Docker Registry][distribution] (The Docker toolset to pack, ship, store, and deliver content)
* [Docker Swarm](https://github.com/docker/swarm) (Swarm: a Docker-native clustering system)
## Terminal User Interface
* [sen](https://github.com/TomasTomecek/sen) - Terminal user interface for docker engine, by [@TomasTomecek](https://github.com/TomasTomecek)
* [wharfee](https://github.com/j-bennet/wharfee) - Autocompletion and syntax highlighting for Docker commands.) by [@j-bennet](https://github.com/j-bennet)
* [ctop](https://github.com/yadutaf/ctop) - A command line / text based Linux Containers monitoring tool that works just like you expect by [@yadutaf](https://github.com/yadutaf)
* [dry](https://github.com/moncho/dry) - An interactive CLI for Docker containers by [@moncho](https://github.com/moncho)
* [dockercraft](https://github.com/docker/dockercraft) - Docker + Minecraft = Dockercraft by [@docker][docker]
* [dockersql](https://github.com/crosbymichael/dockersql) - A command line interface to query Docker using SQL by [@crosbymichael][crosbymichael]
## Dev Tools
* [draw-compose](https://github.com/Alexis-benoist/draw-compose) - Utility to draw a schema of a docker compose by [@Alexis-benoist](https://github.com/Alexis-benoist)
* [GoSu](https://github.com/tianon/gosu) - Run this specific application as this specific user and get out of the pipeline (entrypoint script tool) by [@tianon](https://github.com/tianon)
* [Chaperone](https://github.com/garywiz/chaperone) - A single PID1 process designed for docker containers. Does user management, log management, startup, zombie reaping, all in one small package. by [@garywiz](https://github.com/garywiz)
* [ns-enter](https://github.com/jpetazzo/nsenter) (no more ssh, enter name spaces of container) by [@jpetazzo][jpetazzo]
* [Squid-in-a-can](https://github.com/jpetazzo/squid-in-a-can) (in case of proxy problem) by [@jpetazzo][jpetazzo]
* [Composerize](https://github.com/magicmark/composerize) Conververt docker run commands into docker-compose files
* [docker-gen](https://github.com/jwilder/docker-gen) (Generate files from docker container meta-data) by [@jwilder][jwilder]
* [dockerize](https://github.com/jwilder/dockerize) (Utility to simplify running applications in docker containers) by [@jwilder][jwilder]
* [registrator](https://github.com/progrium/registrator) (Service registry bridge for Docker) by [@progrium][progrium]
* [Dockly](https://github.com/swipely/dockly) (Dockly is a gem made to ease the pain of packaging an application in Docker.) by [@swipely](https://github.com/swipely/)
* [docker-volumes](https://github.com/cpuguy83/docker-volumes) (Docker Volume Manager) by [@cpuguy83][cpuguy83]
* [dockerfile_lint](https://github.com/projectatomic/dockerfile_lint) (A rule-based 'linter' for Dockerfiles) by [@redhataccess](https://github.com/redhataccess)
* [powerstrip](https://github.com/clusterhq/powerstrip) (A tool for prototyping Docker extensions) by [@clusterhq](https://github.com/clusterhq)
* [Vagga](https://github.com/tailhook/vagga) (Vagga is a containerisation tool without daemons. It is a fully-userspace container engine inspired by Vagrant and Docker, specialized for development environments.) by [@tailhook](https://github.com/tailhook/)
* [dockerode](https://github.com/apocas/dockerode) (Not just another Docker Remote API node.js module) by [@apocas](https://github.com/apocas)
* [go-dockerclient](https://github.com/fsouza/go-dockerclient/) (Go HTTP client for the Docker remote API.) by [@fsouza](https://github.com/fsouza/)
* [Docker.DotNet](https://github.com/Microsoft/Docker.DotNet) (C#/.NET HTTP client for the Docker remote API) by [@ahmetalpbalkan](https://github.com/ahmetalpbalkan/)
* [container-factory](https://github.com/lsqio/container-factory) - Produces Docker images from tarballs of application source code by [@lsqio](https://github.com/lsqio)
* [codelift](https://codelift.io/) - CodeLift is an automated Docker image build utility for 'dockerizing' services by [@BoozAllen](https://twitter.com/BoozAllen)
* [percheron][percheron] - Organise your Docker containers with muscle and intelligence by [@ashmckenzie](https://github.com/ashmckenzie)
* [crane](https://github.com/michaelsauter/crane) - Lift containers with ease. Easy orchestration for images and containers by [@michaelsauter](https://github.com/michaelsauter)
* [sherdock](https://github.com/rancher/sherdock) - Automatic GC of images based on regexp by [@rancher][rancher]
* [bocker](https://github.com/p8952/bocker) (1) - Docker implemented in 100 lines of bash by [p8952](https://github.com/p8952)
* [bocker](https://github.com/icy/bocker) (2) - Write Dockerfile completely in Bash. Extensible and simple. --> Reusable by [@icy](https://github.com/icy)
* [docker-gc](https://github.com/spotify/docker-gc) - A cron job that will delete old stopped containers and unused images by [@spotify](https://github.com/spotify)
* [dlayer](https://github.com/wercker/dlayer) - Stats collector for Docker layers by [@wercker](https://github.com/wercker)
* [forward2docker](https://github.com/bsideup/forward2docker) - Utility to auto forward a port from localhost into ports on Docker containers running in a boot2docker VM by [@bsideup](https://github.com/bsideup)
* [dockramp](https://github.com/jlhawn/dockramp) - Proof of Concept: A Client Driven Docker Image Builder by [@jlhawn](https://github.com/jlhawn)
* [portainer](https://github.com/duedil-ltd/portainer) - Apache Mesos framework for building Docker images by [@tarnfeld](https://github.com/tarnfeld)
* [Gradle Docker plugin](https://github.com/gesellix/gradle-docker-plugin) - A Docker remote api plugin for Gradle by [@gesellix][gesellix]
* [Docker client](https://github.com/gesellix/docker-client) - A Docker remote api client library for the JVM, written in Groovy by [@gesellix][gesellix]
* [Dropdock](http://dropdock.io/) - A framework designed for Drupal to build fast, isolated development environments using Docker.
* [Devstep](https://github.com/fgrehm/devstep) - Development environments powered by Docker and buildpacks by [@fgrehm][fgrehm]
* [Lorry](https://lorry.io/) - Lorry is a docker-compose.yml validator and composer by [@CenturyLinkLabs][CenturyLinkLabs]
* [Dray](http://dray.it/) - Dray is an engine for managing the execution of container-based workflows. Docker Workflow Engine - UNIX pipes for Docker by [@CenturyLinkLabs][CenturyLinkLabs]
* [docker-do](https://github.com/benzaita/docker-do) - hassle-free docker run, like `env` but for docker by [@benzaita](https://github.com/benzaita)
* [Docker osx dev](https://github.com/brikis98/docker-osx-dev) - A productive development environment with Docker on OS X by [@brikis98](https://github.com/brikis98)
* [rocker](https://github.com/grammarly/rocker) - Extended Dockerfile builder. Supports multiple FROMs, MOUNTS, templates, etc. by [grammarly](https://github.com/grammarly).
* [dexec](https://github.com/docker-exec/dexec) - Command line interface for running code with Docker Exec images. https://docker-exec.github.io/ written in Go.
* [crowdr](https://github.com/polonskiy/crowdr) - Tool for managing multiple Docker containers (docker-compose alternative) by [@polonskiy](https://github.com/polonskiy/)
* [ahab](https://github.com/instacart/ahab) - Docker event handling with Python by [@instacart](https://github.com/instacart)
* [docker-garby](https://github.com/konstruktoid/docker-garby) - Docker garbage collection script by [@konstruktoid](https://github.com/konstruktoid).
* [DevLab](https://github.com/TechnologyAdvice/DevLab) - Utility for running containerized development environments
* [is-docker](https://github.com/sindresorhus/is-docker) - Check if the process is running inside a Docker container by [@sindresorhus][sindresorhus]
* [Docker meets the IDE](http://domeide.github.io/) - Integrating your favorite containers in the editor of your choice by [domeide](https://github.com/domeide)
* [DVM](https://github.com/getcarina/dvm) - Docker version manager by [@getcarina](https://github.com/getcarina)
* [docker-ls](https://github.com/mayflower/docker-ls) - CLI tools for browsing and manipulating docker registries by [@mayflower](https://github.com/mayflower)
* [habitus](https://github.com/cloud66/habitus) - A Build Flow Tool for Docker http://www.habitus.io by [@cloud66](https://github.com/cloud66)
* [Compose Registry](https://www.composeregistry.com) - A very handy search engine for Compose Files
* [Docker Clean](https://github.com/zzrotdesign/docker-clean) - A script that cleans Docker containers, images and volumes by [@zzrotdesign](https://github.com/zzrotdesign)
* [Powerline-Docker](https://github.com/adrianmo/powerline-docker) - A Powerline segment for showing the status of Docker containers by [@adrianmo](https://github.com/adrianmo)
* [Docker-PowerShell](https://github.com/Microsoft/Docker-PowerShell) - PowerShell Module for Docker
* [docker-compose-search](https://github.com/francescou/docker-compose-search) - A search engine for Docker Compose application stacks by [@francescou](https://github.com/francescou/)
* [Docker Volume Clone Utility](https://github.com/gdiepen/docker-convenience-scripts) - A Docker Utility to Clone Volumes [@gdiepen](https://twitter.com/gdiepen)
* [docker-companion](https://github.com/mudler/docker-companion) - A command line tool written in Golang to squash and unpack docker images by [@mudler](https://github.com/mudler/)
* [sbt-docker-compose](https://github.com/Tapad/sbt-docker-compose) - Integrates Docker Compose functionality into sbt by [@kurtkopchik](https://github.com/kurtkopchik/)
* [Whale-linter](https://github.com/jeromepin/whale-linter) - A simple and small Dockerfile linter written in Python3+ without dependencies.
* [docker-make](https://github.com/CtripCloud/docker-make) - build,tag,and push a bunch of related docker images via a single command.
* [caduc](https://github.com/tjamet/caduc) - A docker garbage collector cleaning stuff you did not use recently
* [OctoLinker](https://github.com/OctoLinker/browser-extension) - A browser extension for GitHub that makes the image name in a `Dockerfile` clickable and redirect you to the related Docker Hub page.
* [docker-replay](https://github.com/bcicen/docker-replay) Generate `docker run`command and options from running containers
* [dext-docker-registry-plugin](https://github.com/vutran/dext-docker-registry-plugin) - Search the Docker Registry with the Dext smart launcher.
## Continuous Integration / Continuous Delivery
* [Awesome-ciandcd](https://github.com/ciandcd/awesome-ciandcd) - Not specific to docker but relevant.
* [Buddy](https://buddy.works) - The best of Git, build & deployment tools combined into one powerful tool that supercharged our development
* [Captain](https://github.com/harbur/captain) - Convert your Git workflow to Docker containers ready for Continuous Delivery by [@harbur](https://github.com/harbur)
* [CircleCI](https://circleci.com/) - Push or pull Docker images from your build environment, or build and run containers right on CircleCI.
* [CodeFresh](https://codefresh.io) - Accelerate your transition to Docker containers
* [CodeShip](https://pages.codeship.com/docker) - Work with your established Docker workflows while automating your testing and deployment tasks with our hosted platform dedicated to speed and security.
* [Docker plugin for Jenkins](https://github.com/jenkinsci/docker-plugin/) - The aim of the docker plugin is to be able to use a docker host to dynamically provision a slave, run a single build, then tear-down that slave.
* [Dockunit](https://github.com/dockunit/platform) - Docker based integration tests. A simple Node based utility for running Docker based unit tests. By [@dockunit](https://github.com/dockunit)
* [Drone](https://github.com/drone/drone) - Continuous integration server built on Docker and configured using YAML files.
* [GitLab CI](https://about.gitlab.com/gitlab-ci/) - GitLab has integrated CI to test, build and deploy your code with the use of GitLab runners.
* [GOCD-Docker](https://github.com/gocd/gocd-docker)Go Server and Agent in docker containers to provision.
* [IBM DevOps Services](https://hub.jazz.net) - Continuous delivery using a pipeline deployment onto IBM Containers on Bluemix.
* [InSpec](https://github.com/chef/inspec) - InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.
* [Shippable](https://app.shippable.com/) - A SaaS platform for developers and DevOps teams that significantly reduces the time taken for code to be built, tested and deployed to production.
* [Watchtower](https://github.com/CenturyLinkLabs/watchtower) - Automatically update running Docker containers by
[@CenturyLinkLabs][CenturyLinkLabs]
* [Microservices Continuous Deployment](https://github.com/francescou/docker-continuous-deployment) - Continuous deployment of a microservices application
* [Pumba](https://github.com/gaia-adm/pumba) - Chaos testing tool for Docker. Can be deployed on Kubernets and CoreOS clusters.
## Deployment
* [Conduit](https://github.com/ehazlett/conduit) - Experimental deployment system for Docker by [@ehazlett](https://github.com/ehazlett)
* [depcon](https://github.com/gondor/depcon) - Depcon is written in Go and allows you to easily deploy Docker containers to Apache Mesos/Marathon, Amazon ECS and Kubernetes. By [@gonodr][gondor]
* [dockit](https://github.com/humblec/dockit) - Do docker actions and Deploy gluster containers!
* [rocker-compose](https://github.com/grammarly/rocker-compose) - Docker composition tool with idempotency features for deploying apps composed of multiple containers.
* [Zodiac](https://github.com/CenturyLinkLabs/zodiac) - A lightweight tool for easy deployment and rollback of dockerized applications. By [@CenturyLinkLabs][CenturyLinkLabs]
## Hosting for repositories (registries)
Securely store your Docker images.
* [Docker Hub](https://hub.docker.com/) (provided by Docker Inc.)
* [Quay.io](https://quay.io/) (part of CoreOS) - Secure hosting for private Docker repositories
* [GitLab Container Registry](http://docs.gitlab.com/ce/container_registry/README.html) - Repositories focused on using it images in GitLab CI
* [TreeScale](https://treescale.com/) - Build and Distriubute container based applicaitons.
## Hosting for containers
* [Amazon ECS](http://aws.amazon.com/ecs/) - A management service on EC2 that supports Docker containers.
* [ContainerShip Cloud][containership] - Multi-Cloud Container Hosting Automation Platform.
* [Docker Cloud](https://cloud.docker.com/) - Former Tutum
* [Google Container Engine](https://cloud.google.com/container-engine/docs/) - Docker containers on Google Cloud Computing powered by [Kubernetes][kubernetes].
* [Giant Swarm](https://giantswarm.io/) - Simple microservice infrastructure. Deploy your containers in seconds.
* [IBM Bluemix](https://console.ng.bluemix.net/) - Run Docker containers in a hosted cloud environment on IBM Bluemix.
* [OpenShift Dedicated](https://www.openshift.com/dedicated/index.html) - A hosted [OpenShift][openshift] cluster for running your Docker containers managed by Red Hat.
* [Orchard](https://www.orchardup.com/) (part of Docker Inc) - Get a Docker host in the cloud, instantly.
* [Triton](https://www.joyent.com/) - Elastic container-native infrastructure by Joyent.
## Reverse Proxy
* [nginx-proxy][nginxproxy] - Automated nginx proxy for Docker containers using docker-gen by [@jwilder][jwilder]
* [Let's Encrypt Nginx-proxy Companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) - A lightweight companion container for the nginx-proxy. It allow the creation/renewal of Let's Encrypt certificates automatically. By [@JrCs](https://github.com/JrCs)
* [h2o-proxy](https://github.com/zchee/h2o-proxy) - Automated H2O reverse proxy for Docker containers. An alternative to [jwilder/nginx-proxy][nginxproxy] by [@zchee](https://github.com/zchee)
* [docker-proxy](https://github.com/silarsis/docker-proxy) - Transparent proxy for docker containers, run in a docker container. By [@silarsis](https://github.com/silarsis)
* [muguet](https://github.com/mattallty/muguet) - DNS Server & Reverse proxy for Docker environments. By [@mattallty](https://github.com/mattallty)
* [Træfɪk](https://traefik.io/) - Automated reverse proxy and load-balancer for Docker, Mesos, Consul, Etcd... By [@EmileVauge](https://github.com/emilevauge)
* [fabio](https://github.com/eBay/fabio) - A fast, modern, zero-conf load balancing HTTP(S) router for deploying microservices managed by consul. By [@eBay](https://github.com/eBay)
* [Swarm Ingress Router](https://github.com/tpbowden/swarm-ingress-router) - Route DNS names to Swarm services based on labels.
## Web Interface
* [Docker Registry Browser](https://github.com/klausmeyer/docker-registry-browser) - Web Interface for the Docker Registry HTTP API v2 by [@klausmeyer](https://github.com/klausmeyer)
* [Docker Registry UI](https://github.com/atc-/docker-registry-ui) - A web UI for easy private/local Docker Registry integration by [@atc-](https://github.com/atc-)
* [DockerUI](https://github.com/kevana/ui-for-docker) - DockerUI is a web interface to interact with the Remote API by [@crosbymichael][crosbymichael]
* [Portus](https://github.com/SUSE/Portus) - Authorization service and frontend for Docker registry (v2) by [@SUSE](https://github.com/SUSE)
* [docker-registry-web](https://github.com/mkuchin/docker-registry-web) - Web UI, authentication service and event recorder for private docker registry v2 by [@mkuchin](https://github.com/mkuchin)
* [dockering-on-rails](https://github.com/Electrofenster/dockerding-on-rails) - Simple Web-Interface for Docker with a lot of features by [@Electrofenster](https://github.com/Electrofenster/)
* [Rapid Dashboard](https://github.com/ozlerhakan/rapid) - A simple query dashboard to use Docker Remote API by [@ozlerhakan](https://github.com/ozlerhakan/)
* [docker-swarm-visualizer](https://github.com/manomarks/docker-swarm-visualizer) - Visualizes Docker services on a Docker Swarm (for running demos).
## Local Container Manager
* [Shutit](http://ianmiell.github.io/shutit/) - Tool for building and maintaining complex Docker deployments by
[@ianmiell][ianmiell]
* [FuGu](https://github.com/mattes/fugu) - Docker run wrapper without orchestration by [@mattes](https://github.com/mattes)
* [Boot2Docker](https://github.com/boot2docker/boot2docker) - Docker for OSX and Windows -- http://boot2docker.io/
* [docker-vm](https://github.com/shyiko/docker-vm) - Simple and transparent alternative to boot2docker (backed by Vagrant) by [@shyiko](https://github.com/shyiko)
* [Vessel](https://github.com/awvessel/vessel) - Automates the setup & use of dockerized development environments by [@awvessel](https://github.com/awvessel)
* [subuser](http://subuser.org) - Makes it easy to securely and portably run graphical desktop applications in Docker
* [OctoHost](http://www.octohost.io/) - Simple web focused Docker based mini-PaaS server. git push to deploy your websites as needed) by [@octohost](https://github.com/octohost)
* [Dokku][dokku] - Docker powered mini-Heroku in around 100 lines of Bash by [@progrium][progrium]
* [Ansible - manage docker containers](http://docs.ansible.com/ansible/docker_module.html)
* [Vagrant - Docker provider](https://www.vagrantup.com/docs/docker/basics.html) - Good starting point is [vagrant-docker-example](https://github.com/bubenkoff/vagrant-docker-example) by [@bubenkoff](https://github.com/bubenkoff)
* [Dray](https://github.com/CenturyLinkLabs/dray) - An engine for managing the execution of container-based workflows. http://Dray.it by [@CenturyLinkLabs][CenturyLinkLabs]
* [percheron][percheron] - Organise your Docker containers with muscle and intelligence by [@ashmckenzie](https://github.com/ashmckenzie)
* [Dusty](http://dusty.gc.com/) - Managed Docker development environments on OS X
* [Beluga](https://github.com/cortexmedia/Beluga) - CLI to deploy docker containers on a single server or low amount of servers. By [@cortextmedia](https://github.com/cortexmedia)
* [libcompose](https://github.com/docker/libcompose) - Go library for Docker Compose.
* [DLite](https://github.com/nlf/dlite) - Simplest way to use Docker on OSX, no VM needed. By [@nlf](https://github.com/nlf)
* [Azk](http://www.azk.io/) - Orchestrate development enviornments on your local machine by [@azukiapp](https://github.com/azukiapp)
* [Turbo](https://ramitsurana.github.io/turbo/) - Simple and Powerful utility for docker. By [@ramitsurana][ramitsurana]
## Volume management and plugins
* [Blockbridge](https://github.com/blockbridge/blockbridge-docker-volume) - The Blockbridge plugin is a volume plugin that provides access to an extensible set of container-based persistent storage options. It supports single and multi-host Docker environments with features that include tenant isolation, automated provisioning, encryption, secure deletion, snapshots and QoS. By [@blockbridge][blockbridge]
* [Convoy](https://github.com/rancher/convoy) - an open-source Docker volume driver that can snapshot, backup and restore Docker volumes anywhere. By [@rancher][rancher]
* [Azure Files Volume Driver](https://github.com/ahmetalpbalkan/azurefile-dockervolumedriver) - A Docker volume driver that allows you to mount persistent volumes backed by Microsoft Azure File Service. By [@ahmetalpbalkan][ahmetalpbalkan]
* [Docker Unison](https://github.com/leighmcculloch/docker-unison) A docker volume container using Unison for fast two-way folder sync. Created as an alternative to slow boot2docker volumes on OS X. By [@leighmcculloch](https://github.com/leighmcculloch)
* [Netshare](https://github.com/gondor/docker-volume-netshare) A Docker volume plugin written in Go that supports mounting NFS, AWS EFS & CIFS volumes within a container. By [@gondor][gondor]
* [Docker Machine NFS](https://github.com/adlogix/docker-machine-nfs) Activates NFS for an existing boot2docker box created through Docker Machine on OS X.
* [REX-Ray](https://github.com/emccode/rexray) Vendor agnostic storage orchestration engine to provide persistent storage for Docker containers as well as Mesos frameworks and tasks.
* [Local Persist](https://github.com/CWSpear/local-persist) Specify a mountpoint for your local volumes (created via `docker volume create`) so that files will always persist and so you can mount to different directories in different containers.
## Useful Images
* [Official Images from Docker Hub](https://github.com/docker-library/official-images)
* [Base Image](https://github.com/phusion/baseimage-docker) by [@phusion](https://github.com/phusion/)
* [Busybox](https://github.com/jpetazzo/docker-busybox) (with either `buildroot` or Ubuntu's `busybox-static`) by [@jpetazzo][jpetazzo]
* [OpenWRT](http://www.zoobab.com/docker-openwrt-image) by [@zoobab](https://github.com/zoobab)
* [Phusion Docker Hub Account](https://hub.docker.com/u/phusion/)
* [passenger-docker](https://github.com/phusion/passenger-docker) (Docker base images for Ruby, Python, Node.js and Meteor web apps) by [@phusion](https://github.com/phusion)
* [docker-alpine][alpine] (A super small Docker base image *(5MB)* using Alpine Linux) by [@gliderlabs][gliderlabs]
* [docker-fluentd][fluentd] (the Container to Log Other Containers' Logs) by [@kiyoto][kiyoto]
* [chaperone-docker](https://github.com/garywiz/chaperone-docker) (A set of images using the Chaperone process manager, including a lean Alpine image, LAMP, LEMP, and bare-bones base kits.)
* [nvidia-docker](https://github.com/NVIDIA/nvidia-docker) (Build and run Docker containers leveraging NVIDIA GPUs.)
## Dockerfile
* [Collection of Dockerfiles](https://github.com/crosbymichael/Dockerfiles) by [@crosbymichael][crosbymichael]
* [Dockerfile Project](http://dockerfile.github.io/) : Trusted Automated Docker Builds. Dockerfile Project maintains a central repository of Dockerfile for various popular open source software services runnable on a Docker container.
* [Dockerfile Example](https://github.com/komljen/dockerfile-examples) by [@komljen](https://github.com/komljen)
* [Dockerfile Example 2](https://github.com/kstaken/dockerfile-examples) by [@kstaken](https://github.com/kstaken)
* [Dockerfile @jfrazelle][jfrazelledockerfiles] by [@jfrazelle][jfrazelle] **MUST SEE** for a fully containerized
desktop!
## Storing Images and Registries
* [Docker Registry v2][distribution] (The Docker toolset to pack, ship, store, and deliver content)
* [Rescoyl](https://github.com/noteed/rescoyl) (Private Docker registry) by [@noteed][noteed]
* [Atomic Registry](http://www.projectatomic.io/registry/) Red Hat Atomic Registry is an open source enterprise registry based on the Origin and Cockpit projects, enhancing the Docker registry library.
* [VMWare Harbor](http://vmware.github.io/harbor/) Project Harbor by VMWare is an enterprise-class registry server that stores and distributes Docker images. Harbor extends the open source Docker Distribution by adding the functionalities usually required by an enterprise, such as security, identity and management.
## Monitoring
* [Axibase Time-Series Database](http://axibase.com/products/axibase-time-series-database/writing-data/docker-cadvisor/) (Long-term retention of container statistics and built-in dashboards for Docker. Collected with native Google cAdvisor storage driver.)
* [cAdvisor](https://github.com/google/cadvisor) (Analyzes resource usage and performance characteristics of running containers. created by [@Google](https://github.com/google)
* [Datadog](https://www.datadoghq.com/) Datadog is a full-stack monitoring service for large-scale cloud environments that aggregates metrics/events from servers, databases, and applications. It includes support for Docker, Kubernetes, and Mesos.
* [Dockerana](https://github.com/dockerana/dockerana) (packaged version of Graphite and Grafana, specifically targeted at metrics from Docker.)
* [Docker-mon](https://github.com/icecrime/docker-mon) (Console-based Docker monitoring) by [@icecrime](https://github.com/icecrime)
* [Glances] (http://nicolargo.github.io/glances/) (A cross-platform curses-based system monitoring tool written in Python) by [@nicolargo](https://github.com/nicolargo)
* [InfluxDB, cAdvisor, Grafana](https://github.com/vegasbrianc/docker-monitoring) (InfluxDB Time series DB in combination with Grafana and cAdvisor) by [@vegasbrianc][vegasbrianc]
* [Meros](https://meros.io) Analyzes containers resources, captures logs, remote web SSH terminal and powerful DevOps alerts.
* [New Relic](https://newrelic.com/docker) New Relics Docker Monitoring tool
* [Prometheus](https://prometheus.io/) (Open-source service monitoring system and time series database)
* [Ruxit](https://www.dynatrace.com/technologies/cloud-and-microservices/docker-monitoring/) Monitor containerized applications without installing agents or modifying your Run commands
* [Seagull](https://github.com/tobegit3hub/seagull) (Friendly Web UI to monitor docker daemon.) by [@tobegit3hub](https://github.com/tobegit3hub)
* [Site24x7](https://www.site24x7.com/docker-monitoring.html) Docker MOnitoring for DevOps and IT is a SaaS Pay per Host model
* [Sysdig](http://www.sysdig.org/): An open source troubleshooting tool that provides a rich set of real-time, system-level information. It has container-specific features and is very useful in Docker environments.
* [Zabbix Docker module](https://github.com/monitoringartist/Zabbix-Docker-Monitoring): Zabbix module that provides discovery of running containers, CPU/memory/blk IO/net container metrics. Systemd Docker and LXC execution driver is also supported. It's a dynamically linked shared object library, so its performance is (~10x) better, than any script solution.
* [SPM for Docker][spm] Monitoring of host and container metrics, Docker events and logs. Automatic log parser. Anomaly Detection and alerting for metrics and logs. [@sematext][sematext]
* [Zabbix Docker](https://github.com/gomex/docker-zabbix) - Monitor containers automatically using zabbix LLD feature.
* [Collecting docker logs and stats with Splunk](http://blogs.splunk.com/2015/08/24/collecting-docker-logs-and-stats-with-splunk/)
* [Grafana Docker Dashboard Template](https://grafana.net/dashboards/179) - A template for your Docker, Grafana and Prometheus stack [@vegasbrianc][vegasbrianc]
* [DoMonit](https://github.com/eon01/DoMonit) - A simple Docker Monitoring wrapper For Docker API
## Networking
* [Calico-Docker](https://www.projectcalico.org/getting-started/docker/) - Calico is a pure layer 3 virtual network that allows containers over multiple docker-hosts to talk to each other.
* [Wagl](https://github.com/ahmetalpbalkan/wagl) - DNS Service Discovery for Docker Swarm (by [@ahmetalpbalkan][ahmetalpbalkan] ) http://ahmetalpbalkan.github.io/wagl/
* [Weave][weave] (The Docker network) -- Weave creates a virtual network that connects Docker containers deployed across multiple hosts.
* [Flannel](https://github.com/coreos/flannel/) - Flannel is a virtual network that gives a subnet to each host for use with container runtimes.
## Logging
* [Docker-Fluentd][fluentd]: (Docker container to Log Other Containers' Logs. One can aggregate the logs of Docker containers running on the same host using Fluentd.) by [@kiyoto][kiyoto]
* [LogJam](https://github.com/gocardless/logjam) (Logjam is a log forwarder designed to listen on a local port, receive log entries over UDP, and forward these messages on to a log collection server (such as logstash).) by [@gocardless](https://github.com/gocardless)
* [Logspout](https://github.com/gliderlabs/logspout) (Log routing for Docker container logs) by [@gliderlabs][gliderlabs]
* [Logsene for Docker][spm] Monitoring of Metrics, Events and Logs implemented in Node.js. Integrated [logagent-js](https://github.com/sematext/logagent-js) to detect and parse various log formats. [@sematext][sematext]
## Deployment and Infrastructure
* [Centurion](https://github.com/newrelic/centurion): Centurion is a mass deployment tool for Docker fleets. It takes containers from a Docker registry and runs them on a fleet of hosts with the correct environment variables, host volume mappings, and port mappings. By [@newrelic](https://github.com/newrelic)
* [Clocker](https://github.com/brooklyncentral/clocker): Clocker creates and manages a Docker cloud infrastructure. Clocker supports single-click deployments and runtime management of multi-node applications that run as containers distributed across multiple hosts, on both Docker and Marathon. It leverages [Calico][calico] and [Weave][weave] for networking and [Brooklyn][brooklyn] for application blueprints. By [@brooklyncentral](https://github.com/brooklyncentral)
* [Cloud 66](http://www.cloud66.com) - Full-stack hosted container management as a service
* [deploy](https://github.com/Perennials/deploy) - Git and Docker deployment tool. A middle ground between simple Docker composition tools and full blown cluster orchestration. Declarative configuration and short commands for managing (syncing, building, running) of infrastructures of more than a few services. Able to deploy whole preconfigured server or system of services with a single line (without having to scroll the line).
* [Docket](https://github.com/netvarun/docket): Custom docker registry that allows for lightning fast deploys through bittorrent by [@netvarun](https://github.com/netvarun/)
* [Longshoreman](https://github.com/longshoreman/longshoreman): Longshoreman automates application deployment using Docker. Just create a Docker repository (or use a service), configure the cluster using AWS or Digital Ocean (or whatever you like) and deploy applications using a Heroku-like CLI tool. By [longshoreman](https://github.com/longshoreman)
## PaaS
* [Atlantis](https://github.com/ooyala/atlantis) - Atlantis is an Open Source PaaS for HTTP applications built on Docker and written in Go
* [Deis](https://github.com/deis/deis) (Your PaaS, your rules) -- http://deis.io/
* [Dokku][dokku] (Docker powered mini-Heroku in around 100 lines of Bash) by [@progrium][progrium]
* [Empire](https://github.com/remind101/empire): A PaaS built on top of Amazon EC2 Container Service (ECS)
* [Flynn](https://github.com/flynn/flynn) (A next generation open source platform as a service) -- https://flynn.io/
* [OpenShift][openshift] (An open source PaaS built on [Kubernetes][kubernetes] and optimized for Dockerized app development and deployment) by [Red Hat](https://www.redhat.com/)
* [Tsuru](https://github.com/tsuru/tsuru) (Tsuru is an extensible and open source Platform as a Service software) -- https://tsuru.io/
* [Convox Rack] (https://github.com/convox/rack): Convox Rack is open source PaaS built on top of expert infrastructure automation and devops best practices.
* [Rancher][rancher]: Rancher is an open source project that provides a complete platform for operating Docker in production
* [Dcw](https://github.com/pbertera/dcw): Docker-compose SSH wrapper: a very poor man PaaS, exposing the docker-compose and custom-container commands defined in container labels.
## Remote Container Manager / Orchestration
* [autodock](https://github.com/prologic/autodock) (Daemon for Docker Automation) by [@prologic][prologic]
* [blimp](https://github.com/tubesandlube/blimp) Uses Docker Machine to easily move a container from one Docker host to another, show containers running against all of your hosts, replicate a container across multiple hosts and more. By [@defermat](https://github.com/defermat) and [@schvin](https://github.com/schvin)
* [Capitan] (https://github.com/byrnedo/capitan) Composable docker orchestration with added scripting support by [@byrnedo](https://github.com/byrnedo).
* [Citadel](https://github.com/citadel/citadel) (Citadel is a toolkit for scheduling containers on a Docker cluster) (unmaintained)
* [CloudSlang](http://www.cloudslang.io/) (CloudSlang is a workflow engine to create Docker process automation)
* [ContainerShip](https://github.com/containership/containership) (A simple container management platform) -- [containership]
* [CoreOS][coreos] (Linux for Massive Server Deployments) -- https://coreos.com/
* [Decking](http://decking.io/): (Decking aims to simplify the creation, organsation and running of clusters of Docker containers in a way which is familiar to developers)
* [Deploying a Containerized App on a Public Node with Mesos](https://docs.mesosphere.com/usage/tutorials/containerized-app/) (Docker plus Mesosphere provides an easy way to automate and scale deployment of containers in a production environment)
* [Flocker](https://github.com/ClusterHQ/flocker) (Flocker is a data volume manager and multi-host Docker cluster management tool) by [@ClusterHQ](https://github.com/ClusterHQ)
* [Gaudi](https://github.com/marmelab/gaudi) (Gaudi allows to share multi-component applications, based on Docker, Go, and YAM) ~~ project discontinued.
* [Kontena](https://github.com/kontena/kontena) (Application Containers for Masses) -- https://www.kontena.io/
* [Kubernetes][kubernetes] (Open source orchestration system for Docker containers by Google) -- [kubernetes] See Also [awesome-kubernetes](https://github.com/ramitsurana/awesome-kubernetes) by [@ramitsurana][ramitsurana]
* [Maestro](https://github.com/toscanini/maestro) (Maestro provides the ability to easily launch, orchestrate and manage mulitiple Docker containers as single unit) by [@tascanini](https://github.com/toscanini)
* [Marathon](https://mesosphere.github.io/marathon/docs/) (Marathon is a private PaaS built on Mesos. It automatically handles hardware or software failures and ensures that an app is "always on")
* [Nomad Project] (https://www.nomadproject.io/) Easily deploy applications at any scale. A Distributed, Highly Available, Datacenter-Aware Scheduler.
* [Panamax](https://github.com/CenturyLinkLabs/panamax-ui/wiki) (Docker Management for Humans) -- [panamax.io]
* [Rancher](https://github.com/rancher/rancher) (Portable AWS-style infrastructure service for Docker) -- http://rancher.com/
* [Fleet](https://github.com/coreos/fleet) (A Distributed init System providing low-level orchestration ) -- [coreos.com]
* [Serf](https://github.com/hashicorp/serf) (Service orchestration and management tool) by [@hashicorp](https://github.com/hashicorp)
* [Shipyard](https://github.com/shipyard/shipyard) (Composable Docker Management) -- http://shipyard-project.com/
* [MCollective Docker Agent](https://github.com/m4ce/mcollective-docker-agent) Uses MCollective to orchestrate your Docker containers and images -- [@m4ce](https://github.com/m4ce)
* [ElasticKube](https://github.com/ElasticBox/elastickube) open source management platform for Kubernetes.
* [Mantl](https://github.com/ciscocloud/mantl) Mantl is a modern platform for rapidly deploying globally distributed services [@ciscocloud](http://mantl.io)
## Security
* [docker-bench-security](https://github.com/docker/docker-bench-security) script that checks for dozens of common best-practices around deploying Docker containers in production. By [@docker][docker]
* [notary](https://github.com/docker/notary) a server and a client for running and interacting with trusted collections. By [@docker][docker]
* [Twistlock](https://twistlock.com/) Twistlock Security Suite detects vulnerabilities, hardens container images, and enforces security policies across the lifecycle of applications.
* [Clair](https://github.com/coreos/clair) Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers. By [@coreos][CoreOS]
## Service Discovery
* [docker-consul](https://github.com/gliderlabs/docker-consul) by [@progrium][progrium]
* [etcd](https://github.com/coreos/etcd): A highly-available key value store for shared configuration and service discovery by [@coreOS][coreos]
* [Docker Grand Ambassador](https://github.com/cpuguy83/docker-grand-ambassador) This is a fully dynamic docker link ambassador. + [Article](https://docs.docker.com/engine/articles/ambassador_pattern_linking/) by [@cpuguy83][cpuguy83]
* [proxy](https://github.com/factorish/proxy): lightweight nginx based load balancer self using service discovery provided by registrator. by [@factorish](https://github.com/factorish)
* [wagl](https://github.com/ahmetalpbalkan/wagl/): Service discovery for docker swarm using DNS
## Metadata
* [MicroBadger](https://microbadger.com) - add metadata to Docker images using labels.
# Slides
* [Docker Slideshare Account](http://www.slideshare.net/Docker)
* [Docker Security](http://www.slideshare.net/jpetazzo) with [@jpetazzo][jpetazzo]
* [Hide your DEV ENV in a container](http://www.slideshare.net/JohanJanssen4/hide-your-development-environment-and-application-in-a-container) by [@johanjanssen42](https://twitter.com/johanjanssen42)
* [Docker for the new era](https://www.slideshare.net/ramitsurana/docker-for-the-new-era) by [@ramitsurana][ramitsurana]
# Videos
## Main Account
* [Docker Youtube Account](https://www.youtube.com/user/dockerrun)
* [CenturyLink Labs Docker Interviews](https://www.youtube.com/playlist?list=PL_q4Fk7SVBCIjyuCBFBItXnzGI3qBa2L1)
* [Container Camp](https://www.youtube.com/channel/UCvksXSnLqIVM_uFB7xyrsSg/videos) Conference about *containers*!!! [@containercamp](https://twitter.com/containercamp)
* [Quoi d'neuf Docker](https://www.youtube.com/channel/UCOAhkxpryr_BKybt9wIw-NQ/videos) **FRENCH** chronique vidéo sur Youtube proposant de courtes vidéos (maximum 15 minutes) sur la thématique "Docker et son écosystème" [Site Web](http://www.quoidneufdocker.xyz/)
## Useful videos
* [Ansible and Docker HP](https://www.youtube.com/watch?v=oZ45v8AeE7k) (32:38)
* [Container Hacks and Fun Images][jessvid] by [@jfrazelle][jfrazelle] @ DockerCon 2015 (**MUST WATCH VIDEO**: 38:50)
* [Contributing to Docker by Andrew "Tianon" Page (InfoSiftr)](https://www.youtube.com/watch?v=1jwo8-1HYYg) (34:31)
* [Docker for Developers][docker4dev] (54:26) by [@jpetazzo][jpetazzo] <== Good introduction, context, demo
* [Docker in Production](https://www.youtube.com/watch?v=Glk5d5WP6MI) by [@jpetazzo][jpetazzo] (36:05)
* [Introduction to Docker and containers](https://www.youtube.com/watch?v=ZVaRK10HBjo) (3:09:00) by [@jpetazzo][jpetazzo]
* [Deploying and scaling applications with Docker, Swarm, and a tiny bit of Python magic](https://www.youtube.com/watch?v=GpHMTR7P2Ms) (3:11:06) by [@jpetazzo][jpetazzo]
* [Docker: How to Use Your Own Private Registry](https://www.youtube.com/watch?v=CAewZCBT4PI) (15:01)
* [Docker and SELinux by Daniel Walsh from Red Hat ](https://www.youtube.com/watch?v=zWGFqMuEHdw) (40:23)
* [Extending Docker with Plugins](https://vimeo.com/110835013) (15:21)
* [From Local Docker Development to Production Deployments](https://www.youtube.com/watch?v=7CZFpHUPqXw) by [@jpetazzo][jpetazzo] @ AWS re:Invent 2015
* [Immutable Infrastructure with Docker and EC2 by Michael Bryzek (Gilt)](https://www.youtube.com/watch?v=GaHzdqFithc) (42:04)
* [Logging on Docker: What You Need to Know][loggingDocker] (51:27)
* [Performance Analysis of Docker - Jeremy Eder](https://www.youtube.com/watch?v=6f2E6PKYb0w) (1:36:58)
* [Run Any App on Mesos on Any Infrastructure Using Docker](https://www.youtube.com/watch?v=u5jd9YT9EsY) (17:44)
* [State of containers: a debate with CoreOS, VMware and Google](https://www.youtube.com/watch?v=IiITP3yIRd8) (27:38)
* [SysAdminCasts: Introduction to Docker](https://sysadmincasts.com/episodes/31-introduction-to-docker) (15:49)
* [Scalable Microservices with Kubernetes](https://www.udacity.com/course/scalable-microservices-with-kubernetes--ud615) Free Udacity course
# Interactive Learning Environments
* [Katacoda](https://www.katacoda.com/): Learn Docker using Interactive Browser-Based Labs
# Interesting Twitter Accounts
* [Docker](https://twitter.com/docker)
* [CenturyLink Labs](https://twitter.com/CenturyLinkLabs)
* [Flux7Labs](https://twitter.com/Flux7Labs)
* [TutumCloud](https://twitter.com/tutumcloud)
* [Project Atomic](https://twitter.com/ProjectAtomic)
* [OpenShift by Red Hat](https://twitter.com/openshift)
* [YLD](https://twitter.com/YLDio)
* [The New Stack](https://twitter.com/thenewstack)
* [Docker News](https://twitter.com/dockernews)
* [Docker Captains Twitter List](https://twitter.com/EltonStoneman/lists/docker-captains)
## People
* [Solomon Hykes](https://twitter.com/solomonstre) Founder of Docker
* [Gabriel Monroy](https://twitter.com/gabrtv) Creator of Deis
* [Jérôme Petazzoni](https://twitter.com/jpetazzo) Docker Developer
* [Michael Crosby](https://twitter.com/crosbymichael) Docker Developer
* [James Turnbull][kartar] Author of Docker Book
* [Jeff Lindsay](https://twitter.com/progrium) Design-minded software architect
* [Jessie Frazelle](https://twitter.com/jessfraz) Ex-@docker maintainer and uses full containerized desktop, lots of fun.
* [Docker Captains](https://www.docker.com/community/docker-captains) - Docker experts and community leaders
[blockbridge]: https://github.com/blockbridge
[weave]: https://github.com/weaveworks/weave
[calico]: https://github.com/projectcalico/calico-containers
[brooklyn]: http://brooklyn.apache.org/
[kubernetes]: http://kubernetes.io
[openshift]: https://www.openshift.org/
[sindresorhus]: https://github.com/sindresorhus/awesome
[editREADME]: https://github.com/veggiemonk/awesome-docker/edit/master/README.md
[jpetazzo]: https://github.com/jpetazzo
[panamax.io]: http://panamax.io/
[docker4dev]: https://www.youtube.com/watch?v=FdkNAjjO5yQ
[loggingDocker]: https://vimeo.com/123341629
[docker-cheat-sheet]: https://github.com/wsargent/docker-cheat-sheet
[wsargent]: https://github.com/wsargent
[docker-quick-ref]: https://github.com/dimonomid/docker-quick-ref
[dimonomid]: https://github.com/dimonomid
[projwebdev]: http://project-webdev.blogspot.de
[jessblog]: https://blog.jessfraz.com/post/docker-containers-on-the-desktop/
[jfrazelle]: https://github.com/jfrazelle
[jfrazelledotfiles]: https://github.com/jfrazelle/dotfiles
[jfrazelledockerfiles]: https://github.com/jfrazelle/dockerfiles
[jessvid]: https://www.youtube.com/watch?v=1qlLUf7KtAw
[progrium]: https://github.com/progrium
[jwilder]: https://github.com/jwilder
[crosbymichael]: https://github.com/crosbymichael
[gliderlabs]: https://github.com/gliderlabs
[gesellix]: https://github.com/gesellix
[prologic]: https://github.com/prologic
[fgrehm]: https://github.com/fgrehm
[ianmiell]: https://github.com/ianmiell
[distribution]: https://github.com/docker/distribution
[cpuguy83]: https://github.com/cpuguy83
[percheron]: https://github.com/ashmckenzie/percheron
[CenturyLinkLabs]: https://github.com/CenturyLinkLabs
[gondor]: https://github.com/gondor
[noteed]: https://github.com/noteed
[nginxproxy]: https://github.com/jwilder/nginx-proxy
[dokku]: https://github.com/dokku/dokku
[ahmetalpbalkan]: https://github.com/ahmetalpbalkan
[alpine]: https://github.com/gliderlabs/docker-alpine
[fluentd]: https://github.com/kiyoto/docker-fluentd
[kiyoto]: https://github.com/kiyoto
[spm]: https://github.com/sematext/sematext-agent-docker
[coreos]: https://github.com/coreos
[docker]: https://github.com/docker
[sematext]: https://twitter.com/sematext
[sebgoa]: https://twitter.com/sebgoa
[kartar]: https://twitter.com/kartar
[docker-compose]: https://docs.docker.com/compose/
[containership]: https://containership.io
[rancher]: https://github.com/rancher
[ramitsurana]: https://github.com/ramitsurana
[vegasbrianc]: https://github.com/vegasbrianc

2
appendix/index.md
View File

@ -5,6 +5,6 @@
- [Kubernetes documentation](http://kubernetes.io/docs/)
- [Awesome Kubernetes](awesome-kubernetes.html)
- [Kubernetes the hard way](https://github.com/kelseyhightower/kubernetes-the-hard-way)
- [Awesome Docker](awesome-docker.html)
- [Kubernetes Bootcamp](https://kubernetesbootcamp.github.io/kubernetes-bootcamp/index.html)
- [Design patterns for container-based distributed systems](https://www.usenix.org/system/files/conference/hotcloud16/hotcloud16_burns.pdf)

145
apps/basic.md
View File

@ -1,145 +0,0 @@
# Helm工作原理
## 基本概念
Helm的三个基本概念
- ChartHelm应用package包括该应用的所有Kubernetes manifest模版类似于YUM RPM或Apt dpkg文件
- RepositoryHelm package存储仓库
- Releasechart的部署实例每个chart可以部署一个或多个release
## Helm工作原理
Helm包括两个部分`helm`客户端和`tiller`服务端。
> the client is responsible for managing charts, and the server is responsible for managing releases.
### helm客户端
helm客户端是一个命令行工具负责管理charts、reprepository和release。它通过gPRC API使用`kubectl port-forward`将tiller的端口映射到本地然后再通过映射后的端口跟tiller通信向tiller发送请求并由tiller来管理对应的Kubernetes资源。
Helm客户端的使用方法参见[Helm命令](helm.html)。
### tiller服务端
tiller接收来自helm客户端的请求并把相关资源的操作发送到Kubernetes负责管理安装、查询、升级或删除等和跟踪Kubernetes资源。为了方便管理tiller把release的相关信息保存在kubernetes的ConfigMap中。
tiller对外暴露gRPC API供helm客户端调用。
## Helm Charts
Helm使用[Chart](https://github.com/kubernetes/charts)来管理Kubernetes manifest文件。每个chart都至少包括
- 应用的基本信息`Chart.yaml`
- 一个或多个Kubernetes manifest文件模版放置于templates/目录中可以包括Pod、Deployment、Service等各种Kubernetes资源
### Chart.yaml示例
```yaml
name: The name of the chart (required)
version: A SemVer 2 version (required)
description: A single-sentence description of this project (optional)
keywords:
- A list of keywords about this project (optional)
home: The URL of this project's home page (optional)
sources:
- A list of URLs to source code for this project (optional)
maintainers: # (optional)
- name: The maintainer's name (required for each maintainer)
email: The maintainer's email (optional for each maintainer)
engine: gotpl # The name of the template engine (optional, defaults to gotpl)
icon: A URL to an SVG or PNG image to be used as an icon (optional).
```
### 依赖管理
Helm支持两种方式管理依赖的方式
- 直接把依赖的package放在`charts/`目录中
- 使用`requirements.yaml`并用`helm dep up foochart`来自动下载依赖的packages
```yaml
dependencies:
- name: apache
version: 1.2.3
repository: http://example.com/charts
- name: mysql
version: 3.2.1
repository: http://another.example.com/charts
```
### Chart模版
Chart模板基于Go template和[Sprig](https://github.com/Masterminds/sprig),比如
```yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: deis-database
namespace: deis
labels:
heritage: deis
spec:
replicas: 1
selector:
app: deis-database
template:
metadata:
labels:
app: deis-database
spec:
serviceAccount: deis-database
containers:
- name: deis-database
image: {{.Values.imageRegistry}}/postgres:{{.Values.dockerTag}}
imagePullPolicy: {{.Values.pullPolicy}}
ports:
- containerPort: 5432
env:
- name: DATABASE_STORAGE
value: {{default "minio" .Values.storage}}
```
模版参数的默认值必须放到`values.yaml`文件中,其格式为
```yaml
imageRegistry: "quay.io/deis"
dockerTag: "latest"
pullPolicy: "alwaysPull"
storage: "s3"
# 依赖的mysql chart的默认参数
mysql:
max_connections: 100
password: "secret"
```
## Helm插件
插件提供了扩展Helm核心功能的方法它在客户端执行并放在`$(helm home)/plugins`目录中。
一个典型的helm插件格式为
```sh
$(helm home)/plugins/
|- keybase/
|
|- plugin.yaml
|- keybase.sh
```
而plugin.yaml格式为
```yaml
name: "keybase"
version: "0.1.0"
usage: "Integreate Keybase.io tools with Helm"
description: |-
This plugin provides Keybase services to Helm.
ignoreFlags: false
useTunnel: false
command: "$HELM_PLUGIN_DIR/keybase.sh"
```
这样,就可以用`helm keybase`命令来使用这个插件。

156
apps/deis.md
View File

@ -1,156 +0,0 @@
# Deis workflow
## Deis架构
![Workflow概览](../images/workflow-overview.png)
![Workflow详细结构](../images/workflow-detail.png)
![应用分层架构](../images/application-layout.png)
## Deis安装部署
首先需要部署一套kubernetes比如minikubeGKE等记得启用`KUBE_ENABLE_CLUSTER_DNS=true`并配置好本机的kubectl客户端然后运行以下脚本安装deis
```sh
# install deis v2 (workflow)
curl -sSL http://deis.io/deis-cli/install-v2.sh | bash
mv deis /usr/local/bin/
# install helm
wget https://storage.googleapis.com/kubernetes-helm/helm-v2.2.1-linux-amd64.tar.gz
tar zxvf helm-v2.2.1-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/
rm -rf linux-amd64 helm-v2.2.1-linux-amd64.tar.gz
helm init
# deploy helm components
helm repo add deis https://charts.deis.com/workflow
helm install deis/workflow --namespace deis
kubectl --namespace=deis get pods
```
## Deis基本使用
### 注册用户并登录
```sh
deis register deis-controller.deis.svc.cluster.local
deis login deis-controller.deis.svc.cluster.local
deis perms:create newuser --admin
```
### 部署应用
**注意deis的大部分操作命令都需要在应用的目录中即下面的`example-dockerfile-http`)。**
```sh
git clone https://github.com/deis/example-dockerfile-http.git
cd example-dockerfile-http
docker build -t deis/example-dockerfile-http .
docker push deis/example-dockerfile-http
# create app
deis create example-dockerfile-http --no-remote
# deploy app
deis pull deis/example-dockerfile-http:latest
# query application status
deis info
```
扩展应用
```sh
$ deis scale cmd=3
$ deis ps
=== example-dockerfile-http Processes
--- cmd:
example-dockerfile-http-cmd-4246296512-08124 up (v2)
example-dockerfile-http-cmd-4246296512-40lfv up (v2)
example-dockerfile-http-cmd-4246296512-fx3w3 up (v2)
```
也可以配置自动扩展
```sh
deis autoscale:set example-dockerfile-http --min=3 --max=8 --cpu-percent=75
```
这样就可以通过Kubernetes的DNS来访问应用了配置了外网负载均衡后还可以通过负载均衡来访问服务
```sh
$ curl example-dockerfile-http.example-dockerfile-http.svc.cluster.local
Powered by Deis
```
### 域名和路由
```sh
# 注意设置CNMAE记录到原来的地址
deis domains:add hello.bacongobbler.com
dig hello.deisapp.com
deis routing:enable
```
这实际上是在deis-router的nginx配置中增加了 virtual hosts
```
server {
listen 8080;
server_name ~^example-dockerfile-http\.(?<domain>.+)$;
server_name_in_redirect off;
port_in_redirect off;
set $app_name "example-dockerfile-http";
vhost_traffic_status_filter_by_set_key example-dockerfile-http application::*;
location / {
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $access_scheme;
proxy_set_header X-Forwarded-Port $forwarded_port;
proxy_redirect off;
proxy_connect_timeout 30s;
proxy_send_timeout 1300s;
proxy_read_timeout 1300s;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://10.0.0.224:80;
}
}
server {
listen 8080;
server_name hello.bacongobbler.com;
server_name_in_redirect off;
port_in_redirect off;
set $app_name "example-dockerfile-http";
vhost_traffic_status_filter_by_set_key example-dockerfile-http application::*;
location / {
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $access_scheme;
proxy_set_header X-Forwarded-Port $forwarded_port;
proxy_redirect off;
proxy_connect_timeout 30s;
proxy_send_timeout 1300s;
proxy_read_timeout 1300s;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://10.0.0.224:80;
}
}
```
### 参考文档
- https://github.com/deis/workflow
- https://deis.com/workflow/

103
apps/helm-app.md
View File

@ -1,103 +0,0 @@
# Kubernetes应用管理--Helm
[Helm](https://github.com/kubernetes/helm)是一个类似于yum/apt/[homebrew](https://brew.sh/)的Kubernetes应用管理工具。Helm使用[Chart](https://github.com/kubernetes/charts)来管理Kubernetes manifest文件。
## Helm基本使用
安装`helm`客户端
```sh
brew install kubernetes-helm
```
初始化Helm并安装`Tiller`服务需要事先配置好kubeclt
```sh
helm init
```
更新charts列表
```sh
helm repo update
```
部署服务比如mysql
```sh
➜ ~ helm install stable/mysql
NAME: quieting-warthog
LAST DEPLOYED: Tue Feb 21 16:13:02 2017
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Secret
NAME TYPE DATA AGE
quieting-warthog-mysql Opaque 2 1s
==> v1/PersistentVolumeClaim
NAME STATUS VOLUME CAPACITY ACCESSMODES AGE
quieting-warthog-mysql Pending 1s
==> v1/Service
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
quieting-warthog-mysql 10.3.253.105 <none> 3306/TCP 1s
==> extensions/v1beta1/Deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
quieting-warthog-mysql 1 1 1 0 1s
NOTES:
MySQL can be accessed via port 3306 on the following DNS name from within your cluster:
quieting-warthog-mysql.default.svc.cluster.local
To get your root password run:
kubectl get secret --namespace default quieting-warthog-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo
To connect to your database:
1. Run an Ubuntu pod that you can use as a client:
kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il
2. Install the mysql client:
$ apt-get update && apt-get install mysql-client -y
3. Connect using the mysql cli, then provide your password:
$ mysql -h quieting-warthog-mysql -p
```
更多命令的使用方法可以参考[Helm命令参考](helm.html)。
## Helm工作原理
见[Helm工作原理](basic.html)。
## 链接
### Helm文档
* https://github.com/kubernetes/helm
* https://github.com/kubernetes/charts
### 第三方Helm repository
* https://github.com/deis/charts
* https://github.com/bitnami/charts
* https://github.com/att-comdev/openstack-helm
* https://github.com/sapcc/openstack-helm
* https://github.com/mgoodness/kube-prometheus-charts
* https://github.com/helm/charts
* https://github.com/jackzampolin/tick-charts
### 常用Helm插件
1. [helm-tiller](https://github.com/adamreese/helm-tiller) - Additional commands to work with Tiller
2. [Technosophos's Helm Plugins](https://github.com/technosophos/helm-plugins) - Plugins for GitHub, Keybase, and GPG
3. [helm-template](https://github.com/technosophos/helm-template) - Debug/render templates client-side
4. [Helm Value Store](https://github.com/skuid/helm-value-store) - Plugin for working with Helm deployment values
5. [Drone.io Helm Plugin](http://plugins.drone.io/ipedrazas/drone-helm/) - Run Helm inside of the Drone CI/CD system

168
apps/helm.md
View File

@ -1,168 +0,0 @@
# Helm命令参考
## 查询charts
```sh
helm search
helm search mysql
```
## 查询package详细信息
```sh
helm inspect stable/mariadb
```
## 部署package
```sh
helm install stable/mysql
```
部署之前可以自定义package的选项
```sh
# 查询支持的选项
helm inspect values stable/mysql
# 自定义password
echo "mysqlRootPassword: passwd" > config.yaml
helm install -f config.yaml stable/mysql
```
另外,还可以通过打包文件(.tgz或者本地package路径如path/foo来部署应用。
## 查询服务(Release)列表
```sh
➜ ~ helm ls
NAME REVISION UPDATED STATUS CHART NAMESPACE
quieting-warthog 1 Tue Feb 21 20:13:02 2017 DEPLOYED mysql-0.2.5 default
```
## 查询服务(Release)状态
```sh
➜ ~ helm status quieting-warthog
LAST DEPLOYED: Tue Feb 21 16:13:02 2017
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Secret
NAME TYPE DATA AGE
quieting-warthog-mysql Opaque 2 9m
==> v1/PersistentVolumeClaim
NAME STATUS VOLUME CAPACITY ACCESSMODES AGE
quieting-warthog-mysql Bound pvc-90af9bf9-f80d-11e6-930a-42010af00102 8Gi RWO 9m
==> v1/Service
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
quieting-warthog-mysql 10.3.253.105 <none> 3306/TCP 9m
==> extensions/v1beta1/Deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
quieting-warthog-mysql 1 1 1 1 9m
NOTES:
MySQL can be accessed via port 3306 on the following DNS name from within your cluster:
quieting-warthog-mysql.default.svc.cluster.local
To get your root password run:
kubectl get secret --namespace default quieting-warthog-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo
To connect to your database:
1. Run an Ubuntu pod that you can use as a client:
kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il
2. Install the mysql client:
$ apt-get update && apt-get install mysql-client -y
3. Connect using the mysql cli, then provide your password:
$ mysql -h quieting-warthog-mysql -p
```
## 升级和回滚Release
```sh
# 升级
cat "mariadbUser: user1" >panda.yaml
helm upgrade -f panda.yaml happy-panda stable/mariadb
# 回滚
helm rollback happy-panda 1
```
## 删除Release
```sh
helm delete quieting-warthog
```
## repo管理
```sh
# 添加incubator repo
helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.com/
# 查询repo列表
helm repo list
# 生成repo索引用于搭建helm repository
helm repo index
```
## chart管理
```sh
# 创建一个新的chart
helm create deis-workflow
# validate chart
helm lint
# 打包chart到tgz
helm package deis-workflow
```
## Helm命令参考
```
completion Generate bash autocompletions script
create create a new chart with the given name
delete given a release name, delete the release from Kubernetes
dependency manage a chart's dependencies
fetch download a chart from a repository and (optionally) unpack it in local directory
get download a named release
history fetch release history
home displays the location of HELM_HOME
init initialize Helm on both client and server
inspect inspect a chart
install install a chart archive
lint examines a chart for possible issues
list list releases
package package a chart directory into a chart archive
repo add, list, remove, update, and index chart repositories
reset uninstalls Tiller from a cluster
rollback roll back a release to a previous revision
search search for a keyword in charts
serve start a local http web server
status displays the status of the named release
test test a release
upgrade upgrade a release
verify verify that a chart at the given path has been signed and is valid
version print the client/server version information
Flags:
--debug enable verbose output
--home string location of your Helm config. Overrides $HELM_HOME (default "~/.helm")
--host string address of tiller. Overrides $HELM_HOST
--kube-context string name of the kubeconfig context to use
--tiller-namespace string namespace of tiller (default "kube-system")
```

36
apps/index.md
View File

@ -1,36 +0,0 @@
# Kubernetes应用管理
Kubernetes应用及manifest的管理方法。
## Helm
[Helm](helm-app.html)是一个类似于yum/apt/[homebrew](https://brew.sh/)的Kubernetes应用管理工具。Helm使用[Chart](https://github.com/kubernetes/charts)来管理Kubernetes manifest文件。
Helm的使用方法见[这里](helm-app.html)。
## Deis workflow
Deis workflow是基于Kubernetes的PaaS管理平台进一步简化了应用的打包、部署和服务发现。
![Deis workflow](../images/git-push-flow.png)
## Operator
- https://github.com/coreos/etcd-operator
- https://github.com/coreos/prometheus-operator
- https://github.com/sapcc/kubernetes-operators
- https://github.com/kbst/memcached
- https://github.com/krallistic/kafka-operator
- https://github.com/huawei-cloudfederation/redis-operator
- https://github.com/upmc-enterprises/elasticsearch-operator
- https://github.com/pires/nats-operator
- https://github.com/rosskukulinski/rethinkdb-operator
## 其他
当然目前大家最常用了还是自己管理manifest比如kubernetes项目就提供了很多应用的示例
- https://github.com/kubernetes/kubernetes/tree/master/examples
- https://github.com/kubernetes/contrib
- https://github.com/kubernetes/ingress

10
cluster-federation/index.md
View File

@ -1,10 +0,0 @@
# 集群联邦
![federation](media/federation.png)
![federation-service](media/federation-service.png)
https://tectonic.com/blog/kubernetes-cluster-federation.html

BIN
cluster-federation/media/14731437799367.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 15 KiB

BIN
cluster-federation/media/federation-service.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 23 KiB

BIN
cluster-federation/media/federation.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 63 KiB

BIN
cluster/media/14735740742630.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 102 KiB

105
cluster/minikube.md
View File

@ -1,105 +0,0 @@
# Minikube
相比Docker一个二进制文件解决所有问题Kubernetes则为不同的服务提供了不同的二进制文件并将一些服务放到了addons中。故而Kubernetes的部署相对要麻烦的多。借助[minikube](https://github.com/kubernetes/minikube)项目现在可以很方便的在本机快速启动一个单节点的Kubernetes集群。
## 安装minikube
minikube最新release版本为v0.15.0支持Kubernetes v1.3.0到v1.5.1的各个版本默认启动Kubernetes v1.5.1。
OSX
```
curl -Lo minikube https://storage.googleapis.com/minikube/releases/v0.15.0/minikube-darwin-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/
```
Linux
```
curl -Lo minikube https://storage.googleapis.com/minikube/releases/v0.15.0/minikube-linux-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/
```
Windows
```
下载https://storage.googleapis.com/minikube/releases/v0.15.0/minikube-windows-amd64.exe并重命名为minikube.exe
```
minikube支持xhyve(on OSX)、VirtualBox、VMWare Fusion等多种不同的driver这些driver也需要单独安装比如在OSX上安装xhyve driver:
```sh
brew install docker-machine-driver-xhyve
# docker-machine-driver-xhyve need root owner and uid
sudo chown root:wheel $(brew --prefix)/opt/docker-machine-driver-xhyve/bin/docker-machine-driver-xhyve
sudo chmod u+s $(brew --prefix)/opt/docker-machine-driver-xhyve/bin/docker-machine-driver-xhyve
```
另外,还需要安装一个`kubectl`客户端用来跟kubernetes交互
```
gcloud components install kubectl
```
## 启动Kubernetes Cluster
启动Kubernetes Cluster就非常简单了一个命令即可
```
$ minikube start
Starting local Kubernetes cluster...
Kubectl is now configured to use the cluster.
```
当然了,国内环境下,最好加上代理:
```
minikube start --docker-env HTTP_PROXY=http://proxy-ip:port --docker-env HTTPS_PROXY=http://proxy-ip:port
```
然后就可以通过kubectl来玩Kubernetes了比如启动一个简单的nginx服务
```
$ kubectl run nginx --image=nginx --port=80
deployment "nginx" created
$ kubectl expose deployment nginx --port=80 --type=NodePort --name=nginx-http
service "nginx-http" exposed
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-2032906785-81t56 1/1 Running 0 2m
$ kubectl get services
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes 10.0.0.1 <none> 443/TCP 20m
nginx-http 10.0.0.146 <none> 80/TCP 2m
$ minikube service nginx-http --url
http://192.168.64.10:30569
```
这样就可以通过`http://192.168.64.10:30569`来直接访问nginx服务。
minikube默认还部署了最新的dashboard可以通过`minikube dashboard`命令在默认浏览器中打开:
![](media/14735740742630.jpg)
更多的玩法可以参考minikube的帮助文档
```
Usage:
minikube [command]
Available Commands:
dashboard Opens/displays the kubernetes dashboard URL for your local cluster
delete Deletes a local kubernetes cluster.
docker-env sets up docker env variables; similar to '$(docker-machine env)'
get-k8s-versions Gets the list of available kubernetes versions available for minikube.
ip Retrieve the IP address of the running cluster.
logs Gets the logs of the running localkube instance, used for debugging minikube, not user code.
service Gets the kubernetes URL for the specified service in your local cluster
ssh Log into or run a command on a machine with SSH; similar to 'docker-machine ssh'
start Starts a local kubernetes cluster.
status Gets the status of a local kubernetes cluster.
stop Stops a running local kubernetes cluster.
version Print the version of minikube.
```
更多请参考https://github.com/kubernetes/minikube。

48
cluster/node.md
View File

@ -1,48 +0,0 @@
# Node
## Node维护模式
```
kubectl drain NODE [Options]
```
- 它会删除该NODE上由ReplicationController, ReplicaSet, DaemonSet, StatefulSet or Job创建的Pod
- 不删除mirror pods因为不可通过API删除mirror pods
- 如果还有其它类型的Pod比如不通过RC而直接通过kubectl create的Pod并且没有--force选项该命令会直接失败
- 如果命令中增加了--force选项则会强制删除这些不是通过ReplicationController, Job或者DaemonSet创建的Pod
有的时候不需要evict pod只需要标记Node不可调用可以用`kubectl cordon`命令。
恢复的话只需要运行`kubectl uncordon NODE`将NODE重新改成可调度状态。
## Taint tolerant
// taint节点阻止新的pod上来
kubectl taint nodes node08 dedicated=maintaining:NoSchedule
// label节点只允许指定的pod上来
kubectl label nodes node08 hyper/nodetype=maintaining
// 然后在Pod定义中加入如下annotation
```
annotations:
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"dedicated", "value":"maintaining"}]'
scheduler.alpha.kubernetes.io/affinity: >
{
"nodeAffinity": {
"requiredDuringSchedulingIgnoredDuringExecution": {
"nodeSelectorTerms": [
{
"matchExpressions": [
{
"key": "hyper/nodetype",
"operator": "In",
"values": ["maintaining"]
}
]
}
]
}
}
}
```

2
components/index.md
View File

@ -1,2 +0,0 @@
# 核心组件

42
components/kube-proxy.md
View File

@ -1,42 +0,0 @@
# kube-proxy
## Iptables示例
```
# Iptables t nat L n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
KUBE-SERVICES all -- anywhere anywhere /* kubernetes service portals */ ← 1
DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
Chain KUBE-SEP-G3MLSGWVLUPEIMXS (1 references) ← 4
target prot opt source destination
MARK all -- 172.16.16.2 anywhere /* default/webpod-service: */ MARK set 0x4d415351
DNAT tcp -- anywhere anywhere /* default/webpod-service: */ tcp to:172.16.16.2:80
Chain KUBE-SEP-OUBP2X5UG3G4CYYB (1 references)
target prot opt source destination
MARK all -- 192.168.190.128 anywhere /* default/kubernetes: */ MARK set 0x4d415351
DNAT tcp -- anywhere anywhere /* default/kubernetes: */ tcp to:192.168.190.128:6443
Chain KUBE-SEP-PXEMGP3B44XONJEO (1 references) ← 4
target prot opt source destination
MARK all -- 172.16.91.2 anywhere /* default/webpod-service: */ MARK set 0x4d415351
DNAT tcp -- anywhere anywhere /* default/webpod-service: */ tcp to:172.16.91.2:80
Chain KUBE-SERVICES (2 references) ← 2
target prot opt source destination
KUBE-SVC-N4RX4VPNP4ATLCGG tcp -- anywhere 192.168.3.237 /* default/webpod-service: cluster IP */ tcp dpt:http
KUBE-SVC-6N4SJQIF3IX3FORG tcp -- anywhere 192.168.3.1 /* default/kubernetes: cluster IP */ tcp dpt:https
KUBE-NODEPORTS all -- anywhere anywhere /* kubernetes service nodeports; NOTE: this must be the last rule in this chain */ ADDRTYPE match dst-type LOCAL
Chain KUBE-SVC-6N4SJQIF3IX3FORG (1 references)
target prot opt source destination
KUBE-SEP-OUBP2X5UG3G4CYYB all -- anywhere anywhere /* default/kubernetes: */
Chain KUBE-SVC-N4RX4VPNP4ATLCGG (1 references) ← 3
target prot opt source destination
KUBE-SEP-G3MLSGWVLUPEIMXS all -- anywhere anywhere /* default/webpod-service: */ statistic mode random probability 0.50000000000
KUBE-SEP-PXEMGP3B44XONJEO all -- anywhere anywhere /* default/webpod-service: */
```

0
architecture/cloud-native.md → concepts/cloud-native.md
View File

0
architecture/concepts.md → concepts/concepts.md
View File

372
concepts/configmap.md 100644
View File

@ -0,0 +1,372 @@
## 前言
其实ConfigMap功能在Kubernetes1.2版本的时候就有了许多应用程序会从配置文件、命令行参数或环境变量中读取配置信息。这些配置信息需要与docker image解耦你总不能每修改一个配置就重做一个image吧ConfigMap API给我们提供了向容器中注入配置信息的机制ConfigMap可以被用来保存单个属性也可以用来保存整个配置文件或者JSON二进制大对象。
## ConfigMap概览
**ConfigMap API**资源用来保存**key-value pair**配置数据,这个数据可以在**pods**里使用,或者被用来为像**controller**一样的系统组件存储配置数据。虽然ConfigMap跟[Secrets](https://kubernetes.io/docs/user-guide/secrets/)类似但是ConfigMap更方便的处理不含敏感信息的字符串。 注意ConfigMaps不是属性配置文件的替代品。ConfigMaps只是作为多个properties文件的引用。你可以把它理解为Linux系统中的`/etc`目录专门用来存储配置文件的目录。下面举个例子使用ConfigMap配置来创建Kuberntes VolumesConfigMap中的每个data项都会成为一个新文件。
```yaml
kind: ConfigMap
apiVersion: v1
metadata:
creationTimestamp: 2016-02-18T19:14:38Z
name: example-config
namespace: default
data:
example.property.1: hello
example.property.2: world
example.property.file: |-
property.1=value-1
property.2=value-2
property.3=value-3
```
`data`一栏包括了配置数据ConfigMap可以被用来保存单个属性也可以用来保存一个配置文件。 配置数据可以通过很多种方式在Pods里被使用。ConfigMaps可以被用来
1. 设置环境变量的值
2. 在容器里设置命令行参数
3. 在数据卷里面创建config文件
用户和系统组件两者都可以在ConfigMap里面存储配置数据。
其实不用看下面的文章,直接从`kubectl create configmap -h`的帮助信息中就可以对ConfigMap究竟如何创建略知一二了。
```
Examples:
# Create a new configmap named my-config based on folder bar
kubectl create configmap my-config --from-file=path/to/bar
# Create a new configmap named my-config with specified keys instead of file basenames on disk
kubectl create configmap my-config --from-file=key1=/path/to/bar/file1.txt --from-file=key2=/path/to/bar/file2.txt
# Create a new configmap named my-config with key1=config1 and key2=config2
kubectl create configmap my-config --from-literal=key1=config1 --from-literal=key2=config2
```
## 创建ConfigMaps
可以使用该命令用给定值、文件或目录来创建ConfigMap。
```
kubectl create configmap
```
### 使用目录创建
比如我们已经有个了包含一些配置文件其中包含了我们想要设置的ConfigMap的值
```bash
$ ls docs/user-guide/configmap/kubectl/
game.properties
ui.properties
$ cat docs/user-guide/configmap/kubectl/game.properties
enemies=aliens
lives=3
enemies.cheat=true
enemies.cheat.level=noGoodRotten
secret.code.passphrase=UUDDLRLRBABAS
secret.code.allowed=true
secret.code.lives=30
$ cat docs/user-guide/configmap/kubectl/ui.properties
color.good=purple
color.bad=yellow
allow.textmode=true
how.nice.to.look=fairlyNice
```
使用下面的命令可以创建一个包含目录中所有文件的ConfigMap。
```bash
$ kubectl create configmap game-config --from-file=docs/user-guide/configmap/kubectl
```
`—from-file`指定在目录下的所有文件都会被用在ConfigMap里面创建一个键值对键的名字就是文件名值就是文件的内容。
让我们来看一下这个命令创建的ConfigMap
```Yaml
$ kubectl describe configmaps game-config
Name: game-config
Namespace: default
Labels: <none>
Annotations: <none>
Data
====
game.properties: 158 bytes
ui.properties: 83 bytes
```
我们可以看到那两个key是从kubectl指定的目录中的文件名。这些key的内容可能会很大所以在kubectl describe的输出中只能够看到键的名字和他们的大小。 如果想要看到键的值的话,可以使用`kubectl get`
```bash
$ kubectl get configmaps game-config -o yaml
```
我们以`yaml`格式输出配置。
```yaml
apiVersion: v1
data:
game.properties: |
enemies=aliens
lives=3
enemies.cheat=true
enemies.cheat.level=noGoodRotten
secret.code.passphrase=UUDDLRLRBABAS
secret.code.allowed=true
secret.code.lives=30
ui.properties: |
color.good=purple
color.bad=yellow
allow.textmode=true
how.nice.to.look=fairlyNice
kind: ConfigMap
metadata:
creationTimestamp: 2016-02-18T18:34:05Z
name: game-config
namespace: default
resourceVersion: "407"
selfLink: /api/v1/namespaces/default/configmaps/game-config
uid: 30944725-d66e-11e5-8cd0-68f728db1985
```
### 使用文件创建
刚才**使用目录创建**的时候我们`—from-file`指定的是一个目录只要指定为一个文件就可以从单个文件中创建ConfigMap。
```bash
$ kubectl create configmap game-config-2 --from-file=docs/user-guide/configmap/kubectl/game.properties
$ kubectl get configmaps game-config-2 -o yaml
```
```Yaml
apiVersion: v1
data:
game-special-key: |
enemies=aliens
lives=3
enemies.cheat=true
enemies.cheat.level=noGoodRotten
secret.code.passphrase=UUDDLRLRBABAS
secret.code.allowed=true
secret.code.lives=30
kind: ConfigMap
metadata:
creationTimestamp: 2016-02-18T18:54:22Z
name: game-config-3
namespace: default
resourceVersion: "530"
selfLink: /api/v1/namespaces/default/configmaps/game-config-3
uid: 05f8da22-d671-11e5-8cd0-68f728db1985
```
`—from-file`这个参数可以使用多次,你可以使用两次分别指定上个实例中的那两个配置文件,效果就跟指定整个目录是一样的。
### 使用Literal值创建
使用文字值创建,利用`—from-literal`参数传递配置信息,该参数可以使用多次,格式如下;
```bash
$ kubectl create configmap special-config --from-literal=special.how=very --from-literal=special.type=charm
$ kubectl get configmaps special-config -o yaml
```
```yaml
apiVersion: v1
data:
special.how: very
special.type: charm
kind: ConfigMap
metadata:
creationTimestamp: 2016-02-18T19:14:38Z
name: special-config
namespace: default
resourceVersion: "651"
selfLink: /api/v1/namespaces/default/configmaps/special-config
uid: dadce046-d673-11e5-8cd0-68f728db1985
```
## Pod中使用ConfigMap
**使用ConfigMap来替代环境变量**
ConfigMap可以被用来填入环境变量。看下下面的ConfigMap。
```Yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: special-config
namespace: default
data:
special.how: very
special.type: charm
```
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: env-config
namespace: default
data:
log_level: INFO
```
我们可以在Pod中这样使用ConfigMap
```Yaml
apiVersion: v1
kind: Pod
metadata:
name: dapi-test-pod
spec:
containers:
- name: test-container
image: gcr.io/google_containers/busybox
command: [ "/bin/sh", "-c", "env" ]
env:
- name: SPECIAL_LEVEL_KEY
valueFrom:
configMapKeyRef:
name: special-config
key: special.how
- name: SPECIAL_TYPE_KEY
valueFrom:
configMapKeyRef:
name: special-config
key: special.type
envFrom:
- configMapRef:
name: env-config
restartPolicy: Never
```
这个Pod运行后会输出如下几行
```
SPECIAL_LEVEL_KEY=very
SPECIAL_TYPE_KEY=charm
log_level=INFO
```
**用ConfigMap设置命令行参数**
ConfigMap也可以被使用来设置容器中的命令或者参数值。它使用的是Kubernetes的$(VAR_NAME)替换语法。我们看下下面这个ConfigMap。
```Yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: special-config
namespace: default
data:
special.how: very
special.type: charm
```
为了将ConfigMap中的值注入到命令行的参数里面我们还要像前面那个例子一样使用环境变量替换语法`${VAR_NAME)`。其实这个东西就是给Docker容器设置环境变量以前我创建镜像的时候经常这么玩通过docker run的时候指定-e参数修改镜像里的环境变量然后docker的CMD命令再利用该$(VAR_NAME)通过sed来来修改配置文件或者作为命令行启动参数。
```Yaml
apiVersion: v1
kind: Pod
metadata:
name: dapi-test-pod
spec:
containers:
- name: test-container
image: gcr.io/google_containers/busybox
command: [ "/bin/sh", "-c", "echo $(SPECIAL_LEVEL_KEY) $(SPECIAL_TYPE_KEY)" ]
env:
- name: SPECIAL_LEVEL_KEY
valueFrom:
configMapKeyRef:
name: special-config
key: special.how
- name: SPECIAL_TYPE_KEY
valueFrom:
configMapKeyRef:
name: special-config
key: special.type
restartPolicy: Never
```
运行这个Pod后会输出
```
very charm
```
**通过数据卷插件使用ConfigMap**
ConfigMap也可以在数据卷里面被使用。还是这个ConfigMap。
```Yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: special-config
namespace: default
data:
special.how: very
special.type: charm
```
在数据卷里面使用这个ConfigMap有不同的选项。最基本的就是将文件填入数据卷在这个文件中键就是文件名键值就是文件内容
```Yaml
apiVersion: v1
kind: Pod
metadata:
name: dapi-test-pod
spec:
containers:
- name: test-container
image: gcr.io/google_containers/busybox
command: [ "/bin/sh", "-c", "cat /etc/config/special.how" ]
volumeMounts:
- name: config-volume
mountPath: /etc/config
volumes:
- name: config-volume
configMap:
name: special-config
restartPolicy: Never
```
运行这个Pod的输出是`very`。
我们也可以在ConfigMap值被映射的数据卷里控制路径。
```Yaml
apiVersion: v1
kind: Pod
metadata:
name: dapi-test-pod
spec:
containers:
- name: test-container
image: gcr.io/google_containers/busybox
command: [ "/bin/sh","-c","cat /etc/config/path/to/special-key" ]
volumeMounts:
- name: config-volume
mountPath: /etc/config
volumes:
- name: config-volume
configMap:
name: special-config
items:
- key: special.how
path: path/to/special-key
restartPolicy: Never
```
运行这个Pod后的结果是`very`。

0
architecture/cronjob.md → concepts/cronjob.md
View File

0
architecture/daemonset.md → concepts/daemonset.md
View File

0
architecture/deployment.md → concepts/deployment.md
View File

0
architecture/index.md → concepts/index.md
View File

0
architecture/ingress.md → concepts/ingress.md
View File

0
architecture/job.md → concepts/job.md
View File

0
architecture/kubeadm.md → concepts/kubeadm.md
View File

4
architecture/objects.md → concepts/objects.md
View File

@ -1,6 +1,8 @@
# 主要概念
- Pod, Service, Namespace和Node
- Pod
- Node
- Namespace
- Service
- Volume和Persistent Volume
- Deployment

0
architecture/replicaset.md → concepts/replicaset.md
View File

0
architecture/secret.md → concepts/secret.md
View File

0
architecture/service.md → concepts/service.md
View File

0
architecture/serviceaccount.md → concepts/serviceaccount.md
View File

0
architecture/statefulset.md → concepts/statefulset.md
View File

0
architecture/volume.md → concepts/volume.md
View File

BIN
cover.jpg
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 309 KiB

After

Width:  |  Height:  |  Size: 297 KiB

7
debugging/index.md
View File

@ -1,7 +0,0 @@
# Kubernetes debugging
## Kubernetes应用debugging
* [调试运行中的容器应用](http://feisky.xyz/2017/02/14/Debugging-application-in-containers/)

152
deploy/certificate.md
View File

@ -1,152 +0,0 @@
# 证书生成
kubeadm在部署Kubernetes时会自动生成Kubernetes所需要的证书这里是手动生成这些证书的方法。
安装cfssl
```sh
go get -u github.com/cloudflare/cfssl/cmd/...
```
创建CA配置文件
```sh
mkdir -p /etc/ssl/certs
cd /etc/ssl/certs
cfssl print-defaults config > config.json
cfssl print-defaults csr > csr.json
cat >ca-config.json <<EOF
{
"signing": {
"default": {
"expiry": "87600h"
},
"profiles": {
"kubernetes": {
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "87600h"
}
}
}
}
EOF
cat >ca-csr.json <<EOF
{
"CN": "kubernetes",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
EOF
```
创建CA证书和私钥
```sh
cfssl gencert -initca ca-csr.json | cfssljson -bare ca
```
创建Kubernetes证书
```sh
cat >kubernetes-csr.json <<EOF
{
"CN": "kubernetes",
"hosts": [
"127.0.0.1",
"172.20.0.112",
"172.20.0.113",
"172.20.0.114",
"172.20.0.115",
"10.254.0.1",
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernetes.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
EOF
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kubernetes-csr.json | cfssljson -bare kubernetes
```
创建Admin证书
```sh
cat >admin-csr.json <<EOF
{
"CN": "admin",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "system:masters",
"OU": "System"
}
]
}
EOF
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin
cat >kube-proxy-csr.json <<EOF
{
"CN": "system:kube-proxy",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
EOF
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy
```

85
deploy/cluster.md
View File

@ -1,85 +0,0 @@
# 集群部署
## Kubernetes集群架构
![高可用示意图](../images/ha.png)
### etcd集群
从`https://discovery.etcd.io/new?size=3`获取token后<https://kubernetes.io/docs/admin/high-availability/etcd.yaml>放到每台机器的`/etc/kubernetes/manifests/etcd.yaml`,并替换掉`${DISCOVERY_TOKEN}`, `${NODE_NAME}`和`${NODE_IP}`既可以由kubelet来启动一个etcd集群。
对于运行在kubelet外部的etcd可以参考[etcd clustering guide](https://github.com/coreos/etcd/blob/master/Documentation/op-guide/clustering.md)来手动配置集群模式。
### kube-apiserver
<https://kubernetes.io/docs/admin/high-availability/kube-apiserver.yaml>放到每台Master节点的`/etc/kubernetes/manifests/`,并把相关的配置放到`/srv/kubernetes/`即可由kubelet自动创建并启动apiserver:
- basic_auth.csv - basic auth user and password
- ca.crt - Certificate Authority cert
- known_tokens.csv - tokens that entities (e.g. the kubelet) can use to talk to the apiserver
- kubecfg.crt - Client certificate, public key
- kubecfg.key - Client certificate, private key
- server.cert - Server certificate, public key
- server.key - Server certificate, private key
apiserver启动后还需要为它们做负载均衡可以使用云平台的弹性负载均衡服务或者使用haproxy/lvs/nginx等为master节点配置负载均衡。
另外还可以借助Keepalived、OSPF、Pacemaker等来保证负载均衡节点的高可用。
注意:
- 大规模集群注意增加`--max-requests-inflight`默认400
- 使用nginx时注意增加`proxy_timeout: 10m`
### controller manager和scheduler
controller manager和scheduler需要保证任何时刻都只有一个实例运行需要一个选主的过程所以在启动时要设置`--leader-elect=true`,比如
```
kube-scheduler --master=127.0.0.1:8080 --v=2 --leader-elect=true
kube-controller-manager --master=127.0.0.1:8080 --cluster-cidr=10.245.0.0/16 --allocate-node-cidrs=true --service-account-private-key-file=/srv/kubernetes/server.key --v=2 --leader-elect=true
```
把[kube-scheduler.yaml](https://kubernetes.io/docs/admin/high-availability/kube-scheduler.yaml)和[kube-controller-manager.yaml](https://kubernetes.io/docs/admin/high-availability/kube-controller-manager.yaml)(非GCE平台需要适当修改) 放到每台master节点的`/etc/kubernetes/manifests/`即可。
### kube-dns
kube-dns可以通过Deployment的方式来部署默认kubeadm会自动创建。但在大规模集群的时候需要放宽资源限制比如
```
dns_replicas: 6
dns_cpu_limit: 100m
dns_memory_limit: 512Mi
dns_cpu_requests 70m
dns_memory_requests: 70Mi
```
另外也需要给dnsmasq增加资源比如增加缓存大小到10000增加并发处理数量`--dns-forward-max=1000`等。
### 数据持久化
除了上面提到的这些配置持久化存储也是高可用Kubernetes集群所必须的。
- 对于公有云上部署的集群可以考虑使用云平台提供的持久化存储比如aws ebs或者gce persistent disk
- 对于物理机部署的集群可以考虑使用iSCSI、NFS、Gluster或者Ceph等网络存储也可以使用RAID
## GCE/Azure
在GCE或者Azure上面可以利用cluster脚本方便的部署集群
```
# gce,aws,gke,azure-legacy,vsphere,openstack-heat,rackspace,libvirt-coreos
export KUBERNETES_PROVIDER=gce
curl -sS https://get.k8s.io | bash
cd kubernetes
cluster/kube-up.sh
```
## AWS
在aws上建议使用[kops](https://kubernetes.io/docs/getting-started-guides/kops/)来部署。
## 物理机或虚拟机
在Linux物理机或虚拟机中建议使用[kubeadm](https://kubernetes.io/docs/getting-started-guides/kubeadm/)来部署Kubernetes集群。

181
deploy/frakti/centos.md
View File

@ -1,181 +0,0 @@
# Cluster deploying of frakti On CentOS
This document shows how to easily install a kubernetes cluster with frakti runtime.
Frakti is a hypervisor-based container runtime, it depends on a few packages besides kubernetes:
- hyperd: the hyper container engine (main container runtime)
- docker: the docker container engine (auxiliary container runtime)
- cni: the network plugin
## Optional: create instances on GCE
It is recommended to run frakti-enabled kubernetes on baremetal, but you could still have a try of frakti on public clouds.
**Do not forget to enable ip_forward on GCE.**
## Initialize all nodes
### Install hyperd
```sh
# install from https://docs.hypercontainer.io/get_started/install/linux.html
curl -sSL https://hypercontainer.io/install | bash
echo -e "Hypervisor=libvirt\n\
Kernel=/var/lib/hyper/kernel\n\
Initrd=/var/lib/hyper/hyper-initrd.img\n\
Hypervisor=qemu\n\
StorageDriver=overlay\n\
gRPCHost=127.0.0.1:22318" > /etc/hyper/config
systemctl enable hyperd
systemctl restart hyperd
```
### Install docker
```sh
yum install -y docker
sed -i 's/native.cgroupdriver=systemd/native.cgroupdriver=cgroupfs/g' /usr/lib/systemd/system/docker.service
systemctl daemon-reload
systemctl enable docker
systemctl start docker
```
### Install frakti
```sh
curl -sSL https://github.com/kubernetes/frakti/releases/download/v0.1/frakti -o /usr/bin/frakti
chmod +x /usr/bin/frakti
cat <<EOF > /lib/systemd/system/frakti.service
[Unit]
Description=Hypervisor-based container runtime for Kubernetes
Documentation=https://github.com/kubernetes/frakti
After=network.target
[Service]
ExecStart=/usr/bin/frakti --v=3 \
--log-dir=/var/log/frakti \
--logtostderr=false \
--listen=/var/run/frakti.sock \
--streaming-server-addr=%H \
--hyper-endpoint=127.0.0.1:22318
MountFlags=shared
TasksMax=8192
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
Restart=on-abnormal
[Install]
WantedBy=multi-user.target
EOF
```
### Install CNI
Frakti requires cni network for starting.
Note:
- Configure different subnet for different hosts, e.g.
- 10.244.1.0/24
- 10.244.2.0/24
- 10.244.3.0/24
- Configure host routes on GCE
- gcloud compute routes create "instance-1" --description "instance-1" --destination-range "10.244.1.0/24" --network "default" --next-hop-instance "instance-1" --next-hop-instance-zone "asia-east1-a" --priority "100"
- gcloud compute routes create "instance-2" --description "instance-2" --destination-range "10.244.2.0/24" --network "default" --next-hop-instance "instance-2" --next-hop-instance-zone "asia-east1-a" --priority "100"
- gcloud compute routes create "instance-3" --description "instance-3" --destination-range "10.244.3.0/24" --network "default" --next-hop-instance "instance-3" --next-hop-instance-zone "asia-east1-a" --priority "100"
```sh
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://yum.kubernetes.io/repos/kubernetes-el7-x86_64-unstable
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
setenforce 0
yum install -y kubernetes-cni bridge-utils
```
Configure cni network
```sh
mkdir -p /etc/cni/net.d
cat >/etc/cni/net.d/10-mynet.conf <<-EOF
{
"cniVersion": "0.3.0",
"name": "mynet",
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "10.244.1.0/24",
"routes": [
{ "dst": "0.0.0.0/0" }
]
}
}
EOF
cat >/etc/cni/net.d/99-loopback.conf <<-EOF
{
"cniVersion": "0.3.0",
"type": "loopback"
}
EOF
```
### Install kubelet
```sh
yum install -y kubelet kubeadm kubectl
# Note that there are no kubernete v1.6 rpms on `yum.kubernetes.io`, so it needs to be fetched from `dl.k8s.io`:
# Download latest release of kubelet and kubectl
# TODO: remove this after the stable v1.6 release
cd /tmp/
curl -SL https://dl.k8s.io/v1.6.0-beta.4/kubernetes-server-linux-amd64.tar.gz -o kubernetes-server-linux-amd64.tar.gz
tar zxvf kubernetes-server-linux-amd64.tar.gz
/bin/cp -f kubernetes/server/bin/{kubelet,kubeadm,kubectl} /usr/bin/
rm -rf kubernetes-server-linux-amd64.tar.gz kubernetes
```
Configure kubelet with frakti runtime
```sh
sed -i '2 i\Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --container-runtime-endpoint=/var/run/frakti.sock --feature-gates=AllAlpha=true"' /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
```
## Setting up the master node
hyperkube image could be customized via `KUBE_HYPERKUBE_IMAGE`:
- `VERSION=v1.6.0 make -C cluster/images/hyperkube build`
- `export KUBE_HYPERKUBE_IMAGE=xxxx`
```sh
kubeadm init kubeadm init --pod-network-cidr 10.244.0.0/16 --kubernetes-version latest
```
Optional: enable schedule pods on the master
```sh
export KUBECONFIG=/etc/kubernetes/admin.conf
kubectl taint nodes --all node-role.kubernetes.io/master:NoSchedule-
```
## Setting up the worker nodes
```sh
# get token on master node
token=$(kubeadm token list | grep authentication,signing | awk '{print $1}')
# join master on worker nodes
kubeadm join --token $token ${master_ip}:6443
```

231
deploy/frakti/index.md
View File

@ -1,231 +0,0 @@
# Cluster deploying of frakti
- [Cluster deploying of frakti](#cluster-deploying-of-frakti)
- [Overview](#overview)
- [Install packages](#install-packages)
- [Install hyperd](#install-hyperd)
- [Install docker](#install-docker)
- [Install frakti](#install-frakti)
- [Install CNI](#install-cni)
- [Install kubelet](#install-kubelet)
- [Setting up the master node](#setting-up-the-worker-nodes)
- [Setting up the worker nodes](#setting-up-the-worker-nodes)
## Overview
This document shows how to easily install a kubernetes cluster with frakti runtime.
Frakti is a hypervisor-based container runtime, it depends on a few packages besides kubernetes:
- hyperd: the hyper container engine (main container runtime)
- docker: the docker container engine (auxiliary container runtime)
- cni: the network plugin
## Install packages
### Install hyperd
On Ubuntu 16.04+:
```sh
apt-get update && apt-get install -y qemu libvirt-bin
curl -sSL https://hypercontainer.io/install | bash
```
On CentOS 7:
```sh
curl -sSL https://hypercontainer.io/install | bash
```
Configure hyperd:
```sh
echo -e "Hypervisor=libvirt\n\
Kernel=/var/lib/hyper/kernel\n\
Initrd=/var/lib/hyper/hyper-initrd.img\n\
Hypervisor=qemu\n\
StorageDriver=overlay\n\
gRPCHost=127.0.0.1:22318" > /etc/hyper/config
systemctl enable hyperd
systemctl restart hyperd
```
### Install docker
On Ubuntu 16.04+:
```sh
apt-get update
apt-get install -y docker.io
```
On CentOS 7:
```sh
yum install -y docker
sed -i 's/native.cgroupdriver=systemd/native.cgroupdriver=cgroupfs/g' /usr/lib/systemd/system/docker.service
systemctl daemon-reload
```
Configure and start docker:
```sh
systemctl enable docker
systemctl start docker
```
### Install frakti
```sh
curl -sSL https://github.com/kubernetes/frakti/releases/download/v0.1/frakti -o /usr/bin/frakti
chmod +x /usr/bin/frakti
cat <<EOF > /lib/systemd/system/frakti.service
[Unit]
Description=Hypervisor-based container runtime for Kubernetes
Documentation=https://github.com/kubernetes/frakti
After=network.target
[Service]
ExecStart=/usr/bin/frakti --v=3 \
--log-dir=/var/log/frakti \
--logtostderr=false \
--listen=/var/run/frakti.sock \
--streaming-server-addr=%H \
--hyper-endpoint=127.0.0.1:22318
MountFlags=shared
TasksMax=8192
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
Restart=on-abnormal
[Install]
WantedBy=multi-user.target
EOF
```
### Install CNI
On Ubuntu 16.04+:
```sh
apt-get update && apt-get install -y apt-transport-https
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF > /etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial-unstable main
EOF
apt-get update
apt-get install -y kubernetes-cni
```
On CentOS 7:
```sh
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://yum.kubernetes.io/repos/kubernetes-el7-x86_64-unstable
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
setenforce 0
yum install -y kubernetes-cni
```
Configure CNI networks:
```sh
mkdir -p /etc/cni/net.d
cat >/etc/cni/net.d/10-mynet.conf <<-EOF
{
"cniVersion": "0.3.0",
"name": "mynet",
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "10.244.0.0/16",
"routes": [
{ "dst": "0.0.0.0/0" }
]
}
}
EOF
cat >/etc/cni/net.d/99-loopback.conf <<-EOF
{
"cniVersion": "0.3.0",
"type": "loopback"
}
EOF
```
### Start frakti
```sh
systemctl enable frakti
systemctl start frakti
```
### Install kubelet
On Ubuntu 16.04+:
```sh
apt-get install -y kubelet kubeadm kubectl
```
On CentOS 7:
```sh
yum install -y kubelet kubeadm kubectl
```
> Note that there are no kubernete v1.6 rpms on `yum.kubernetes.io`, so it needs to be fetched from `dl.k8s.io`:
```sh
# Download latest release of kubelet and kubectl
# TODO: remove this after the stable v1.6 release
curl -SL https://dl.k8s.io/v1.6.0-beta.4/kubernetes-server-linux-amd64.tar.gz -o kubernetes-server-linux-amd64.tar.gz
tar zxvf kubernetes-server-linux-amd64.tar.gz
/bin/cp -f kubernetes/server/bin/{kubelet,kubeadm,kubectl} /usr/bin/
rm -rf kubernetes-server-linux-amd64.tar.gz
```
Configure kubelet with frakti runtime:
```sh
sed -i '2 i\Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --container-runtime-endpoint=/var/run/frakti.sock --feature-gates=AllAlpha=true"' /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
```
## Setting up the master node
```sh
# export KUBE_HYPERKUBE_IMAGE=
kubeadm init kubeadm init --pod-network-cidr 10.244.0.0/16 --kubernetes-version latest
```
Optional: enable schedule pods on the master
```sh
export KUBECONFIG=/etc/kubernetes/admin.conf
kubectl taint nodes --all node-role.kubernetes.io/master:NoSchedule-
```
## Setting up the worker nodes
```sh
# get token on master node
token=$(kubeadm token list | grep authentication,signing | awk '{print $1}')
# join master on worker nodes
kubeadm join --token $token ${master_ip}
```

177
deploy/frakti/ubuntu.md
View File

@ -1,177 +0,0 @@
# Cluster deploying of frakti On Ubuntu
This document shows how to easily install a kubernetes cluster with frakti runtime.
Frakti is a hypervisor-based container runtime, it depends on a few packages besides kubernetes:
- hyperd: the hyper container engine (main container runtime)
- docker: the docker container engine (auxiliary container runtime)
- cni: the network plugin
## Optional: create instances on GCE
It is recommended to run frakti-enabled kubernetes on baremetal, but you could still have a try of frakti on public clouds.
**Do not forget to enable ip_forward on GCE.**
## Initialize all nodes
### Install hyperd
```sh
# install from https://docs.hypercontainer.io/get_started/install/linux.html
apt-get update && apt-get install -y qemu libvirt-bin
curl -sSL https://hypercontainer.io/install | bash
echo -e "Hypervisor=libvirt\n\
Kernel=/var/lib/hyper/kernel\n\
Initrd=/var/lib/hyper/hyper-initrd.img\n\
Hypervisor=qemu\n\
StorageDriver=overlay\n\
gRPCHost=127.0.0.1:22318" > /etc/hyper/config
systemctl enable hyperd
systemctl restart hyperd
```
### Install docker
```sh
apt-get update
apt-get install -y docker.io
systemctl enable docker
systemctl start docker
```
### Install frakti
```sh
curl -sSL https://github.com/kubernetes/frakti/releases/download/v0.1/frakti -o /usr/bin/frakti
chmod +x /usr/bin/frakti
cat <<EOF > /lib/systemd/system/frakti.service
[Unit]
Description=Hypervisor-based container runtime for Kubernetes
Documentation=https://github.com/kubernetes/frakti
After=network.target
[Service]
ExecStart=/usr/bin/frakti --v=3 \
--log-dir=/var/log/frakti \
--logtostderr=false \
--listen=/var/run/frakti.sock \
--streaming-server-addr=%H \
--hyper-endpoint=127.0.0.1:22318
MountFlags=shared
TasksMax=8192
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
Restart=on-abnormal
[Install]
WantedBy=multi-user.target
EOF
```
### Install CNI
Frakti requires cni network for starting.
Note:
- Configure different subnet for different hosts, e.g.
- 10.244.1.0/24
- 10.244.2.0/24
- 10.244.3.0/24
- Configure host routes on GCE
- gcloud compute routes create "instance-1" --description "instance-1" --destination-range "10.244.1.0/24" --network "default" --next-hop-instance "instance-1" --next-hop-instance-zone "asia-east1-a" --priority "100"
- gcloud compute routes create "instance-2" --description "instance-2" --destination-range "10.244.2.0/24" --network "default" --next-hop-instance "instance-2" --next-hop-instance-zone "asia-east1-a" --priority "100"
- gcloud compute routes create "instance-3" --description "instance-3" --destination-range "10.244.3.0/24" --network "default" --next-hop-instance "instance-3" --next-hop-instance-zone "asia-east1-a" --priority "100"
```sh
apt-get update && apt-get install -y apt-transport-https
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF > /etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial-unstable main
EOF
apt-get update
apt-get install -y kubernetes-cni
```
Configure cni network
```sh
mkdir -p /etc/cni/net.d
cat >/etc/cni/net.d/10-mynet.conf <<-EOF
{
"cniVersion": "0.3.0",
"name": "mynet",
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "10.244.1.0/24",
"routes": [
{ "dst": "0.0.0.0/0" }
]
}
}
EOF
cat >/etc/cni/net.d/99-loopback.conf <<-EOF
{
"cniVersion": "0.3.0",
"type": "loopback"
}
EOF
```
### start frakti
```sh
systemctl enable frakti
systemctl start frakti
```
### Install kubelet
```sh
apt-get install -y kubelet kubeadm kubectl
```
Configure kubelet with frakti runtime:
```sh
sed -i '2 i\Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --container-runtime-endpoint=/var/run/frakti.sock --feature-gates=AllAlpha=true"' /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
```
## Setting up the master node
hyperkube image could be customized via `KUBE_HYPERKUBE_IMAGE`:
- `VERSION=v1.6.0 make -C cluster/images/hyperkube build`
- `export KUBE_HYPERKUBE_IMAGE=xxxx`
```sh
kubeadm init kubeadm init --pod-network-cidr 10.244.0.0/16 --kubernetes-version latest
```
Optional: enable schedule pods on the master
```sh
export KUBECONFIG=/etc/kubernetes/admin.conf
kubectl taint nodes --all node-role.kubernetes.io/master:NoSchedule-
```
## Setting up the worker nodes
```sh
# get token on master node
token=$(kubeadm token list | grep authentication,signing | awk '{print $1}')
# join master on worker nodes
kubeadm join --token $token ${master_ip}
```

20
deploy/index.md
View File

@ -1,20 +0,0 @@
# Kubernetes部署
- [单机部署](single.md)
- [集群部署](cluster.md)
- [kubeadm](kubeadm.md)
- [frakti](frakti/index.md)
- [证书生成示例](certificate.md)
- [在CentOS上部署kubernetes1.6集群](在CentOS上部署kubernetes1.6集群.md)
- [创建TLS证书和秘钥](deploy/centos/01-创建TLS证书和密钥.md)
- [创建kubeconfig 文件](创建kubeconfig文件.md)
- [创建高可用etcd集群](03-创建高可用etcd集群.md)
- [安装kubectl命令行工具](04-安装kubectl命令行工具.md)
- [部署高可用master集群](05-部署高可用master集群.md)
- [部署node节点](06-部署node节点.md)
- [安装kubedns插件](07-安装kubedns插件.md)
- [安装dashboard插件](08-安装dashboard插件.md)
- [安装heapster插件](09-安装heapster插件.md)
- [安装EFK插件](10-安装EFK插件.md)

123
deploy/kubeadm.md
View File

@ -1,123 +0,0 @@
# kubeadm
## 初始化系统
所有机器都需要初始化docker和kubelet。
### ubuntu
```sh
# for ubuntu 16.04+
apt-get update && apt-get install -y apt-transport-https
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF > /etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial main
EOF
apt-get update
# Install docker if you don't have it already.
apt-get install -y docker.io
apt-get install -y kubelet kubeadm kubectl kubernetes-cni
systemctl enable docker && systemctl start docker
systemctl enable kubelet && systemctl start kubelet
```
### centos
```sh
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://yum.kubernetes.io/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
setenforce 0
yum install -y docker kubelet kubeadm kubectl kubernetes-cni
systemctl enable docker && systemctl start docker
systemctl enable kubelet && systemctl start kubelet
```
## 安装master
```sh
# --api-advertise-addresses <ip-address>
# for flannel, setup --pod-network-cidr 10.244.0.0/16
kubeadm init kubeadm init --pod-network-cidr 10.244.0.0/16 --kubernetes-version latest
# eanable schedule pods on the master
export KUBECONFIG=/etc/kubernetes/admin.conf
# for v1.5-, use kubectl taint nodes --all dedicated-
kubectl taint nodes --all node-role.kubernetes.io/master:NoSchedule-
```
## 配置Network plugin
### CNI bridge
```sh
mkdir -p /etc/cni/net.d
cat >/etc/cni/net.d/10-mynet.conf <<-EOF
{
"cniVersion": "0.3.0",
"name": "mynet",
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "10.244.0.0/16",
"routes": [
{ "dst": "0.0.0.0/0" }
]
}
}
EOF
cat >/etc/cni/net.d/99-loopback.conf <<-EOF
{
"cniVersion": "0.3.0",
"type": "loopback"
}
EOF
```
### flannel
```sh
#kubectl apply -f https://gist.githubusercontent.com/feiskyer/1e7a95f27c391a35af47881eb20131d7/raw/4266f05355590fa185bc8e50c0f50d2841993d20/flannel.yaml
kubectl create -f https://github.com/coreos/flannel/raw/master/Documentation/kube-flannel-rbac.yml
kubectl create -f https://github.com/coreos/flannel/raw/master/Documentation/kube-flannel.yml
```
### weave
```sh
# kubectl apply -f https://gist.githubusercontent.com/feiskyer/0b00688584cc7ed9bd9a993adddae5e3/raw/67f3558e32d5c76be38e36ef713cc46deb2a74ca/weave.yaml
kubectl apply -f https://git.io/weave-kube-1.6
```
### calico
```sh
# kubectl apply -f https://gist.githubusercontent.com/feiskyer/0f952c7dadbfcefd2ce81ba7ea24a8ca/raw/92addea398bbc4d4a1dcff8a98c1ac334c8acb26/calico.yaml
kubectl apply -f http://docs.projectcalico.org/v2.1/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml
```
## 添加Node
```sh
token=$(kubeadm token list | grep authentication,signing | awk '{print $1}')
kubeadm join --token $token ${master_ip}
```
## 删除安装
```
kubeadm reset
```

54
deploy/kubernetes-configuration-best-practice.md
View File

@ -1,54 +0,0 @@
# Kubernetes配置最佳实践
本文翻译自Kubernetes官方文档[Configuration Best Practices](https://kubernetes.io/docs/concepts/configuration/overview/)。
本文档旨在汇总和强调用户指南、快速开始文档和示例中的最佳实践。该文档会很很活跃并持续更新中。如果你觉得很有用的最佳实践但是本文档中没有包含欢迎给我们提Pull Request。
## 通用配置建议
- 定义配置文件的时候指定最新的稳定API版本目前是V1
- 在配置文件push到集群之前应该保存在版本控制系统中。这样当需要的时候能够快速回滚必要的时候也可以快速的创建集群。
- 使用YAML格式而不是JSON格式的配置文件。在大多数场景下它们都可以作为数据交换格式但是YAML格式比起JSON更易读和配置。
- 尽量将相关的对象放在同一个配置文件里。这样比分成多个文件更容易管理。参考[guestbook-all-in-one.yaml](https://github.com/kubernetes/kubernetes/tree/master/examples/guestbook/all-in-one/guestbook-all-in-one.yaml)文件中的配置(注意,尽管你可以在使用`kubectl`命令时指定配置文件目录,你也可以在配置文件目录下执行`kubectl create`——查看下面的详细信息)。
- 为了简化和最小化配置,也为了防止错误发生,不要指定不必要的默认配置。例如,省略掉`ReplicationController`的selector和label如果你希望它们跟`podTemplate`中的label一样的话因为那些配置默认是`podTemplate`的label产生的。更多信息请查看 [guestbook app](https://github.com/kubernetes/kubernetes/tree/master/examples/guestbook/) 的yaml文件和 [examples](https://github.com/kubernetes/kubernetes/tree/master/examples/guestbook/frontend-deployment.yaml) 。
- 将资源对象的描述放在一个annotation中可以更好的内省。
## 裸奔的Pods vs Replication Controllers和 Jobs
- 如果有其他方式替代“裸奔的pod”如没有绑定到[replication controller ](https://kubernetes.io/docs/user-guide/replication-controller)上的pod那么就使用其他选择。在node节点出现故障时裸奔的pod不会被重新调度。Replication Controller总是会重新创建pod除了明确指定了[`restartPolicy: Never`](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy) 的场景。[Job](https://kubernetes.io/docs/concepts/jobs/run-to-completion-finite-workloads/) 对象也适用。
## Services
- 通常最好在创建相关的[replication controllers](https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/)之前先创建[service](https://kubernetes.io/docs/concepts/services-networking/service/)没有这个必要吧你也可以在创建Replication Controller的时候不指定replica数量默认是1创建service后在通过Replication Controller来扩容。这样可以在扩容很多个replica之前先确认pod是正常的。
- 除非时分必要的情况下如运行一个node daemon不要使用`hostPort`用来指定暴露在主机上的端口号。当你给Pod绑定了一个`hostPort`该pod可被调度到的主机的受限了因为端口冲突。如果是为了调试目的来通过端口访问的话你可以使用 [kubectl proxy and apiserver proxy](https://kubernetes.io/docs/tasks/access-kubernetes-api/http-proxy-access-api/) 或者 [kubectl port-forward](https://kubernetes.io/docs/tasks/access-application-cluster/port-forward-access-application-cluster/)。你可使用 [Service](/docs/concepts/services-networking/service/) 来对外暴露服务。如果你确实需要将pod的端口暴露到主机上考虑使用 [NodePort](https://kubernetes.io/docs/user-guide/services/#type-nodeport) service。
- 跟`hostPort`一样的原因,避免使用 `hostNetwork`
- 如果你不需要kube-proxy的负载均衡的话可以考虑使用使用[headless services](https://kubernetes.io/docs/user-guide/services/#headless-services)。
## 使用Label
- 定义 [labels](https://kubernetes.io/docs/user-guide/labels/) 来指定应用或Deployment的 **semantic attributes** 。 For example, instead of attaching a label to a set of pods to explicitly represent some service (e.g., `service: myservice`), or explicitly representing the replication controller managing the pods (e.g., `controller: mycontroller`), attach labels that identify semantic attributes, such as `{ app: myapp, tier: frontend, phase: test, deployment: v3 }`. This will let you select the object groups appropriate to the context— e.g., a service for all “tier: frontend” pods, or all “test” phase components of app “myapp”. See the [guestbook](https://github.com/kubernetes/kubernetes/tree/master/examples/guestbook/) app for an example of this approach.
A service can be made to span multiple deployments, such as is done across [rolling updates](https://kubernetes.io/docs/tasks/run-application/rolling-update-replication-controller/), by simply omitting release-specific labels from its selector, rather than updating a services selector to match the replication controllers selector fully.
- 为了滚动升级的方便在Replication Controller的名字中包含版本信息例如作为名字的后缀。设置一个`version`标签页是很有用的。滚动更新创建一个新的controller而不是修改现有的controller。因此version含混不清的controller名字就可能带来问题。查看[Rolling Update Replication Controller](https://kubernetes.io/docs/tasks/run-application/rolling-update-replication-controller/)文档获取更多关于滚动升级命令的信息。
注意 [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/) 对象不需要再管理 replication controller 的版本名。Deployment 中描述了对象的期望状态如果对spec的更改被应用了话Deployment controller 会以控制的速率来更改实际状态到期望状态。Deployment目前是 [`extensions` API Group](https://kubernetes.io/docs/concepts/overview/kubernetes-api/#api-groups)的一部分)。
- 利用label做调试。因为Kubernetes replication controller和service使用label来匹配pods这允许你通过移除pod中的label的方式将其从一个controller或者service中移除原来的controller会创建一个新的pod来取代移除的pod。这是一个很有用的方式帮你在一个隔离的环境中调试之前的“活着的” pod。查看 [`kubectl label`](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) 命令。
## 容器镜像
- [默认容器镜像拉取策略](https://kubernetes.io/docs/concepts/containers/images/) 是 `IfNotPresent`, 当本地已存在该镜像的时候 [Kubelet](https://kubernetes.io/docs/admin/kubelet/) 不会再从镜像仓库拉取。如果你希望总是从镜像仓库中拉取镜像的话在yaml文件中指定镜像拉取策略为`Always` `imagePullPolicy: Always`或者指定镜像的tag为 `:latest`
如果你没有将镜像标签指定为`:latest`,例如指定为`myimage:v1`当该标签的镜像进行了更新kubelet也不会拉取该镜像。你可以在每次镜像更新后都生成一个新的tag例如`myimage:v2`),在配置文件中明确指定该版本。
**注意:** 在生产环境下部署容器应该尽量避免使用`:latest`标签,因为这样很难追溯到底运行的是哪个版本的容器和回滚。
## Using kubectl
- 尽量使用 `kubectl create -f <directory>` 。kubeclt会自动查找该目录下的所有后缀名为`.yaml`、`.yml`和`.json`文件并将它们传递给`create`命令。
- 使用 `kubectl delete` 而不是 `stop`. `Delete``stop`的超集,`stop` 已经被弃用。
- 使用 kubectl bulk 操作通过文件或者label来get和delete。查看[label selectors ](https://kubernetes.io/docs/user-guide/labels/#label-selectors)和 [using labels effectively](https://kubernetes.io/docs/concepts/cluster-administration/manage-deployment/#using-labels-effectively)。
- 使用 `kubectl run``expose` 命令快速创建直有耽搁容器的Deployment。查看 [quick start guide](https://kubernetes.io/docs/user-guide/quick-start/)中的示例。

24
deploy/logging.md
View File

@ -1,24 +0,0 @@
# Kubernetes日志
ELK可谓是容器日志收集、处理和搜索的黄金搭档:
* Logstash或者Fluentd负责收集日志
* Elasticsearch存储日志并提供搜索
* Kibana负责日志查询和展示
注意Kubernetes默认使用fluentd以DaemonSet的方式启动来收集日志并将收集的日志发送给elasticsearch。
**小提示**
在使用`cluster/kube-up.sh`部署集群的时候,可以设置`KUBE_LOGGING_DESTINATION`环境变量自动部署Elasticsearch和Kibana并使用fluentd收集日志(配置参考[addons/fluentd-elasticsearch](https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/fluentd-elasticsearch))
```
KUBE_LOGGING_DESTINATION=elasticsearch
KUBE_ENABLE_NODE_LOGGING=true
cluster/kube-up.sh
```
如果使用GCE或者GKE的话还可以[将日志发送给Google Cloud Logging](https://kubernetes.io/docs/user-guide/logging/stackdriver/)并可以集成Google Cloud Storage和BigQuery。
如果需要集成其他的日志方案还可以自定义docker的log driver将日志发送到splunk或者awslogs等。

45
deploy/single.md
View File

@ -1,45 +0,0 @@
# 单机部署
创建Kubernetes cluster单机版最简单的方法是[minikube](https://github.com/kubernetes/minikube):
首先下载kubectl
```sh
curl -Lo kubectl https://storage.googleapis.com/kubernetes-release/release/v1.5.2/bin/linux/amd64/kubectl
chmod +x kubectl
```
然后启动minikube
```sh
$ minikube start
Starting local Kubernetes cluster...
Kubectl is now configured to use the cluster.
$ kubectl cluster-info
Kubernetes master is running at https://192.168.64.12:8443
kubernetes-dashboard is running at https://192.168.64.12:8443/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
```
## 开发版
minikube/localkube只提供了正式release版本而如果想要部署master或者开发版的话则可以用`hack/local-up-cluster.sh`来启动一个本地集群:
```sh
cd $GOPATH/src/k8s.io/kubernetes
export KUBERNETES_PROVIDER=local
hack/install-etcd.sh
export PATH=$GOPATH/src/k8s.io/kubernetes/third_party/etcd:$PATH
hack/local-up-cluster.sh
```
打开另外一个终端配置kubectl
```sh
cd $GOPATH/src/k8s.io/kubernetes
export KUBECONFIG=/var/run/kubernetes/admin.kubeconfig
cluster/kubectl.sh
```

0
dev/contribute.md → develop/contribute.md
View File

0
dev/index.md → develop/developing-environment.md
View File

2
develop/index.md 100644
View File

@ -0,0 +1,2 @@
# 开发指南

0
dev/testing.md → develop/testing.md
View File

2
guide/index.md 100644
View File

@ -0,0 +1,2 @@
# 用户指南

75
ha/index.md
View File

@ -1,75 +0,0 @@
# Kubernetes HA
Kubernetes从1.5开始,通过`kops`或者`kube-up.sh`部署的集群会自动部署一个高可用的系统,包括
- etcd集群模式
- apiserver负载均衡
- controller manager、scheduler和cluster autoscaler自动选主有且仅有一个运行实例
如下图所示
![高可用示意图](../images/ha.png)
## etcd集群
从`https://discovery.etcd.io/new?size=3`获取token后<https://kubernetes.io/docs/admin/high-availability/etcd.yaml>放到每台机器的`/etc/kubernetes/manifests/etcd.yaml`,并替换掉`${DISCOVERY_TOKEN}`, `${NODE_NAME}`和`${NODE_IP}`既可以由kubelet来启动一个etcd集群。
对于运行在kubelet外部的etcd可以参考[etcd clustering guide](https://github.com/coreos/etcd/blob/master/Documentation/op-guide/clustering.md)来手动配置集群模式。
## apiserver
<https://kubernetes.io/docs/admin/high-availability/kube-apiserver.yaml>放到每台Master节点的`/etc/kubernetes/manifests/`,并把相关的配置放到`/srv/kubernetes/`即可由kubelet自动创建并启动apiserver:
- basic_auth.csv - basic auth user and password
- ca.crt - Certificate Authority cert
- known_tokens.csv - tokens that entities (e.g. the kubelet) can use to talk to the apiserver
- kubecfg.crt - Client certificate, public key
- kubecfg.key - Client certificate, private key
- server.cert - Server certificate, public key
- server.key - Server certificate, private key
apiserver启动后还需要为它们做负载均衡可以使用云平台的弹性负载均衡服务或者使用haproxy/lvs等为master节点配置负载均衡。
## controller manager和scheduler
controller manager和scheduler需要保证任何时刻都只有一个实例运行需要一个选主的过程所以在启动时要设置`--leader-elect=true`,比如
```
kube-scheduler --master=127.0.0.1:8080 --v=2 --leader-elect=true
kube-controller-manager --master=127.0.0.1:8080 --cluster-cidr=10.245.0.0/16 --allocate-node-cidrs=true --service-account-private-key-file=/srv/kubernetes/server.key --v=2 --leader-elect=true
```
把[kube-scheduler.yaml](https://kubernetes.io/docs/admin/high-availability/kube-scheduler.yaml)和[kube-controller-manager.yaml](https://kubernetes.io/docs/admin/high-availability/kube-controller-manager.yaml)(非GCE平台需要适当修改) 放到每台master节点的`/etc/kubernetes/manifests/`即可。
## kube-dns
kube-dns可以通过Deployment的方式来部署默认kubeadm会自动创建。但在大规模集群的时候需要放宽资源限制比如
```
dns_replicas: 6
dns_cpu_limit: 100m
dns_memory_limit: 512Mi
dns_cpu_requests 70m
dns_memory_requests: 70Mi
```
另外也需要给dnsmasq增加资源比如增加缓存大小到10000增加并发处理数量`--dns-forward-max=1000`等。
## kube-proxy
默认kube-proxy使用iptables来为Service作负载均衡这在大规模时会产生很大的Latency可以考虑使用[IPVS](https://docs.google.com/presentation/d/1BaIAywY2qqeHtyGZtlyAp89JIZs59MZLKcFLxKE6LyM/edit#slide=id.p3)的替代方式注意Kubernetes v1.6还不支持IPVS模式
## 数据持久化
除了上面提到的这些配置持久化存储也是高可用Kubernetes集群所必须的。
- 对于公有云上部署的集群可以考虑使用云平台提供的持久化存储比如aws ebs或者gce persistent disk
- 对于物理机部署的集群可以考虑使用iSCSI、NFS、Gluster或者Ceph等网络存储也可以使用RAID
## 参考文档
- https://kubernetes.io/docs/admin/high-availability/
- http://kubecloud.io/setup-ha-k8s-kops/
- https://github.com/coreos/etcd/blob/master/Documentation/op-guide/clustering.md
- [Kubernetes Master Tier For 1000 Nodes Scale](http://fuel-ccp.readthedocs.io/en/latest/design/k8s_1000_nodes_architecture.html)
- [Scaling Kubernetes to Support 50000 Services](https://docs.google.com/presentation/d/1BaIAywY2qqeHtyGZtlyAp89JIZs59MZLKcFLxKE6LyM/edit#slide=id.p3)

BIN
images/cadvisor.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 108 KiB

BIN
images/cloud-native-landscape.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.2 MiB

BIN
images/workflow-overview.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 36 KiB

193
introduction/101.md
View File

@ -1,193 +0,0 @@
# Kubernetes 101
体验Kubernetes最简单的方法是跑一个nginx容器然后使用kubectl操作该容器。Kubernetes提供了一个类似于`docker run`的命令`kubectl run`可以方便的创建一个容器实际上创建的是一个由deployment来管理的Pod
```sh
$ kubectl run --image=nginx nginx-app --port=80
deployment "nginx-app" created
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-app-4028413181-cnt1i 1/1 Running 0 52s
```
等到容器变成Running后就可以各种`kubectl`命令来操作它了,比如
- `kubectl get` - 类似于`docker ps`,查询资源列表
- `kubectl describe` - 类似于`docker inspect`,获取资源的详细信息
- `kubectl logs` - 类似于`docker logs`,获取容器的日志
- `kubectl exec` - 类似于`docker exec`,在容器内执行一个命令
```sh
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-app-4028413181-cnt1i 1/1 Running 0 6m
$ kubectl exec nginx-app-4028413181-cnt1i ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.5 31736 5108 ? Ss 00:19 0:00 nginx: master process nginx -g daemon off;
nginx 5 0.0 0.2 32124 2844 ? S 00:19 0:00 nginx: worker process
root 18 0.0 0.2 17500 2112 ? Rs 00:25 0:00 ps aux
$ kubectl describe pod nginx-app-4028413181-cnt1i
Name: nginx-app-4028413181-cnt1i
Namespace: default
Node: boot2docker/192.168.64.12
Start Time: Tue, 06 Sep 2016 08:18:41 +0800
Labels: pod-template-hash=4028413181
run=nginx-app
Status: Running
IP: 172.17.0.3
Controllers: ReplicaSet/nginx-app-4028413181
Containers:
nginx-app:
Container ID: docker://4ef989b57d0a7638ad9c5bbc22e16d5ea5b459281c77074fc982eba50973107f
Image: nginx
Image ID: docker://sha256:4efb2fcdb1ab05fb03c9435234343c1cc65289eeb016be86193e88d3a5d84f6b
Port: 80/TCP
State: Running
Started: Tue, 06 Sep 2016 08:19:30 +0800
Ready: True
Restart Count: 0
Environment Variables: <none>
Conditions:
Type Status
Initialized True
Ready True
PodScheduled True
Volumes:
default-token-9o8ks:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-9o8ks
QoS Tier: BestEffort
Events:
FirstSeen LastSeen Count From SubobjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
8m 8m 1 {default-scheduler } Normal Scheduled Successfully assigned nginx-app-4028413181-cnt1i to boot2docker
8m 8m 1 {kubelet boot2docker} spec.containers{nginx-app} Normal Pulling pulling image "nginx"
7m 7m 1 {kubelet boot2docker} spec.containers{nginx-app} Normal Pulled Successfully pulled image "nginx"
7m 7m 1 {kubelet boot2docker} spec.containers{nginx-app} Normal Created Created container with docker id 4ef989b57d0a
7m 7m 1 {kubelet boot2docker} spec.containers{nginx-app} Normal Started Started container with docker id 4ef989b57d0a
$ kubectl logs nginx-app-4028413181-cnt1i
127.0.0.1 - - [06/Sep/2016:00:27:13 +0000] "GET / HTTP/1.0 " 200 612 "-" "-" "-"
127.0.0.1 - - [06/Sep/2016:00:27:15 +0000] "GET / HTTP/1.0 " 200 612 "-" "-" "-"
```
## 使用yaml定义Pod
上面是通过`kubectl run`来启动了第一个Pod但是`kubectl run`并不能支持所有的功能。在Kubernetes中更经常使用yaml文件来定义资源并通过`kubectl create -f file.yaml`来创建资源。比如一个简单的nginx Pod可以定义为
```yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
```
前面提到,`kubectl run`并不是直接创建一个Pod而是先创建一个Deployment资源replicas=1再由Deployment来自动创建Pod这等价于这样一个配置
```yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
run: nginx-app
name: nginx-app
namespace: default
spec:
replicas: 1
selector:
matchLabels:
run: nginx-app
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
run: nginx-app
spec:
containers:
- image: nginx
name: nginx-app
ports:
- containerPort: 80
protocol: TCP
dnsPolicy: ClusterFirst
restartPolicy: Always
```
## 使用Volume
Pod的生命周期通常比较短只要出现了异常就会创建一个新的Pod来代替它。那容器产生的数据呢容器内的数据会随着Pod消亡而自动消失。Volume就是为了持久化容器数据而生比如可以为redis容器指定一个hostPath来存储redis数据
```yaml
apiVersion: v1
kind: Pod
metadata:
name: redis
spec:
containers:
- name: redis
image: redis
volumeMounts:
- name: redis-persistent-storage
mountPath: /data/redis
volumes:
- name: redis-persistent-storage
hostPath:
path: /data/
```
Kubernetes volume支持非常多的插件可以根据实际需要来选择
* emptyDir
* hostPath
* gcePersistentDisk
* awsElasticBlockStore
* nfs
* iscsi
* flocker
* glusterfs
* rbd
* cephfs
* gitRepo
* secret
* persistentVolumeClaim
* downwardAPI
* azureFileVolume
* vsphereVolume
## 使用Service
前面虽然创建了Pod但是在kubernetes中Pod的IP地址会随着Pod的重启而变化并不建议直接拿Pod的IP来交互。那如何来访问这些Pod提供的服务呢使用Service。Service为一组Pod通过labels来选择提供一个统一的入口并为它们提供负载均衡和自动服务发现。比如可以为前面的`nginx-app`创建一个service
```yaml
$ kubectl expose deployment nginx-app --type=NodePort --port=80 --target-port=80
service "nginx-app" exposed
$ kubectl describe service nginx-app
Name: nginx-app
Namespace: default
Labels: run=nginx-app
Selector: run=nginx-app
Type: NodePort
IP: 10.0.0.66
Port: <unset> 80/TCP
NodePort: <unset> 30772/TCP
Endpoints: 172.17.0.3:80
Session Affinity: None
No events.
```
这样在cluster内部就可以通过`http://10.0.0.66`和`http://node-ip:30772`来访问nginx-app。而在cluster外面只能通过`http://node-ip:30772`来访问。

85
introduction/201.md
View File

@ -1,85 +0,0 @@
# Kubernetes 201
## 扩展应用
通过修改Deployment中副本的数量replicas可以动态扩展或收缩应用
![扩容](../images/scale.png)
这些自动扩展的容器会自动加入到service中而收缩回收的容器也会自动从service中删除。
```sh
$ kubectl scale --replicas=3 deployment/nginx-app
$ kubectl get deploy
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
nginx-app 3 3 3 3 10m
```
## 滚动升级
滚动升级Rolling Update通过逐个容器替代升级的方式来实现无中断的服务升级
```
kubectl rolling-update frontend-v1 frontend-v2 --image=image:v2
```
![update1](../images/update1.png)
![update2](../images/update2.png)
![update3](../images/update3.png)
![update4](../images/update4.png)
在滚动升级的过程中,如果发现了失败或者配置错误,还可以随时会滚回来:
```
kubectl rolling-update frontend-v1 frontend-v2 --rollback
```
需要注意的是rolling-update只针对ReplicationController不能直接用在deployment上。Deployment可以在spec中设置更新策略为RollingUpdate默认就是RollingUpdate
```yaml
spec:
replicas: 3
selector:
matchLabels:
run: nginx-app
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
```
而更新应用的话,就可以直接用`kubectl set`命令:
```sh
kubectl set image deployment/nginx-app nginx-app=nginx:1.9.1
```
滚动升级的过程可以用`rollout`命令查看:
```sh
$ kubectl rollout status deployment/nginx-app
Waiting for rollout to finish: 2 out of 3 new replicas have been updated...
Waiting for rollout to finish: 2 of 3 updated replicas are available...
Waiting for rollout to finish: 2 of 3 updated replicas are available...
Waiting for rollout to finish: 2 of 3 updated replicas are available...
Waiting for rollout to finish: 2 of 3 updated replicas are available...
Waiting for rollout to finish: 2 of 3 updated replicas are available...
deployment "nginx-app" successfully rolled out
```
Deployment同样支持回滚
```sh
$ kubectl rollout history deployment/nginx-app
deployments "nginx-app"
REVISION CHANGE-CAUSE
1 <none>
2 <none>
$ kubernetes kubectl rollout undo deployment/nginx-app
deployment "nginx-app" rolled back
```

29
introduction/cluster.md
View File

@ -1,29 +0,0 @@
# Kubernetes cluster
![集群架构图](../images/architecture.png)
一个Kubernetes集群由分布式存储etcd、控制节点controller以及服务节点Node组成。
- 控制节点主要负责整个集群的管理,比如容器的调度、维护资源的状态、自动扩展以及滚动更新等
- 服务节点是真正运行容器的主机负责管理镜像和容器以及cluster内的服务发现和负载均衡
- etcd集群保存了整个集群的状态
## 集群联邦
![集群联邦架构图](../images/federation.png)
## Kubernetes单机版
创建Kubernetes cluster单机版最简单的方法是[minikube](https://github.com/kubernetes/minikube):
```sh
$ minikube start
Starting local Kubernetes cluster...
Kubectl is now configured to use the cluster.
$ kubectl cluster-info
Kubernetes master is running at https://192.168.64.12:8443
kubernetes-dashboard is running at https://192.168.64.12:8443/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
```

39
introduction/concepts.md
View File

@ -1,39 +0,0 @@
# Kubernetes核心概念
## Pod
Pod是一组紧密关联的容器集合它们共享Volume和network namespace是Kubernetes调度的基本单位。Pod的设计理念是支持多个容器在一个Pod中共享网络和文件系统可以通过进程间通信和文件共享这种简单高效的方式组合完成服务。
![Pod结构示意图](../images/pod.png)
## Node
Node是Pod真正运行的主机可以是物理机也可以是虚拟机。为了管理Pod每个Node节点上至少要运行container runtime比如docker或者rkt、`kubelet`和`kube-proxy`服务。
![Node结构示意图](../images/node.png)
## Service
Service是应用服务的抽象通过`labels`为应用提供负载均衡和服务发现。Service对外暴露一个统一的访问接口外部服务不需要了解后端运行的容器。
![Serivce结构示意图](../images/service-arch.png)
## Label
Label是识别Kubernetes对象的标签以key/value的方式附加到对象上。Label不提供唯一性并且实际上经常是很多对象如Pods都使用相同的label来标识具体的应用。
Label定义好后其他对象可以使用Label Selector来选择一组相同label的对象比如ReplicaSet和Service用label来选择一组Pod。Label Selector支持以下几种方式
- 等式,如`app=nginx`和`env!=production`
- 集合,如`env in (production, qa)`
- 多个label它们之间是AND关系如`app=nginx,env=test`
## Annotations
Annotations是key/value形式附加于对象的注解。不同于Labels用于标识和选择对象Annotations则是用来记录一些附加信息以便于外部工具进行查找。
## Namespace
Namespace是对一组资源和对象的抽象集合比如可以用来将系统内部的对象划分为不同的项目组或用户组。常见的pods, services, replication controllers和deployments等都是属于某一个namespace的默认是default而node, persistentVolumes等则不属于任何namespace。

19
introduction/index.md
View File

@ -1,19 +0,0 @@
# Kubernetes简介
Kubernetes是谷歌开源的容器集群管理系统是Google多年大规模容器管理技术Borg的开源版本主要功能包括
- 基于容器的应用部署、维护和滚动升级
- 负载均衡和服务发现
- 跨机器和跨地区的集群调度
- 自动伸缩
- 无状态服务和有状态服务
- 广泛的Volume支持
- 插件机制保证扩展性
Kubernetes发展非常迅速已经成为容器编排领域的领导者。
![Kubernetes发展速度](../images/kubernetes-velocity.jpg)
## Kubernetes架构
![Kubernetes架构](../images/architecture.png)

BIN
introduction/media/14731192945281.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 11 KiB

BIN
introduction/media/14731196066424.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 35 KiB

BIN
introduction/media/14731218435097.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 16 KiB

BIN
introduction/media/14731218545399.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 14 KiB

BIN
introduction/media/14731219480252.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 25 KiB

BIN
introduction/media/14731220608865.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 29 KiB

61
monitor/index.md
View File

@ -1,61 +0,0 @@
# Kubernetes监控
## cAdvisor
[cAdvisor](https://github.com/google/cadvisor)是一个来自Google的容器监控工具也是kubelet内置的容器资源收集工具。它会自动收集本机容器CPU、内存、网络和文件系统的资源占用情况并对外提供cAdvisor原生的API默认端口为`--cadvisor-port=4194`)。
![cAdvisor监控示意图](../images/cadvisor.png)
## InfluxDB和Grafana
[InfluxDB](https://www.influxdata.com/time-series-platform/influxdb/)是一个开源分布式时序、事件和指标数据库;而[Grafana](http://grafana.org/)则是InfluxDB的dashboard提供了强大的图表展示功能。
![Grafana界面图](../images/grafana-ui.jpg)
## Heapster
前面提到的cAdvisor只提供了单机的容器资源占用情况而[Heapster](https://github.com/kubernetes/heapster)则提供了整个集群的资源监控并支持持久化数据存储到InfluxDB、Google Cloud Monitoring或者[其他的存储后端](https://github.com/kubernetes/heapster)。
Heapster从kubelet提供的API采集节点和容器的资源占用
![Heapster架构](../images/heapster-arch.png)
另外Heapster的`/metrics` API提供了Prometheus格式的数据。
### 部署Heapster、InfluxDB和Grafana
在Kubernetes部署成功后dashboard、DNS和监控的服务也会默认部署好比如通过`cluster/kube-up.sh`部署的集群默认会开启以下服务:
```sh
$ kubectl cluster-info
Kubernetes master is running at https://kubernetes-master
Heapster is running at https://kubernetes-master/api/v1/proxy/namespaces/kube-system/services/heapster
KubeDNS is running at https://kubernetes-master/api/v1/proxy/namespaces/kube-system/services/kube-dns
kubernetes-dashboard is running at https://kubernetes-master/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard
Grafana is running at https://kubernetes-master/api/v1/proxy/namespaces/kube-system/services/monitoring-grafana
InfluxDB is running at https://kubernetes-master/api/v1/proxy/namespaces/kube-system/services/monitoring-influxdb
```
如果这些服务没有自动部署的话,可以根据[cluster/addons](https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)来添加需要的服务。
## Prometheus
[Prometheus](https://prometheus.io)是另外一个监控和时间序列数据库并且还提供了告警的功能。他提供了强大的查询语言和HTTP接口也支持将数据导出到Grafana中展示。
使用Prometheus监控Kubernetes需要配置好数据源一个简单的示例是[prometheus.yml](../manifests/prometheus/prometheus.yml)
```bash
kubectl create -f http://feisky.xyz/kubernetes/monitor/prometheus.yml
```
![Prometheus界面示意图](../images/prometheus-ui.jpg)
## 其他容器监控系统
- [Sysdig](http://blog.kubernetes.io/2015/11/monitoring-Kubernetes-with-Sysdig.html)
- CoScale
- Datadog
- Sematext

5
network/index.md
View File

@ -1,5 +0,0 @@
# 网络配置
- [Kubernetes中的网络模式解析](network-modes-in-kubernetes.md)

6
ops/index.md
View File

@ -1,6 +0,0 @@
# 运维管理
- [服务滚动升级](service-rolling-update.md)
- [应用日志收集](app-log-collection.md)

20
plugins/CRI.md
View File

@ -1,20 +0,0 @@
# Container Runtime Interface
Container Runtime Interface (CRI)是Kubelet 1.5/1.6中主要负责的一块项目它重新定义了Kubelet Container Runtime API将原来完全面向Pod级别的API拆分成面向Sandbox和Container的API并分离镜像管理和容器引擎到不同的服务。
![容器运行时接口](../images/cri.png)
CRI最早从从1.4版就开始设计讨论和开发在v1.5中发布第一个测试版。
## 目前的CRI实现
目前有多家厂商都在基于CRI集成自己的容器引擎其中包括
- 1) Docker: 核心代码依然保留在kubelet内部
- 2) HyperContainer: https://github.com/kubernetes/frakti
- 3) Rkt: https://github.com/kubernetes-incubator/rktlet
- 4) Runc: https://github.com/kubernetes-incubator/cri-o
- 5) Mirantis: https://github.com/Mirantis/virtlet
- 6) Cloud foundary: https://github.com/cloudfoundry/garden
- 7) Infranetes: not open sourced yet.

21
plugins/auth.md
View File

@ -1,21 +0,0 @@
# Kubernetes认证与授权插件
## 认证
- X509 Client Certs
- Static Token File
- Putting a Bearer Token in a Request
- Static Password File
- Service Account Tokens
- OpenID Connect Tokens
- Webhook Token Authentication
- Authenticating Proxy
- Keystone Password
## 授权
- AlwaysDeny
- AlwaysAllow
- ABAC (Attribute-Based Access Control)
- RBAC (Role-Based Access Control)
- Webhook

3
plugins/index.md
View File

@ -1,3 +0,0 @@
# Kubernetes插件
Kubernetes在设计之初就充分考虑了可扩展性很多资源或操作都可以通过插件来自由扩展比如认证授权、网络、Volume、容器执行引擎、调度等。

93
plugins/network.md
View File

@ -1,93 +0,0 @@
# Kubernetes网络插件
Kubernetes有着丰富的网络插件方便用户自定义所需的网络。
## 官方插件
* kubenet这是一个基于CNI bridge的网络插件也是目前推荐的默认插件
* CNICNI网络插件需要用户将网络配置放到`/etc/cni/net.d`目录中并将CNI插件的二进制文件放入`/opt/cni/bin`
* exec通过第三方的可执行文件来为容器配置网络将在v1.6中移除,见[PR](https://github.com/kubernetes/kubernetes/pull/39254)_
## CNI plugin
安装CNI
```Bash
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://yum.kubernetes.io/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
yum install -y kubernetes-cni
```
配置CNI brige插件
```bash
mkdir -p /etc/cni/net.d
cat >/etc/cni/net.d/10-mynet.conf <<-EOF
{
"cniVersion": "0.3.0",
"name": "mynet",
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "10.244.0.0/16",
"routes": [
{ "dst": "0.0.0.0/0" }
]
}
}
EOF
cat >/etc/cni/net.d/99-loopback.conf <<-EOF
{
"cniVersion": "0.3.0",
"type": "loopback"
}
EOF
```
## calico
```sh
# kubectl apply -f http://docs.projectcalico.org/v2.0/getting-started/kubernetes/installation/hosted/kubeadm/calico.yaml
kubectl apply -f https://gist.githubusercontent.com/feiskyer/0f952c7dadbfcefd2ce81ba7ea24a8ca/raw/92addea398bbc4d4a1dcff8a98c1ac334c8acb26/calico.yaml
```
## flannel
```sh
kubectl apply -f https://gist.githubusercontent.com/feiskyer/1e7a95f27c391a35af47881eb20131d7/raw/4266f05355590fa185bc8e50c0f50d2841993d20/flannel.yaml
```
## weave
```sh
kubectl apply -f https://gist.githubusercontent.com/feiskyer/0b00688584cc7ed9bd9a993adddae5e3/raw/67f3558e32d5c76be38e36ef713cc46deb2a74ca/weave.yaml
```
## 第三方插件
- [Calico](http://docs.projectcalico.org/v2.0/getting-started/kubernetes/installation/hosted/)是一个基于BGP的三层网络插件并且也支持Network Policy来实现网络的访问控制。它在每台机器上运行一个vRouter利用Linux内核来转发网络数据包并借助iptables实现防火墙等功能。
- [Flannel](https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel.yml)是一个为Kubernetes提供overlay network的网络插件它基于Linux TUN/TAP使用UDP封装IP包来创建overlay网络并借助etcd维护网络的分配情况。
- [Contiv](http://contiv.github.io)是一个基于openvswitch的多租户网络插件支持VLAN和VXLAN并基于openflow实现访问控制和QoS的功能。
- [Canal](https://github.com/tigera/canal/tree/master/k8s-install/kubeadm)则是Flannel和Calico联合发布的一个统一网络插件提供CNI网络插件并且也支持network policy。
- [Weave Net](https://www.weave.works/docs/net/latest/kube-addon/) provides networking and network policy, will carry on working on both sides of a network partition, and does not require an external database.
- [Romana](http://romana.io/) is a Layer 3 networking solution for pod networks that also supports the NetworkPolicy API.
- [cilium](https://github.com/cilium/cilium): BPF & XDP for containers.
- [ovn-kubernetes](https://github.com/openvswitch/ovn-kubernetes)
- [kuryr-kubernetes](https://github.com/openstack/kuryr-kubernetes)
## 其他辅助工具
- [Weave Scope](https://www.weave.works/documentation/scope-latest-installing/#k8s)是一个监控和可视化Pod/Service的工具。

12
plugins/other.md
View File

@ -1,12 +0,0 @@
# 其他插件机制
1. Apiserver federation
2. Admission-control hooks
3. ThirdPartyResource
4. Kubectl extensions
5. Service Broker, Operators
6. External cloudproviders
7. Cluster addons: UI, monitoring, logging
8. Feature gates, feature discovery, dependency management

309
plugins/volume.md
View File

@ -1,309 +0,0 @@
# Volume Plugin
Kubernetes提供丰富的Volume插件包括
- emptyDir
- hostPath
- gcePersistentDisk
- awsElasticBlockStore
- nfs
- iscsi
- flocker
- glusterfs
- rbd
- cephfs
- gitRepo
- secret
- persistentVolumeClaim
- downwardAPI
- azureFileVolume
- vsphereVolume
- flexvolume
注意这些volume并非全部都是持久化的比如emptyDir、secret、gitRepo等这些volume会随着Pod的消亡而消失。
## Volume生命周期
Volume的生命周期包括5个阶段
1. Provisioning即PV的创建可以直接创建PV也可以使用StorageClass动态创建
2. Binding将PV分配给PVC
3. UsingPod通过PVC使用该Volume
4. ReleasingPod释放Volume并删除PVC
5. Reclaiming保留PV以便下次使用或者直接从云存储中删除
## PersistentVolume
对于持久化的VolumePersistentVolume (PV)和PersistentVolumeClaim (PVC)提供了更方便的管理卷的方法PV提供网络存储资源而PVC请求存储资源。这样设置持久化的工作流包括配置底层文件系统或者云数据卷、创建持久性数据卷、最后创建claim来将pod跟数据卷关联起来。PV和PVC可以将pod和数据卷解耦pod不需要知道确切的文件系统或者支持它的持久化引擎。
### PV
PersistentVolumePV是集群之中的一块网络存储。跟 Node 一样也是集群的资源。PV 跟 Volume (卷) 类似,不过会有独立于 Pod 的生命周期。比如一个NFS的PV可以定义为
```yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv0003
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Recycle
nfs:
path: /tmp
server: 172.17.0.2
```
PV的访问模式有三种
* 第一种ReadWriteOnce是最基本的方式可读可写但只支持被单个Pod挂载。
* 第二种ReadOnlyMany可以以只读的方式被多个Pod挂载。
* 第三种ReadWriteMany这种存储可以以读写的方式被多个Pod共享。不是每一种存储都支持这三种方式像共享方式目前支持的还比较少比较常用的是NFS。在PVC绑定PV时通常根据两个条件来绑定一个是存储的大小另一个就是访问模式。
### StorageClass
上面通过管理员手动操作的方式创建了一个PV (NFS Volume)。从Kubernetes 1.4开始1.6中beta[StorageClass](https://kubernetes.io/docs/user-guide/persistent-volumes/#storageclasses)支持动态分配存储卷。
GCE
```yaml
kind: StorageClass
apiVersion: storage.k8s.io/v1beta1
metadata:
name: slow
provisioner: kubernetes.io/gce-pd
parameters:
type: pd-standard # other options: pd-ssd
zone: us-central1-a
```
Ceph RBD
```yaml
apiVersion: storage.k8s.io/v1beta1
kind: StorageClass
metadata:
name: fast
provisioner: kubernetes.io/rbd
parameters:
monitors: 10.16.153.105:6789
adminId: kube
adminSecretName: ceph-secret
adminSecretNamespace: kube-system
pool: kube
userId: kube
userSecretName: ceph-secret-user
```
AWS EBS
```yaml
kind: StorageClass
apiVersion: storage.k8s.io/v1beta1
metadata:
name: slow
provisioner: kubernetes.io/aws-ebs
parameters:
type: io1
zone: us-east-1d
iopsPerGB: "10"
```
Clusterfs
```yaml
apiVersion: storage.k8s.io/v1beta1
kind: StorageClass
metadata:
name: slow
provisioner: kubernetes.io/glusterfs
parameters:
resturl: "http://127.0.0.1:8081"
restauthenabled: "true"
restuser: "admin"
secretNamespace: "default"
secretName: "heketi-secret"
```
OpenStack Cinder
```yaml
kind: StorageClass
apiVersion: storage.k8s.io/v1beta1
metadata:
name: gold
provisioner: kubernetes.io/cinder
parameters:
type: fast
availability: nova
```
vSphere
```yaml
kind: StorageClass
apiVersion: storage.k8s.io/v1beta1
metadata:
name: fast
provisioner: kubernetes.io/vsphere-volume
parameters:
diskformat: zeroedthick
```
Quobyte
```yaml
apiVersion: storage.k8s.io/v1beta1
kind: StorageClass
metadata:
name: slow
provisioner: kubernetes.io/quobyte
parameters:
quobyteAPIServer: "http://138.68.74.142:7860"
registry: "138.68.74.142:7861"
adminSecretName: "quobyte-admin-secret"
adminSecretNamespace: "kube-system"
user: "root"
group: "root"
quobyteConfig: "BASE"
quobyteTenant: "DEFAULT"
```
Azure Disk
```yaml
kind: StorageClass
apiVersion: storage.k8s.io/v1beta1
metadata:
name: slow
provisioner: kubernetes.io/azure-disk
parameters:
skuName: Standard_LRS
location: eastus
storageAccount: azure_storage_account_name
```
### PVC
PV是存储资源而PersistentVolumeClaim (PVC) 是对PV的请求。PVC跟Pod类似Pod消费Node的源而PVC消费PV资源Pod能够请求CPU和内存资源而PVC请求特定大小和访问模式的数据卷。
```yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: myclaim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 8Gi
selector:
matchLabels:
release: "stable"
matchExpressions:
- {key: environment, operator: In, values: [dev]}
```
也可以基于storage class来创建PVC
```yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc-sio-small
annotations:
volume.beta.kubernetes.io/storage-class: sio-small
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
```
PVC可以直接挂载到Pod中
```yaml
kind: Pod
apiVersion: v1
metadata:
name: mypod
spec:
containers:
- name: myfrontend
image: dockerfile/nginx
volumeMounts:
- mountPath: "/var/www/html"
name: mypd
volumes:
- name: mypd
persistentVolumeClaim:
claimName: myclaim
```
## emptyDir
如果Pod配置了emptyDir类型Volume Pod 被分配到Node上时候会创建emptyDir只要Pod运行在Node上emptyDir都会存在容器挂掉不会导致emptyDir丢失数据但是如果Pod从Node上被删除Pod被删除或者Pod发生迁移emptyDir也会被删除并且永久丢失。
```yaml
apiVersion: v1
kind: Pod
metadata:
name: test-pd
spec:
containers:
- image: gcr.io/google_containers/test-webserver
name: test-container
volumeMounts:
- mountPath: /test-pd
name: test-volume
volumes:
- name: test-volume
hostPath:
# directory location on host
path: /data
```
## 其他Volume说明
### hostPath
hostPath允许挂载Node上的文件系统到Pod里面去。如果Pod有需要使用Node上的文件可以使用hostPath。
```yaml
- hostPath:
path: /tmp/data
name: data
```
### NFS
NFS 是Network File System的缩写即网络文件系统。Kubernetes中通过简单地配置就可以挂载NFS到Pod中而NFS中的数据是可以永久保存的同时NFS支持同时写操作。
```yaml
volumes:
- name: nfs
nfs:
# FIXME: use the right hostname
server: 10.254.234.223
path: "/"
```
### FlexVolume
注意要把volume plugin放到`/usr/libexec/kubernetes/kubelet-plugins/volume/exec/<vendor~driver>/<driver>`plugin要实现`init/attach/detach/mount/umount`等命令可参考lvm的[示例](https://github.com/kubernetes/kubernetes/tree/master/examples/volumes/flexvolume))。
```yaml
- name: test
flexVolume:
driver: "kubernetes.io/lvm"
fsType: "ext4"
options:
volumeID: "vol1"
size: "1000m"
volumegroup: "kube_vg"
```

0
ops/app-log-collection.md → practice/app-log-collection.md
View File

0
deploy/centos/create-kubeconfig.md → practice/create-kubeconfig.md
View File

0
deploy/centos/create-tls-and-secret-key.md → practice/create-tls-and-secret-key.md
View File

0
deploy/centos/dashboard-addon-installation.md → practice/dashboard-addon-installation.md
View File

0
service-discovery-lb/distributed-load-test.md → practice/distributed-load-test.md
View File

0
service-discovery-lb/edge-node-configuration.md → practice/edge-node-configuration.md
View File

4
deploy/centos/efk-addon-installation.md → practice/efk-addon-installation.md
View File

@ -152,8 +152,8 @@ server.basePath: /api/v1/proxy/namespaces/kube-system/services/kibana-logging
如果你在这里发现Create按钮是灰色的无法点击且Time-filed name中没有选项fluentd要读取`/var/log/containers/`目录下的log日志这些日志是从`/var/lib/docker/containers/${CONTAINER_ID}/${CONTAINER_ID}-json.log`链接过来的查看你的docker配置`—log-dirver`需要设置为**json-file**格式,默认的可能是**journald**,参考[docker logging]([https://docs.docker.com/engine/admin/logging/overview/#examples](https://docs.docker.com/engine/admin/logging/overview/#examples))。
![es-setting](../../images/es-setting.png)
![es-setting](../images/es-setting.png)
创建Index后可以在 `Discover` 下看到 ElasticSearch logging 中汇聚的日志;
![es-home](../../images/kubernetes-efk-kibana.jpg)
![es-home](../images/kubernetes-efk-kibana.jpg)

0
deploy/centos/etcd-cluster-installation.md → practice/etcd-cluster-installation.md
View File

6
deploy/centos/heapster-addon-installation.md → practice/heapster-addon-installation.md
View File

@ -145,7 +145,7 @@ monitoring-influxdb-1411048194-lzrpc 1/1 Running 0 2m
检查 kubernets dashboard 界面,看是显示各 Nodes、Pods 的 CPU、内存、负载等利用率曲线图
![dashboard-heapster](./images/kubernetes-dashboard-with-heapster.jpg)
![dashboard-heapster](../images/kubernetes-dashboard-with-heapster.jpg)
## 访问 grafana
@ -178,7 +178,7 @@ monitoring-influxdb-1411048194-lzrpc 1/1 Running 0 2m
浏览器访问 URL`http://172.20.0.113:8086/api/v1/proxy/namespaces/kube-system/services/monitoring-grafana`
![grafana](../../images/kubernetes-heapster-grafana.jpg)
![grafana](../images/kubernetes-heapster-grafana.jpg)
## 访问 influxdb admin UI
@ -193,5 +193,5 @@ monitoring-influxdb 10.254.22.46 <nodes> 8086:32299/TCP,8083:30269/T
在页面的 “Connection Settings” 的 Host 中输入 node IP Port 中输入 8086 映射的 nodePort 如上面的 32299点击 “Save” 即可我的集群中的地址是172.20.0.113:32299
![kubernetes-influxdb-heapster](../../images/kubernetes-influxdb-heapster.jpg)
![kubernetes-influxdb-heapster](../images/kubernetes-influxdb-heapster.jpg)

3
practice/index.md 100644
View File

@ -0,0 +1,3 @@
# 最佳实践
从零开始创建你自己的kubernetes集群。

0
deploy/centos/install-kbernetes1.6-on-centos.md → practice/install-kbernetes1.6-on-centos.md
View File

0
deploy/centos/kubectl-installation.md → practice/kubectl-installation.md
View File

0
deploy/centos/kubedns-addon-installation.md → practice/kubedns-addon-installation.md
View File

0
deploy/centos/master-installation.md → practice/master-installation.md
View File

0
service-discovery-lb/network-and-cluster-perfermance-test.md → practice/network-and-cluster-perfermance-test.md
View File

0
network/network-modes-in-kubernetes.md → practice/network-modes-in-kubernetes.md
View File

0
deploy/centos/node-installation.md → practice/node-installation.md
View File

2
practice/operation.md 100644
View File

@ -0,0 +1,2 @@
# 运维管理

2
practice/opration.md 100644
View File

@ -0,0 +1,2 @@
# 运维管理

Some files were not shown because too many files have changed in this diff Show More