diff --git a/Makefile b/Makefile deleted file mode 100644 index 4fc4c8b76..000000000 --- a/Makefile +++ /dev/null @@ -1,42 +0,0 @@ -BOOK_NAME := kubernetes-handbook -BOOK_OUTPUT := _book - -.PHONY: build -build: - gitbook build . $(BOOK_OUTPUT) - -.PHONY: serve -serve: - gitbook serve . $(BOOK_OUTPUT) - -.PHONY: epub -epub: - gitbook epub . $(BOOK_NAME).epub - -.PHONY: pdf -pdf: - gitbook pdf . $(BOOK_NAME).pdf - -.PHONY: mobi -mobi: - gitbook mobi . $(BOOK_NAME).pdf - -.PHONY: install -install: - npm install gitbook-cli -g - gitbook install - -.PHONY: clean -clean: - rm -rf $(BOOK_OUTPUT) - -.PHONY: help -help: - @echo "Help for make" - @echo "make - Build the book" - @echo "make build - Build the book" - @echo "make serve - Serving the book on localhost:4000" - @echo "make install - Install gitbook and plugins" - @echo "make epub - Build epub book" - @echo "make pdf - Build pdf book" - @echo "make clean - Remove generated files" diff --git a/README.md b/README.md index afc0fc3a9..c44b80a29 100644 --- a/README.md +++ b/README.md @@ -1,30 +1,22 @@ # Kubernetes Handbook -Kubernetes是谷歌开源的容器集群管理系统,是Google多年大规模容器管理技术Borg的开源版本,也是CNCF最重要的组件之一,主要功能包括: +[Kubernetes](http://kubernetes.io)是Google基于[Borg](https://research.google.com/pubs/pub43438.html)开源的容器编排调度引擎,作为[CNCF](http://cncf.io)(Cloud Native Computing Foundation)最重要的组件之一,它的目标不仅仅是一个编排系统,而是提供一个规范,可以让你来描述集群的架构,定义服务的最终状态,它将自动得将系统达到和维持在这个状态。 -- 基于容器的应用部署、维护和滚动升级 -- 负载均衡和服务发现 -- 跨机器和跨地区的集群调度 -- 自动伸缩 -- 无状态服务和有状态服务 -- 广泛的Volume支持 -- 插件机制保证扩展性 +本书记录了本人从零开始学习和使用Kubernetes的心路历程,着重于经验分享和总结,同时也会有相关的概念解析,希望能够帮助大家少踩坑,少走弯路。 -Kubernetes发展非常迅速,已经成为容器编排领域的领导者。Kubernetes的中文资料也非常丰富,但系统化和紧跟社区更新的则就比较少见了。《Kubernetes指南》开源电子书旨在整理平时在开发和使用Kubernetes时的参考指南和实践心得,更是为了形成一个系统化的参考指南以方便查阅。欢迎大家关注,更欢迎大家一起添加更多更好的内容。 - -本书所有的组件安装、示例和操作等都基于**Kubernetes1.6.0**版本。 - -文章同步更新到[gitbook](https://www.gitbook.com/book/rootsongjc/kubernetes-handbook/details),方便大家浏览和下载PDF。 - -GitHub地址:https://github.com/rootsongjc/kubernetes-handbook +在写作本书时,安装的所有组件、所用示例和操作等皆基于**Kubernetes1.6.0**版本。 [文章目录](SUMMARY.md) -## 如何阅读 +GitHub地址:https://github.com/rootsongjc/kubernetes-handbook + +Gitbook在线浏览:https://www.gitbook.com/book/rootsongjc/kubernetes-handbook/ + +## 如何使用本书 **在线浏览** -访问gitbook:https://www.gitbook.com/book/rootsongjc/kubernetes-handbook/ +访问[gitbook](https://www.gitbook.com/book/rootsongjc/kubernetes-handbook/) 文中涉及的配置文件和代码链接在gitbook中会无法打开,请下载github源码后,在MarkDown编辑器中打开,点击链接将跳转到你的本地目录,推荐使用[typora](www.typorai.o)。 @@ -56,11 +48,11 @@ gitbook pdf . ./kubernetes-handbook.pdf - **On Windows** -需要用到的工具:`calibre`, `phantomjs` +需要用到的工具:[calibre](http://calibre-ebook.com/),[phantomjs](http://phantomjs.org/download.html) -1. 将上述2个安装,calibre默认安装的路径C:\Program Files\Calibre2,[phantomjs](http://phantomjs.org/download.html)为你解压路径 -2. 并将其目录均加入到系统变量path中,参考:目录添加到系统变量path中 -3. 在cmd打开你需要转pdf的文件夹,输入gitbook pdf即可 +1. 将上述2个安装,calibre默认安装的路径`C:\Program Files\Calibre2`为你解压路径; +2. 并将其目录均加入到系统变量path中,参考:目录添加到系统变量path中; +3. 在cmd打开你需要转pdf的文件夹,输入`gitbook pdf`即可; **生成单个章节的pdf** @@ -82,24 +74,20 @@ pandoc --latex-engine=xelatex --template=pm-template input.md -o output.pdf ### 贡献文档 -**本书文档的组织规则** +#### 文档的组织规则 - 如果要创建一个大的主题就在最顶层创建一个目录; - 所有的图片都放在最顶层的`images`目录下,原则上文章中用到的图片都保存在本地; -- 所有的文档的文件名使用英文命名,可以包含数字和中划线,不要使用下划线,为了生成网站时,分享URL时候的方便,中文会重新编码; -- `etc`、`manifests`目录专门用来保存配置文件; +- 所有的文档的文件名使用英文命名,可以包含数字和中划线; +- `etc`、`manifests`目录专门用来保存配置文件和文档中用到的其他相关文件; -**添加文档** +#### 添加文档 1. 在该文章相关主题的目录下创建文档; 2. 在`SUMMARY.md`中在相应的章节下添加文章链接; 3. 在文章相应的主题的头文档,即以该主题命名的文档中添加链接; 4. 执行`gitbook server`测试是否保存,然后访问 http://localhost:4000 查看该文档是否出现在相应主题的目录下; -5. 对该文档有卓越贡献的人将被加入到**贡献者**名单中; -## 贡献者 +## 关于 [Jimmy Song](http://rootsongjc.github.io/about) - - - diff --git a/SUMMARY.md b/SUMMARY.md index f670699cb..83042f55c 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -1,103 +1,53 @@ # Summary -- [前言](README.md) -- [1. Kubernetes简介](introduction/index.md) - - [1.1 核心概念](introduction/concepts.md) - - [1.2 Kubernetes 101](introduction/101.md) - - [1.3 Kubernetes 201](introduction/201.md) - - [1.4 Kubernetes集群](introduction/cluster.md) -- [2. 核心原理](architecture/index.md) - - [2.1 设计理念](architecture/concepts.md) - - [2.2 主要概念](architecture/objects.md) +- [1. 前言](README.md) +- [2. 概念原理](concepts/index.md) + - [2.1 设计理念](concepts/concepts.md) + - [2.2 主要概念](concepts/objects.md) - 2.2.1 Pod - 2.2.2 Node - 2.2.3 Namespace - - [2.2.4 Service](architecture/service.md) - - [2.2.5 Volume和Persistent Volume](architecture/volume.md) - - [2.2.6 Deployment](architecture/deployment.md) - - [2.2.7 Secret](architecture/secret.md) - - [2.2.8 StatefulSet](architecture/statefulset.md) - - [2.2.9 DaemonSet](architecture/daemonset.md) - - [2.2.10 ServiceAccount](architecture/serviceaccount.md) - - [2.2.11 ReplicationController和ReplicaSet](architecture/replicaset.md) - - [2.2.12 Job](architecture/job.md) - - [2.2.13 CronJob](architecture/cronjob.md) - - [2.2.14 Ingress](architecture/ingress.md) - - SecurityContext - - Resource Quota - - Pod Security Policy - - Horizontal Pod Autoscaling - - Network Policy - - Ingress - - ThirdPartyResources - - [2.3 核心组件的工作原理](components/index.md) - - Etcd - - API Server - - Scheduler - - Controller Manager - - Kubelet - - Kube Proxy - - Kube DNS - - hyperkube - - Federation - - [kubeadm](architecture/kubeadm.md) -- [3. 插件指南](plugins/index.md) - - [3.1 认证和授权插件](plugins/auth.md) - - [3.2 网络插件](plugins/network.md) - - [3.3 Volume插件](plugins/volume.md) - - [3.4 Container Runtime Interface](plugins/CRI.md) - - 3.5 Network Policy - - 3.6 Ingress Controller - - 3.7 Cloud Provider - - 3.8 Scheduler - - [3.9 其他](plugins/other.md) -- [4. 最佳实践](deploy/index.md) - - [4.1 部署](deploy/index.md) - - [4.1.1 单机部署](deploy/single.md) - - [4.1.2 集群部署](deploy/cluster.md) - - [4.1.3 kubeadm](deploy/kubeadm.md) - - [4.1.4 附加组件](addons/index.md) - - [ 4.2 在CentOS上部署kubernetes1.6集群](deploy/centos/install-kbernetes1.6-on-centos.md) - - [4.2.1 创建TLS证书和秘钥](deploy/centos/create-tls-and-secret-key.md) - - [4.2.2 创建kubeconfig 文件](deploy/centos/create-kubeconfig.md) - - [4.2.3 创建高可用etcd集群](deploy/centos/etcd-cluster-installation.md) - - [4.2.4 安装kubectl命令行工具](deploy/centos/kubectl-installation.md) - - [4.2.5 部署高可用master集群](deploy/centos/master-installation.md) - - [4.2.6 部署node节点](deploy/centos/node-installation.md) - - [4.2.7 安装kubedns插件](deploy/centos/kubedns-addon-installation.md) - - [4.2.8 安装dashboard插件](deploy/centos/dashboard-addon-installation.md) - - [4.2.9 安装heapster插件](deploy/centos/heapster-addon-installation.md) - - [4.2.10 安装EFK插件](deploy/centos/efk-addon-installation.md) - - [4.2 监控](monitor/index.md) - - [4.3 日志](deploy/logging.md) - - [4.4 高可用](ha/index.md) - - [4.5 调试](debugging/index.md) - - [4.6 kubernetes配置最佳实践](deploy/kubernetes-configuration-best-practice.md) - - [4.7 安全配置](security/security-configuration.md) - * [5.1 Kubernetes中的RBAC支持](./security/rbac-support-in-kubernetes.md) - - [4.8 网络配置](network/index.md) - * [6.1 Kubernetes中的网络模式解析](network/network-modes-in-kubernetes.md) - - [4.9 存储配置](storage/index.md) - - [7.1 使用glusterfs做持久化存储](storage/using-glusterfs-for-persistent-storage.md) -- [5. 服务发现与负载均衡](service-discovery-lb/index.md) - * [5.1 安装Traefik ingress](service-discovery-lb/traefik-ingress-installation.md) - * [5.2 分布式负载测试](service-discovery-lb/distributed-load-test.md) - * [5.3 网络和集群性能测试](service-discovery-lb/network-and-cluster-perfermance-test.md) - * [5.4 边缘节点配置](service-discovery-lb/edge-node-configuration.md) -- [6. 开发指南](dev/index.md) - - [6.1 开发环境搭建](dev/index.md) - - [6.2 单元测试和集成测试](dev/testing.md) - - [6.3 社区贡献](dev/contribute.md) -- [7. 应用管理](apps/index.md) - - [7.1 Helm](apps/helm-app.md) - - [7.2 Deis workflow](apps/deis.md) -- [8. 运维管理](ops/index.md) - - [8.1 服务滚动升级](ops/service-rolling-update.md) - - [8.2 应用日志收集](ops/app-log-collection.md) -- [9. 附录](appendix/index.md) - - [9.1 awesome-docker](appendix/awesome-docker.md) - - [9.2 awesome-kubernetes](appendix/awesome-kubernetes.md) - - [9.3 Kubernetes ecosystem](appendix/ecosystem.md) - - [9.4 Docker最佳实践](appendix/docker-best-practice.md) - - [9.4 参考文档](reference.md) - - [9.5 问题记录](issues.md) \ No newline at end of file + - [2.2.4 Service](concepts/service.md) + - [2.2.5 Volume和Persistent Volume](concepts/volume.md) + - [2.2.6 Deployment](concepts/deployment.md) + - [2.2.7 Secret](concepts/secret.md) + - [2.2.8 StatefulSet](concepts/statefulset.md) + - [2.2.9 DaemonSet](concepts/daemonset.md) + - [2.2.10 ServiceAccount](concepts/serviceaccount.md) + - [2.2.11 ReplicationController和ReplicaSet](concepts/replicaset.md) + - [2.2.12 Job](concepts/job.md) + - [2.2.13 CronJob](concepts/cronjob.md) + - [2.2.14 Ingress](concepts/ingress.md) + - [2.2.15 ConfigMap](concepts/configmap.md) +- [3. 用户指南](guide/index.md) +- [4. 最佳实践](practice/index.md) + - [ 4.1 在CentOS上部署kubernetes1.6集群](practice/install-kbernetes1.6-on-centos.md) + - [4.1.1 创建TLS证书和秘钥](practice/create-tls-and-secret-key.md) + - [4.1.2 创建kubeconfig文件](practice/create-kubeconfig.md) + - [4.1.3 创建高可用etcd集群](practice/etcd-cluster-installation.md) + - [4.1.4 安装kubectl命令行工具](practice/kubectl-installation.md) + - [4.1.5 部署高可用master集群](practice/master-installation.md) + - [4.1.6 部署node节点](practice/node-installation.md) + - [4.1.7 安装kubedns插件](practice/kubedns-addon-installation.md) + - [4.1.8 安装dashboard插件](practice/dashboard-addon-installation.md) + - [4.1.9 安装heapster插件](practice/heapster-addon-installation.md) + - [4.1.10 安装EFK插件](practice/efk-addon-installation.md) + - [4.2 服务发现与负载均衡](practice/service-discovery-and-loadbalancing.md) + - [4.2.1 安装Traefik ingress](practice/traefik-ingress-installation.md) + - [4.2.2 分布式负载测试](practice/distributed-load-test.md) + - [4.2.3 网络和集群性能测试](practice/network-and-cluster-perfermance-test.md) + - [4.2.4 边缘节点配置](practice/edge-node-configuration.md) + - [4.3 运维管理](practice/operation.md) + - [4.3.1 服务滚动升级](practice/service-rolling-update.md) + - [4.3.2 应用日志收集](practice/app-log-collection.md) + - [4.4 存储管理](practice/storage.md) + - [4.4.1 使用glusterfs做持久化存储](practice/using-glusterfs-for-persistent-storage.md) +- [5. 领域应用](usecases/index.md) +- [6. 开发指南](develop/index.md) + - [6.1 开发环境搭建](develop/developing-environment.md) + - [6.2 单元测试和集成测试](develop/testing.md) + - [6.3 社区贡献](develop/contribute.md) +- [7. 附录](appendix/index.md) + - [7.1 Docker最佳实践](appendix/docker-best-practice.md) + - [7.2 问题记录](issues.md) + diff --git a/addons/dashboard.md b/addons/dashboard.md deleted file mode 100644 index 3b4c74bea..000000000 --- a/addons/dashboard.md +++ /dev/null @@ -1,42 +0,0 @@ -# Kubernetes Dashboard - -Kubernetes Dashboard的部署非常简单,只需要运行 - -``` -kubectl create -f https://git.io/kube-dashboard -``` - -稍等一会,dashborad就会创建好 - -``` -$ kubectl -n kube-system get service kubernetes-dashboard -NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE -kubernetes-dashboard 10.101.211.212 80:32729/TCP 1m -$ kubectl -n kube-system describe service kubernetes-dashboard -Name: kubernetes-dashboard -Namespace: kube-system -Labels: app=kubernetes-dashboard -Annotations: -Selector: app=kubernetes-dashboard -Type: NodePort -IP: 10.101.211.212 -Port: 80/TCP -NodePort: 32729/TCP -Endpoints: 10.244.1.3:9090 -Session Affinity: None -Events: -``` - -然后就可以通过`http://nodeIP:32729`来访问了。 - -## https - -通常情况下,建议Dashboard服务以https的方式运行,在访问它之前我们需要将证书导入系统中: - -``` -openssl pkcs12 -export -in apiserver-kubelet-client.crt -inkey apiserver-kubelet-client.key -out kube.p12 -curl -sSL -E ./kube.p12:password -k https://nodeIP:6443/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard -``` - -将kube.p12导入系统就可以用浏览器来访问了。注意,如果nodeIP不在证书CN里面,则需要做个hosts映射。 - diff --git a/addons/efk.md b/addons/efk.md deleted file mode 100644 index 645b10313..000000000 --- a/addons/efk.md +++ /dev/null @@ -1,3 +0,0 @@ -# Elasticsearch Fluentd Kibana (EFK) - -配置文件见. diff --git a/addons/heapster.md b/addons/heapster.md deleted file mode 100644 index 682517ca6..000000000 --- a/addons/heapster.md +++ /dev/null @@ -1,7 +0,0 @@ -# Heapster - -``` -git clone https://github.com/kubernetes/heapster -cd heapster -kubectl create -f deploy/kube-config/influxdb/ -``` diff --git a/addons/index.md b/addons/index.md deleted file mode 100644 index e18210709..000000000 --- a/addons/index.md +++ /dev/null @@ -1,6 +0,0 @@ -# Kubernetes Addons - -- [Dashboard](dashboard.html) -- [Heapster](heapster.html) -- [EFK](efk.html) - diff --git a/appendix/awesome-docker.md b/appendix/awesome-docker.md deleted file mode 100644 index 98f790d7f..000000000 --- a/appendix/awesome-docker.md +++ /dev/null @@ -1,759 +0,0 @@ -# Awesome Docker - - -https://github.com/veggiemonk/awesome-docker - -> A curated list of Docker resources and projects -> Inspired by [@sindresorhus](https://github.com/sindresorhus)' [awesome][sindresorhus] and improved by these **[amazing contributors](https://github.com/veggiemonk/awesome-docker/graphs/contributors)**. - -It's now a GitHub project because it's considerably easier for other people to edit, fix and expand on Docker using GitHub. Just click [README.md][editREADME] to submit a [pull request][editREADME]. -If this list is not complete, you can [contribute][editREADME] to make it so. - -> **Please**, help organize these resources so that they are _easy to find_ and _understand_ for new comers. See how to **[Contribute](https://github.com/veggiemonk/awesome-docker/blob/master/CONTRIBUTING.md)** for tips! - -#### *If you see a link here that is not (any longer) a good fit, you can fix it by submitting a [pull request][editREADME] to improve this file. Thank you!* - -The creators and maintainers of this list do not receive and should not receive any form of payment to accept a change made by any contributor. The goal of this repo is to index articles, learning materials and projects, not to advertise for profit. **All pull requests are merged by default** and removed if inappropriate or unavailable, or fixed when necessary. - -All the links are monitored and tested with [awesome_bot](https://github.com/dkhamsing/awesome_bot) made by [@dkhamsing](https://github.com/dkhamsing) - -# What is Docker ? - -> Docker is an open platform for developers and sysadmins to build, ship, and run distributed applications. Consisting of Docker Engine, a portable, lightweight runtime and packaging tool, and Docker Hub, a cloud service for sharing applications and automating workflows, Docker enables apps to be quickly assembled from components and eliminates the friction between development, QA, and production environments. As a result, IT can ship faster and run the same app, unchanged, on laptops, data center VMs, and any cloud. - -_Source:_ [What is Docker](https://www.docker.com/what-docker) - -# Where to start ? - -* [10-minute Interactive Tutorial](https://docs.docker.com/docker-for-mac/) -* [Docker Training](http://training.docker.com/) -* Read this complete article: [Basics – Docker, Containers, Hypervisors, CoreOS](http://etherealmind.com/basics-docker-containers-hypervisors-coreos/) -* Watch the video: [Docker for Developers][docker4dev] (54:26) by [@jpetazzo][jpetazzo] -* [Docker Jumpstart](https://github.com/odewahn/docker-jumpstart/): a quick introduction -* [Docker Curriculum](http://prakhar.me/docker-curriculum/): A comprehensive tutorial for getting started with Docker. Teaches how to use Docker and deploy dockerized apps on AWS with Elastic Beanstalk and Elastic Container Service. -* [Install Docker on your machine](docker-cheat-sheet#installation) and play with a few [Useful Images](#useful-images) -* Try [Panamax: Docker Management for Humans][panamax.io] It will install a CoreOS VM with VirtualBox and has nice front end -* [Install Docker Toolbox](https://www.docker.com/products/docker-toolbox) Docker Toolbox is an installer to quickly and easily install and setup a Docker environment on your computer. Available for both Windows and Mac, the Toolbox installs Docker Client, Machine, Compose (Mac only), Kitematic and VirtualBox. -* Check out: [Docker Cheat Sheet][docker-cheat-sheet] by [@wsargent][wsargent] __MUST SEE__ -* [Project Web Dev][projwebdev] : (Article series) How to create your own website based on Docker -* [Docker Containers on the desktop][jessblog] by [@jfrazelle][jfrazelle]) The **funniest way** to - learn - about docker! (Tips: checkout her [dotfiles][jfrazelledotfiles] and her [dockerfiles][jfrazelledockerfiles]) -* [Container Hacks and Fun Images][jessvid] by [@jfrazelle][jfrazelle] @ DockerCon 2015 **MUST WATCH VIDEO** (38:50) -* [Learn Docker](https://github.com/dwyl/learn-docker) Full environment set up, screenshots, step-by-step tutorial and more resources (video, articles, cheat sheets) by [@dwyl](https://github.com/dwyl) -* [Docker Caveats](http://docker-saigon.github.io/post/Docker-Caveats/) What You Should Know About Running Docker In Production (written 11 APRIL 2016) __MUST SEE__ -* [How to Whale](https://howtowhale.com/) Learn Docker in your web browser, no setup or installation required. - -# MENU - -- [What is Docker ?](#what-is-docker-) -- [Where to start ?](#where-to-start-) -- [MENU](#menu) -- [Useful Articles](#useful-articles) - - [Main Resources](#main-resources) - - [General Articles](#general-articles) - - [Deep Dive](#deep-dive) - - [Networking](#networking) - - [Metal](#metal) - - [Multi-Server](#multi-server) - - [Cloud Infrastructure](#cloud-infrastructure) - - [Good Tips](#good-tips) - - [Newsletter](#newsletter) - - [Continuous Integration](#continuous-integration) - - [Optimizing Images](#optimizing-images) - - [Service Discovery](#service-discovery) - - [Security](#security) - - [Performances](#performances) - - [Raspberry Pi & ARM](#raspberry-pi--arm) - - [Other](#other) -- [Books](#books) -- [Tools](#tools) - - [Terminal User Interface](#terminal-user-interface) - - [Dev Tools](#dev-tools) - - [Continuous Integration / Continuous Delivery](#continuous-integration--continuous-delivery) - - [Deployment](#deployment) - - [Hosting for repositories (registries)](#hosting-for-repositories-registries) - - [Hosting for containers](#hosting-for-containers) - - [Reverse Proxy](#reverse-proxy) - - [Web Interface](#web-interface) - - [Local Container Manager](#local-container-manager) - - [Volume management and plugins](#volume-management-and-plugins) - - [Useful Images](#useful-images) - - [Dockerfile](#dockerfile) - - [Storing Images and Registries](#storing-images-and-registries) - - [Monitoring](#monitoring) - - [Networking](#networking) - - [Logging](#logging) - - [Deployment and Infrastructure](#deployment-and-infrastructure) - - [PaaS](#paas) - - [Remote Container Manager / Orchestration](#remote-container-manager--orchestration) - - [Security](#security) - - [Service Discovery](#service-discovery) - - [Metadata](#metadata) -- [Slides](#slides) -- [Videos](#videos) - - [Main Account](#main-account) - - [Useful videos](#useful-videos) -- [Interactive Learning Environments](#interactive-learning-environments) -- [Interesting Twitter Accounts](#interesting-twitter-accounts) - - [People](#people) - - -# Useful Articles - -## Main Resources - -* [Docker Weekly](https://blog.docker.com/docker-weekly-archives/) Huge resource -* [Docker Cheat Sheet][docker-cheat-sheet] by [@wsargent][wsargent] __MUST SEE__ -* [Docker Printable Refcard][docker-quick-ref] by [@dimonomid][dimonomid] -* [CenturyLink Labs](https://labs.ctl.io/category/docker/) -* [Valuable Docker Links](http://www.nkode.io/2014/08/24/valuable-docker-links.html) Very complete -* [Docker Ecosystem](https://www.mindmeister.com/389671722/docker-ecosystem) (Mind Map) __MUST SEE__ -* [Docker Ecosystem](http://comp.photo777.org/wp-content/uploads/2015/09/Docker-ecosystem-8.5.1.pdf) (PDF) __MUST SEE__ find it on [blog](http://comp.photo777.org/docker-ecosystem/) by Bryzgalov Peter. -* [Blog](https://blog.jessfraz.com/) of [@frazelledazzell][jfrazelle] -* [Blog](http://jpetazzo.github.io/) of [@jpetazzo][jpetazzo] -* [Blog](http://progrium.com/blog/) of [@progrium][progrium] -* [Blog](http://jasonwilder.com/) of [@jwilder][jwilder] -* [Blog](http://crosbymichael.com/) of [@crosbymichael][crosbymichael] -* [Blog](http://gliderlabs.com/blog/) of [@gliderlabs][gliderlabs] -* [Blog](http://sebgoa.blogspot.be/) of [@sebgoa][sebgoa] -* [Blog](https://blog.codeship.com/) of [@codeship](https://github.com/codeship) -* [Digital Ocean Community](https://www.digitalocean.com/community/search?q=docker&type=tutorials) -* [Container42](http://container42.com/) -* [Container solutions](http://container-solutions.com/blog/) -* [DockerOne](http://dockone.io/) Docker Community (in Chinese) by [@LiYingJie](http://dockone.io/people/%E6%9D%8E%E9%A2%96%E6%9D%B0) -* [Project Web Dev][projwebdev] : (Article series) How to create your own website based on Docker -* [Docker vs. VMs? Combining Both for Cloud Portability Nirvana](http://www.rightscale.com/blog/cloud-management-best-practices/docker-vs-vms-combining-both-cloud-portability-nirvana) -* [Docker Containers on the desktop][jessblog] by [@jfrazelle][jfrazelle] The **funniest way** to learn - about docker! (Tips: checkout her [dotfiles][jfrazelledotfiles] and her [dockerfiles][jfrazelledockerfiles])) -* [Awesome Linux Container](https://github.com/Friz-zy/awesome-linux-containers) more general about container than this repo, by [@Friz-zy](https://github.com/Friz-zy). - -## General Articles -* [Getting Started with Docker](https://serversforhackers.com/getting-started-with-docker) by [@fideloper](https://github.com/fideloper) -- [Servers For Hackers](https://serversforhackers.com/editions) is valuable resource. At some point, every programmer finds themselves needing to know their way around a server. -* [What is Docker and how do you monitor it?](http://axibase.com/docker-monitoring/) -* [How to Use Docker on OS X: The Missing Guide](https://www.viget.com/articles/how-to-use-docker-on-os-x-the-missing-guide) -* [Docker for (Java) Developers](https://ro14nd.de/Docker-for-Developers) -* [Deploying NGINX with Docker](https://www.nginx.com/blog/deploying-nginx-nginx-plus-docker/) -* [Eight Docker Development Patterns](http://hokstad.com/docker/patterns) -* [Rails Development Environment for OS X using Docker](https://allenan.com/docker-rails-dev-environment-for-osx/) -* [Logging on Docker: What You Need to Know](https://dzone.com/articles/logging-docker-what-you-need) + see the - [video][loggingDocker] (~50min) -* [Comparing Five Monitoring Options for Docker](http://rancher.com/comparing-monitoring-options-for-docker-deployments/) -* [Minimalistic data-only container for Docker Compose](http://dockermeetupsinbordeaux.github.io/docker-compose/data-container/2015/03/01/minimalistic-docker-data-container.html) (Written Mar 1, 2015) -* [Running Docker Containers with Systemd](http://container-solutions.com/running-docker-containers-with-systemd/) -* [Dockerizing Flask With Compose and Machine - From Localhost to the Cloud](https://realpython.com/blog/python/dockerizing-flask-with-compose-and-machine-from-localhost-to-the-cloud/) -- [GitHub](https://github.com/realpython/orchestrating-docker) Learn how to deploy an application using Docker Compose and Docker Machine (written 17 April 2015) -* [Why and How to use Docker for Development](https://medium.com/iron-io-blog/why-and-how-to-use-docker-for-development-a156c1de3b24) (written 28 APR 2015) -* [Automating Docker Logging: ElasticSearch, Logstash, Kibana, and Logspout](https://nathanleclaire.com/blog/2015/04/27/automating-docker-logging-elasticsearch-logstash-kibana-and-logspout/) (written 27 APR 2015) -* [Docker Host Volume Synchronization](http://oliverguenther.de/2015/05/docker-host-volume-synchronization/) (written 1 JUN 2015) -* [From Local Development to Remote Deployment with Docker Machine and Compose](https://developer.rackspace.com/blog/dev-to-deploy-with-docker-machine-and-compose/) (written 2 JUL 2015) -* [Docker: Build, Ship and Run Any App, Anywhere](http://delftswa.github.io/chapters/docker/index.html) by [Martijn Dwars](https://github.com/MartijnDwars), [Wiebe van Geest](https://github.com/wrvangeest), [Rik Nijessen](https://github.com/gewoonrik), and [Rick Wieman](https://github.com/RickWieman) from [Delft University of Technology](http://www.tudelft.nl/) (written 2 JUL 2015) -* [Joining the Docker Ship](http://thenewstack.io/joining-the-docker-ship-and-go/) Learn how to contribute to docker (written 9 JUL 2015) -* [Continuous Deployment with Gradle and Docker](https://github.com/gesellix/pipeline-with-gradle-and-docker/blob/master/README.md) Describes a complete pipeline from source to production deploy (includes a complete Spring Boot example project) by - [@gesellix][gesellix] -* [Containerization and the PaaS Cloud](https://www.computer.org/cms/Computer.org/ComputingNow/issues/2015/09/mcd2015030024.pdf) -- This article discusses the requirements that arise from having to facilitate applications through distributed multicloud platforms. -* [Docker for Development: Common Problems and Solutions](https://medium.com/@rdsubhas/docker-for-development-common-problems-and-solutions-95b25cae41eb) by [@rdsubhas](https://github.com/rdsubhas) -* [Docker Adoption Data](https://www.datadoghq.com/docker-adoption/) A study by Datadog on the real world Docker usage stastics and deployment patterns. -* [How to monitor Docker](https://www.datadoghq.com/blog/the-docker-monitoring-problem/) (4-part series) -* [Using Ansible with Docker Machine to Bootstrap Host Nodes](https://nathanleclaire.com/blog/2015/11/10/using-ansible-with-docker-machine-to-bootstrap-host-nodes/) by [@nathanleclaire](https://github.com/nathanleclaire) -* [Swarm v. Fleet v. Kubernetes v. Mesos](https://www.oreilly.com/ideas/swarm-v-fleet-v-kubernetes-v-mesos) Comparing different orchestration tools. (written OCT 2015) -* [The Shortlist of Docker Hosting](https://blog.codeship.com/the-shortlist-of-docker-hosting) There are so many specialized and optimized Docker hosting services available, it’s high time for a review to see what’s on offer (by Chris Ward). - -## Portuguese Articles - -* [Uma rápida introdução ao Docker e instalação no Ubuntu](https://woliveiras.com.br/posts/uma-rapida-introducao-ao-docker-e-instalacao-no-ubuntu/) -* [O que é uma imagem e o que é um container Docker?](https://woliveiras.com.br/posts/imagem-docker-ou-um-container-docker/) -* [Criando uma imagem Docker personalizada](https://woliveiras.com.br/posts/Criando-uma-imagem-Docker-personalizada/) -* [Comandos mais utilizados no Docker](https://woliveiras.com.br/posts/comandos-mais-utilizados-no-docker/) - -## Deep Dive -* [Creating containers - Part 1](http://crosbymichael.com/creating-containers-part-1.html) This is part one of a series of blog posts detailing how docker creates containers. By [@crosbymichael][crosbymichael] -* [Data-only container madness](http://container42.com/2014/11/18/data-only-container-madness/) - -## Networking -* [Using Docker Machine with Weave 0.10](https://www.weave.works/using-docker-machine-with-weave-0-10/) (written 22 APR 2015) -* [How to Route Traffic through a Tor Docker container](https://blog.jessfraz.com/post/routing-traffic-through-tor-docker-container/) by [@jfrazelle][jfrazelle] (writtent 20 JUN 2015) - -## Metal -* [How to use Docker on Full Metal](http://blog.bigstep.com/use-docker-full-metal-cloud/) - -## Multi-Server -* [A Docker based mini-PaaS](http://shortcircuit.net.au/~prologic/blog/article/2015/03/24/a-docker-based-mini-paas/) - by [@prologic][prologic] -* [A multi-host scalable web services demo using Docker swarm, Docker compose, NGINX, and Blockbridge](https://www.blockbridge.com/a-scalable-web-services-demo-using-docker-swarm-compose-and-blockbridge/) - -## Cloud Infrastructure -* [Cloud Infrastructure Automation for Docker Nodes](https://blog.tutum.co/2015/04/29/cloud-infrastructure-automation-for-docker-nodes/) - -## Good Tips -* [24 random docker tips](https://csabapalfi.github.io/random-docker-tips/) by [@csabapalfi](https://github.com/csabapalfi) -* [GUI Apps with Docker](http://fabiorehm.com/blog/2014/09/11/running-gui-apps-with-docker/) by [@fgrehm][fgrehm] -* [Automated Nginx Reverse Proxy for Docker](http://jasonwilder.com/blog/2014/03/25/automated-nginx-reverse-proxy-for-docker/) by [@jwilder][jwilder] -* [Using NSEnter with Boot2Docker](https://ro14nd.de/NSEnter-with-Boot2Docker) -* [A Simple Way to Dockerize Applications](http://jasonwilder.com/blog/2014/10/13/a-simple-way-to-dockerize-applications/) by [@jwilder][jwilder] -* [Building good docker images](http://jonathan.bergknoff.com/journal/building-good-docker-images) by [@jbergknoff](https://github.com/jbergknoff) -* [10 Things Not To Forget Before Deploying Docker In Production](http://www.slideshare.net/rightscale/docker-meetup-40826948) -* [Docker CIFS – How to Mount CIFS as a Docker Volume](http://backdrift.org/docker-cifs-howto-mount-cifs-volume-docker-container) -* [Nginx Proxy for Docker](https://blog.danivovich.com/2015/07/09/nginx-proxy-for-docker-containers/) (written 9 JUL 2015) -* [Dealing with linked containers dependency in docker-compose](http://brunorocha.org/python/dealing-with-linked-containers-dependency-in-docker-compose.html) by [@rochacbruno](https://github.com/rochacbruno) -* [Docker Tips](http://www.mervine.net/notes/docker-tips) by [@jmervine](https://github.com/jmervine) -* [Docker on Windows behind a firewall](http://toedter.com/2015/05/11/docker-on-windows-behind-a-firewall/) by [@kaitoedter](https://twitter.com/kaitoedter) -* [Pulling Git into a Docker image without leaving SSH keys behind](http://blog.cloud66.com/pulling-git-into-a-docker-image-without-leaving-ssh-keys-behind/) by [@khash](https://github.com/khash) -* [6 Million Ways To Log In Docker](http://www.slideshare.net/raychaser/6-million-ways-to-log-in-docker-nyc-docker-meetup-12172014) by [@raychaser](https://twitter.com/raychaser) -* [Dockerfile Generator](http://jrruethe.github.io/blog/2015/09/20/dockerfile-generator/) (ruby script) -* [Running Production Hadoop Clusters in Docker Containers](http://conferences.oreilly.com/strata/big-data-conference-ca-2015/public/schedule/detail/38521) -* [10 practical docker tips](http://www.smartjava.org/content/10-practical-docker-tips-day-day-docker-usage) (Dec 2015) by [@josdirksen](https://github.com/josdirksen) -* [Kubernetes Cheatsheet](http://k8s.info/cs.html) - A great resource for managing your Kubernetes installation -* [Container Best Practices](http://docs.projectatomic.io/container-best-practices/) - Red Hat's Project Atomic created a Container Best Practices guide which applies to everything and is updated regurlary. -* [Production Meteor and Node Using Docker, Part I](https://projectricochet.com/blog/production-meteor-and-node-using-docker-part-i) by [@projectricochet](https://github.com/projectricochet) -* [Resource Management in Docker](https://goldmann.pl/blog/2014/09/11/resource-management-in-docker/) by [@marekgoldmann](https://twitter.com/marekgoldmann) - -## Newsletter -* [Docker Team](https://www.docker.com/) -* [CenturyLink Labs](https://labs.ctl.io/) -* [Tutum](https://dashboard.tutum.co/) -* [DevOps Weekly](http://www.devopsweekly.com) -* [Shippable](http://blog.shippable.com/) -* [WebOps weekly](http://webopsweekly.com/) - -## Continuous Integration -* [Docker and Phoenix: How to Make Your Continuous Integration More Awesome](https://ariya.io/2014/12/docker-and-phoenix-how-to-make-your-continuous-integration-more-awesome) -* [Jenkins 2.0 - Screencast Series](http://theremotelab.com/blog/jenkins2.0-screencast-series/) by [Virendra Bhalothia](https://twitter.com/bhalothiaa) -* [Pushing to ECR Using Jenkins Pipeline Plugin](https://blog.mikesir87.io/2016/04/pushing-to-ecr-using-jenkins-pipeline-plugin/) by [@mikesir87](https://github.com/mikesir87) - -## Optimizing Images -* [Create the smallest possible Docker container](http://blog.xebia.com/create-the-smallest-possible-docker-container/) -* [Creating a Docker image from your code](https://blog.tutum.co/2014/04/10/creating-a-docker-image-from-your-code/) -* [Optimizing Docker Images](https://www.ctl.io/developers/blog/post/optimizing-docker-images/) -* [How to Optimize Your Dockerfile](https://blog.tutum.co/2014/10/22/how-to-optimize-your-dockerfile/) by [@tutumcloud](https://github.com/tutumcloud) -* [Building Docker Images for Static Go Binaries](https://medium.com/@kelseyhightower/optimizing-docker-images-for-static-binaries-b5696e26eb07) by [@kelseyhightower](https://github.com/kelseyhightower) -* [Squashing Docker Images](http://jasonwilder.com/blog/2014/08/19/squashing-docker-images/) by [@jwilder][jwilder] -* [Dockerfile Golf (or optimizing the Docker build process)](http://www.davidmkerr.com/2014/08/dockerfile-golf-or-optimizing-docker.html) -* [ImageLayers](https://imagelayers.iron.io/) Visualize Docker images and the layers that compose them. -* [DockerSlim](https://github.com/docker-slim/docker-slim) shrinks fat Docker images creating the smallest possible images. -* [SkinnyWhale](https://github.com/djosephsen/skinnywhale) Skinnywhale helps you make smaller (as in megabytes) Docker containers. - -## Service Discovery -* [@progrium][progrium] Service Discovery articles series: -* [Consul Service Discovery with Docker](http://progrium.com/blog/2014/08/20/consul-service-discovery-with-docker/) -* [Understanding Modern Service Discovery with Docker](http://progrium.com/blog/2014/07/29/understanding-modern-service-discovery-with-docker/) -* [Automatic Docker Service Announcement with Registrator](http://progrium.com/blog/2014/09/10/automatic-docker-service-announcement-with-registrator/) - -## Security -* [Docker and SELinux](http://www.projectatomic.io/docs/docker-and-selinux/) -* [Bringing new security features to Docker](https://opensource.com/business/14/9/security-for-docker) -* [Docker Secure Deployment Guidelines](https://github.com/GDSSecurity/Docker-Secure-Deployment-Guidelines) -* [Security Best Practices for Building Docker Images](https://linux-audit.com/tag/docker/) -* [Docker Security: Are Your Containers Tightly Secured to the Ship? SlideShare](http://fr.slideshare.net/MichaelBoelen/docker-security-are-your-containers-tightly-secured-to-the-ship) -* [Tuning Docker with the newest security enhancements](https://opensource.com/business/15/3/docker-security-tuning) -* [Lynis is an open source security auditing tool including Docker auditing](https://cisofy.com/lynis/) -* [Understanding Docker security and best practices](https://blog.docker.com/2015/05/understanding-docker-security-and-best-practices/) (written 5 MAY 2015) -* [Docker Security Cheat Sheet] (https://github.com/konstruktoid/Docker/blob/master/Security/CheatSheet.adoc) -* [How CVE's are handled on Offical Docker Images](https://github.com/docker-library/official-images/issues/1448) -* [Improving Docker Security with Authenticated Volumes](https://www.blockbridge.com/improving-docker-security-with-authenticated-volumes/) - -## Performances -* [Performance Analysis of Docker on Red Hat Enterprise Linux 7](http://developerblog.redhat.com/2014/08/19/performance-analysis-docker-red-hat-enterprise-linux-7/) -* [Distrubuted JMeter testing using Docker](http://srivaths.blogspot.fr/2014/08/distrubuted-jmeter-testing-using-docker.html?m=1) -* [nsinit: per-container resource monitoring of Docker containers on RHEL/Fedora](http://www.breakage.org/2014/09/03/nsinit-per-container-resource-monitoring-of-docker-containers-on-rhelfedora/) - -## Raspberry Pi & ARM -* [git push docker containers to linux devices](https://resin.io/) Modern DevOps for IoT, leveraging git and Docker. -* [Docker Pirates ARMed with explosive stuff](http://blog.hypriot.com/) Huge resource on clustering, swarm, docker, pre-installed image for SD card on Raspberry Pi -* [Docker on Raspberry Pi](http://blog.xebia.com/docker-on-a-raspberry-pi/) -* [Fool-Proof Recipe: Docker on the Raspberry Pi](https://www.voxxed.com/blog/2015/04/fool-proof-recipe-docker-on-the-raspberry-pi/) Same article as above but more opinionated. -* [Raspberry Pi with Docker 1.5.0](http://blog.hypriot.com/post/heavily-armed-after-major-upgrade-raspberry-pi-with-docker-1-dot-5-0/) -* [Swarming Raspberry Pi – Part 1](http://matthewkwilliams.com/index.php/2015/03/21/swarming-raspberry-pi-part-1/) -* [Swarming Raspberry Pi, Part 2: Registry & Mirror](http://matthewkwilliams.com/index.php/2015/03/29/swarming-raspberry-pi-part-2-registry-mirror/) -* [Swarming Raspberry Pi: Docker Swarm Discovery Options](http://matthewkwilliams.com/index.php/2015/04/03/swarming-raspberry-pi-docker-swarm-discovery-options/) -* [Uniform Development by Docker & QEMU](http://www.instructables.com/id/Uniform-Development-by-Docker-QEMU/) -* [Get Docker up and running on the RaspberryPi in three steps](https://github.com/umiddelb/armhf/wiki/Get-Docker-up-and-running-on-the-RaspberryPi-%28ARMv6%29-in-three-steps) -* [Installing, running, using Docker on armhf (ARMv7) devices](https://github.com/umiddelb/armhf/wiki/Installing,-running,-using-docker-on-armhf-(ARMv7)-devices) -* [How to run 2500 webservers on a Raspberry Pi](http://blog.loof.fr/2015/10/how-to-run-2500-webservers-on-raspberry.html) - - -## Other -* Presentation: Docker and JBoss - the perfect combination -* [Vidéo](https://www.youtube.com/watch?v=4uQ6gR_xZhE) -* [Code source](https://github.com/goldmann/goldmann.pl/tree/master/.presentations/2014-vjbug-docker/demos) -* [JBoss and Docker Presentation](https://goldmann.pl/presentations/2014-vjbug-docker/ ) - -# Books - -## In English - -* [Docker Book](https://dockerbook.com/) by James Turnbul ([@kartar][kartar]) -* [Docker Cookbook](http://shop.oreilly.com/product/0636920036791.do) by Sébastien Goasguen ([@sebgoa][sebgoa]) (Publisher: O'Reilly) -* [Docker Cookbook](http://dockercookbook.github.io/) by Neependra Khare ([@neependra](https://twitter.com/neependra)) (Publisher: Packt) -* [Docker in Action](https://www.manning.com/books/docker-in-action) by Jeff Nickoloff ([@allingeek](https://twitter.com/allingeek)) -* [Docker in Practice](https://www.manning.com/books/docker-in-practice) by Ian Miell ([@ianmiell][ianmiell]) and Aidan Hobson Sayers ([@aidanhs](https://github.com/aidanhs)). ==> [Website](http://docker-in-practice.github.io/) -* [Docker Up & Running](https://newrelic.com/docker-book) by [Karl Matthias](https://twitter.com/relistan) and [Sean P. Kane](https://twitter.com/spkane) -* [Using Docker](http://shop.oreilly.com/product/0636920035671.do) by Adrian Mouat ([@adrianmouat](https://twitter.com/adrianmouat)) (Publisher: O'Reilly) -* [Docker Security](https://www.openshift.com/promotions/docker-security.html) by Adrian Mouat ([@adrianmouat](https://twitter.com/adrianmouat)) (Publisher: O'Reilly) -* [Kubernetes](https://www.openshift.com/promotions/kubernetes.html) by [David Rensin](http://research.google.com/pubs/DavidRensin.html) (Publisher: O'Reilly) -* [Docker in Production: Lessons from the Trenches](http://www.amazon.com/Docker-Production-Trenches-Joe-Johnston-ebook/dp/B0141W6KYC) by Joe Johnston (Author), John Fiedler (Author), Milos Gajdos (Author), Antoni Batchelli (Author), Justin Cormack (Author) -* [Mastering Docker](https://www.packtpub.com/virtualization-and-cloud/mastering-docker) by Scott Gallagher (Publisher: Packt) -* [Learning Docker](https://www.packtpub.com/virtualization-and-cloud/learning-docker) by Pethuru Raj, Jeeva S. Chelladhurai and Vinod Singh (Publisher: Packt) -* [Troubleshooting Docker](https://www.packtpub.com/virtualization-and-cloud/troubleshooting-docker) by John Wooten, Navid Shaikh (Publisher: Packt) -* [Orchestrating Docker](https://www.packtpub.com/virtualization-and-cloud/orchestrating-docker) by Shrikrishna Holla (Publisher: Packt) -* [Extending Docker](https://www.packtpub.com/networking-and-servers/extending-docker) by Russ McKendrick (Publisher: Packt) -* [Securing Docker](https://www.packtpub.com/virtualization-and-cloud/securing-docker) by Scott Gallagher (Publisher: Packt) -* [Learning Docker Networking](https://www.packtpub.com/networking-and-servers/learning-docker-networking) by Rajdeep Dua, Vaibhav Kohli and Santosh Kumar Konduri (Publisher: Packt) -* [Docker High Performance](https://www.packtpub.com/networking-and-servers/docker-high-performance) by Allan Espinosa (Publisher: Packt) -* [Kubernetes Up and Running: Dive into the Future of Infrastructure](http://shop.oreilly.com/product/0636920043874.do) by Kelsey Hightower ([@kelseyhightower](https://twitter.com/kelseyhightower)) (Publisher: O'Reilly) - -## Chinese -* [The Source Code Analysis of Docker](https://www.amazon.cn/图书/dp/B012ROMRUM) (Chinese) by [Allen Sun](https://github.com/allencloud) -* [Docker Container and Container Cloud](https://www.amazon.cn/图书/dp/B014ETH1IG) (Chinese) by [Harry Zhang](https://twitter.com/resouer) & Jianbo Sun & Zhejiang University SEL Laboratory - -## German - -* [Docker: Container-Infrastruktur für Microservices](http://www.bee42.com/dockerbook/) by Peter Roßbach ([@PRossbach](https://twitter.com/PRossbach)) - -## Portuguese - -* [Containers com Docker do desenvolvimento à produção](https://www.casadocodigo.com.br/products/livro-docker) by Daniel Romero ([@infoslack](https://twitter.com/infoslack)) -* [Aprendendo Docker: Do básico à orquestração de contêineres](http://aprendendodocker.com.br/) by Wellington F. Silva ([@_wsilva](https://twitter.com/_wsilva)) (Publisher: Editora Novatec) -* [Docker para Desenvolvedores](https://leanpub.com/dockerparadesenvolvedores) by Rafael Gomes ([@kelseyhightower](https://twitter.com/gomex)) (Publisher: Leanpub) - 55% finished - - -# Tools - -* [Docker](https://github.com/docker/docker) -* [Docker Images](https://hub.docker.com) -* [Docker Compose](https://github.com/docker/compose/) (Define and run multi-container applications with Docker) -* [Docker Machine](https://github.com/docker/machine) (Machine management for a container-centric world) -* [Docker Registry][distribution] (The Docker toolset to pack, ship, store, and deliver content) -* [Docker Swarm](https://github.com/docker/swarm) (Swarm: a Docker-native clustering system) - -## Terminal User Interface - -* [sen](https://github.com/TomasTomecek/sen) - Terminal user interface for docker engine, by [@TomasTomecek](https://github.com/TomasTomecek) -* [wharfee](https://github.com/j-bennet/wharfee) - Autocompletion and syntax highlighting for Docker commands.) by [@j-bennet](https://github.com/j-bennet) -* [ctop](https://github.com/yadutaf/ctop) - A command line / text based Linux Containers monitoring tool that works just like you expect by [@yadutaf](https://github.com/yadutaf) -* [dry](https://github.com/moncho/dry) - An interactive CLI for Docker containers by [@moncho](https://github.com/moncho) -* [dockercraft](https://github.com/docker/dockercraft) - Docker + Minecraft = Dockercraft by [@docker][docker] -* [dockersql](https://github.com/crosbymichael/dockersql) - A command line interface to query Docker using SQL by [@crosbymichael][crosbymichael] - -## Dev Tools - -* [draw-compose](https://github.com/Alexis-benoist/draw-compose) - Utility to draw a schema of a docker compose by [@Alexis-benoist](https://github.com/Alexis-benoist) -* [GoSu](https://github.com/tianon/gosu) - Run this specific application as this specific user and get out of the pipeline (entrypoint script tool) by [@tianon](https://github.com/tianon) -* [Chaperone](https://github.com/garywiz/chaperone) - A single PID1 process designed for docker containers. Does user management, log management, startup, zombie reaping, all in one small package. by [@garywiz](https://github.com/garywiz) -* [ns-enter](https://github.com/jpetazzo/nsenter) (no more ssh, enter name spaces of container) by [@jpetazzo][jpetazzo] -* [Squid-in-a-can](https://github.com/jpetazzo/squid-in-a-can) (in case of proxy problem) by [@jpetazzo][jpetazzo] -* [Composerize](https://github.com/magicmark/composerize) Conververt docker run commands into docker-compose files -* [docker-gen](https://github.com/jwilder/docker-gen) (Generate files from docker container meta-data) by [@jwilder][jwilder] -* [dockerize](https://github.com/jwilder/dockerize) (Utility to simplify running applications in docker containers) by [@jwilder][jwilder] -* [registrator](https://github.com/progrium/registrator) (Service registry bridge for Docker) by [@progrium][progrium] -* [Dockly](https://github.com/swipely/dockly) (Dockly is a gem made to ease the pain of packaging an application in Docker.) by [@swipely](https://github.com/swipely/) -* [docker-volumes](https://github.com/cpuguy83/docker-volumes) (Docker Volume Manager) by [@cpuguy83][cpuguy83] -* [dockerfile_lint](https://github.com/projectatomic/dockerfile_lint) (A rule-based 'linter' for Dockerfiles) by [@redhataccess](https://github.com/redhataccess) -* [powerstrip](https://github.com/clusterhq/powerstrip) (A tool for prototyping Docker extensions) by [@clusterhq](https://github.com/clusterhq) -* [Vagga](https://github.com/tailhook/vagga) (Vagga is a containerisation tool without daemons. It is a fully-userspace container engine inspired by Vagrant and Docker, specialized for development environments.) by [@tailhook](https://github.com/tailhook/) -* [dockerode](https://github.com/apocas/dockerode) (Not just another Docker Remote API node.js module) by [@apocas](https://github.com/apocas) -* [go-dockerclient](https://github.com/fsouza/go-dockerclient/) (Go HTTP client for the Docker remote API.) by [@fsouza](https://github.com/fsouza/) -* [Docker.DotNet](https://github.com/Microsoft/Docker.DotNet) (C#/.NET HTTP client for the Docker remote API) by [@ahmetalpbalkan](https://github.com/ahmetalpbalkan/) -* [container-factory](https://github.com/lsqio/container-factory) - Produces Docker images from tarballs of application source code by [@lsqio](https://github.com/lsqio) -* [codelift](https://codelift.io/) - CodeLift is an automated Docker image build utility for 'dockerizing' services by [@BoozAllen](https://twitter.com/BoozAllen) -* [percheron][percheron] - Organise your Docker containers with muscle and intelligence by [@ashmckenzie](https://github.com/ashmckenzie) -* [crane](https://github.com/michaelsauter/crane) - Lift containers with ease. Easy orchestration for images and containers by [@michaelsauter](https://github.com/michaelsauter) -* [sherdock](https://github.com/rancher/sherdock) - Automatic GC of images based on regexp by [@rancher][rancher] -* [bocker](https://github.com/p8952/bocker) (1) - Docker implemented in 100 lines of bash by [p8952](https://github.com/p8952) -* [bocker](https://github.com/icy/bocker) (2) - Write Dockerfile completely in Bash. Extensible and simple. --> Reusable by [@icy](https://github.com/icy) -* [docker-gc](https://github.com/spotify/docker-gc) - A cron job that will delete old stopped containers and unused images by [@spotify](https://github.com/spotify) -* [dlayer](https://github.com/wercker/dlayer) - Stats collector for Docker layers by [@wercker](https://github.com/wercker) -* [forward2docker](https://github.com/bsideup/forward2docker) - Utility to auto forward a port from localhost into ports on Docker containers running in a boot2docker VM by [@bsideup](https://github.com/bsideup) -* [dockramp](https://github.com/jlhawn/dockramp) - Proof of Concept: A Client Driven Docker Image Builder by [@jlhawn](https://github.com/jlhawn) -* [portainer](https://github.com/duedil-ltd/portainer) - Apache Mesos framework for building Docker images by [@tarnfeld](https://github.com/tarnfeld) -* [Gradle Docker plugin](https://github.com/gesellix/gradle-docker-plugin) - A Docker remote api plugin for Gradle by [@gesellix][gesellix] -* [Docker client](https://github.com/gesellix/docker-client) - A Docker remote api client library for the JVM, written in Groovy by [@gesellix][gesellix] -* [Dropdock](http://dropdock.io/) - A framework designed for Drupal to build fast, isolated development environments using Docker. -* [Devstep](https://github.com/fgrehm/devstep) - Development environments powered by Docker and buildpacks by [@fgrehm][fgrehm] -* [Lorry](https://lorry.io/) - Lorry is a docker-compose.yml validator and composer by [@CenturyLinkLabs][CenturyLinkLabs] -* [Dray](http://dray.it/) - Dray is an engine for managing the execution of container-based workflows. Docker Workflow Engine - UNIX pipes for Docker by [@CenturyLinkLabs][CenturyLinkLabs] -* [docker-do](https://github.com/benzaita/docker-do) - hassle-free docker run, like `env` but for docker by [@benzaita](https://github.com/benzaita) -* [Docker osx dev](https://github.com/brikis98/docker-osx-dev) - A productive development environment with Docker on OS X by [@brikis98](https://github.com/brikis98) -* [rocker](https://github.com/grammarly/rocker) - Extended Dockerfile builder. Supports multiple FROMs, MOUNTS, templates, etc. by [grammarly](https://github.com/grammarly). -* [dexec](https://github.com/docker-exec/dexec) - Command line interface for running code with Docker Exec images. https://docker-exec.github.io/ written in Go. -* [crowdr](https://github.com/polonskiy/crowdr) - Tool for managing multiple Docker containers (docker-compose alternative) by [@polonskiy](https://github.com/polonskiy/) -* [ahab](https://github.com/instacart/ahab) - Docker event handling with Python by [@instacart](https://github.com/instacart) -* [docker-garby](https://github.com/konstruktoid/docker-garby) - Docker garbage collection script by [@konstruktoid](https://github.com/konstruktoid). -* [DevLab](https://github.com/TechnologyAdvice/DevLab) - Utility for running containerized development environments -* [is-docker](https://github.com/sindresorhus/is-docker) - Check if the process is running inside a Docker container by [@sindresorhus][sindresorhus] -* [Docker meets the IDE](http://domeide.github.io/) - Integrating your favorite containers in the editor of your choice by [domeide](https://github.com/domeide) -* [DVM](https://github.com/getcarina/dvm) - Docker version manager by [@getcarina](https://github.com/getcarina) -* [docker-ls](https://github.com/mayflower/docker-ls) - CLI tools for browsing and manipulating docker registries by [@mayflower](https://github.com/mayflower) -* [habitus](https://github.com/cloud66/habitus) - A Build Flow Tool for Docker http://www.habitus.io by [@cloud66](https://github.com/cloud66) -* [Compose Registry](https://www.composeregistry.com) - A very handy search engine for Compose Files -* [Docker Clean](https://github.com/zzrotdesign/docker-clean) - A script that cleans Docker containers, images and volumes by [@zzrotdesign](https://github.com/zzrotdesign) -* [Powerline-Docker](https://github.com/adrianmo/powerline-docker) - A Powerline segment for showing the status of Docker containers by [@adrianmo](https://github.com/adrianmo) -* [Docker-PowerShell](https://github.com/Microsoft/Docker-PowerShell) - PowerShell Module for Docker -* [docker-compose-search](https://github.com/francescou/docker-compose-search) - A search engine for Docker Compose application stacks by [@francescou](https://github.com/francescou/) -* [Docker Volume Clone Utility](https://github.com/gdiepen/docker-convenience-scripts) - A Docker Utility to Clone Volumes [@gdiepen](https://twitter.com/gdiepen) -* [docker-companion](https://github.com/mudler/docker-companion) - A command line tool written in Golang to squash and unpack docker images by [@mudler](https://github.com/mudler/) -* [sbt-docker-compose](https://github.com/Tapad/sbt-docker-compose) - Integrates Docker Compose functionality into sbt by [@kurtkopchik](https://github.com/kurtkopchik/) -* [Whale-linter](https://github.com/jeromepin/whale-linter) - A simple and small Dockerfile linter written in Python3+ without dependencies. -* [docker-make](https://github.com/CtripCloud/docker-make) - build,tag,and push a bunch of related docker images via a single command. -* [caduc](https://github.com/tjamet/caduc) - A docker garbage collector cleaning stuff you did not use recently -* [OctoLinker](https://github.com/OctoLinker/browser-extension) - A browser extension for GitHub that makes the image name in a `Dockerfile` clickable and redirect you to the related Docker Hub page. -* [docker-replay](https://github.com/bcicen/docker-replay) Generate `docker run`command and options from running containers -* [dext-docker-registry-plugin](https://github.com/vutran/dext-docker-registry-plugin) - Search the Docker Registry with the Dext smart launcher. - -## Continuous Integration / Continuous Delivery - -* [Awesome-ciandcd](https://github.com/ciandcd/awesome-ciandcd) - Not specific to docker but relevant. -* [Buddy](https://buddy.works) - The best of Git, build & deployment tools combined into one powerful tool that supercharged our development -* [Captain](https://github.com/harbur/captain) - Convert your Git workflow to Docker containers ready for Continuous Delivery by [@harbur](https://github.com/harbur) -* [CircleCI](https://circleci.com/) - Push or pull Docker images from your build environment, or build and run containers right on CircleCI. -* [CodeFresh](https://codefresh.io) - Accelerate your transition to Docker containers -* [CodeShip](https://pages.codeship.com/docker) - Work with your established Docker workflows while automating your testing and deployment tasks with our hosted platform dedicated to speed and security. -* [Docker plugin for Jenkins](https://github.com/jenkinsci/docker-plugin/) - The aim of the docker plugin is to be able to use a docker host to dynamically provision a slave, run a single build, then tear-down that slave. -* [Dockunit](https://github.com/dockunit/platform) - Docker based integration tests. A simple Node based utility for running Docker based unit tests. By [@dockunit](https://github.com/dockunit) -* [Drone](https://github.com/drone/drone) - Continuous integration server built on Docker and configured using YAML files. -* [GitLab CI](https://about.gitlab.com/gitlab-ci/) - GitLab has integrated CI to test, build and deploy your code with the use of GitLab runners. -* [GOCD-Docker](https://github.com/gocd/gocd-docker)Go Server and Agent in docker containers to provision. -* [IBM DevOps Services](https://hub.jazz.net) - Continuous delivery using a pipeline deployment onto IBM Containers on Bluemix. -* [InSpec](https://github.com/chef/inspec) - InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements. -* [Shippable](https://app.shippable.com/) - A SaaS platform for developers and DevOps teams that significantly reduces the time taken for code to be built, tested and deployed to production. -* [Watchtower](https://github.com/CenturyLinkLabs/watchtower) - Automatically update running Docker containers by - [@CenturyLinkLabs][CenturyLinkLabs] -* [Microservices Continuous Deployment](https://github.com/francescou/docker-continuous-deployment) - Continuous deployment of a microservices application -* [Pumba](https://github.com/gaia-adm/pumba) - Chaos testing tool for Docker. Can be deployed on Kubernets and CoreOS clusters. - -## Deployment - -* [Conduit](https://github.com/ehazlett/conduit) - Experimental deployment system for Docker by [@ehazlett](https://github.com/ehazlett) -* [depcon](https://github.com/gondor/depcon) - Depcon is written in Go and allows you to easily deploy Docker containers to Apache Mesos/Marathon, Amazon ECS and Kubernetes. By [@gonodr][gondor] -* [dockit](https://github.com/humblec/dockit) - Do docker actions and Deploy gluster containers! -* [rocker-compose](https://github.com/grammarly/rocker-compose) - Docker composition tool with idempotency features for deploying apps composed of multiple containers. -* [Zodiac](https://github.com/CenturyLinkLabs/zodiac) - A lightweight tool for easy deployment and rollback of dockerized applications. By [@CenturyLinkLabs][CenturyLinkLabs] - -## Hosting for repositories (registries) - -Securely store your Docker images. -* [Docker Hub](https://hub.docker.com/) (provided by Docker Inc.) -* [Quay.io](https://quay.io/) (part of CoreOS) - Secure hosting for private Docker repositories -* [GitLab Container Registry](http://docs.gitlab.com/ce/container_registry/README.html) - Repositories focused on using it images in GitLab CI -* [TreeScale](https://treescale.com/) - Build and Distriubute container based applicaitons. - -## Hosting for containers - -* [Amazon ECS](http://aws.amazon.com/ecs/) - A management service on EC2 that supports Docker containers. -* [ContainerShip Cloud][containership] - Multi-Cloud Container Hosting Automation Platform. -* [Docker Cloud](https://cloud.docker.com/) - Former Tutum -* [Google Container Engine](https://cloud.google.com/container-engine/docs/) - Docker containers on Google Cloud Computing powered by [Kubernetes][kubernetes]. -* [Giant Swarm](https://giantswarm.io/) - Simple microservice infrastructure. Deploy your containers in seconds. -* [IBM Bluemix](https://console.ng.bluemix.net/) - Run Docker containers in a hosted cloud environment on IBM Bluemix. -* [OpenShift Dedicated](https://www.openshift.com/dedicated/index.html) - A hosted [OpenShift][openshift] cluster for running your Docker containers managed by Red Hat. -* [Orchard](https://www.orchardup.com/) (part of Docker Inc) - Get a Docker host in the cloud, instantly. -* [Triton](https://www.joyent.com/) - Elastic container-native infrastructure by Joyent. - -## Reverse Proxy - -* [nginx-proxy][nginxproxy] - Automated nginx proxy for Docker containers using docker-gen by [@jwilder][jwilder] -* [Let's Encrypt Nginx-proxy Companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) - A lightweight companion container for the nginx-proxy. It allow the creation/renewal of Let's Encrypt certificates automatically. By [@JrCs](https://github.com/JrCs) -* [h2o-proxy](https://github.com/zchee/h2o-proxy) - Automated H2O reverse proxy for Docker containers. An alternative to [jwilder/nginx-proxy][nginxproxy] by [@zchee](https://github.com/zchee) -* [docker-proxy](https://github.com/silarsis/docker-proxy) - Transparent proxy for docker containers, run in a docker container. By [@silarsis](https://github.com/silarsis) -* [muguet](https://github.com/mattallty/muguet) - DNS Server & Reverse proxy for Docker environments. By [@mattallty](https://github.com/mattallty) -* [Træfɪk](https://traefik.io/) - Automated reverse proxy and load-balancer for Docker, Mesos, Consul, Etcd... By [@EmileVauge](https://github.com/emilevauge) -* [fabio](https://github.com/eBay/fabio) - A fast, modern, zero-conf load balancing HTTP(S) router for deploying microservices managed by consul. By [@eBay](https://github.com/eBay) -* [Swarm Ingress Router](https://github.com/tpbowden/swarm-ingress-router) - Route DNS names to Swarm services based on labels. - -## Web Interface - -* [Docker Registry Browser](https://github.com/klausmeyer/docker-registry-browser) - Web Interface for the Docker Registry HTTP API v2 by [@klausmeyer](https://github.com/klausmeyer) -* [Docker Registry UI](https://github.com/atc-/docker-registry-ui) - A web UI for easy private/local Docker Registry integration by [@atc-](https://github.com/atc-) -* [DockerUI](https://github.com/kevana/ui-for-docker) - DockerUI is a web interface to interact with the Remote API by [@crosbymichael][crosbymichael] -* [Portus](https://github.com/SUSE/Portus) - Authorization service and frontend for Docker registry (v2) by [@SUSE](https://github.com/SUSE) -* [docker-registry-web](https://github.com/mkuchin/docker-registry-web) - Web UI, authentication service and event recorder for private docker registry v2 by [@mkuchin](https://github.com/mkuchin) -* [dockering-on-rails](https://github.com/Electrofenster/dockerding-on-rails) - Simple Web-Interface for Docker with a lot of features by [@Electrofenster](https://github.com/Electrofenster/) -* [Rapid Dashboard](https://github.com/ozlerhakan/rapid) - A simple query dashboard to use Docker Remote API by [@ozlerhakan](https://github.com/ozlerhakan/) -* [docker-swarm-visualizer](https://github.com/manomarks/docker-swarm-visualizer) - Visualizes Docker services on a Docker Swarm (for running demos). - -## Local Container Manager - -* [Shutit](http://ianmiell.github.io/shutit/) - Tool for building and maintaining complex Docker deployments by - [@ianmiell][ianmiell] -* [FuGu](https://github.com/mattes/fugu) - Docker run wrapper without orchestration by [@mattes](https://github.com/mattes) -* [Boot2Docker](https://github.com/boot2docker/boot2docker) - Docker for OSX and Windows -- http://boot2docker.io/ -* [docker-vm](https://github.com/shyiko/docker-vm) - Simple and transparent alternative to boot2docker (backed by Vagrant) by [@shyiko](https://github.com/shyiko) -* [Vessel](https://github.com/awvessel/vessel) - Automates the setup & use of dockerized development environments by [@awvessel](https://github.com/awvessel) -* [subuser](http://subuser.org) - Makes it easy to securely and portably run graphical desktop applications in Docker -* [OctoHost](http://www.octohost.io/) - Simple web focused Docker based mini-PaaS server. git push to deploy your websites as needed) by [@octohost](https://github.com/octohost) -* [Dokku][dokku] - Docker powered mini-Heroku in around 100 lines of Bash by [@progrium][progrium] -* [Ansible - manage docker containers](http://docs.ansible.com/ansible/docker_module.html) -* [Vagrant - Docker provider](https://www.vagrantup.com/docs/docker/basics.html) - Good starting point is [vagrant-docker-example](https://github.com/bubenkoff/vagrant-docker-example) by [@bubenkoff](https://github.com/bubenkoff) -* [Dray](https://github.com/CenturyLinkLabs/dray) - An engine for managing the execution of container-based workflows. http://Dray.it by [@CenturyLinkLabs][CenturyLinkLabs] -* [percheron][percheron] - Organise your Docker containers with muscle and intelligence by [@ashmckenzie](https://github.com/ashmckenzie) -* [Dusty](http://dusty.gc.com/) - Managed Docker development environments on OS X -* [Beluga](https://github.com/cortexmedia/Beluga) - CLI to deploy docker containers on a single server or low amount of servers. By [@cortextmedia](https://github.com/cortexmedia) -* [libcompose](https://github.com/docker/libcompose) - Go library for Docker Compose. -* [DLite](https://github.com/nlf/dlite) - Simplest way to use Docker on OSX, no VM needed. By [@nlf](https://github.com/nlf) -* [Azk](http://www.azk.io/) - Orchestrate development enviornments on your local machine by [@azukiapp](https://github.com/azukiapp) -* [Turbo](https://ramitsurana.github.io/turbo/) - Simple and Powerful utility for docker. By [@ramitsurana][ramitsurana] - -## Volume management and plugins -* [Blockbridge](https://github.com/blockbridge/blockbridge-docker-volume) - The Blockbridge plugin is a volume plugin that provides access to an extensible set of container-based persistent storage options. It supports single and multi-host Docker environments with features that include tenant isolation, automated provisioning, encryption, secure deletion, snapshots and QoS. By [@blockbridge][blockbridge] -* [Convoy](https://github.com/rancher/convoy) - an open-source Docker volume driver that can snapshot, backup and restore Docker volumes anywhere. By [@rancher][rancher] -* [Azure Files Volume Driver](https://github.com/ahmetalpbalkan/azurefile-dockervolumedriver) - A Docker volume driver that allows you to mount persistent volumes backed by Microsoft Azure File Service. By [@ahmetalpbalkan][ahmetalpbalkan] -* [Docker Unison](https://github.com/leighmcculloch/docker-unison) A docker volume container using Unison for fast two-way folder sync. Created as an alternative to slow boot2docker volumes on OS X. By [@leighmcculloch](https://github.com/leighmcculloch) -* [Netshare](https://github.com/gondor/docker-volume-netshare) A Docker volume plugin written in Go that supports mounting NFS, AWS EFS & CIFS volumes within a container. By [@gondor][gondor] -* [Docker Machine NFS](https://github.com/adlogix/docker-machine-nfs) Activates NFS for an existing boot2docker box created through Docker Machine on OS X. -* [REX-Ray](https://github.com/emccode/rexray) Vendor agnostic storage orchestration engine to provide persistent storage for Docker containers as well as Mesos frameworks and tasks. -* [Local Persist](https://github.com/CWSpear/local-persist) Specify a mountpoint for your local volumes (created via `docker volume create`) so that files will always persist and so you can mount to different directories in different containers. - - -## Useful Images - -* [Official Images from Docker Hub](https://github.com/docker-library/official-images) -* [Base Image](https://github.com/phusion/baseimage-docker) by [@phusion](https://github.com/phusion/) -* [Busybox](https://github.com/jpetazzo/docker-busybox) (with either `buildroot` or Ubuntu's `busybox-static`) by [@jpetazzo][jpetazzo] -* [OpenWRT](http://www.zoobab.com/docker-openwrt-image) by [@zoobab](https://github.com/zoobab) -* [Phusion Docker Hub Account](https://hub.docker.com/u/phusion/) -* [passenger-docker](https://github.com/phusion/passenger-docker) (Docker base images for Ruby, Python, Node.js and Meteor web apps) by [@phusion](https://github.com/phusion) -* [docker-alpine][alpine] (A super small Docker base image *(5MB)* using Alpine Linux) by [@gliderlabs][gliderlabs] -* [docker-fluentd][fluentd] (the Container to Log Other Containers' Logs) by [@kiyoto][kiyoto] -* [chaperone-docker](https://github.com/garywiz/chaperone-docker) (A set of images using the Chaperone process manager, including a lean Alpine image, LAMP, LEMP, and bare-bones base kits.) -* [nvidia-docker](https://github.com/NVIDIA/nvidia-docker) (Build and run Docker containers leveraging NVIDIA GPUs.) - - -## Dockerfile - -* [Collection of Dockerfiles](https://github.com/crosbymichael/Dockerfiles) by [@crosbymichael][crosbymichael] -* [Dockerfile Project](http://dockerfile.github.io/) : Trusted Automated Docker Builds. Dockerfile Project maintains a central repository of Dockerfile for various popular open source software services runnable on a Docker container. -* [Dockerfile Example](https://github.com/komljen/dockerfile-examples) by [@komljen](https://github.com/komljen) -* [Dockerfile Example 2](https://github.com/kstaken/dockerfile-examples) by [@kstaken](https://github.com/kstaken) -* [Dockerfile @jfrazelle][jfrazelledockerfiles] by [@jfrazelle][jfrazelle] **MUST SEE** for a fully containerized - desktop! - -## Storing Images and Registries - -* [Docker Registry v2][distribution] (The Docker toolset to pack, ship, store, and deliver content) -* [Rescoyl](https://github.com/noteed/rescoyl) (Private Docker registry) by [@noteed][noteed] -* [Atomic Registry](http://www.projectatomic.io/registry/) Red Hat Atomic Registry is an open source enterprise registry based on the Origin and Cockpit projects, enhancing the Docker registry library. -* [VMWare Harbor](http://vmware.github.io/harbor/) Project Harbor by VMWare is an enterprise-class registry server that stores and distributes Docker images. Harbor extends the open source Docker Distribution by adding the functionalities usually required by an enterprise, such as security, identity and management. - -## Monitoring - -* [Axibase Time-Series Database](http://axibase.com/products/axibase-time-series-database/writing-data/docker-cadvisor/) (Long-term retention of container statistics and built-in dashboards for Docker. Collected with native Google cAdvisor storage driver.) -* [cAdvisor](https://github.com/google/cadvisor) (Analyzes resource usage and performance characteristics of running containers. created by [@Google](https://github.com/google) -* [Datadog](https://www.datadoghq.com/) Datadog is a full-stack monitoring service for large-scale cloud environments that aggregates metrics/events from servers, databases, and applications. It includes support for Docker, Kubernetes, and Mesos. -* [Dockerana](https://github.com/dockerana/dockerana) (packaged version of Graphite and Grafana, specifically targeted at metrics from Docker.) -* [Docker-mon](https://github.com/icecrime/docker-mon) (Console-based Docker monitoring) by [@icecrime](https://github.com/icecrime) -* [Glances] (http://nicolargo.github.io/glances/) (A cross-platform curses-based system monitoring tool written in Python) by [@nicolargo](https://github.com/nicolargo) -* [InfluxDB, cAdvisor, Grafana](https://github.com/vegasbrianc/docker-monitoring) (InfluxDB Time series DB in combination with Grafana and cAdvisor) by [@vegasbrianc][vegasbrianc] -* [Meros](https://meros.io) Analyzes containers resources, captures logs, remote web SSH terminal and powerful DevOps alerts. -* [New Relic](https://newrelic.com/docker) New Relics Docker Monitoring tool -* [Prometheus](https://prometheus.io/) (Open-source service monitoring system and time series database) -* [Ruxit](https://www.dynatrace.com/technologies/cloud-and-microservices/docker-monitoring/) Monitor containerized applications without installing agents or modifying your Run commands -* [Seagull](https://github.com/tobegit3hub/seagull) (Friendly Web UI to monitor docker daemon.) by [@tobegit3hub](https://github.com/tobegit3hub) -* [Site24x7](https://www.site24x7.com/docker-monitoring.html) Docker MOnitoring for DevOps and IT is a SaaS Pay per Host model -* [Sysdig](http://www.sysdig.org/): An open source troubleshooting tool that provides a rich set of real-time, system-level information. It has container-specific features and is very useful in Docker environments. -* [Zabbix Docker module](https://github.com/monitoringartist/Zabbix-Docker-Monitoring): Zabbix module that provides discovery of running containers, CPU/memory/blk IO/net container metrics. Systemd Docker and LXC execution driver is also supported. It's a dynamically linked shared object library, so its performance is (~10x) better, than any script solution. -* [SPM for Docker][spm] Monitoring of host and container metrics, Docker events and logs. Automatic log parser. Anomaly Detection and alerting for metrics and logs. [@sematext][sematext] -* [Zabbix Docker](https://github.com/gomex/docker-zabbix) - Monitor containers automatically using zabbix LLD feature. -* [Collecting docker logs and stats with Splunk](http://blogs.splunk.com/2015/08/24/collecting-docker-logs-and-stats-with-splunk/) -* [Grafana Docker Dashboard Template](https://grafana.net/dashboards/179) - A template for your Docker, Grafana and Prometheus stack [@vegasbrianc][vegasbrianc] -* [DoMonit](https://github.com/eon01/DoMonit) - A simple Docker Monitoring wrapper For Docker API - -## Networking - -* [Calico-Docker](https://www.projectcalico.org/getting-started/docker/) - Calico is a pure layer 3 virtual network that allows containers over multiple docker-hosts to talk to each other. -* [Wagl](https://github.com/ahmetalpbalkan/wagl) - DNS Service Discovery for Docker Swarm (by [@ahmetalpbalkan][ahmetalpbalkan] ) http://ahmetalpbalkan.github.io/wagl/ -* [Weave][weave] (The Docker network) -- Weave creates a virtual network that connects Docker containers deployed across multiple hosts. -* [Flannel](https://github.com/coreos/flannel/) - Flannel is a virtual network that gives a subnet to each host for use with container runtimes. - - -## Logging - -* [Docker-Fluentd][fluentd]: (Docker container to Log Other Containers' Logs. One can aggregate the logs of Docker containers running on the same host using Fluentd.) by [@kiyoto][kiyoto] -* [LogJam](https://github.com/gocardless/logjam) (Logjam is a log forwarder designed to listen on a local port, receive log entries over UDP, and forward these messages on to a log collection server (such as logstash).) by [@gocardless](https://github.com/gocardless) -* [Logspout](https://github.com/gliderlabs/logspout) (Log routing for Docker container logs) by [@gliderlabs][gliderlabs] -* [Logsene for Docker][spm] Monitoring of Metrics, Events and Logs implemented in Node.js. Integrated [logagent-js](https://github.com/sematext/logagent-js) to detect and parse various log formats. [@sematext][sematext] - -## Deployment and Infrastructure - -* [Centurion](https://github.com/newrelic/centurion): Centurion is a mass deployment tool for Docker fleets. It takes containers from a Docker registry and runs them on a fleet of hosts with the correct environment variables, host volume mappings, and port mappings. By [@newrelic](https://github.com/newrelic) -* [Clocker](https://github.com/brooklyncentral/clocker): Clocker creates and manages a Docker cloud infrastructure. Clocker supports single-click deployments and runtime management of multi-node applications that run as containers distributed across multiple hosts, on both Docker and Marathon. It leverages [Calico][calico] and [Weave][weave] for networking and [Brooklyn][brooklyn] for application blueprints. By [@brooklyncentral](https://github.com/brooklyncentral) -* [Cloud 66](http://www.cloud66.com) - Full-stack hosted container management as a service -* [deploy](https://github.com/Perennials/deploy) - Git and Docker deployment tool. A middle ground between simple Docker composition tools and full blown cluster orchestration. Declarative configuration and short commands for managing (syncing, building, running) of infrastructures of more than a few services. Able to deploy whole preconfigured server or system of services with a single line (without having to scroll the line). -* [Docket](https://github.com/netvarun/docket): Custom docker registry that allows for lightning fast deploys through bittorrent by [@netvarun](https://github.com/netvarun/) -* [Longshoreman](https://github.com/longshoreman/longshoreman): Longshoreman automates application deployment using Docker. Just create a Docker repository (or use a service), configure the cluster using AWS or Digital Ocean (or whatever you like) and deploy applications using a Heroku-like CLI tool. By [longshoreman](https://github.com/longshoreman) - - -## PaaS - -* [Atlantis](https://github.com/ooyala/atlantis) - Atlantis is an Open Source PaaS for HTTP applications built on Docker and written in Go -* [Deis](https://github.com/deis/deis) (Your PaaS, your rules) -- http://deis.io/ -* [Dokku][dokku] (Docker powered mini-Heroku in around 100 lines of Bash) by [@progrium][progrium] -* [Empire](https://github.com/remind101/empire): A PaaS built on top of Amazon EC2 Container Service (ECS) -* [Flynn](https://github.com/flynn/flynn) (A next generation open source platform as a service) -- https://flynn.io/ -* [OpenShift][openshift] (An open source PaaS built on [Kubernetes][kubernetes] and optimized for Dockerized app development and deployment) by [Red Hat](https://www.redhat.com/) -* [Tsuru](https://github.com/tsuru/tsuru) (Tsuru is an extensible and open source Platform as a Service software) -- https://tsuru.io/ -* [Convox Rack] (https://github.com/convox/rack): Convox Rack is open source PaaS built on top of expert infrastructure automation and devops best practices. -* [Rancher][rancher]: Rancher is an open source project that provides a complete platform for operating Docker in production -* [Dcw](https://github.com/pbertera/dcw): Docker-compose SSH wrapper: a very poor man PaaS, exposing the docker-compose and custom-container commands defined in container labels. - -## Remote Container Manager / Orchestration - -* [autodock](https://github.com/prologic/autodock) (Daemon for Docker Automation) by [@prologic][prologic] -* [blimp](https://github.com/tubesandlube/blimp) Uses Docker Machine to easily move a container from one Docker host to another, show containers running against all of your hosts, replicate a container across multiple hosts and more. By [@defermat](https://github.com/defermat) and [@schvin](https://github.com/schvin) -* [Capitan] (https://github.com/byrnedo/capitan) Composable docker orchestration with added scripting support by [@byrnedo](https://github.com/byrnedo). -* [Citadel](https://github.com/citadel/citadel) (Citadel is a toolkit for scheduling containers on a Docker cluster) (unmaintained) -* [CloudSlang](http://www.cloudslang.io/) (CloudSlang is a workflow engine to create Docker process automation) -* [ContainerShip](https://github.com/containership/containership) (A simple container management platform) -- [containership] -* [CoreOS][coreos] (Linux for Massive Server Deployments) -- https://coreos.com/ -* [Decking](http://decking.io/): (Decking aims to simplify the creation, organsation and running of clusters of Docker containers in a way which is familiar to developers) -* [Deploying a Containerized App on a Public Node with Mesos](https://docs.mesosphere.com/usage/tutorials/containerized-app/) (Docker plus Mesosphere provides an easy way to automate and scale deployment of containers in a production environment) -* [Flocker](https://github.com/ClusterHQ/flocker) (Flocker is a data volume manager and multi-host Docker cluster management tool) by [@ClusterHQ](https://github.com/ClusterHQ) -* [Gaudi](https://github.com/marmelab/gaudi) (Gaudi allows to share multi-component applications, based on Docker, Go, and YAM) ~~ project discontinued. -* [Kontena](https://github.com/kontena/kontena) (Application Containers for Masses) -- https://www.kontena.io/ -* [Kubernetes][kubernetes] (Open source orchestration system for Docker containers by Google) -- [kubernetes] See Also [awesome-kubernetes](https://github.com/ramitsurana/awesome-kubernetes) by [@ramitsurana][ramitsurana] -* [Maestro](https://github.com/toscanini/maestro) (Maestro provides the ability to easily launch, orchestrate and manage mulitiple Docker containers as single unit) by [@tascanini](https://github.com/toscanini) -* [Marathon](https://mesosphere.github.io/marathon/docs/) (Marathon is a private PaaS built on Mesos. It automatically handles hardware or software failures and ensures that an app is "always on") -* [Nomad Project] (https://www.nomadproject.io/) Easily deploy applications at any scale. A Distributed, Highly Available, Datacenter-Aware Scheduler. -* [Panamax](https://github.com/CenturyLinkLabs/panamax-ui/wiki) (Docker Management for Humans) -- [panamax.io] -* [Rancher](https://github.com/rancher/rancher) (Portable AWS-style infrastructure service for Docker) -- http://rancher.com/ -* [Fleet](https://github.com/coreos/fleet) (A Distributed init System providing low-level orchestration ) -- [coreos.com] -* [Serf](https://github.com/hashicorp/serf) (Service orchestration and management tool) by [@hashicorp](https://github.com/hashicorp) -* [Shipyard](https://github.com/shipyard/shipyard) (Composable Docker Management) -- http://shipyard-project.com/ -* [MCollective Docker Agent](https://github.com/m4ce/mcollective-docker-agent) Uses MCollective to orchestrate your Docker containers and images -- [@m4ce](https://github.com/m4ce) -* [ElasticKube](https://github.com/ElasticBox/elastickube) open source management platform for Kubernetes. -* [Mantl](https://github.com/ciscocloud/mantl) Mantl is a modern platform for rapidly deploying globally distributed services [@ciscocloud](http://mantl.io) - -## Security - -* [docker-bench-security](https://github.com/docker/docker-bench-security) script that checks for dozens of common best-practices around deploying Docker containers in production. By [@docker][docker] -* [notary](https://github.com/docker/notary) a server and a client for running and interacting with trusted collections. By [@docker][docker] -* [Twistlock](https://twistlock.com/) Twistlock Security Suite detects vulnerabilities, hardens container images, and enforces security policies across the lifecycle of applications. -* [Clair](https://github.com/coreos/clair) Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers. By [@coreos][CoreOS] - -## Service Discovery - -* [docker-consul](https://github.com/gliderlabs/docker-consul) by [@progrium][progrium] -* [etcd](https://github.com/coreos/etcd): A highly-available key value store for shared configuration and service discovery by [@coreOS][coreos] -* [Docker Grand Ambassador](https://github.com/cpuguy83/docker-grand-ambassador) This is a fully dynamic docker link ambassador. + [Article](https://docs.docker.com/engine/articles/ambassador_pattern_linking/) by [@cpuguy83][cpuguy83] -* [proxy](https://github.com/factorish/proxy): lightweight nginx based load balancer self using service discovery provided by registrator. by [@factorish](https://github.com/factorish) -* [wagl](https://github.com/ahmetalpbalkan/wagl/): Service discovery for docker swarm using DNS - -## Metadata -* [MicroBadger](https://microbadger.com) - add metadata to Docker images using labels. - -# Slides - -* [Docker Slideshare Account](http://www.slideshare.net/Docker) -* [Docker Security](http://www.slideshare.net/jpetazzo) with [@jpetazzo][jpetazzo] -* [Hide your DEV ENV in a container](http://www.slideshare.net/JohanJanssen4/hide-your-development-environment-and-application-in-a-container) by [@johanjanssen42](https://twitter.com/johanjanssen42) -* [Docker for the new era](https://www.slideshare.net/ramitsurana/docker-for-the-new-era) by [@ramitsurana][ramitsurana] - -# Videos - -## Main Account - -* [Docker Youtube Account](https://www.youtube.com/user/dockerrun) -* [CenturyLink Labs Docker Interviews](https://www.youtube.com/playlist?list=PL_q4Fk7SVBCIjyuCBFBItXnzGI3qBa2L1) -* [Container Camp](https://www.youtube.com/channel/UCvksXSnLqIVM_uFB7xyrsSg/videos) Conference about *containers*!!! [@containercamp](https://twitter.com/containercamp) -* [Quoi d'neuf Docker](https://www.youtube.com/channel/UCOAhkxpryr_BKybt9wIw-NQ/videos) **FRENCH** chronique vidéo sur Youtube proposant de courtes vidéos (maximum 15 minutes) sur la thématique "Docker et son écosystème" [Site Web](http://www.quoidneufdocker.xyz/) - -## Useful videos - -* [Ansible and Docker HP](https://www.youtube.com/watch?v=oZ45v8AeE7k) (32:38) -* [Container Hacks and Fun Images][jessvid] by [@jfrazelle][jfrazelle] @ DockerCon 2015 (**MUST WATCH VIDEO**: 38:50) -* [Contributing to Docker by Andrew "Tianon" Page (InfoSiftr)](https://www.youtube.com/watch?v=1jwo8-1HYYg) (34:31) -* [Docker for Developers][docker4dev] (54:26) by [@jpetazzo][jpetazzo] <== Good introduction, context, demo -* [Docker in Production](https://www.youtube.com/watch?v=Glk5d5WP6MI) by [@jpetazzo][jpetazzo] (36:05) -* [Introduction to Docker and containers](https://www.youtube.com/watch?v=ZVaRK10HBjo) (3:09:00) by [@jpetazzo][jpetazzo] -* [Deploying and scaling applications with Docker, Swarm, and a tiny bit of Python magic](https://www.youtube.com/watch?v=GpHMTR7P2Ms) (3:11:06) by [@jpetazzo][jpetazzo] -* [Docker: How to Use Your Own Private Registry](https://www.youtube.com/watch?v=CAewZCBT4PI) (15:01) -* [Docker and SELinux by Daniel Walsh from Red Hat ](https://www.youtube.com/watch?v=zWGFqMuEHdw) (40:23) -* [Extending Docker with Plugins](https://vimeo.com/110835013) (15:21) -* [From Local Docker Development to Production Deployments](https://www.youtube.com/watch?v=7CZFpHUPqXw) by [@jpetazzo][jpetazzo] @ AWS re:Invent 2015 -* [Immutable Infrastructure with Docker and EC2 by Michael Bryzek (Gilt)](https://www.youtube.com/watch?v=GaHzdqFithc) (42:04) -* [Logging on Docker: What You Need to Know][loggingDocker] (51:27) -* [Performance Analysis of Docker - Jeremy Eder](https://www.youtube.com/watch?v=6f2E6PKYb0w) (1:36:58) -* [Run Any App on Mesos on Any Infrastructure Using Docker](https://www.youtube.com/watch?v=u5jd9YT9EsY) (17:44) -* [State of containers: a debate with CoreOS, VMware and Google](https://www.youtube.com/watch?v=IiITP3yIRd8) (27:38) -* [SysAdminCasts: Introduction to Docker](https://sysadmincasts.com/episodes/31-introduction-to-docker) (15:49) -* [Scalable Microservices with Kubernetes](https://www.udacity.com/course/scalable-microservices-with-kubernetes--ud615) Free Udacity course - -# Interactive Learning Environments - -* [Katacoda](https://www.katacoda.com/): Learn Docker using Interactive Browser-Based Labs - -# Interesting Twitter Accounts - -* [Docker](https://twitter.com/docker) -* [CenturyLink Labs](https://twitter.com/CenturyLinkLabs) -* [Flux7Labs](https://twitter.com/Flux7Labs) -* [TutumCloud](https://twitter.com/tutumcloud) -* [Project Atomic](https://twitter.com/ProjectAtomic) -* [OpenShift by Red Hat](https://twitter.com/openshift) -* [YLD](https://twitter.com/YLDio) -* [The New Stack](https://twitter.com/thenewstack) -* [Docker News](https://twitter.com/dockernews) -* [Docker Captains Twitter List](https://twitter.com/EltonStoneman/lists/docker-captains) - -## People - -* [Solomon Hykes](https://twitter.com/solomonstre) Founder of Docker -* [Gabriel Monroy](https://twitter.com/gabrtv) Creator of Deis -* [Jérôme Petazzoni](https://twitter.com/jpetazzo) Docker Developer -* [Michael Crosby](https://twitter.com/crosbymichael) Docker Developer -* [James Turnbull][kartar] Author of Docker Book -* [Jeff Lindsay](https://twitter.com/progrium) Design-minded software architect -* [Jessie Frazelle](https://twitter.com/jessfraz) Ex-@docker maintainer and uses full containerized desktop, lots of fun. -* [Docker Captains](https://www.docker.com/community/docker-captains) - Docker experts and community leaders - -[blockbridge]: https://github.com/blockbridge -[weave]: https://github.com/weaveworks/weave -[calico]: https://github.com/projectcalico/calico-containers -[brooklyn]: http://brooklyn.apache.org/ -[kubernetes]: http://kubernetes.io -[openshift]: https://www.openshift.org/ -[sindresorhus]: https://github.com/sindresorhus/awesome -[editREADME]: https://github.com/veggiemonk/awesome-docker/edit/master/README.md -[jpetazzo]: https://github.com/jpetazzo -[panamax.io]: http://panamax.io/ -[docker4dev]: https://www.youtube.com/watch?v=FdkNAjjO5yQ -[loggingDocker]: https://vimeo.com/123341629 -[docker-cheat-sheet]: https://github.com/wsargent/docker-cheat-sheet -[wsargent]: https://github.com/wsargent -[docker-quick-ref]: https://github.com/dimonomid/docker-quick-ref -[dimonomid]: https://github.com/dimonomid -[projwebdev]: http://project-webdev.blogspot.de -[jessblog]: https://blog.jessfraz.com/post/docker-containers-on-the-desktop/ -[jfrazelle]: https://github.com/jfrazelle -[jfrazelledotfiles]: https://github.com/jfrazelle/dotfiles -[jfrazelledockerfiles]: https://github.com/jfrazelle/dockerfiles -[jessvid]: https://www.youtube.com/watch?v=1qlLUf7KtAw -[progrium]: https://github.com/progrium -[jwilder]: https://github.com/jwilder -[crosbymichael]: https://github.com/crosbymichael -[gliderlabs]: https://github.com/gliderlabs -[gesellix]: https://github.com/gesellix -[prologic]: https://github.com/prologic -[fgrehm]: https://github.com/fgrehm -[ianmiell]: https://github.com/ianmiell -[distribution]: https://github.com/docker/distribution -[cpuguy83]: https://github.com/cpuguy83 -[percheron]: https://github.com/ashmckenzie/percheron -[CenturyLinkLabs]: https://github.com/CenturyLinkLabs -[gondor]: https://github.com/gondor -[noteed]: https://github.com/noteed -[nginxproxy]: https://github.com/jwilder/nginx-proxy -[dokku]: https://github.com/dokku/dokku -[ahmetalpbalkan]: https://github.com/ahmetalpbalkan -[alpine]: https://github.com/gliderlabs/docker-alpine -[fluentd]: https://github.com/kiyoto/docker-fluentd -[kiyoto]: https://github.com/kiyoto -[spm]: https://github.com/sematext/sematext-agent-docker -[coreos]: https://github.com/coreos -[docker]: https://github.com/docker -[sematext]: https://twitter.com/sematext -[sebgoa]: https://twitter.com/sebgoa -[kartar]: https://twitter.com/kartar -[docker-compose]: https://docs.docker.com/compose/ -[containership]: https://containership.io -[rancher]: https://github.com/rancher -[ramitsurana]: https://github.com/ramitsurana -[vegasbrianc]: https://github.com/vegasbrianc diff --git a/appendix/index.md b/appendix/index.md index e84da1925..06a98adf8 100644 --- a/appendix/index.md +++ b/appendix/index.md @@ -5,6 +5,6 @@ - [Kubernetes documentation](http://kubernetes.io/docs/) - [Awesome Kubernetes](awesome-kubernetes.html) - [Kubernetes the hard way](https://github.com/kelseyhightower/kubernetes-the-hard-way) -- [Awesome Docker](awesome-docker.html) - [Kubernetes Bootcamp](https://kubernetesbootcamp.github.io/kubernetes-bootcamp/index.html) - [Design patterns for container-based distributed systems](https://www.usenix.org/system/files/conference/hotcloud16/hotcloud16_burns.pdf) + diff --git a/apps/basic.md b/apps/basic.md deleted file mode 100644 index e1e78bf28..000000000 --- a/apps/basic.md +++ /dev/null @@ -1,145 +0,0 @@ -# Helm工作原理 - -## 基本概念 - -Helm的三个基本概念 - -- Chart:Helm应用(package),包括该应用的所有Kubernetes manifest模版,类似于YUM RPM或Apt dpkg文件 -- Repository:Helm package存储仓库 -- Release:chart的部署实例,每个chart可以部署一个或多个release - -## Helm工作原理 - -Helm包括两个部分,`helm`客户端和`tiller`服务端。 - -> the client is responsible for managing charts, and the server is responsible for managing releases. - -### helm客户端 - -helm客户端是一个命令行工具,负责管理charts、reprepository和release。它通过gPRC API(使用`kubectl port-forward`将tiller的端口映射到本地,然后再通过映射后的端口跟tiller通信)向tiller发送请求,并由tiller来管理对应的Kubernetes资源。 - -Helm客户端的使用方法参见[Helm命令](helm.html)。 - -### tiller服务端 - -tiller接收来自helm客户端的请求,并把相关资源的操作发送到Kubernetes,负责管理(安装、查询、升级或删除等)和跟踪Kubernetes资源。为了方便管理,tiller把release的相关信息保存在kubernetes的ConfigMap中。 - -tiller对外暴露gRPC API,供helm客户端调用。 - -## Helm Charts - -Helm使用[Chart](https://github.com/kubernetes/charts)来管理Kubernetes manifest文件。每个chart都至少包括 - -- 应用的基本信息`Chart.yaml` -- 一个或多个Kubernetes manifest文件模版(放置于templates/目录中),可以包括Pod、Deployment、Service等各种Kubernetes资源 - -### Chart.yaml示例 - -```yaml -name: The name of the chart (required) -version: A SemVer 2 version (required) -description: A single-sentence description of this project (optional) -keywords: - - A list of keywords about this project (optional) -home: The URL of this project's home page (optional) -sources: - - A list of URLs to source code for this project (optional) -maintainers: # (optional) - - name: The maintainer's name (required for each maintainer) - email: The maintainer's email (optional for each maintainer) -engine: gotpl # The name of the template engine (optional, defaults to gotpl) -icon: A URL to an SVG or PNG image to be used as an icon (optional). -``` - -### 依赖管理 - -Helm支持两种方式管理依赖的方式: - -- 直接把依赖的package放在`charts/`目录中 -- 使用`requirements.yaml`并用`helm dep up foochart`来自动下载依赖的packages - -```yaml -dependencies: - - name: apache - version: 1.2.3 - repository: http://example.com/charts - - name: mysql - version: 3.2.1 - repository: http://another.example.com/charts -``` - -### Chart模版 - -Chart模板基于Go template和[Sprig](https://github.com/Masterminds/sprig),比如 - -```yaml -apiVersion: v1 -kind: ReplicationController -metadata: - name: deis-database - namespace: deis - labels: - heritage: deis -spec: - replicas: 1 - selector: - app: deis-database - template: - metadata: - labels: - app: deis-database - spec: - serviceAccount: deis-database - containers: - - name: deis-database - image: {{.Values.imageRegistry}}/postgres:{{.Values.dockerTag}} - imagePullPolicy: {{.Values.pullPolicy}} - ports: - - containerPort: 5432 - env: - - name: DATABASE_STORAGE - value: {{default "minio" .Values.storage}} -``` - -模版参数的默认值必须放到`values.yaml`文件中,其格式为 - -```yaml -imageRegistry: "quay.io/deis" -dockerTag: "latest" -pullPolicy: "alwaysPull" -storage: "s3" - -# 依赖的mysql chart的默认参数 -mysql: - max_connections: 100 - password: "secret" -``` - -## Helm插件 - -插件提供了扩展Helm核心功能的方法,它在客户端执行,并放在`$(helm home)/plugins`目录中。 - -一个典型的helm插件格式为 - -```sh -$(helm home)/plugins/ - |- keybase/ - | - |- plugin.yaml - |- keybase.sh -``` - -而plugin.yaml格式为 - -```yaml -name: "keybase" -version: "0.1.0" -usage: "Integreate Keybase.io tools with Helm" -description: |- - This plugin provides Keybase services to Helm. -ignoreFlags: false -useTunnel: false -command: "$HELM_PLUGIN_DIR/keybase.sh" -``` - -这样,就可以用`helm keybase`命令来使用这个插件。 diff --git a/apps/deis.md b/apps/deis.md deleted file mode 100644 index 2ca6ba921..000000000 --- a/apps/deis.md +++ /dev/null @@ -1,156 +0,0 @@ -# Deis workflow - -## Deis架构 - -![Workflow概览](../images/workflow-overview.png) - -![Workflow详细结构](../images/workflow-detail.png) - -![应用分层架构](../images/application-layout.png) - -## Deis安装部署 - -首先需要部署一套kubernetes(比如minikube,GKE等,记得启用`KUBE_ENABLE_CLUSTER_DNS=true`),并配置好本机的kubectl客户端,然后运行以下脚本安装deis: - -```sh -# install deis v2 (workflow) -curl -sSL http://deis.io/deis-cli/install-v2.sh | bash -mv deis /usr/local/bin/ - -# install helm -wget https://storage.googleapis.com/kubernetes-helm/helm-v2.2.1-linux-amd64.tar.gz -tar zxvf helm-v2.2.1-linux-amd64.tar.gz -mv linux-amd64/helm /usr/local/bin/ -rm -rf linux-amd64 helm-v2.2.1-linux-amd64.tar.gz -helm init - -# deploy helm components -helm repo add deis https://charts.deis.com/workflow -helm install deis/workflow --namespace deis -kubectl --namespace=deis get pods -``` - -## Deis基本使用 - -### 注册用户并登录 - -```sh -deis register deis-controller.deis.svc.cluster.local -deis login deis-controller.deis.svc.cluster.local -deis perms:create newuser --admin -``` - -### 部署应用 - -**注意,deis的大部分操作命令都需要在应用的目录中(即下面的`example-dockerfile-http`)。** - -```sh -git clone https://github.com/deis/example-dockerfile-http.git -cd example-dockerfile-http -docker build -t deis/example-dockerfile-http . -docker push deis/example-dockerfile-http - -# create app -deis create example-dockerfile-http --no-remote -# deploy app -deis pull deis/example-dockerfile-http:latest - -# query application status -deis info -``` - -扩展应用 - -```sh -$ deis scale cmd=3 -$ deis ps -=== example-dockerfile-http Processes ---- cmd: -example-dockerfile-http-cmd-4246296512-08124 up (v2) -example-dockerfile-http-cmd-4246296512-40lfv up (v2) -example-dockerfile-http-cmd-4246296512-fx3w3 up (v2) -``` - -也可以配置自动扩展 - -```sh -deis autoscale:set example-dockerfile-http --min=3 --max=8 --cpu-percent=75 -``` - -这样,就可以通过Kubernetes的DNS来访问应用了(配置了外网负载均衡后,还可以通过负载均衡来访问服务): - -```sh -$ curl example-dockerfile-http.example-dockerfile-http.svc.cluster.local -Powered by Deis -``` - -### 域名和路由 - -```sh -# 注意设置CNMAE记录到原来的地址 -deis domains:add hello.bacongobbler.com - -dig hello.deisapp.com -deis routing:enable -``` - -这实际上是在deis-router的nginx配置中增加了 virtual hosts : - -``` - server { - listen 8080; - server_name ~^example-dockerfile-http\.(?.+)$; - server_name_in_redirect off; - port_in_redirect off; - set $app_name "example-dockerfile-http"; - vhost_traffic_status_filter_by_set_key example-dockerfile-http application::*; - - location / { - proxy_buffering off; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Proto $access_scheme; - proxy_set_header X-Forwarded-Port $forwarded_port; - proxy_redirect off; - proxy_connect_timeout 30s; - proxy_send_timeout 1300s; - proxy_read_timeout 1300s; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - - proxy_pass http://10.0.0.224:80; - } - } - - server { - listen 8080; - server_name hello.bacongobbler.com; - server_name_in_redirect off; - port_in_redirect off; - set $app_name "example-dockerfile-http"; - vhost_traffic_status_filter_by_set_key example-dockerfile-http application::*; - - location / { - proxy_buffering off; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Proto $access_scheme; - proxy_set_header X-Forwarded-Port $forwarded_port; - proxy_redirect off; - proxy_connect_timeout 30s; - proxy_send_timeout 1300s; - proxy_read_timeout 1300s; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_pass http://10.0.0.224:80; - } - } -``` - -### 参考文档 - -- https://github.com/deis/workflow -- https://deis.com/workflow/ - diff --git a/apps/helm-app.md b/apps/helm-app.md deleted file mode 100644 index d1fe200ff..000000000 --- a/apps/helm-app.md +++ /dev/null @@ -1,103 +0,0 @@ -# Kubernetes应用管理--Helm - -[Helm](https://github.com/kubernetes/helm)是一个类似于yum/apt/[homebrew](https://brew.sh/)的Kubernetes应用管理工具。Helm使用[Chart](https://github.com/kubernetes/charts)来管理Kubernetes manifest文件。 - -## Helm基本使用 - -安装`helm`客户端 - -```sh -brew install kubernetes-helm -``` - -初始化Helm并安装`Tiller`服务(需要事先配置好kubeclt) - -```sh -helm init -``` - -更新charts列表 - -```sh -helm repo update -``` - -部署服务,比如mysql - -```sh -➜ ~ helm install stable/mysql -NAME: quieting-warthog -LAST DEPLOYED: Tue Feb 21 16:13:02 2017 -NAMESPACE: default -STATUS: DEPLOYED - -RESOURCES: -==> v1/Secret -NAME TYPE DATA AGE -quieting-warthog-mysql Opaque 2 1s - -==> v1/PersistentVolumeClaim -NAME STATUS VOLUME CAPACITY ACCESSMODES AGE -quieting-warthog-mysql Pending 1s - -==> v1/Service -NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE -quieting-warthog-mysql 10.3.253.105 3306/TCP 1s - -==> extensions/v1beta1/Deployment -NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE -quieting-warthog-mysql 1 1 1 0 1s - - -NOTES: -MySQL can be accessed via port 3306 on the following DNS name from within your cluster: -quieting-warthog-mysql.default.svc.cluster.local - -To get your root password run: - - kubectl get secret --namespace default quieting-warthog-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo - -To connect to your database: - -1. Run an Ubuntu pod that you can use as a client: - - kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il - -2. Install the mysql client: - - $ apt-get update && apt-get install mysql-client -y - -3. Connect using the mysql cli, then provide your password: - $ mysql -h quieting-warthog-mysql -p -``` - -更多命令的使用方法可以参考[Helm命令参考](helm.html)。 - -## Helm工作原理 - -见[Helm工作原理](basic.html)。 - -## 链接 - -### Helm文档 - -* https://github.com/kubernetes/helm -* https://github.com/kubernetes/charts - -### 第三方Helm repository - -* https://github.com/deis/charts -* https://github.com/bitnami/charts -* https://github.com/att-comdev/openstack-helm -* https://github.com/sapcc/openstack-helm -* https://github.com/mgoodness/kube-prometheus-charts -* https://github.com/helm/charts -* https://github.com/jackzampolin/tick-charts - -### 常用Helm插件 - -1. [helm-tiller](https://github.com/adamreese/helm-tiller) - Additional commands to work with Tiller -2. [Technosophos's Helm Plugins](https://github.com/technosophos/helm-plugins) - Plugins for GitHub, Keybase, and GPG -3. [helm-template](https://github.com/technosophos/helm-template) - Debug/render templates client-side -4. [Helm Value Store](https://github.com/skuid/helm-value-store) - Plugin for working with Helm deployment values -5. [Drone.io Helm Plugin](http://plugins.drone.io/ipedrazas/drone-helm/) - Run Helm inside of the Drone CI/CD system diff --git a/apps/helm.md b/apps/helm.md deleted file mode 100644 index e232c5663..000000000 --- a/apps/helm.md +++ /dev/null @@ -1,168 +0,0 @@ -# Helm命令参考 - -## 查询charts - -```sh -helm search -helm search mysql -``` - -## 查询package详细信息 - -```sh -helm inspect stable/mariadb -``` - -## 部署package - -```sh -helm install stable/mysql -``` - -部署之前可以自定义package的选项: - -```sh -# 查询支持的选项 -helm inspect values stable/mysql - -# 自定义password -echo "mysqlRootPassword: passwd" > config.yaml -helm install -f config.yaml stable/mysql -``` - -另外,还可以通过打包文件(.tgz)或者本地package路径(如path/foo)来部署应用。 - -## 查询服务(Release)列表 - -```sh -➜ ~ helm ls -NAME REVISION UPDATED STATUS CHART NAMESPACE -quieting-warthog 1 Tue Feb 21 20:13:02 2017 DEPLOYED mysql-0.2.5 default -``` - -## 查询服务(Release)状态 - -```sh -➜ ~ helm status quieting-warthog -LAST DEPLOYED: Tue Feb 21 16:13:02 2017 -NAMESPACE: default -STATUS: DEPLOYED - -RESOURCES: -==> v1/Secret -NAME TYPE DATA AGE -quieting-warthog-mysql Opaque 2 9m - -==> v1/PersistentVolumeClaim -NAME STATUS VOLUME CAPACITY ACCESSMODES AGE -quieting-warthog-mysql Bound pvc-90af9bf9-f80d-11e6-930a-42010af00102 8Gi RWO 9m - -==> v1/Service -NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE -quieting-warthog-mysql 10.3.253.105 3306/TCP 9m - -==> extensions/v1beta1/Deployment -NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE -quieting-warthog-mysql 1 1 1 1 9m - - -NOTES: -MySQL can be accessed via port 3306 on the following DNS name from within your cluster: -quieting-warthog-mysql.default.svc.cluster.local - -To get your root password run: - - kubectl get secret --namespace default quieting-warthog-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo - -To connect to your database: - -1. Run an Ubuntu pod that you can use as a client: - - kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il - -2. Install the mysql client: - - $ apt-get update && apt-get install mysql-client -y - -3. Connect using the mysql cli, then provide your password: - $ mysql -h quieting-warthog-mysql -p -``` - -## 升级和回滚Release - -```sh -# 升级 -cat "mariadbUser: user1" >panda.yaml -helm upgrade -f panda.yaml happy-panda stable/mariadb - -# 回滚 -helm rollback happy-panda 1 -``` - -## 删除Release - -```sh -helm delete quieting-warthog -``` - -## repo管理 - -```sh -# 添加incubator repo -helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.com/ - -# 查询repo列表 -helm repo list - -# 生成repo索引(用于搭建helm repository) -helm repo index -``` - -## chart管理 - -```sh -# 创建一个新的chart -helm create deis-workflow - -# validate chart -helm lint - -# 打包chart到tgz -helm package deis-workflow -``` - -## Helm命令参考 - -``` - completion Generate bash autocompletions script - create create a new chart with the given name - delete given a release name, delete the release from Kubernetes - dependency manage a chart's dependencies - fetch download a chart from a repository and (optionally) unpack it in local directory - get download a named release - history fetch release history - home displays the location of HELM_HOME - init initialize Helm on both client and server - inspect inspect a chart - install install a chart archive - lint examines a chart for possible issues - list list releases - package package a chart directory into a chart archive - repo add, list, remove, update, and index chart repositories - reset uninstalls Tiller from a cluster - rollback roll back a release to a previous revision - search search for a keyword in charts - serve start a local http web server - status displays the status of the named release - test test a release - upgrade upgrade a release - verify verify that a chart at the given path has been signed and is valid - version print the client/server version information - -Flags: - --debug enable verbose output - --home string location of your Helm config. Overrides $HELM_HOME (default "~/.helm") - --host string address of tiller. Overrides $HELM_HOST - --kube-context string name of the kubeconfig context to use - --tiller-namespace string namespace of tiller (default "kube-system") -``` diff --git a/apps/index.md b/apps/index.md deleted file mode 100644 index 58d341865..000000000 --- a/apps/index.md +++ /dev/null @@ -1,36 +0,0 @@ -# Kubernetes应用管理 - -Kubernetes应用及manifest的管理方法。 - -## Helm - -[Helm](helm-app.html)是一个类似于yum/apt/[homebrew](https://brew.sh/)的Kubernetes应用管理工具。Helm使用[Chart](https://github.com/kubernetes/charts)来管理Kubernetes manifest文件。 - -Helm的使用方法见[这里](helm-app.html)。 - -## Deis workflow - -Deis workflow是基于Kubernetes的PaaS管理平台,进一步简化了应用的打包、部署和服务发现。 - -![Deis workflow](../images/git-push-flow.png) - -## Operator - -- https://github.com/coreos/etcd-operator -- https://github.com/coreos/prometheus-operator -- https://github.com/sapcc/kubernetes-operators -- https://github.com/kbst/memcached -- https://github.com/krallistic/kafka-operator -- https://github.com/huawei-cloudfederation/redis-operator -- https://github.com/upmc-enterprises/elasticsearch-operator -- https://github.com/pires/nats-operator -- https://github.com/rosskukulinski/rethinkdb-operator - - -## 其他 - -当然,目前大家最常用了还是自己管理manifest,比如kubernetes项目就提供了很多应用的示例 - -- https://github.com/kubernetes/kubernetes/tree/master/examples -- https://github.com/kubernetes/contrib -- https://github.com/kubernetes/ingress diff --git a/cluster-federation/index.md b/cluster-federation/index.md deleted file mode 100644 index 1337267ba..000000000 --- a/cluster-federation/index.md +++ /dev/null @@ -1,10 +0,0 @@ -# 集群联邦 - -![federation](media/federation.png) - -![federation-service](media/federation-service.png) - -https://tectonic.com/blog/kubernetes-cluster-federation.html - - - diff --git a/cluster-federation/media/14731437799367.jpg b/cluster-federation/media/14731437799367.jpg deleted file mode 100644 index f62e4777a..000000000 Binary files a/cluster-federation/media/14731437799367.jpg and /dev/null differ diff --git a/cluster-federation/media/federation-service.png b/cluster-federation/media/federation-service.png deleted file mode 100644 index 6daf307f2..000000000 Binary files a/cluster-federation/media/federation-service.png and /dev/null differ diff --git a/cluster-federation/media/federation.png b/cluster-federation/media/federation.png deleted file mode 100644 index 813d9e785..000000000 Binary files a/cluster-federation/media/federation.png and /dev/null differ diff --git a/cluster/media/14735740742630.jpg b/cluster/media/14735740742630.jpg deleted file mode 100644 index b50c5a06b..000000000 Binary files a/cluster/media/14735740742630.jpg and /dev/null differ diff --git a/cluster/minikube.md b/cluster/minikube.md deleted file mode 100644 index cfab5b7d5..000000000 --- a/cluster/minikube.md +++ /dev/null @@ -1,105 +0,0 @@ -# Minikube - -相比Docker一个二进制文件解决所有问题,Kubernetes则为不同的服务提供了不同的二进制文件,并将一些服务放到了addons中。故而,Kubernetes的部署相对要麻烦的多。借助[minikube](https://github.com/kubernetes/minikube)项目,现在可以很方便的在本机快速启动一个单节点的Kubernetes集群。 - -## 安装minikube - -minikube最新release版本为v0.15.0,支持Kubernetes v1.3.0到v1.5.1的各个版本,默认启动Kubernetes v1.5.1。 - -OSX - -``` -curl -Lo minikube https://storage.googleapis.com/minikube/releases/v0.15.0/minikube-darwin-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/ -``` - -Linux - -``` -curl -Lo minikube https://storage.googleapis.com/minikube/releases/v0.15.0/minikube-linux-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/ -``` - -Windows - -``` -下载https://storage.googleapis.com/minikube/releases/v0.15.0/minikube-windows-amd64.exe,并重命名为minikube.exe -``` - -minikube支持xhyve(on OSX)、VirtualBox、VMWare Fusion等多种不同的driver,这些driver也需要单独安装,比如在OSX上安装xhyve driver: - -```sh -brew install docker-machine-driver-xhyve -# docker-machine-driver-xhyve need root owner and uid -sudo chown root:wheel $(brew --prefix)/opt/docker-machine-driver-xhyve/bin/docker-machine-driver-xhyve -sudo chmod u+s $(brew --prefix)/opt/docker-machine-driver-xhyve/bin/docker-machine-driver-xhyve -``` - -另外,还需要安装一个`kubectl`客户端,用来跟kubernetes交互: - -``` -gcloud components install kubectl -``` - -## 启动Kubernetes Cluster - -启动Kubernetes Cluster就非常简单了,一个命令即可: - -``` -$ minikube start -Starting local Kubernetes cluster... -Kubectl is now configured to use the cluster. -``` - -当然了,国内环境下,最好加上代理: - -``` -minikube start --docker-env HTTP_PROXY=http://proxy-ip:port --docker-env HTTPS_PROXY=http://proxy-ip:port -``` - -然后就可以通过kubectl来玩Kubernetes了,比如启动一个简单的nginx服务: - -``` -$ kubectl run nginx --image=nginx --port=80 -deployment "nginx" created -$ kubectl expose deployment nginx --port=80 --type=NodePort --name=nginx-http -service "nginx-http" exposed -$ kubectl get pods -NAME READY STATUS RESTARTS AGE -nginx-2032906785-81t56 1/1 Running 0 2m -$ kubectl get services -NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE -kubernetes 10.0.0.1 443/TCP 20m -nginx-http 10.0.0.146 80/TCP 2m -$ minikube service nginx-http --url -http://192.168.64.10:30569 -``` - -这样就可以通过`http://192.168.64.10:30569`来直接访问nginx服务。 - -minikube默认还部署了最新的dashboard,可以通过`minikube dashboard`命令在默认浏览器中打开: - -![](media/14735740742630.jpg) - - -更多的玩法可以参考minikube的帮助文档: - -``` -Usage: - minikube [command] - -Available Commands: - dashboard Opens/displays the kubernetes dashboard URL for your local cluster - delete Deletes a local kubernetes cluster. - docker-env sets up docker env variables; similar to '$(docker-machine env)' - get-k8s-versions Gets the list of available kubernetes versions available for minikube. - ip Retrieve the IP address of the running cluster. - logs Gets the logs of the running localkube instance, used for debugging minikube, not user code. - service Gets the kubernetes URL for the specified service in your local cluster - ssh Log into or run a command on a machine with SSH; similar to 'docker-machine ssh' - start Starts a local kubernetes cluster. - status Gets the status of a local kubernetes cluster. - stop Stops a running local kubernetes cluster. - version Print the version of minikube. -``` - -更多请参考https://github.com/kubernetes/minikube。 - diff --git a/cluster/node.md b/cluster/node.md deleted file mode 100644 index fb646411d..000000000 --- a/cluster/node.md +++ /dev/null @@ -1,48 +0,0 @@ -# Node - -## Node维护模式 - -``` -kubectl drain NODE [Options] -``` - -- 它会删除该NODE上由ReplicationController, ReplicaSet, DaemonSet, StatefulSet or Job创建的Pod -- 不删除mirror pods(因为不可通过API删除mirror pods) -- 如果还有其它类型的Pod(比如不通过RC而直接通过kubectl create的Pod)并且没有--force选项,该命令会直接失败 -- 如果命令中增加了--force选项,则会强制删除这些不是通过ReplicationController, Job或者DaemonSet创建的Pod - -有的时候不需要evict pod,只需要标记Node不可调用,可以用`kubectl cordon`命令。 - -恢复的话只需要运行`kubectl uncordon NODE`将NODE重新改成可调度状态。 - -## Taint tolerant - -// taint节点,阻止新的pod上来 -kubectl taint nodes node08 dedicated=maintaining:NoSchedule -// label节点,只允许指定的pod上来 -kubectl label nodes node08 hyper/nodetype=maintaining - -// 然后在Pod定义中加入如下annotation: -``` -annotations: - scheduler.alpha.kubernetes.io/tolerations: '[{"key":"dedicated", "value":"maintaining"}]' - scheduler.alpha.kubernetes.io/affinity: > - { - "nodeAffinity": { - "requiredDuringSchedulingIgnoredDuringExecution": { - "nodeSelectorTerms": [ - { - "matchExpressions": [ - { - "key": "hyper/nodetype", - "operator": "In", - "values": ["maintaining"] - } - ] - } - ] - } - } - } -``` - diff --git a/components/index.md b/components/index.md deleted file mode 100644 index f7311182e..000000000 --- a/components/index.md +++ /dev/null @@ -1,2 +0,0 @@ -# 核心组件 - diff --git a/components/kube-proxy.md b/components/kube-proxy.md deleted file mode 100644 index 72f3486b7..000000000 --- a/components/kube-proxy.md +++ /dev/null @@ -1,42 +0,0 @@ -# kube-proxy - -## Iptables示例 - -``` -# Iptables –t nat –L –n -Chain PREROUTING (policy ACCEPT) -target prot opt source destination -KUBE-SERVICES all -- anywhere anywhere /* kubernetes service portals */ ← 1 -DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL - -Chain KUBE-SEP-G3MLSGWVLUPEIMXS (1 references) ← 4 -target prot opt source destination -MARK all -- 172.16.16.2 anywhere /* default/webpod-service: */ MARK set 0x4d415351 -DNAT tcp -- anywhere anywhere /* default/webpod-service: */ tcp to:172.16.16.2:80 - -Chain KUBE-SEP-OUBP2X5UG3G4CYYB (1 references) -target prot opt source destination -MARK all -- 192.168.190.128 anywhere /* default/kubernetes: */ MARK set 0x4d415351 -DNAT tcp -- anywhere anywhere /* default/kubernetes: */ tcp to:192.168.190.128:6443 - -Chain KUBE-SEP-PXEMGP3B44XONJEO (1 references) ← 4 -target prot opt source destination -MARK all -- 172.16.91.2 anywhere /* default/webpod-service: */ MARK set 0x4d415351 -DNAT tcp -- anywhere anywhere /* default/webpod-service: */ tcp to:172.16.91.2:80 - -Chain KUBE-SERVICES (2 references) ← 2 -target prot opt source destination -KUBE-SVC-N4RX4VPNP4ATLCGG tcp -- anywhere 192.168.3.237 /* default/webpod-service: cluster IP */ tcp dpt:http -KUBE-SVC-6N4SJQIF3IX3FORG tcp -- anywhere 192.168.3.1 /* default/kubernetes: cluster IP */ tcp dpt:https -KUBE-NODEPORTS all -- anywhere anywhere /* kubernetes service nodeports; NOTE: this must be the last rule in this chain */ ADDRTYPE match dst-type LOCAL - -Chain KUBE-SVC-6N4SJQIF3IX3FORG (1 references) -target prot opt source destination -KUBE-SEP-OUBP2X5UG3G4CYYB all -- anywhere anywhere /* default/kubernetes: */ - -Chain KUBE-SVC-N4RX4VPNP4ATLCGG (1 references) ← 3 -target prot opt source destination -KUBE-SEP-G3MLSGWVLUPEIMXS all -- anywhere anywhere /* default/webpod-service: */ statistic mode random probability 0.50000000000 -KUBE-SEP-PXEMGP3B44XONJEO all -- anywhere anywhere /* default/webpod-service: */ -``` - diff --git a/architecture/cloud-native.md b/concepts/cloud-native.md similarity index 100% rename from architecture/cloud-native.md rename to concepts/cloud-native.md diff --git a/architecture/concepts.md b/concepts/concepts.md similarity index 100% rename from architecture/concepts.md rename to concepts/concepts.md diff --git a/concepts/configmap.md b/concepts/configmap.md new file mode 100644 index 000000000..bc0ac3400 --- /dev/null +++ b/concepts/configmap.md @@ -0,0 +1,372 @@ +## 前言 + +其实ConfigMap功能在Kubernetes1.2版本的时候就有了,许多应用程序会从配置文件、命令行参数或环境变量中读取配置信息。这些配置信息需要与docker image解耦,你总不能每修改一个配置就重做一个image吧?ConfigMap API给我们提供了向容器中注入配置信息的机制,ConfigMap可以被用来保存单个属性,也可以用来保存整个配置文件或者JSON二进制大对象。 + +## ConfigMap概览 + +**ConfigMap API**资源用来保存**key-value pair**配置数据,这个数据可以在**pods**里使用,或者被用来为像**controller**一样的系统组件存储配置数据。虽然ConfigMap跟[Secrets](https://kubernetes.io/docs/user-guide/secrets/)类似,但是ConfigMap更方便的处理不含敏感信息的字符串。 注意:ConfigMaps不是属性配置文件的替代品。ConfigMaps只是作为多个properties文件的引用。你可以把它理解为Linux系统中的`/etc`目录,专门用来存储配置文件的目录。下面举个例子,使用ConfigMap配置来创建Kuberntes Volumes,ConfigMap中的每个data项都会成为一个新文件。 + +```yaml +kind: ConfigMap +apiVersion: v1 +metadata: + creationTimestamp: 2016-02-18T19:14:38Z + name: example-config + namespace: default +data: + example.property.1: hello + example.property.2: world + example.property.file: |- + property.1=value-1 + property.2=value-2 + property.3=value-3 +``` + +`data`一栏包括了配置数据,ConfigMap可以被用来保存单个属性,也可以用来保存一个配置文件。 配置数据可以通过很多种方式在Pods里被使用。ConfigMaps可以被用来: + +1. 设置环境变量的值 +2. 在容器里设置命令行参数 +3. 在数据卷里面创建config文件 + +用户和系统组件两者都可以在ConfigMap里面存储配置数据。 + +其实不用看下面的文章,直接从`kubectl create configmap -h`的帮助信息中就可以对ConfigMap究竟如何创建略知一二了。 + +``` +Examples: + # Create a new configmap named my-config based on folder bar + kubectl create configmap my-config --from-file=path/to/bar + + # Create a new configmap named my-config with specified keys instead of file basenames on disk + kubectl create configmap my-config --from-file=key1=/path/to/bar/file1.txt --from-file=key2=/path/to/bar/file2.txt + + # Create a new configmap named my-config with key1=config1 and key2=config2 + kubectl create configmap my-config --from-literal=key1=config1 --from-literal=key2=config2 +``` + +## 创建ConfigMaps + +可以使用该命令,用给定值、文件或目录来创建ConfigMap。 + +``` +kubectl create configmap +``` + +### 使用目录创建 + +比如我们已经有个了包含一些配置文件,其中包含了我们想要设置的ConfigMap的值: + +```bash +$ ls docs/user-guide/configmap/kubectl/ +game.properties +ui.properties + +$ cat docs/user-guide/configmap/kubectl/game.properties +enemies=aliens +lives=3 +enemies.cheat=true +enemies.cheat.level=noGoodRotten +secret.code.passphrase=UUDDLRLRBABAS +secret.code.allowed=true +secret.code.lives=30 + +$ cat docs/user-guide/configmap/kubectl/ui.properties +color.good=purple +color.bad=yellow +allow.textmode=true +how.nice.to.look=fairlyNice +``` + +使用下面的命令可以创建一个包含目录中所有文件的ConfigMap。 + +```bash +$ kubectl create configmap game-config --from-file=docs/user-guide/configmap/kubectl +``` + +`—from-file`指定在目录下的所有文件都会被用在ConfigMap里面创建一个键值对,键的名字就是文件名,值就是文件的内容。 + +让我们来看一下这个命令创建的ConfigMap: + +```Yaml +$ kubectl describe configmaps game-config +Name: game-config +Namespace: default +Labels: +Annotations: + +Data +==== +game.properties: 158 bytes +ui.properties: 83 bytes +``` + +我们可以看到那两个key是从kubectl指定的目录中的文件名。这些key的内容可能会很大,所以在kubectl describe的输出中,只能够看到键的名字和他们的大小。 如果想要看到键的值的话,可以使用`kubectl get`: + +```bash +$ kubectl get configmaps game-config -o yaml +``` + +我们以`yaml`格式输出配置。 + +```yaml +apiVersion: v1 +data: + game.properties: | + enemies=aliens + lives=3 + enemies.cheat=true + enemies.cheat.level=noGoodRotten + secret.code.passphrase=UUDDLRLRBABAS + secret.code.allowed=true + secret.code.lives=30 + ui.properties: | + color.good=purple + color.bad=yellow + allow.textmode=true + how.nice.to.look=fairlyNice +kind: ConfigMap +metadata: + creationTimestamp: 2016-02-18T18:34:05Z + name: game-config + namespace: default + resourceVersion: "407" + selfLink: /api/v1/namespaces/default/configmaps/game-config + uid: 30944725-d66e-11e5-8cd0-68f728db1985 +``` + +### 使用文件创建 + +刚才**使用目录创建**的时候我们`—from-file`指定的是一个目录,只要指定为一个文件就可以从单个文件中创建ConfigMap。 + +```bash +$ kubectl create configmap game-config-2 --from-file=docs/user-guide/configmap/kubectl/game.properties + +$ kubectl get configmaps game-config-2 -o yaml +``` + +```Yaml +apiVersion: v1 +data: + game-special-key: | + enemies=aliens + lives=3 + enemies.cheat=true + enemies.cheat.level=noGoodRotten + secret.code.passphrase=UUDDLRLRBABAS + secret.code.allowed=true + secret.code.lives=30 +kind: ConfigMap +metadata: + creationTimestamp: 2016-02-18T18:54:22Z + name: game-config-3 + namespace: default + resourceVersion: "530" + selfLink: /api/v1/namespaces/default/configmaps/game-config-3 + uid: 05f8da22-d671-11e5-8cd0-68f728db1985 +``` + +`—from-file`这个参数可以使用多次,你可以使用两次分别指定上个实例中的那两个配置文件,效果就跟指定整个目录是一样的。 + +### 使用Literal值创建 + +使用文字值创建,利用`—from-literal`参数传递配置信息,该参数可以使用多次,格式如下; + +```bash +$ kubectl create configmap special-config --from-literal=special.how=very --from-literal=special.type=charm + +$ kubectl get configmaps special-config -o yaml +``` + +```yaml +apiVersion: v1 +data: + special.how: very + special.type: charm +kind: ConfigMap +metadata: + creationTimestamp: 2016-02-18T19:14:38Z + name: special-config + namespace: default + resourceVersion: "651" + selfLink: /api/v1/namespaces/default/configmaps/special-config + uid: dadce046-d673-11e5-8cd0-68f728db1985 +``` + +## Pod中使用ConfigMap + +**使用ConfigMap来替代环境变量** + +ConfigMap可以被用来填入环境变量。看下下面的ConfigMap。 + +```Yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: special-config + namespace: default +data: + special.how: very + special.type: charm +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: env-config + namespace: default +data: + log_level: INFO +``` + +我们可以在Pod中这样使用ConfigMap: + +```Yaml +apiVersion: v1 +kind: Pod +metadata: + name: dapi-test-pod +spec: + containers: + - name: test-container + image: gcr.io/google_containers/busybox + command: [ "/bin/sh", "-c", "env" ] + env: + - name: SPECIAL_LEVEL_KEY + valueFrom: + configMapKeyRef: + name: special-config + key: special.how + - name: SPECIAL_TYPE_KEY + valueFrom: + configMapKeyRef: + name: special-config + key: special.type + envFrom: + - configMapRef: + name: env-config + restartPolicy: Never +``` + +这个Pod运行后会输出如下几行: + +``` +SPECIAL_LEVEL_KEY=very +SPECIAL_TYPE_KEY=charm +log_level=INFO + +``` + +**用ConfigMap设置命令行参数** + +ConfigMap也可以被使用来设置容器中的命令或者参数值。它使用的是Kubernetes的$(VAR_NAME)替换语法。我们看下下面这个ConfigMap。 + +```Yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: special-config + namespace: default +data: + special.how: very + special.type: charm +``` + +为了将ConfigMap中的值注入到命令行的参数里面,我们还要像前面那个例子一样使用环境变量替换语法`${VAR_NAME)`。(其实这个东西就是给Docker容器设置环境变量,以前我创建镜像的时候经常这么玩,通过docker run的时候指定-e参数修改镜像里的环境变量,然后docker的CMD命令再利用该$(VAR_NAME)通过sed来来修改配置文件或者作为命令行启动参数。) + +```Yaml +apiVersion: v1 +kind: Pod +metadata: + name: dapi-test-pod +spec: + containers: + - name: test-container + image: gcr.io/google_containers/busybox + command: [ "/bin/sh", "-c", "echo $(SPECIAL_LEVEL_KEY) $(SPECIAL_TYPE_KEY)" ] + env: + - name: SPECIAL_LEVEL_KEY + valueFrom: + configMapKeyRef: + name: special-config + key: special.how + - name: SPECIAL_TYPE_KEY + valueFrom: + configMapKeyRef: + name: special-config + key: special.type + restartPolicy: Never +``` + +运行这个Pod后会输出: + +``` +very charm + +``` + +**通过数据卷插件使用ConfigMap** + +ConfigMap也可以在数据卷里面被使用。还是这个ConfigMap。 + +```Yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: special-config + namespace: default +data: + special.how: very + special.type: charm +``` + +在数据卷里面使用这个ConfigMap,有不同的选项。最基本的就是将文件填入数据卷,在这个文件中,键就是文件名,键值就是文件内容: + +```Yaml +apiVersion: v1 +kind: Pod +metadata: + name: dapi-test-pod +spec: + containers: + - name: test-container + image: gcr.io/google_containers/busybox + command: [ "/bin/sh", "-c", "cat /etc/config/special.how" ] + volumeMounts: + - name: config-volume + mountPath: /etc/config + volumes: + - name: config-volume + configMap: + name: special-config + restartPolicy: Never +``` + +运行这个Pod的输出是`very`。 + +我们也可以在ConfigMap值被映射的数据卷里控制路径。 + +```Yaml +apiVersion: v1 +kind: Pod +metadata: + name: dapi-test-pod +spec: + containers: + - name: test-container + image: gcr.io/google_containers/busybox + command: [ "/bin/sh","-c","cat /etc/config/path/to/special-key" ] + volumeMounts: + - name: config-volume + mountPath: /etc/config + volumes: + - name: config-volume + configMap: + name: special-config + items: + - key: special.how + path: path/to/special-key + restartPolicy: Never +``` + +运行这个Pod后的结果是`very`。 \ No newline at end of file diff --git a/architecture/cronjob.md b/concepts/cronjob.md similarity index 100% rename from architecture/cronjob.md rename to concepts/cronjob.md diff --git a/architecture/daemonset.md b/concepts/daemonset.md similarity index 100% rename from architecture/daemonset.md rename to concepts/daemonset.md diff --git a/architecture/deployment.md b/concepts/deployment.md similarity index 100% rename from architecture/deployment.md rename to concepts/deployment.md diff --git a/architecture/index.md b/concepts/index.md similarity index 100% rename from architecture/index.md rename to concepts/index.md diff --git a/architecture/ingress.md b/concepts/ingress.md similarity index 100% rename from architecture/ingress.md rename to concepts/ingress.md diff --git a/architecture/job.md b/concepts/job.md similarity index 100% rename from architecture/job.md rename to concepts/job.md diff --git a/architecture/kubeadm.md b/concepts/kubeadm.md similarity index 100% rename from architecture/kubeadm.md rename to concepts/kubeadm.md diff --git a/architecture/objects.md b/concepts/objects.md similarity index 84% rename from architecture/objects.md rename to concepts/objects.md index b1f57488d..494a45f1b 100644 --- a/architecture/objects.md +++ b/concepts/objects.md @@ -1,6 +1,8 @@ # 主要概念 -- Pod, Service, Namespace和Node +- Pod +- Node +- Namespace - Service - Volume和Persistent Volume - Deployment diff --git a/architecture/replicaset.md b/concepts/replicaset.md similarity index 100% rename from architecture/replicaset.md rename to concepts/replicaset.md diff --git a/architecture/secret.md b/concepts/secret.md similarity index 100% rename from architecture/secret.md rename to concepts/secret.md diff --git a/architecture/service.md b/concepts/service.md similarity index 100% rename from architecture/service.md rename to concepts/service.md diff --git a/architecture/serviceaccount.md b/concepts/serviceaccount.md similarity index 100% rename from architecture/serviceaccount.md rename to concepts/serviceaccount.md diff --git a/architecture/statefulset.md b/concepts/statefulset.md similarity index 100% rename from architecture/statefulset.md rename to concepts/statefulset.md diff --git a/architecture/volume.md b/concepts/volume.md similarity index 100% rename from architecture/volume.md rename to concepts/volume.md diff --git a/cover.jpg b/cover.jpg index eef34e6ff..b09cceaa1 100644 Binary files a/cover.jpg and b/cover.jpg differ diff --git a/debugging/index.md b/debugging/index.md deleted file mode 100644 index 612dca0f3..000000000 --- a/debugging/index.md +++ /dev/null @@ -1,7 +0,0 @@ -# Kubernetes debugging - - -## Kubernetes应用debugging - -* [调试运行中的容器应用](http://feisky.xyz/2017/02/14/Debugging-application-in-containers/) - diff --git a/deploy/certificate.md b/deploy/certificate.md deleted file mode 100644 index a5644b86c..000000000 --- a/deploy/certificate.md +++ /dev/null @@ -1,152 +0,0 @@ -# 证书生成 - -kubeadm在部署Kubernetes时会自动生成Kubernetes所需要的证书,这里是手动生成这些证书的方法。 - -安装cfssl - -```sh -go get -u github.com/cloudflare/cfssl/cmd/... -``` - -创建CA配置文件 - -```sh -mkdir -p /etc/ssl/certs -cd /etc/ssl/certs - -cfssl print-defaults config > config.json -cfssl print-defaults csr > csr.json -cat >ca-config.json <ca-csr.json <kubernetes-csr.json <admin-csr.json <kube-proxy-csr.json <放到每台机器的`/etc/kubernetes/manifests/etcd.yaml`,并替换掉`${DISCOVERY_TOKEN}`, `${NODE_NAME}`和`${NODE_IP}`,既可以由kubelet来启动一个etcd集群。 - -对于运行在kubelet外部的etcd,可以参考[etcd clustering guide](https://github.com/coreos/etcd/blob/master/Documentation/op-guide/clustering.md)来手动配置集群模式。 - -### kube-apiserver - -把放到每台Master节点的`/etc/kubernetes/manifests/`,并把相关的配置放到`/srv/kubernetes/`,即可由kubelet自动创建并启动apiserver: - -- basic_auth.csv - basic auth user and password -- ca.crt - Certificate Authority cert -- known_tokens.csv - tokens that entities (e.g. the kubelet) can use to talk to the apiserver -- kubecfg.crt - Client certificate, public key -- kubecfg.key - Client certificate, private key -- server.cert - Server certificate, public key -- server.key - Server certificate, private key - -apiserver启动后,还需要为它们做负载均衡,可以使用云平台的弹性负载均衡服务或者使用haproxy/lvs/nginx等为master节点配置负载均衡。 - -另外,还可以借助Keepalived、OSPF、Pacemaker等来保证负载均衡节点的高可用。 - -注意: - -- 大规模集群注意增加`--max-requests-inflight`(默认400) -- 使用nginx时注意增加`proxy_timeout: 10m` - -### controller manager和scheduler - -controller manager和scheduler需要保证任何时刻都只有一个实例运行,需要一个选主的过程,所以在启动时要设置`--leader-elect=true`,比如 - -``` -kube-scheduler --master=127.0.0.1:8080 --v=2 --leader-elect=true -kube-controller-manager --master=127.0.0.1:8080 --cluster-cidr=10.245.0.0/16 --allocate-node-cidrs=true --service-account-private-key-file=/srv/kubernetes/server.key --v=2 --leader-elect=true -``` - -把[kube-scheduler.yaml](https://kubernetes.io/docs/admin/high-availability/kube-scheduler.yaml)和[kube-controller-manager.yaml](https://kubernetes.io/docs/admin/high-availability/kube-controller-manager.yaml)(非GCE平台需要适当修改) 放到每台master节点的`/etc/kubernetes/manifests/`即可。 - -### kube-dns - -kube-dns可以通过Deployment的方式来部署,默认kubeadm会自动创建。但在大规模集群的时候,需要放宽资源限制,比如 - -``` -dns_replicas: 6 -dns_cpu_limit: 100m -dns_memory_limit: 512Mi -dns_cpu_requests 70m -dns_memory_requests: 70Mi -``` - -另外,也需要给dnsmasq增加资源,比如增加缓存大小到10000,增加并发处理数量`--dns-forward-max=1000`等。 - -### 数据持久化 - -除了上面提到的这些配置,持久化存储也是高可用Kubernetes集群所必须的。 - -- 对于公有云上部署的集群,可以考虑使用云平台提供的持久化存储,比如aws ebs或者gce persistent disk -- 对于物理机部署的集群,可以考虑使用iSCSI、NFS、Gluster或者Ceph等网络存储,也可以使用RAID - -## GCE/Azure - -在GCE或者Azure上面可以利用cluster脚本方便的部署集群: - -``` -# gce,aws,gke,azure-legacy,vsphere,openstack-heat,rackspace,libvirt-coreos -export KUBERNETES_PROVIDER=gce -curl -sS https://get.k8s.io | bash -cd kubernetes -cluster/kube-up.sh -``` - -## AWS - -在aws上建议使用[kops](https://kubernetes.io/docs/getting-started-guides/kops/)来部署。 - -## 物理机或虚拟机 - -在Linux物理机或虚拟机中,建议使用[kubeadm](https://kubernetes.io/docs/getting-started-guides/kubeadm/)来部署Kubernetes集群。 - diff --git a/deploy/frakti/centos.md b/deploy/frakti/centos.md deleted file mode 100644 index b8ebf336b..000000000 --- a/deploy/frakti/centos.md +++ /dev/null @@ -1,181 +0,0 @@ -# Cluster deploying of frakti On CentOS - -This document shows how to easily install a kubernetes cluster with frakti runtime. - -Frakti is a hypervisor-based container runtime, it depends on a few packages besides kubernetes: - -- hyperd: the hyper container engine (main container runtime) -- docker: the docker container engine (auxiliary container runtime) -- cni: the network plugin - -## Optional: create instances on GCE - -It is recommended to run frakti-enabled kubernetes on baremetal, but you could still have a try of frakti on public clouds. - -**Do not forget to enable ip_forward on GCE.** - -## Initialize all nodes - -### Install hyperd - -```sh -# install from https://docs.hypercontainer.io/get_started/install/linux.html -curl -sSL https://hypercontainer.io/install | bash - -echo -e "Hypervisor=libvirt\n\ -Kernel=/var/lib/hyper/kernel\n\ -Initrd=/var/lib/hyper/hyper-initrd.img\n\ -Hypervisor=qemu\n\ -StorageDriver=overlay\n\ -gRPCHost=127.0.0.1:22318" > /etc/hyper/config -systemctl enable hyperd -systemctl restart hyperd -``` - -### Install docker - -```sh -yum install -y docker -sed -i 's/native.cgroupdriver=systemd/native.cgroupdriver=cgroupfs/g' /usr/lib/systemd/system/docker.service -systemctl daemon-reload - -systemctl enable docker -systemctl start docker -``` - -### Install frakti - -```sh -curl -sSL https://github.com/kubernetes/frakti/releases/download/v0.1/frakti -o /usr/bin/frakti -chmod +x /usr/bin/frakti -cat < /lib/systemd/system/frakti.service -[Unit] -Description=Hypervisor-based container runtime for Kubernetes -Documentation=https://github.com/kubernetes/frakti -After=network.target - -[Service] -ExecStart=/usr/bin/frakti --v=3 \ - --log-dir=/var/log/frakti \ - --logtostderr=false \ - --listen=/var/run/frakti.sock \ - --streaming-server-addr=%H \ - --hyper-endpoint=127.0.0.1:22318 -MountFlags=shared -TasksMax=8192 -LimitNOFILE=1048576 -LimitNPROC=1048576 -LimitCORE=infinity -TimeoutStartSec=0 -Restart=on-abnormal - -[Install] -WantedBy=multi-user.target -EOF -``` - -### Install CNI - -Frakti requires cni network for starting. - -Note: - -- Configure different subnet for different hosts, e.g. - - 10.244.1.0/24 - - 10.244.2.0/24 - - 10.244.3.0/24 -- Configure host routes on GCE - - gcloud compute routes create "instance-1" --description "instance-1" --destination-range "10.244.1.0/24" --network "default" --next-hop-instance "instance-1" --next-hop-instance-zone "asia-east1-a" --priority "100" - - gcloud compute routes create "instance-2" --description "instance-2" --destination-range "10.244.2.0/24" --network "default" --next-hop-instance "instance-2" --next-hop-instance-zone "asia-east1-a" --priority "100" - - gcloud compute routes create "instance-3" --description "instance-3" --destination-range "10.244.3.0/24" --network "default" --next-hop-instance "instance-3" --next-hop-instance-zone "asia-east1-a" --priority "100" - -```sh -cat < /etc/yum.repos.d/kubernetes.repo -[kubernetes] -name=Kubernetes -baseurl=http://yum.kubernetes.io/repos/kubernetes-el7-x86_64-unstable -enabled=1 -gpgcheck=1 -repo_gpgcheck=1 -gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg -EOF -setenforce 0 -yum install -y kubernetes-cni bridge-utils -``` - -Configure cni network - -```sh -mkdir -p /etc/cni/net.d -cat >/etc/cni/net.d/10-mynet.conf <<-EOF -{ - "cniVersion": "0.3.0", - "name": "mynet", - "type": "bridge", - "bridge": "cni0", - "isGateway": true, - "ipMasq": true, - "ipam": { - "type": "host-local", - "subnet": "10.244.1.0/24", - "routes": [ - { "dst": "0.0.0.0/0" } - ] - } -} -EOF -cat >/etc/cni/net.d/99-loopback.conf <<-EOF -{ - "cniVersion": "0.3.0", - "type": "loopback" -} -EOF -``` - -### Install kubelet - -```sh -yum install -y kubelet kubeadm kubectl -# Note that there are no kubernete v1.6 rpms on `yum.kubernetes.io`, so it needs to be fetched from `dl.k8s.io`: -# Download latest release of kubelet and kubectl -# TODO: remove this after the stable v1.6 release -cd /tmp/ -curl -SL https://dl.k8s.io/v1.6.0-beta.4/kubernetes-server-linux-amd64.tar.gz -o kubernetes-server-linux-amd64.tar.gz -tar zxvf kubernetes-server-linux-amd64.tar.gz -/bin/cp -f kubernetes/server/bin/{kubelet,kubeadm,kubectl} /usr/bin/ -rm -rf kubernetes-server-linux-amd64.tar.gz kubernetes -``` - -Configure kubelet with frakti runtime - -```sh -sed -i '2 i\Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --container-runtime-endpoint=/var/run/frakti.sock --feature-gates=AllAlpha=true"' /etc/systemd/system/kubelet.service.d/10-kubeadm.conf -``` - -## Setting up the master node - -hyperkube image could be customized via `KUBE_HYPERKUBE_IMAGE`: - -- `VERSION=v1.6.0 make -C cluster/images/hyperkube build` -- `export KUBE_HYPERKUBE_IMAGE=xxxx` - -```sh -kubeadm init kubeadm init --pod-network-cidr 10.244.0.0/16 --kubernetes-version latest -``` - -Optional: enable schedule pods on the master - -```sh -export KUBECONFIG=/etc/kubernetes/admin.conf -kubectl taint nodes --all node-role.kubernetes.io/master:NoSchedule- -``` - -## Setting up the worker nodes - -```sh -# get token on master node -token=$(kubeadm token list | grep authentication,signing | awk '{print $1}') -# join master on worker nodes -kubeadm join --token $token ${master_ip}:6443 -``` diff --git a/deploy/frakti/index.md b/deploy/frakti/index.md deleted file mode 100644 index ff47b9d71..000000000 --- a/deploy/frakti/index.md +++ /dev/null @@ -1,231 +0,0 @@ -# Cluster deploying of frakti - -- [Cluster deploying of frakti](#cluster-deploying-of-frakti) - - [Overview](#overview) - - [Install packages](#install-packages) - - [Install hyperd](#install-hyperd) - - [Install docker](#install-docker) - - [Install frakti](#install-frakti) - - [Install CNI](#install-cni) - - [Install kubelet](#install-kubelet) - - [Setting up the master node](#setting-up-the-worker-nodes) - - [Setting up the worker nodes](#setting-up-the-worker-nodes) - -## Overview - -This document shows how to easily install a kubernetes cluster with frakti runtime. - -Frakti is a hypervisor-based container runtime, it depends on a few packages besides kubernetes: - -- hyperd: the hyper container engine (main container runtime) -- docker: the docker container engine (auxiliary container runtime) -- cni: the network plugin - -## Install packages - -### Install hyperd - -On Ubuntu 16.04+: - -```sh -apt-get update && apt-get install -y qemu libvirt-bin -curl -sSL https://hypercontainer.io/install | bash -``` - -On CentOS 7: - -```sh -curl -sSL https://hypercontainer.io/install | bash -``` - -Configure hyperd: - -```sh -echo -e "Hypervisor=libvirt\n\ -Kernel=/var/lib/hyper/kernel\n\ -Initrd=/var/lib/hyper/hyper-initrd.img\n\ -Hypervisor=qemu\n\ -StorageDriver=overlay\n\ -gRPCHost=127.0.0.1:22318" > /etc/hyper/config -systemctl enable hyperd -systemctl restart hyperd -``` - -### Install docker - -On Ubuntu 16.04+: - -```sh -apt-get update -apt-get install -y docker.io -``` - -On CentOS 7: - -```sh -yum install -y docker -sed -i 's/native.cgroupdriver=systemd/native.cgroupdriver=cgroupfs/g' /usr/lib/systemd/system/docker.service -systemctl daemon-reload -``` - -Configure and start docker: - -```sh -systemctl enable docker -systemctl start docker -``` - -### Install frakti - -```sh -curl -sSL https://github.com/kubernetes/frakti/releases/download/v0.1/frakti -o /usr/bin/frakti -chmod +x /usr/bin/frakti -cat < /lib/systemd/system/frakti.service -[Unit] -Description=Hypervisor-based container runtime for Kubernetes -Documentation=https://github.com/kubernetes/frakti -After=network.target - -[Service] -ExecStart=/usr/bin/frakti --v=3 \ - --log-dir=/var/log/frakti \ - --logtostderr=false \ - --listen=/var/run/frakti.sock \ - --streaming-server-addr=%H \ - --hyper-endpoint=127.0.0.1:22318 -MountFlags=shared -TasksMax=8192 -LimitNOFILE=1048576 -LimitNPROC=1048576 -LimitCORE=infinity -TimeoutStartSec=0 -Restart=on-abnormal - -[Install] -WantedBy=multi-user.target -EOF -``` - -### Install CNI - -On Ubuntu 16.04+: - -```sh -apt-get update && apt-get install -y apt-transport-https -curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - -cat < /etc/apt/sources.list.d/kubernetes.list -deb http://apt.kubernetes.io/ kubernetes-xenial-unstable main -EOF -apt-get update -apt-get install -y kubernetes-cni -``` - -On CentOS 7: - -```sh -cat < /etc/yum.repos.d/kubernetes.repo -[kubernetes] -name=Kubernetes -baseurl=http://yum.kubernetes.io/repos/kubernetes-el7-x86_64-unstable -enabled=1 -gpgcheck=1 -repo_gpgcheck=1 -gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg -EOF -setenforce 0 -yum install -y kubernetes-cni -``` - -Configure CNI networks: - -```sh -mkdir -p /etc/cni/net.d -cat >/etc/cni/net.d/10-mynet.conf <<-EOF -{ - "cniVersion": "0.3.0", - "name": "mynet", - "type": "bridge", - "bridge": "cni0", - "isGateway": true, - "ipMasq": true, - "ipam": { - "type": "host-local", - "subnet": "10.244.0.0/16", - "routes": [ - { "dst": "0.0.0.0/0" } - ] - } -} -EOF -cat >/etc/cni/net.d/99-loopback.conf <<-EOF -{ - "cniVersion": "0.3.0", - "type": "loopback" -} -EOF -``` - -### Start frakti - -```sh -systemctl enable frakti -systemctl start frakti -``` - -### Install kubelet - -On Ubuntu 16.04+: - -```sh -apt-get install -y kubelet kubeadm kubectl -``` - -On CentOS 7: - -```sh -yum install -y kubelet kubeadm kubectl -``` - -> Note that there are no kubernete v1.6 rpms on `yum.kubernetes.io`, so it needs to be fetched from `dl.k8s.io`: - -```sh -# Download latest release of kubelet and kubectl -# TODO: remove this after the stable v1.6 release -curl -SL https://dl.k8s.io/v1.6.0-beta.4/kubernetes-server-linux-amd64.tar.gz -o kubernetes-server-linux-amd64.tar.gz -tar zxvf kubernetes-server-linux-amd64.tar.gz -/bin/cp -f kubernetes/server/bin/{kubelet,kubeadm,kubectl} /usr/bin/ -rm -rf kubernetes-server-linux-amd64.tar.gz -``` - -Configure kubelet with frakti runtime: - -```sh -sed -i '2 i\Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --container-runtime-endpoint=/var/run/frakti.sock --feature-gates=AllAlpha=true"' /etc/systemd/system/kubelet.service.d/10-kubeadm.conf -``` - -## Setting up the master node - -```sh -# export KUBE_HYPERKUBE_IMAGE= -kubeadm init kubeadm init --pod-network-cidr 10.244.0.0/16 --kubernetes-version latest -``` - - -Optional: enable schedule pods on the master - -```sh -export KUBECONFIG=/etc/kubernetes/admin.conf -kubectl taint nodes --all node-role.kubernetes.io/master:NoSchedule- -``` - -## Setting up the worker nodes - -```sh -# get token on master node -token=$(kubeadm token list | grep authentication,signing | awk '{print $1}') - -# join master on worker nodes -kubeadm join --token $token ${master_ip} -``` - diff --git a/deploy/frakti/ubuntu.md b/deploy/frakti/ubuntu.md deleted file mode 100644 index 56726863c..000000000 --- a/deploy/frakti/ubuntu.md +++ /dev/null @@ -1,177 +0,0 @@ -# Cluster deploying of frakti On Ubuntu - -This document shows how to easily install a kubernetes cluster with frakti runtime. - -Frakti is a hypervisor-based container runtime, it depends on a few packages besides kubernetes: - -- hyperd: the hyper container engine (main container runtime) -- docker: the docker container engine (auxiliary container runtime) -- cni: the network plugin - -## Optional: create instances on GCE - -It is recommended to run frakti-enabled kubernetes on baremetal, but you could still have a try of frakti on public clouds. - -**Do not forget to enable ip_forward on GCE.** - -## Initialize all nodes - -### Install hyperd - -```sh -# install from https://docs.hypercontainer.io/get_started/install/linux.html -apt-get update && apt-get install -y qemu libvirt-bin -curl -sSL https://hypercontainer.io/install | bash - -echo -e "Hypervisor=libvirt\n\ -Kernel=/var/lib/hyper/kernel\n\ -Initrd=/var/lib/hyper/hyper-initrd.img\n\ -Hypervisor=qemu\n\ -StorageDriver=overlay\n\ -gRPCHost=127.0.0.1:22318" > /etc/hyper/config -systemctl enable hyperd -systemctl restart hyperd -``` - -### Install docker - -```sh -apt-get update -apt-get install -y docker.io - -systemctl enable docker -systemctl start docker -``` - -### Install frakti - -```sh -curl -sSL https://github.com/kubernetes/frakti/releases/download/v0.1/frakti -o /usr/bin/frakti -chmod +x /usr/bin/frakti -cat < /lib/systemd/system/frakti.service -[Unit] -Description=Hypervisor-based container runtime for Kubernetes -Documentation=https://github.com/kubernetes/frakti -After=network.target - -[Service] -ExecStart=/usr/bin/frakti --v=3 \ - --log-dir=/var/log/frakti \ - --logtostderr=false \ - --listen=/var/run/frakti.sock \ - --streaming-server-addr=%H \ - --hyper-endpoint=127.0.0.1:22318 -MountFlags=shared -TasksMax=8192 -LimitNOFILE=1048576 -LimitNPROC=1048576 -LimitCORE=infinity -TimeoutStartSec=0 -Restart=on-abnormal - -[Install] -WantedBy=multi-user.target -EOF -``` - -### Install CNI - -Frakti requires cni network for starting. - -Note: - -- Configure different subnet for different hosts, e.g. - - 10.244.1.0/24 - - 10.244.2.0/24 - - 10.244.3.0/24 -- Configure host routes on GCE - - gcloud compute routes create "instance-1" --description "instance-1" --destination-range "10.244.1.0/24" --network "default" --next-hop-instance "instance-1" --next-hop-instance-zone "asia-east1-a" --priority "100" - - gcloud compute routes create "instance-2" --description "instance-2" --destination-range "10.244.2.0/24" --network "default" --next-hop-instance "instance-2" --next-hop-instance-zone "asia-east1-a" --priority "100" - - gcloud compute routes create "instance-3" --description "instance-3" --destination-range "10.244.3.0/24" --network "default" --next-hop-instance "instance-3" --next-hop-instance-zone "asia-east1-a" --priority "100" - -```sh -apt-get update && apt-get install -y apt-transport-https -curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - -cat < /etc/apt/sources.list.d/kubernetes.list -deb http://apt.kubernetes.io/ kubernetes-xenial-unstable main -EOF -apt-get update -apt-get install -y kubernetes-cni -``` - -Configure cni network - -```sh -mkdir -p /etc/cni/net.d -cat >/etc/cni/net.d/10-mynet.conf <<-EOF -{ - "cniVersion": "0.3.0", - "name": "mynet", - "type": "bridge", - "bridge": "cni0", - "isGateway": true, - "ipMasq": true, - "ipam": { - "type": "host-local", - "subnet": "10.244.1.0/24", - "routes": [ - { "dst": "0.0.0.0/0" } - ] - } -} -EOF -cat >/etc/cni/net.d/99-loopback.conf <<-EOF -{ - "cniVersion": "0.3.0", - "type": "loopback" -} -EOF -``` - -### start frakti - -```sh -systemctl enable frakti -systemctl start frakti -``` - -### Install kubelet - -```sh -apt-get install -y kubelet kubeadm kubectl -``` - -Configure kubelet with frakti runtime: - -```sh -sed -i '2 i\Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --container-runtime-endpoint=/var/run/frakti.sock --feature-gates=AllAlpha=true"' /etc/systemd/system/kubelet.service.d/10-kubeadm.conf -``` - -## Setting up the master node - -hyperkube image could be customized via `KUBE_HYPERKUBE_IMAGE`: - -- `VERSION=v1.6.0 make -C cluster/images/hyperkube build` -- `export KUBE_HYPERKUBE_IMAGE=xxxx` - -```sh -kubeadm init kubeadm init --pod-network-cidr 10.244.0.0/16 --kubernetes-version latest -``` - - -Optional: enable schedule pods on the master - -```sh -export KUBECONFIG=/etc/kubernetes/admin.conf -kubectl taint nodes --all node-role.kubernetes.io/master:NoSchedule- -``` - -## Setting up the worker nodes - -```sh -# get token on master node -token=$(kubeadm token list | grep authentication,signing | awk '{print $1}') - -# join master on worker nodes -kubeadm join --token $token ${master_ip} -``` diff --git a/deploy/index.md b/deploy/index.md deleted file mode 100644 index f823fd66e..000000000 --- a/deploy/index.md +++ /dev/null @@ -1,20 +0,0 @@ -# Kubernetes部署 - -- [单机部署](single.md) -- [集群部署](cluster.md) - - [kubeadm](kubeadm.md) - - [frakti](frakti/index.md) - - [证书生成示例](certificate.md) -- [在CentOS上部署kubernetes1.6集群](在CentOS上部署kubernetes1.6集群.md) - - [创建TLS证书和秘钥](deploy/centos/01-创建TLS证书和密钥.md) - - [创建kubeconfig 文件](创建kubeconfig文件.md) - - [创建高可用etcd集群](03-创建高可用etcd集群.md) - - [安装kubectl命令行工具](04-安装kubectl命令行工具.md) - - [部署高可用master集群](05-部署高可用master集群.md) - - [部署node节点](06-部署node节点.md) - - [安装kubedns插件](07-安装kubedns插件.md) - - [安装dashboard插件](08-安装dashboard插件.md) - - [安装heapster插件](09-安装heapster插件.md) - - [安装EFK插件](10-安装EFK插件.md) - - diff --git a/deploy/kubeadm.md b/deploy/kubeadm.md deleted file mode 100644 index 391a43eaf..000000000 --- a/deploy/kubeadm.md +++ /dev/null @@ -1,123 +0,0 @@ -# kubeadm - -## 初始化系统 - -所有机器都需要初始化docker和kubelet。 - -### ubuntu - -```sh -# for ubuntu 16.04+ -apt-get update && apt-get install -y apt-transport-https -curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - -cat < /etc/apt/sources.list.d/kubernetes.list -deb http://apt.kubernetes.io/ kubernetes-xenial main -EOF -apt-get update -# Install docker if you don't have it already. -apt-get install -y docker.io -apt-get install -y kubelet kubeadm kubectl kubernetes-cni -systemctl enable docker && systemctl start docker - -systemctl enable kubelet && systemctl start kubelet -``` - -### centos - -```sh -cat < /etc/yum.repos.d/kubernetes.repo -[kubernetes] -name=Kubernetes -baseurl=http://yum.kubernetes.io/repos/kubernetes-el7-x86_64 -enabled=1 -gpgcheck=1 -repo_gpgcheck=1 -gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg -EOF -setenforce 0 -yum install -y docker kubelet kubeadm kubectl kubernetes-cni -systemctl enable docker && systemctl start docker - -systemctl enable kubelet && systemctl start kubelet -``` - -## 安装master - -```sh -# --api-advertise-addresses -# for flannel, setup --pod-network-cidr 10.244.0.0/16 -kubeadm init kubeadm init --pod-network-cidr 10.244.0.0/16 --kubernetes-version latest - -# eanable schedule pods on the master -export KUBECONFIG=/etc/kubernetes/admin.conf -# for v1.5-, use kubectl taint nodes --all dedicated- -kubectl taint nodes --all node-role.kubernetes.io/master:NoSchedule- -``` - -## 配置Network plugin - -### CNI bridge - -```sh -mkdir -p /etc/cni/net.d -cat >/etc/cni/net.d/10-mynet.conf <<-EOF -{ - "cniVersion": "0.3.0", - "name": "mynet", - "type": "bridge", - "bridge": "cni0", - "isGateway": true, - "ipMasq": true, - "ipam": { - "type": "host-local", - "subnet": "10.244.0.0/16", - "routes": [ - { "dst": "0.0.0.0/0" } - ] - } -} -EOF -cat >/etc/cni/net.d/99-loopback.conf <<-EOF -{ - "cniVersion": "0.3.0", - "type": "loopback" -} -EOF -``` - -### flannel - -```sh -#kubectl apply -f https://gist.githubusercontent.com/feiskyer/1e7a95f27c391a35af47881eb20131d7/raw/4266f05355590fa185bc8e50c0f50d2841993d20/flannel.yaml -kubectl create -f https://github.com/coreos/flannel/raw/master/Documentation/kube-flannel-rbac.yml -kubectl create -f https://github.com/coreos/flannel/raw/master/Documentation/kube-flannel.yml -``` - -### weave - -```sh -# kubectl apply -f https://gist.githubusercontent.com/feiskyer/0b00688584cc7ed9bd9a993adddae5e3/raw/67f3558e32d5c76be38e36ef713cc46deb2a74ca/weave.yaml -kubectl apply -f https://git.io/weave-kube-1.6 -``` - -### calico - -```sh -# kubectl apply -f https://gist.githubusercontent.com/feiskyer/0f952c7dadbfcefd2ce81ba7ea24a8ca/raw/92addea398bbc4d4a1dcff8a98c1ac334c8acb26/calico.yaml -kubectl apply -f http://docs.projectcalico.org/v2.1/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml -``` - -## 添加Node - -```sh -token=$(kubeadm token list | grep authentication,signing | awk '{print $1}') -kubeadm join --token $token ${master_ip} -``` - -## 删除安装 - -``` -kubeadm reset -``` - diff --git a/deploy/kubernetes-configuration-best-practice.md b/deploy/kubernetes-configuration-best-practice.md deleted file mode 100644 index 8b76aa044..000000000 --- a/deploy/kubernetes-configuration-best-practice.md +++ /dev/null @@ -1,54 +0,0 @@ -# Kubernetes配置最佳实践 - -本文翻译自Kubernetes官方文档[Configuration Best Practices](https://kubernetes.io/docs/concepts/configuration/overview/)。 - -本文档旨在汇总和强调用户指南、快速开始文档和示例中的最佳实践。该文档会很很活跃并持续更新中。如果你觉得很有用的最佳实践但是本文档中没有包含,欢迎给我们提Pull Request。 - -## 通用配置建议 - -- 定义配置文件的时候,指定最新的稳定API版本(目前是V1)。 -- 在配置文件push到集群之前应该保存在版本控制系统中。这样当需要的时候能够快速回滚,必要的时候也可以快速的创建集群。 -- 使用YAML格式而不是JSON格式的配置文件。在大多数场景下它们都可以作为数据交换格式,但是YAML格式比起JSON更易读和配置。 -- 尽量将相关的对象放在同一个配置文件里。这样比分成多个文件更容易管理。参考[guestbook-all-in-one.yaml](https://github.com/kubernetes/kubernetes/tree/master/examples/guestbook/all-in-one/guestbook-all-in-one.yaml)文件中的配置(注意,尽管你可以在使用`kubectl`命令时指定配置文件目录,你也可以在配置文件目录下执行`kubectl create`——查看下面的详细信息)。 -- 为了简化和最小化配置,也为了防止错误发生,不要指定不必要的默认配置。例如,省略掉`ReplicationController`的selector和label,如果你希望它们跟`podTemplate`中的label一样的话,因为那些配置默认是`podTemplate`的label产生的。更多信息请查看 [guestbook app](https://github.com/kubernetes/kubernetes/tree/master/examples/guestbook/) 的yaml文件和 [examples](https://github.com/kubernetes/kubernetes/tree/master/examples/guestbook/frontend-deployment.yaml) 。 -- 将资源对象的描述放在一个annotation中可以更好的内省。 - - -## 裸奔的Pods vs Replication Controllers和 Jobs - -- 如果有其他方式替代“裸奔的pod”(如没有绑定到[replication controller ](https://kubernetes.io/docs/user-guide/replication-controller)上的pod),那么就使用其他选择。在node节点出现故障时,裸奔的pod不会被重新调度。Replication Controller总是会重新创建pod,除了明确指定了[`restartPolicy: Never`](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy) 的场景。[Job](https://kubernetes.io/docs/concepts/jobs/run-to-completion-finite-workloads/) 对象也适用。 - - -## Services - -- 通常最好在创建相关的[replication controllers](https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/)之前先创建[service](https://kubernetes.io/docs/concepts/services-networking/service/)(没有这个必要吧?)你也可以在创建Replication Controller的时候不指定replica数量(默认是1),创建service后,在通过Replication Controller来扩容。这样可以在扩容很多个replica之前先确认pod是正常的。 -- 除非时分必要的情况下(如运行一个node daemon),不要使用`hostPort`(用来指定暴露在主机上的端口号)。当你给Pod绑定了一个`hostPort`,该pod可被调度到的主机的受限了,因为端口冲突。如果是为了调试目的来通过端口访问的话,你可以使用 [kubectl proxy and apiserver proxy](https://kubernetes.io/docs/tasks/access-kubernetes-api/http-proxy-access-api/) 或者 [kubectl port-forward](https://kubernetes.io/docs/tasks/access-application-cluster/port-forward-access-application-cluster/)。你可使用 [Service](/docs/concepts/services-networking/service/) 来对外暴露服务。如果你确实需要将pod的端口暴露到主机上,考虑使用 [NodePort](https://kubernetes.io/docs/user-guide/services/#type-nodeport) service。 -- 跟`hostPort`一样的原因,避免使用 `hostNetwork`。 -- 如果你不需要kube-proxy的负载均衡的话,可以考虑使用使用[headless services](https://kubernetes.io/docs/user-guide/services/#headless-services)。 - -## 使用Label - -- 定义 [labels](https://kubernetes.io/docs/user-guide/labels/) 来指定应用或Deployment的 **semantic attributes** 。 For example, instead of attaching a label to a set of pods to explicitly represent some service (e.g., `service: myservice`), or explicitly representing the replication controller managing the pods (e.g., `controller: mycontroller`), attach labels that identify semantic attributes, such as `{ app: myapp, tier: frontend, phase: test, deployment: v3 }`. This will let you select the object groups appropriate to the context— e.g., a service for all “tier: frontend” pods, or all “test” phase components of app “myapp”. See the [guestbook](https://github.com/kubernetes/kubernetes/tree/master/examples/guestbook/) app for an example of this approach. - - A service can be made to span multiple deployments, such as is done across [rolling updates](https://kubernetes.io/docs/tasks/run-application/rolling-update-replication-controller/), by simply omitting release-specific labels from its selector, rather than updating a service’s selector to match the replication controller’s selector fully. - -- 为了滚动升级的方便,在Replication Controller的名字中包含版本信息,例如作为名字的后缀。设置一个`version`标签页是很有用的。滚动更新创建一个新的controller而不是修改现有的controller。因此,version含混不清的controller名字就可能带来问题。查看[Rolling Update Replication Controller](https://kubernetes.io/docs/tasks/run-application/rolling-update-replication-controller/)文档获取更多关于滚动升级命令的信息。 - - 注意 [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/) 对象不需要再管理 replication controller 的版本名。Deployment 中描述了对象的期望状态,如果对spec的更改被应用了话,Deployment controller 会以控制的速率来更改实际状态到期望状态。(Deployment目前是 [`extensions` API Group](https://kubernetes.io/docs/concepts/overview/kubernetes-api/#api-groups)的一部分)。 - -- 利用label做调试。因为Kubernetes replication controller和service使用label来匹配pods,这允许你通过移除pod中的label的方式将其从一个controller或者service中移除,原来的controller会创建一个新的pod来取代移除的pod。这是一个很有用的方式,帮你在一个隔离的环境中调试之前的“活着的” pod。查看 [`kubectl label`](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) 命令。 - -## 容器镜像 - -- [默认容器镜像拉取策略](https://kubernetes.io/docs/concepts/containers/images/) 是 `IfNotPresent`, 当本地已存在该镜像的时候 [Kubelet](https://kubernetes.io/docs/admin/kubelet/) 不会再从镜像仓库拉取。如果你希望总是从镜像仓库中拉取镜像的话,在yaml文件中指定镜像拉取策略为`Always`( `imagePullPolicy: Always`)或者指定镜像的tag为 `:latest` 。 - - 如果你没有将镜像标签指定为`:latest`,例如指定为`myimage:v1`,当该标签的镜像进行了更新,kubelet也不会拉取该镜像。你可以在每次镜像更新后都生成一个新的tag(例如`myimage:v2`),在配置文件中明确指定该版本。 - - **注意:** 在生产环境下部署容器应该尽量避免使用`:latest`标签,因为这样很难追溯到底运行的是哪个版本的容器和回滚。 - -## Using kubectl - -- 尽量使用 `kubectl create -f ` 。kubeclt会自动查找该目录下的所有后缀名为`.yaml`、`.yml`和`.json`文件并将它们传递给`create`命令。 -- 使用 `kubectl delete` 而不是 `stop`. `Delete` 是 `stop`的超集,`stop` 已经被弃用。 -- 使用 kubectl bulk 操作(通过文件或者label)来get和delete。查看[label selectors ](https://kubernetes.io/docs/user-guide/labels/#label-selectors)和 [using labels effectively](https://kubernetes.io/docs/concepts/cluster-administration/manage-deployment/#using-labels-effectively)。 -- 使用 `kubectl run` 和 `expose` 命令快速创建直有耽搁容器的Deployment。查看 [quick start guide](https://kubernetes.io/docs/user-guide/quick-start/)中的示例。 \ No newline at end of file diff --git a/deploy/logging.md b/deploy/logging.md deleted file mode 100644 index 6f6cb7299..000000000 --- a/deploy/logging.md +++ /dev/null @@ -1,24 +0,0 @@ -# Kubernetes日志 - -ELK可谓是容器日志收集、处理和搜索的黄金搭档: - -* Logstash(或者Fluentd)负责收集日志 -* Elasticsearch存储日志并提供搜索 -* Kibana负责日志查询和展示 - -注意:Kubernetes默认使用fluentd(以DaemonSet的方式启动)来收集日志,并将收集的日志发送给elasticsearch。 - -**小提示** - -在使用`cluster/kube-up.sh`部署集群的时候,可以设置`KUBE_LOGGING_DESTINATION`环境变量自动部署Elasticsearch和Kibana,并使用fluentd收集日志(配置参考[addons/fluentd-elasticsearch](https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/fluentd-elasticsearch)): - -``` -KUBE_LOGGING_DESTINATION=elasticsearch -KUBE_ENABLE_NODE_LOGGING=true -cluster/kube-up.sh -``` - -如果使用GCE或者GKE的话,还可以[将日志发送给Google Cloud Logging](https://kubernetes.io/docs/user-guide/logging/stackdriver/),并可以集成Google Cloud Storage和BigQuery。 - -如果需要集成其他的日志方案,还可以自定义docker的log driver,将日志发送到splunk或者awslogs等。 - diff --git a/deploy/single.md b/deploy/single.md deleted file mode 100644 index 09543b96b..000000000 --- a/deploy/single.md +++ /dev/null @@ -1,45 +0,0 @@ -# 单机部署 - -创建Kubernetes cluster(单机版)最简单的方法是[minikube](https://github.com/kubernetes/minikube): - -首先下载kubectl - -```sh -curl -Lo kubectl https://storage.googleapis.com/kubernetes-release/release/v1.5.2/bin/linux/amd64/kubectl -chmod +x kubectl -``` - -然后启动minikube - -```sh -$ minikube start -Starting local Kubernetes cluster... -Kubectl is now configured to use the cluster. -$ kubectl cluster-info -Kubernetes master is running at https://192.168.64.12:8443 -kubernetes-dashboard is running at https://192.168.64.12:8443/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard - -To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'. -``` - -## 开发版 - -minikube/localkube只提供了正式release版本,而如果想要部署master或者开发版的话,则可以用`hack/local-up-cluster.sh`来启动一个本地集群: - -```sh -cd $GOPATH/src/k8s.io/kubernetes - -export KUBERNETES_PROVIDER=local -hack/install-etcd.sh -export PATH=$GOPATH/src/k8s.io/kubernetes/third_party/etcd:$PATH -hack/local-up-cluster.sh -``` - -打开另外一个终端,配置kubectl: - -```sh -cd $GOPATH/src/k8s.io/kubernetes -export KUBECONFIG=/var/run/kubernetes/admin.kubeconfig -cluster/kubectl.sh -``` - diff --git a/dev/contribute.md b/develop/contribute.md similarity index 100% rename from dev/contribute.md rename to develop/contribute.md diff --git a/dev/index.md b/develop/developing-environment.md similarity index 100% rename from dev/index.md rename to develop/developing-environment.md diff --git a/develop/index.md b/develop/index.md new file mode 100644 index 000000000..c752bc061 --- /dev/null +++ b/develop/index.md @@ -0,0 +1,2 @@ +# 开发指南 + diff --git a/dev/testing.md b/develop/testing.md similarity index 100% rename from dev/testing.md rename to develop/testing.md diff --git a/guide/index.md b/guide/index.md new file mode 100644 index 000000000..893c9f5f3 --- /dev/null +++ b/guide/index.md @@ -0,0 +1,2 @@ +# 用户指南 + diff --git a/ha/index.md b/ha/index.md deleted file mode 100644 index 5e0977dfd..000000000 --- a/ha/index.md +++ /dev/null @@ -1,75 +0,0 @@ -# Kubernetes HA - -Kubernetes从1.5开始,通过`kops`或者`kube-up.sh`部署的集群会自动部署一个高可用的系统,包括 - -- etcd集群模式 -- apiserver负载均衡 -- controller manager、scheduler和cluster autoscaler自动选主(有且仅有一个运行实例) - -如下图所示 - -![高可用示意图](../images/ha.png) - -## etcd集群 - -从`https://discovery.etcd.io/new?size=3`获取token后,把放到每台机器的`/etc/kubernetes/manifests/etcd.yaml`,并替换掉`${DISCOVERY_TOKEN}`, `${NODE_NAME}`和`${NODE_IP}`,既可以由kubelet来启动一个etcd集群。 - -对于运行在kubelet外部的etcd,可以参考[etcd clustering guide](https://github.com/coreos/etcd/blob/master/Documentation/op-guide/clustering.md)来手动配置集群模式。 - -## apiserver - -把放到每台Master节点的`/etc/kubernetes/manifests/`,并把相关的配置放到`/srv/kubernetes/`,即可由kubelet自动创建并启动apiserver: - -- basic_auth.csv - basic auth user and password -- ca.crt - Certificate Authority cert -- known_tokens.csv - tokens that entities (e.g. the kubelet) can use to talk to the apiserver -- kubecfg.crt - Client certificate, public key -- kubecfg.key - Client certificate, private key -- server.cert - Server certificate, public key -- server.key - Server certificate, private key - -apiserver启动后,还需要为它们做负载均衡,可以使用云平台的弹性负载均衡服务或者使用haproxy/lvs等为master节点配置负载均衡。 - -## controller manager和scheduler - -controller manager和scheduler需要保证任何时刻都只有一个实例运行,需要一个选主的过程,所以在启动时要设置`--leader-elect=true`,比如 - -``` -kube-scheduler --master=127.0.0.1:8080 --v=2 --leader-elect=true -kube-controller-manager --master=127.0.0.1:8080 --cluster-cidr=10.245.0.0/16 --allocate-node-cidrs=true --service-account-private-key-file=/srv/kubernetes/server.key --v=2 --leader-elect=true -``` - -把[kube-scheduler.yaml](https://kubernetes.io/docs/admin/high-availability/kube-scheduler.yaml)和[kube-controller-manager.yaml](https://kubernetes.io/docs/admin/high-availability/kube-controller-manager.yaml)(非GCE平台需要适当修改) 放到每台master节点的`/etc/kubernetes/manifests/`即可。 - -## kube-dns - -kube-dns可以通过Deployment的方式来部署,默认kubeadm会自动创建。但在大规模集群的时候,需要放宽资源限制,比如 - -``` -dns_replicas: 6 -dns_cpu_limit: 100m -dns_memory_limit: 512Mi -dns_cpu_requests 70m -dns_memory_requests: 70Mi -``` - -另外,也需要给dnsmasq增加资源,比如增加缓存大小到10000,增加并发处理数量`--dns-forward-max=1000`等。 - -## kube-proxy - -默认kube-proxy使用iptables来为Service作负载均衡,这在大规模时会产生很大的Latency,可以考虑使用[IPVS](https://docs.google.com/presentation/d/1BaIAywY2qqeHtyGZtlyAp89JIZs59MZLKcFLxKE6LyM/edit#slide=id.p3)的替代方式(注意Kubernetes v1.6还不支持IPVS模式)。 - -## 数据持久化 - -除了上面提到的这些配置,持久化存储也是高可用Kubernetes集群所必须的。 - -- 对于公有云上部署的集群,可以考虑使用云平台提供的持久化存储,比如aws ebs或者gce persistent disk -- 对于物理机部署的集群,可以考虑使用iSCSI、NFS、Gluster或者Ceph等网络存储,也可以使用RAID - -## 参考文档 - -- https://kubernetes.io/docs/admin/high-availability/ -- http://kubecloud.io/setup-ha-k8s-kops/ -- https://github.com/coreos/etcd/blob/master/Documentation/op-guide/clustering.md -- [Kubernetes Master Tier For 1000 Nodes Scale](http://fuel-ccp.readthedocs.io/en/latest/design/k8s_1000_nodes_architecture.html) -- [Scaling Kubernetes to Support 50000 Services](https://docs.google.com/presentation/d/1BaIAywY2qqeHtyGZtlyAp89JIZs59MZLKcFLxKE6LyM/edit#slide=id.p3) diff --git a/images/cadvisor.png b/images/cadvisor.png deleted file mode 100644 index acacc7994..000000000 Binary files a/images/cadvisor.png and /dev/null differ diff --git a/images/cloud-native-landscape.jpg b/images/cloud-native-landscape.jpg deleted file mode 100644 index c768809ad..000000000 Binary files a/images/cloud-native-landscape.jpg and /dev/null differ diff --git a/images/workflow-overview.png b/images/workflow-overview.png deleted file mode 100644 index eee9c1b4e..000000000 Binary files a/images/workflow-overview.png and /dev/null differ diff --git a/introduction/101.md b/introduction/101.md deleted file mode 100644 index 1b0796bf3..000000000 --- a/introduction/101.md +++ /dev/null @@ -1,193 +0,0 @@ -# Kubernetes 101 - -体验Kubernetes最简单的方法是跑一个nginx容器,然后使用kubectl操作该容器。Kubernetes提供了一个类似于`docker run`的命令`kubectl run`,可以方便的创建一个容器(实际上创建的是一个由deployment来管理的Pod): - -```sh -$ kubectl run --image=nginx nginx-app --port=80 -deployment "nginx-app" created -$ kubectl get pods -NAME READY STATUS RESTARTS AGE -nginx-app-4028413181-cnt1i 1/1 Running 0 52s -``` - -等到容器变成Running后,就可以各种`kubectl`命令来操作它了,比如 - -- `kubectl get` - 类似于`docker ps`,查询资源列表 -- `kubectl describe` - 类似于`docker inspect`,获取资源的详细信息 -- `kubectl logs` - 类似于`docker logs`,获取容器的日志 -- `kubectl exec` - 类似于`docker exec`,在容器内执行一个命令 - -```sh -$ kubectl get pods -NAME READY STATUS RESTARTS AGE -nginx-app-4028413181-cnt1i 1/1 Running 0 6m -$ kubectl exec nginx-app-4028413181-cnt1i ps aux -USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND -root 1 0.0 0.5 31736 5108 ? Ss 00:19 0:00 nginx: master process nginx -g daemon off; -nginx 5 0.0 0.2 32124 2844 ? S 00:19 0:00 nginx: worker process -root 18 0.0 0.2 17500 2112 ? Rs 00:25 0:00 ps aux -$ kubectl describe pod nginx-app-4028413181-cnt1i -Name: nginx-app-4028413181-cnt1i -Namespace: default -Node: boot2docker/192.168.64.12 -Start Time: Tue, 06 Sep 2016 08:18:41 +0800 -Labels: pod-template-hash=4028413181 - run=nginx-app -Status: Running -IP: 172.17.0.3 -Controllers: ReplicaSet/nginx-app-4028413181 -Containers: - nginx-app: - Container ID: docker://4ef989b57d0a7638ad9c5bbc22e16d5ea5b459281c77074fc982eba50973107f - Image: nginx - Image ID: docker://sha256:4efb2fcdb1ab05fb03c9435234343c1cc65289eeb016be86193e88d3a5d84f6b - Port: 80/TCP - State: Running - Started: Tue, 06 Sep 2016 08:19:30 +0800 - Ready: True - Restart Count: 0 - Environment Variables: -Conditions: - Type Status - Initialized True - Ready True - PodScheduled True -Volumes: - default-token-9o8ks: - Type: Secret (a volume populated by a Secret) - SecretName: default-token-9o8ks -QoS Tier: BestEffort -Events: - FirstSeen LastSeen Count From SubobjectPath Type Reason Message - --------- -------- ----- ---- ------------- -------- ------ ------- - 8m 8m 1 {default-scheduler } Normal Scheduled Successfully assigned nginx-app-4028413181-cnt1i to boot2docker - 8m 8m 1 {kubelet boot2docker} spec.containers{nginx-app} Normal Pulling pulling image "nginx" - 7m 7m 1 {kubelet boot2docker} spec.containers{nginx-app} Normal Pulled Successfully pulled image "nginx" - 7m 7m 1 {kubelet boot2docker} spec.containers{nginx-app} Normal Created Created container with docker id 4ef989b57d0a - 7m 7m 1 {kubelet boot2docker} spec.containers{nginx-app} Normal Started Started container with docker id 4ef989b57d0a - - -$ kubectl logs nginx-app-4028413181-cnt1i -127.0.0.1 - - [06/Sep/2016:00:27:13 +0000] "GET / HTTP/1.0 " 200 612 "-" "-" "-" -127.0.0.1 - - [06/Sep/2016:00:27:15 +0000] "GET / HTTP/1.0 " 200 612 "-" "-" "-" -``` - -## 使用yaml定义Pod - -上面是通过`kubectl run`来启动了第一个Pod,但是`kubectl run`并不能支持所有的功能。在Kubernetes中,更经常使用yaml文件来定义资源,并通过`kubectl create -f file.yaml`来创建资源。比如,一个简单的nginx Pod可以定义为: - -```yaml -apiVersion: v1 -kind: Pod -metadata: - name: nginx - labels: - app: nginx -spec: - containers: - - name: nginx - image: nginx - ports: - - containerPort: 80 -``` - -前面提到,`kubectl run`并不是直接创建一个Pod,而是先创建一个Deployment资源(replicas=1),再由Deployment来自动创建Pod,这等价于这样一个配置: - -```yaml -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - run: nginx-app - name: nginx-app - namespace: default -spec: - replicas: 1 - selector: - matchLabels: - run: nginx-app - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - run: nginx-app - spec: - containers: - - image: nginx - name: nginx-app - ports: - - containerPort: 80 - protocol: TCP - dnsPolicy: ClusterFirst - restartPolicy: Always -``` - -## 使用Volume - -Pod的生命周期通常比较短,只要出现了异常,就会创建一个新的Pod来代替它。那容器产生的数据呢?容器内的数据会随着Pod消亡而自动消失。Volume就是为了持久化容器数据而生,比如可以为redis容器指定一个hostPath来存储redis数据: - -```yaml -apiVersion: v1 -kind: Pod -metadata: - name: redis -spec: - containers: - - name: redis - image: redis - volumeMounts: - - name: redis-persistent-storage - mountPath: /data/redis - volumes: - - name: redis-persistent-storage - hostPath: - path: /data/ -``` - -Kubernetes volume支持非常多的插件,可以根据实际需要来选择: - -* emptyDir -* hostPath -* gcePersistentDisk -* awsElasticBlockStore -* nfs -* iscsi -* flocker -* glusterfs -* rbd -* cephfs -* gitRepo -* secret -* persistentVolumeClaim -* downwardAPI -* azureFileVolume -* vsphereVolume - -## 使用Service - -前面虽然创建了Pod,但是在kubernetes中,Pod的IP地址会随着Pod的重启而变化,并不建议直接拿Pod的IP来交互。那如何来访问这些Pod提供的服务呢?使用Service。Service为一组Pod(通过labels来选择)提供一个统一的入口,并为它们提供负载均衡和自动服务发现。比如,可以为前面的`nginx-app`创建一个service: - -```yaml -$ kubectl expose deployment nginx-app --type=NodePort --port=80 --target-port=80 -service "nginx-app" exposed -$ kubectl describe service nginx-app -Name: nginx-app -Namespace: default -Labels: run=nginx-app -Selector: run=nginx-app -Type: NodePort -IP: 10.0.0.66 -Port: 80/TCP -NodePort: 30772/TCP -Endpoints: 172.17.0.3:80 -Session Affinity: None -No events. -``` - -这样,在cluster内部就可以通过`http://10.0.0.66`和`http://node-ip:30772`来访问nginx-app。而在cluster外面,只能通过`http://node-ip:30772`来访问。 - - diff --git a/introduction/201.md b/introduction/201.md deleted file mode 100644 index 6b51adf44..000000000 --- a/introduction/201.md +++ /dev/null @@ -1,85 +0,0 @@ -# Kubernetes 201 - -## 扩展应用 - -通过修改Deployment中副本的数量(replicas),可以动态扩展或收缩应用: - -![扩容](../images/scale.png) - -这些自动扩展的容器会自动加入到service中,而收缩回收的容器也会自动从service中删除。 - -```sh -$ kubectl scale --replicas=3 deployment/nginx-app -$ kubectl get deploy -NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE -nginx-app 3 3 3 3 10m -``` - -## 滚动升级 - -滚动升级(Rolling Update)通过逐个容器替代升级的方式来实现无中断的服务升级: - -``` -kubectl rolling-update frontend-v1 frontend-v2 --image=image:v2 -``` -![update1](../images/update1.png) - -![update2](../images/update2.png) - -![update3](../images/update3.png) - -![update4](../images/update4.png) - -在滚动升级的过程中,如果发现了失败或者配置错误,还可以随时会滚回来: - -``` -kubectl rolling-update frontend-v1 frontend-v2 --rollback -``` - -需要注意的是,rolling-update只针对ReplicationController,不能直接用在deployment上。Deployment可以在spec中设置更新策略为RollingUpdate(默认就是RollingUpdate): - -```yaml - spec: - replicas: 3 - selector: - matchLabels: - run: nginx-app - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate -``` - -而更新应用的话,就可以直接用`kubectl set`命令: - -```sh -kubectl set image deployment/nginx-app nginx-app=nginx:1.9.1 -``` - -滚动升级的过程可以用`rollout`命令查看: - -```sh -$ kubectl rollout status deployment/nginx-app -Waiting for rollout to finish: 2 out of 3 new replicas have been updated... -Waiting for rollout to finish: 2 of 3 updated replicas are available... -Waiting for rollout to finish: 2 of 3 updated replicas are available... -Waiting for rollout to finish: 2 of 3 updated replicas are available... -Waiting for rollout to finish: 2 of 3 updated replicas are available... -Waiting for rollout to finish: 2 of 3 updated replicas are available... -deployment "nginx-app" successfully rolled out -``` - -Deployment同样支持回滚: - -```sh -$ kubectl rollout history deployment/nginx-app -deployments "nginx-app" -REVISION CHANGE-CAUSE -1 -2 - -$ kubernetes kubectl rollout undo deployment/nginx-app -deployment "nginx-app" rolled back -``` - diff --git a/introduction/cluster.md b/introduction/cluster.md deleted file mode 100644 index 5d19ac7c9..000000000 --- a/introduction/cluster.md +++ /dev/null @@ -1,29 +0,0 @@ -# Kubernetes cluster - -![集群架构图](../images/architecture.png) - -一个Kubernetes集群由分布式存储etcd、控制节点controller以及服务节点Node组成。 - -- 控制节点主要负责整个集群的管理,比如容器的调度、维护资源的状态、自动扩展以及滚动更新等 -- 服务节点是真正运行容器的主机,负责管理镜像和容器以及cluster内的服务发现和负载均衡 -- etcd集群保存了整个集群的状态 - -## 集群联邦 - -![集群联邦架构图](../images/federation.png) - -## Kubernetes单机版 - -创建Kubernetes cluster(单机版)最简单的方法是[minikube](https://github.com/kubernetes/minikube): - -```sh -$ minikube start -Starting local Kubernetes cluster... -Kubectl is now configured to use the cluster. -$ kubectl cluster-info -Kubernetes master is running at https://192.168.64.12:8443 -kubernetes-dashboard is running at https://192.168.64.12:8443/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard - -To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'. -``` - diff --git a/introduction/concepts.md b/introduction/concepts.md deleted file mode 100644 index a3a1be08d..000000000 --- a/introduction/concepts.md +++ /dev/null @@ -1,39 +0,0 @@ -# Kubernetes核心概念 - -## Pod - -Pod是一组紧密关联的容器集合,它们共享Volume和network namespace,是Kubernetes调度的基本单位。Pod的设计理念是支持多个容器在一个Pod中共享网络和文件系统,可以通过进程间通信和文件共享这种简单高效的方式组合完成服务。 - -![Pod结构示意图](../images/pod.png) - -## Node - -Node是Pod真正运行的主机,可以是物理机,也可以是虚拟机。为了管理Pod,每个Node节点上至少要运行container runtime(比如docker或者rkt)、`kubelet`和`kube-proxy`服务。 - -![Node结构示意图](../images/node.png) - -## Service - -Service是应用服务的抽象,通过`labels`为应用提供负载均衡和服务发现。Service对外暴露一个统一的访问接口,外部服务不需要了解后端运行的容器。 - -![Serivce结构示意图](../images/service-arch.png) - -## Label - -Label是识别Kubernetes对象的标签,以key/value的方式附加到对象上。Label不提供唯一性,并且实际上经常是很多对象(如Pods)都使用相同的label来标识具体的应用。 - -Label定义好后其他对象可以使用Label Selector来选择一组相同label的对象(比如ReplicaSet和Service用label来选择一组Pod)。Label Selector支持以下几种方式: - -- 等式,如`app=nginx`和`env!=production` -- 集合,如`env in (production, qa)` -- 多个label(它们之间是AND关系),如`app=nginx,env=test` - -## Annotations - -Annotations是key/value形式附加于对象的注解。不同于Labels用于标识和选择对象,Annotations则是用来记录一些附加信息,以便于外部工具进行查找。 - -## Namespace - -Namespace是对一组资源和对象的抽象集合,比如可以用来将系统内部的对象划分为不同的项目组或用户组。常见的pods, services, replication controllers和deployments等都是属于某一个namespace的(默认是default),而node, persistentVolumes等则不属于任何namespace。 - - diff --git a/introduction/index.md b/introduction/index.md deleted file mode 100644 index f7a228620..000000000 --- a/introduction/index.md +++ /dev/null @@ -1,19 +0,0 @@ -# Kubernetes简介 - -Kubernetes是谷歌开源的容器集群管理系统,是Google多年大规模容器管理技术Borg的开源版本,主要功能包括: - -- 基于容器的应用部署、维护和滚动升级 -- 负载均衡和服务发现 -- 跨机器和跨地区的集群调度 -- 自动伸缩 -- 无状态服务和有状态服务 -- 广泛的Volume支持 -- 插件机制保证扩展性 - -Kubernetes发展非常迅速,已经成为容器编排领域的领导者。 - -![Kubernetes发展速度](../images/kubernetes-velocity.jpg) - -## Kubernetes架构 - -![Kubernetes架构](../images/architecture.png) diff --git a/introduction/media/14731192945281.jpg b/introduction/media/14731192945281.jpg deleted file mode 100644 index 27655d015..000000000 Binary files a/introduction/media/14731192945281.jpg and /dev/null differ diff --git a/introduction/media/14731196066424.png b/introduction/media/14731196066424.png deleted file mode 100644 index b9595dcd8..000000000 Binary files a/introduction/media/14731196066424.png and /dev/null differ diff --git a/introduction/media/14731218435097.jpg b/introduction/media/14731218435097.jpg deleted file mode 100644 index c3aafa320..000000000 Binary files a/introduction/media/14731218435097.jpg and /dev/null differ diff --git a/introduction/media/14731218545399.jpg b/introduction/media/14731218545399.jpg deleted file mode 100644 index a8fcb3cac..000000000 Binary files a/introduction/media/14731218545399.jpg and /dev/null differ diff --git a/introduction/media/14731219480252.jpg b/introduction/media/14731219480252.jpg deleted file mode 100644 index 3d78ca8b8..000000000 Binary files a/introduction/media/14731219480252.jpg and /dev/null differ diff --git a/introduction/media/14731220608865.jpg b/introduction/media/14731220608865.jpg deleted file mode 100644 index ba9411b0e..000000000 Binary files a/introduction/media/14731220608865.jpg and /dev/null differ diff --git a/monitor/index.md b/monitor/index.md deleted file mode 100644 index 393111645..000000000 --- a/monitor/index.md +++ /dev/null @@ -1,61 +0,0 @@ -# Kubernetes监控 - -## cAdvisor - -[cAdvisor](https://github.com/google/cadvisor)是一个来自Google的容器监控工具,也是kubelet内置的容器资源收集工具。它会自动收集本机容器CPU、内存、网络和文件系统的资源占用情况,并对外提供cAdvisor原生的API(默认端口为`--cadvisor-port=4194`)。 - -![cAdvisor监控示意图](../images/cadvisor.png) - -## InfluxDB和Grafana - -[InfluxDB](https://www.influxdata.com/time-series-platform/influxdb/)是一个开源分布式时序、事件和指标数据库;而[Grafana](http://grafana.org/)则是InfluxDB的dashboard,提供了强大的图表展示功能。 - -![Grafana界面图](../images/grafana-ui.jpg) - -## Heapster - -前面提到的cAdvisor只提供了单机的容器资源占用情况,而[Heapster](https://github.com/kubernetes/heapster)则提供了整个集群的资源监控,并支持持久化数据存储到InfluxDB、Google Cloud Monitoring或者[其他的存储后端](https://github.com/kubernetes/heapster)。 - -Heapster从kubelet提供的API采集节点和容器的资源占用: - -![Heapster架构](../images/heapster-arch.png) - -另外,Heapster的`/metrics` API提供了Prometheus格式的数据。 - -### 部署Heapster、InfluxDB和Grafana - -在Kubernetes部署成功后,dashboard、DNS和监控的服务也会默认部署好,比如通过`cluster/kube-up.sh`部署的集群默认会开启以下服务: - -```sh -$ kubectl cluster-info -Kubernetes master is running at https://kubernetes-master -Heapster is running at https://kubernetes-master/api/v1/proxy/namespaces/kube-system/services/heapster -KubeDNS is running at https://kubernetes-master/api/v1/proxy/namespaces/kube-system/services/kube-dns -kubernetes-dashboard is running at https://kubernetes-master/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard -Grafana is running at https://kubernetes-master/api/v1/proxy/namespaces/kube-system/services/monitoring-grafana -InfluxDB is running at https://kubernetes-master/api/v1/proxy/namespaces/kube-system/services/monitoring-influxdb -``` - -如果这些服务没有自动部署的话,可以根据[cluster/addons](https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)来添加需要的服务。 - -## Prometheus - -[Prometheus](https://prometheus.io)是另外一个监控和时间序列数据库,并且还提供了告警的功能。他提供了强大的查询语言和HTTP接口,也支持将数据导出到Grafana中展示。 - -使用Prometheus监控Kubernetes需要配置好数据源,一个简单的示例是[prometheus.yml](../manifests/prometheus/prometheus.yml): - -```bash -kubectl create -f http://feisky.xyz/kubernetes/monitor/prometheus.yml -``` - -![Prometheus界面示意图](../images/prometheus-ui.jpg) - - -## 其他容器监控系统 - -- [Sysdig](http://blog.kubernetes.io/2015/11/monitoring-Kubernetes-with-Sysdig.html) -- CoScale -- Datadog -- Sematext - - diff --git a/network/index.md b/network/index.md deleted file mode 100644 index 9f4c32b3b..000000000 --- a/network/index.md +++ /dev/null @@ -1,5 +0,0 @@ -# 网络配置 - -- [Kubernetes中的网络模式解析](network-modes-in-kubernetes.md) - - diff --git a/ops/index.md b/ops/index.md deleted file mode 100644 index 984ba706b..000000000 --- a/ops/index.md +++ /dev/null @@ -1,6 +0,0 @@ -# 运维管理 - -- [服务滚动升级](service-rolling-update.md) -- [应用日志收集](app-log-collection.md) - - diff --git a/plugins/CRI.md b/plugins/CRI.md deleted file mode 100644 index 466a66bff..000000000 --- a/plugins/CRI.md +++ /dev/null @@ -1,20 +0,0 @@ -# Container Runtime Interface - -Container Runtime Interface (CRI)是Kubelet 1.5/1.6中主要负责的一块项目,它重新定义了Kubelet Container Runtime API,将原来完全面向Pod级别的API拆分成面向Sandbox和Container的API,并分离镜像管理和容器引擎到不同的服务。 - -![容器运行时接口](../images/cri.png) - -CRI最早从从1.4版就开始设计讨论和开发,在v1.5中发布第一个测试版。 - -## 目前的CRI实现 - -目前,有多家厂商都在基于CRI集成自己的容器引擎,其中包括 - -- 1) Docker: 核心代码依然保留在kubelet内部 -- 2) HyperContainer: https://github.com/kubernetes/frakti -- 3) Rkt: https://github.com/kubernetes-incubator/rktlet -- 4) Runc: https://github.com/kubernetes-incubator/cri-o -- 5) Mirantis: https://github.com/Mirantis/virtlet -- 6) Cloud foundary: https://github.com/cloudfoundry/garden -- 7) Infranetes: not open sourced yet. - diff --git a/plugins/auth.md b/plugins/auth.md deleted file mode 100644 index 5c734f69b..000000000 --- a/plugins/auth.md +++ /dev/null @@ -1,21 +0,0 @@ -# Kubernetes认证与授权插件 - -## 认证 - -- X509 Client Certs -- Static Token File -- Putting a Bearer Token in a Request -- Static Password File -- Service Account Tokens -- OpenID Connect Tokens -- Webhook Token Authentication -- Authenticating Proxy -- Keystone Password - -## 授权 - -- AlwaysDeny -- AlwaysAllow -- ABAC (Attribute-Based Access Control) -- RBAC (Role-Based Access Control) -- Webhook diff --git a/plugins/index.md b/plugins/index.md deleted file mode 100644 index d15029f84..000000000 --- a/plugins/index.md +++ /dev/null @@ -1,3 +0,0 @@ -# Kubernetes插件 - -Kubernetes在设计之初就充分考虑了可扩展性,很多资源或操作都可以通过插件来自由扩展,比如认证授权、网络、Volume、容器执行引擎、调度等。 diff --git a/plugins/network.md b/plugins/network.md deleted file mode 100644 index a3b164142..000000000 --- a/plugins/network.md +++ /dev/null @@ -1,93 +0,0 @@ -# Kubernetes网络插件 - -Kubernetes有着丰富的网络插件,方便用户自定义所需的网络。 - -## 官方插件 - -* kubenet:这是一个基于CNI bridge的网络插件,也是目前推荐的默认插件 -* CNI:CNI网络插件,需要用户将网络配置放到`/etc/cni/net.d`目录中,并将CNI插件的二进制文件放入`/opt/cni/bin` -* exec:通过第三方的可执行文件来为容器配置网络,将在v1.6中移除,见[PR](https://github.com/kubernetes/kubernetes/pull/39254)_ - -## CNI plugin - -安装CNI: - -```Bash -cat < /etc/yum.repos.d/kubernetes.repo -[kubernetes] -name=Kubernetes -baseurl=http://yum.kubernetes.io/repos/kubernetes-el7-x86_64 -enabled=1 -gpgcheck=1 -repo_gpgcheck=1 -gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg -EOF - -yum install -y kubernetes-cni -``` - -配置CNI brige插件: - -```bash -mkdir -p /etc/cni/net.d -cat >/etc/cni/net.d/10-mynet.conf <<-EOF -{ - "cniVersion": "0.3.0", - "name": "mynet", - "type": "bridge", - "bridge": "cni0", - "isGateway": true, - "ipMasq": true, - "ipam": { - "type": "host-local", - "subnet": "10.244.0.0/16", - "routes": [ - { "dst": "0.0.0.0/0" } - ] - } -} -EOF -cat >/etc/cni/net.d/99-loopback.conf <<-EOF -{ - "cniVersion": "0.3.0", - "type": "loopback" -} -EOF -``` - -## calico - -```sh -# kubectl apply -f http://docs.projectcalico.org/v2.0/getting-started/kubernetes/installation/hosted/kubeadm/calico.yaml -kubectl apply -f https://gist.githubusercontent.com/feiskyer/0f952c7dadbfcefd2ce81ba7ea24a8ca/raw/92addea398bbc4d4a1dcff8a98c1ac334c8acb26/calico.yaml -``` - -## flannel - -```sh -kubectl apply -f https://gist.githubusercontent.com/feiskyer/1e7a95f27c391a35af47881eb20131d7/raw/4266f05355590fa185bc8e50c0f50d2841993d20/flannel.yaml -``` - -## weave - -```sh -kubectl apply -f https://gist.githubusercontent.com/feiskyer/0b00688584cc7ed9bd9a993adddae5e3/raw/67f3558e32d5c76be38e36ef713cc46deb2a74ca/weave.yaml -``` - -## 第三方插件 - -- [Calico](http://docs.projectcalico.org/v2.0/getting-started/kubernetes/installation/hosted/)是一个基于BGP的三层网络插件,并且也支持Network Policy来实现网络的访问控制。它在每台机器上运行一个vRouter,利用Linux内核来转发网络数据包,并借助iptables实现防火墙等功能。 -- [Flannel](https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel.yml)是一个为Kubernetes提供overlay network的网络插件,它基于Linux TUN/TAP,使用UDP封装IP包来创建overlay网络,并借助etcd维护网络的分配情况。 -- [Contiv](http://contiv.github.io)是一个基于openvswitch的多租户网络插件,支持VLAN和VXLAN,并基于openflow实现访问控制和QoS的功能。 -- [Canal](https://github.com/tigera/canal/tree/master/k8s-install/kubeadm)则是Flannel和Calico联合发布的一个统一网络插件,提供CNI网络插件,并且也支持network policy。 -- [Weave Net](https://www.weave.works/docs/net/latest/kube-addon/) provides networking and network policy, will carry on working on both sides of a network partition, and does not require an external database. -- [Romana](http://romana.io/) is a Layer 3 networking solution for pod networks that also supports the NetworkPolicy API. -- [cilium](https://github.com/cilium/cilium): BPF & XDP for containers. -- [ovn-kubernetes](https://github.com/openvswitch/ovn-kubernetes) -- [kuryr-kubernetes](https://github.com/openstack/kuryr-kubernetes) - -## 其他辅助工具 - -- [Weave Scope](https://www.weave.works/documentation/scope-latest-installing/#k8s)是一个监控和可视化Pod/Service的工具。 - diff --git a/plugins/other.md b/plugins/other.md deleted file mode 100644 index 1027ba3e2..000000000 --- a/plugins/other.md +++ /dev/null @@ -1,12 +0,0 @@ -# 其他插件机制 - -1. Apiserver federation -2. Admission-control hooks -3. ThirdPartyResource -4. Kubectl extensions -5. Service Broker, Operators -6. External cloudproviders -7. Cluster addons: UI, monitoring, logging -8. Feature gates, feature discovery, dependency management - - diff --git a/plugins/volume.md b/plugins/volume.md deleted file mode 100644 index 865cce11b..000000000 --- a/plugins/volume.md +++ /dev/null @@ -1,309 +0,0 @@ -# Volume Plugin - -Kubernetes提供丰富的Volume插件,包括 - -- emptyDir -- hostPath -- gcePersistentDisk -- awsElasticBlockStore -- nfs -- iscsi -- flocker -- glusterfs -- rbd -- cephfs -- gitRepo -- secret -- persistentVolumeClaim -- downwardAPI -- azureFileVolume -- vsphereVolume -- flexvolume - -注意,这些volume并非全部都是持久化的,比如emptyDir、secret、gitRepo等,这些volume会随着Pod的消亡而消失。 - -## Volume生命周期 - -Volume的生命周期包括5个阶段 - -1. Provisioning,即PV的创建,可以直接创建PV,也可以使用StorageClass动态创建 -2. Binding,将PV分配给PVC -3. Using,Pod通过PVC使用该Volume -4. Releasing,Pod释放Volume并删除PVC -5. Reclaiming,保留PV以便下次使用,或者直接从云存储中删除 - -## PersistentVolume - -对于持久化的Volume,PersistentVolume (PV)和PersistentVolumeClaim (PVC)提供了更方便的管理卷的方法:PV提供网络存储资源,而PVC请求存储资源。这样,设置持久化的工作流包括配置底层文件系统或者云数据卷、创建持久性数据卷、最后创建claim来将pod跟数据卷关联起来。PV和PVC可以将pod和数据卷解耦,pod不需要知道确切的文件系统或者支持它的持久化引擎。 - -### PV - -PersistentVolume(PV)是集群之中的一块网络存储。跟 Node 一样,也是集群的资源。PV 跟 Volume (卷) 类似,不过会有独立于 Pod 的生命周期。比如一个NFS的PV可以定义为 - -```yaml -apiVersion: v1 -kind: PersistentVolume -metadata: - name: pv0003 -spec: - capacity: - storage: 5Gi - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Recycle - nfs: - path: /tmp - server: 172.17.0.2 -``` - -PV的访问模式有三种: - -* 第一种,ReadWriteOnce:是最基本的方式,可读可写,但只支持被单个Pod挂载。 -* 第二种,ReadOnlyMany:可以以只读的方式被多个Pod挂载。 -* 第三种,ReadWriteMany:这种存储可以以读写的方式被多个Pod共享。不是每一种存储都支持这三种方式,像共享方式,目前支持的还比较少,比较常用的是NFS。在PVC绑定PV时通常根据两个条件来绑定,一个是存储的大小,另一个就是访问模式。 - -### StorageClass - -上面通过管理员手动操作的方式创建了一个PV (NFS Volume)。从Kubernetes 1.4开始(1.6中beta),[StorageClass](https://kubernetes.io/docs/user-guide/persistent-volumes/#storageclasses)支持动态分配存储卷。 - -GCE - -```yaml -kind: StorageClass -apiVersion: storage.k8s.io/v1beta1 -metadata: - name: slow -provisioner: kubernetes.io/gce-pd -parameters: - type: pd-standard # other options: pd-ssd - zone: us-central1-a -``` - -Ceph RBD - -```yaml - apiVersion: storage.k8s.io/v1beta1 - kind: StorageClass - metadata: - name: fast - provisioner: kubernetes.io/rbd - parameters: - monitors: 10.16.153.105:6789 - adminId: kube - adminSecretName: ceph-secret - adminSecretNamespace: kube-system - pool: kube - userId: kube - userSecretName: ceph-secret-user -``` - -AWS EBS - -```yaml -kind: StorageClass -apiVersion: storage.k8s.io/v1beta1 -metadata: - name: slow -provisioner: kubernetes.io/aws-ebs -parameters: - type: io1 - zone: us-east-1d - iopsPerGB: "10" -``` - -Clusterfs - -```yaml -apiVersion: storage.k8s.io/v1beta1 -kind: StorageClass -metadata: - name: slow -provisioner: kubernetes.io/glusterfs -parameters: - resturl: "http://127.0.0.1:8081" - restauthenabled: "true" - restuser: "admin" - secretNamespace: "default" - secretName: "heketi-secret" -``` - -OpenStack Cinder - -```yaml -kind: StorageClass -apiVersion: storage.k8s.io/v1beta1 -metadata: - name: gold -provisioner: kubernetes.io/cinder -parameters: - type: fast - availability: nova -``` - -vSphere - -```yaml -kind: StorageClass -apiVersion: storage.k8s.io/v1beta1 -metadata: - name: fast -provisioner: kubernetes.io/vsphere-volume -parameters: - diskformat: zeroedthick -``` - -Quobyte - -```yaml -apiVersion: storage.k8s.io/v1beta1 -kind: StorageClass -metadata: - name: slow -provisioner: kubernetes.io/quobyte -parameters: - quobyteAPIServer: "http://138.68.74.142:7860" - registry: "138.68.74.142:7861" - adminSecretName: "quobyte-admin-secret" - adminSecretNamespace: "kube-system" - user: "root" - group: "root" - quobyteConfig: "BASE" - quobyteTenant: "DEFAULT" -``` - -Azure Disk - -```yaml -kind: StorageClass -apiVersion: storage.k8s.io/v1beta1 -metadata: - name: slow -provisioner: kubernetes.io/azure-disk -parameters: - skuName: Standard_LRS - location: eastus - storageAccount: azure_storage_account_name -``` - -### PVC - -PV是存储资源,而PersistentVolumeClaim (PVC) 是对PV的请求。PVC跟Pod类似:Pod消费Node的源,而PVC消费PV资源;Pod能够请求CPU和内存资源,而PVC请求特定大小和访问模式的数据卷。 - -```yaml -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: myclaim -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 8Gi - selector: - matchLabels: - release: "stable" - matchExpressions: - - {key: environment, operator: In, values: [dev]} -``` - -也可以基于storage class来创建PVC: - -```yaml -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: pvc-sio-small - annotations: - volume.beta.kubernetes.io/storage-class: sio-small -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 10Gi -``` - -PVC可以直接挂载到Pod中: - -```yaml -kind: Pod -apiVersion: v1 -metadata: - name: mypod -spec: - containers: - - name: myfrontend - image: dockerfile/nginx - volumeMounts: - - mountPath: "/var/www/html" - name: mypd - volumes: - - name: mypd - persistentVolumeClaim: - claimName: myclaim -``` - -## emptyDir - -如果Pod配置了emptyDir类型Volume, Pod 被分配到Node上时候,会创建emptyDir,只要Pod运行在Node上,emptyDir都会存在(容器挂掉不会导致emptyDir丢失数据),但是如果Pod从Node上被删除(Pod被删除,或者Pod发生迁移),emptyDir也会被删除,并且永久丢失。 - -```yaml -apiVersion: v1 -kind: Pod -metadata: - name: test-pd -spec: - containers: - - image: gcr.io/google_containers/test-webserver - name: test-container - volumeMounts: - - mountPath: /test-pd - name: test-volume - volumes: - - name: test-volume - hostPath: - # directory location on host - path: /data -``` - -## 其他Volume说明 - -### hostPath - -hostPath允许挂载Node上的文件系统到Pod里面去。如果Pod有需要使用Node上的文件,可以使用hostPath。 - -```yaml -- hostPath: - path: /tmp/data - name: data -``` - -### NFS - -NFS 是Network File System的缩写,即网络文件系统。Kubernetes中通过简单地配置就可以挂载NFS到Pod中,而NFS中的数据是可以永久保存的,同时NFS支持同时写操作。 - -```yaml -volumes: -- name: nfs - nfs: - # FIXME: use the right hostname - server: 10.254.234.223 - path: "/" -``` - -### FlexVolume - -注意要把volume plugin放到`/usr/libexec/kubernetes/kubelet-plugins/volume/exec//`,plugin要实现`init/attach/detach/mount/umount`等命令(可参考lvm的[示例](https://github.com/kubernetes/kubernetes/tree/master/examples/volumes/flexvolume))。 - -```yaml - - name: test - flexVolume: - driver: "kubernetes.io/lvm" - fsType: "ext4" - options: - volumeID: "vol1" - size: "1000m" - volumegroup: "kube_vg" -``` - diff --git a/ops/app-log-collection.md b/practice/app-log-collection.md similarity index 100% rename from ops/app-log-collection.md rename to practice/app-log-collection.md diff --git a/deploy/centos/create-kubeconfig.md b/practice/create-kubeconfig.md similarity index 100% rename from deploy/centos/create-kubeconfig.md rename to practice/create-kubeconfig.md diff --git a/deploy/centos/create-tls-and-secret-key.md b/practice/create-tls-and-secret-key.md similarity index 100% rename from deploy/centos/create-tls-and-secret-key.md rename to practice/create-tls-and-secret-key.md diff --git a/deploy/centos/dashboard-addon-installation.md b/practice/dashboard-addon-installation.md similarity index 100% rename from deploy/centos/dashboard-addon-installation.md rename to practice/dashboard-addon-installation.md diff --git a/service-discovery-lb/distributed-load-test.md b/practice/distributed-load-test.md similarity index 100% rename from service-discovery-lb/distributed-load-test.md rename to practice/distributed-load-test.md diff --git a/service-discovery-lb/edge-node-configuration.md b/practice/edge-node-configuration.md similarity index 100% rename from service-discovery-lb/edge-node-configuration.md rename to practice/edge-node-configuration.md diff --git a/deploy/centos/efk-addon-installation.md b/practice/efk-addon-installation.md similarity index 98% rename from deploy/centos/efk-addon-installation.md rename to practice/efk-addon-installation.md index 6fbb8b594..f58efb243 100644 --- a/deploy/centos/efk-addon-installation.md +++ b/practice/efk-addon-installation.md @@ -152,8 +152,8 @@ server.basePath: /api/v1/proxy/namespaces/kube-system/services/kibana-logging 如果你在这里发现Create按钮是灰色的无法点击,且Time-filed name中没有选项,fluentd要读取`/var/log/containers/`目录下的log日志,这些日志是从`/var/lib/docker/containers/${CONTAINER_ID}/${CONTAINER_ID}-json.log`链接过来的,查看你的docker配置,`—log-dirver`需要设置为**json-file**格式,默认的可能是**journald**,参考[docker logging]([https://docs.docker.com/engine/admin/logging/overview/#examples](https://docs.docker.com/engine/admin/logging/overview/#examples))。 -![es-setting](../../images/es-setting.png) +![es-setting](../images/es-setting.png) 创建Index后,可以在 `Discover` 下看到 ElasticSearch logging 中汇聚的日志; -![es-home](../../images/kubernetes-efk-kibana.jpg) \ No newline at end of file +![es-home](../images/kubernetes-efk-kibana.jpg) \ No newline at end of file diff --git a/deploy/centos/etcd-cluster-installation.md b/practice/etcd-cluster-installation.md similarity index 100% rename from deploy/centos/etcd-cluster-installation.md rename to practice/etcd-cluster-installation.md diff --git a/deploy/centos/heapster-addon-installation.md b/practice/heapster-addon-installation.md similarity index 97% rename from deploy/centos/heapster-addon-installation.md rename to practice/heapster-addon-installation.md index b99836ab8..72e3bba12 100644 --- a/deploy/centos/heapster-addon-installation.md +++ b/practice/heapster-addon-installation.md @@ -145,7 +145,7 @@ monitoring-influxdb-1411048194-lzrpc 1/1 Running 0 2m 检查 kubernets dashboard 界面,看是显示各 Nodes、Pods 的 CPU、内存、负载等利用率曲线图; -![dashboard-heapster](./images/kubernetes-dashboard-with-heapster.jpg) +![dashboard-heapster](../images/kubernetes-dashboard-with-heapster.jpg) ## 访问 grafana @@ -178,7 +178,7 @@ monitoring-influxdb-1411048194-lzrpc 1/1 Running 0 2m 浏览器访问 URL:`http://172.20.0.113:8086/api/v1/proxy/namespaces/kube-system/services/monitoring-grafana` -![grafana](../../images/kubernetes-heapster-grafana.jpg) +![grafana](../images/kubernetes-heapster-grafana.jpg) ## 访问 influxdb admin UI @@ -193,5 +193,5 @@ monitoring-influxdb 10.254.22.46 8086:32299/TCP,8083:30269/T 在页面的 “Connection Settings” 的 Host 中输入 node IP, Port 中输入 8086 映射的 nodePort 如上面的 32299,点击 “Save” 即可(我的集群中的地址是172.20.0.113:32299): -![kubernetes-influxdb-heapster](../../images/kubernetes-influxdb-heapster.jpg) +![kubernetes-influxdb-heapster](../images/kubernetes-influxdb-heapster.jpg) diff --git a/practice/index.md b/practice/index.md new file mode 100644 index 000000000..25a788f88 --- /dev/null +++ b/practice/index.md @@ -0,0 +1,3 @@ +# 最佳实践 + +从零开始创建你自己的kubernetes集群。 \ No newline at end of file diff --git a/deploy/centos/install-kbernetes1.6-on-centos.md b/practice/install-kbernetes1.6-on-centos.md similarity index 100% rename from deploy/centos/install-kbernetes1.6-on-centos.md rename to practice/install-kbernetes1.6-on-centos.md diff --git a/deploy/centos/kubectl-installation.md b/practice/kubectl-installation.md similarity index 100% rename from deploy/centos/kubectl-installation.md rename to practice/kubectl-installation.md diff --git a/deploy/centos/kubedns-addon-installation.md b/practice/kubedns-addon-installation.md similarity index 100% rename from deploy/centos/kubedns-addon-installation.md rename to practice/kubedns-addon-installation.md diff --git a/deploy/centos/master-installation.md b/practice/master-installation.md similarity index 100% rename from deploy/centos/master-installation.md rename to practice/master-installation.md diff --git a/service-discovery-lb/network-and-cluster-perfermance-test.md b/practice/network-and-cluster-perfermance-test.md similarity index 100% rename from service-discovery-lb/network-and-cluster-perfermance-test.md rename to practice/network-and-cluster-perfermance-test.md diff --git a/network/network-modes-in-kubernetes.md b/practice/network-modes-in-kubernetes.md similarity index 100% rename from network/network-modes-in-kubernetes.md rename to practice/network-modes-in-kubernetes.md diff --git a/deploy/centos/node-installation.md b/practice/node-installation.md similarity index 100% rename from deploy/centos/node-installation.md rename to practice/node-installation.md diff --git a/practice/operation.md b/practice/operation.md new file mode 100644 index 000000000..e345062f5 --- /dev/null +++ b/practice/operation.md @@ -0,0 +1,2 @@ +# 运维管理 + diff --git a/practice/opration.md b/practice/opration.md new file mode 100644 index 000000000..e345062f5 --- /dev/null +++ b/practice/opration.md @@ -0,0 +1,2 @@ +# 运维管理 + diff --git a/security/rbac-support-in-kubernetes.md b/practice/rbac-support-in-kubernetes.md similarity index 100% rename from security/rbac-support-in-kubernetes.md rename to practice/rbac-support-in-kubernetes.md diff --git a/practice/service-discovery-and-loadbalancing.md b/practice/service-discovery-and-loadbalancing.md new file mode 100644 index 000000000..8fe919a72 --- /dev/null +++ b/practice/service-discovery-and-loadbalancing.md @@ -0,0 +1,2 @@ +# 服务发现和负载均衡 + diff --git a/ops/service-rolling-update.md b/practice/service-rolling-update.md similarity index 100% rename from ops/service-rolling-update.md rename to practice/service-rolling-update.md diff --git a/practice/storage.md b/practice/storage.md new file mode 100644 index 000000000..1806c2cd4 --- /dev/null +++ b/practice/storage.md @@ -0,0 +1,2 @@ +# 存储管理 + diff --git a/service-discovery-lb/traefik-ingress-installation.md b/practice/traefik-ingress-installation.md similarity index 100% rename from service-discovery-lb/traefik-ingress-installation.md rename to practice/traefik-ingress-installation.md diff --git a/storage/using-glusterfs-for-persistent-storage.md b/practice/using-glusterfs-for-persistent-storage.md similarity index 100% rename from storage/using-glusterfs-for-persistent-storage.md rename to practice/using-glusterfs-for-persistent-storage.md diff --git a/reference.md b/reference.md deleted file mode 100644 index f5e309fe4..000000000 --- a/reference.md +++ /dev/null @@ -1,8 +0,0 @@ -# 参考文档 - -- [Kubernetes官方网站](https://kubernetes.io/) -- [Kubernetes文档](https://kubernetes.io/docs/home/) -- [CNCF项目贡献统计](https://cncf.biterg.io) -- [Kubernetes github metrics](http://velodrome.k8s.io) -- [Kubernetes submit queue](http://submit-queue.k8s.io/#/e2e) -- [Github public data](https://cloud.google.com/bigquery/public-data/github) diff --git a/security/security-configuration.md b/security/security-configuration.md deleted file mode 100644 index 53c159f05..000000000 --- a/security/security-configuration.md +++ /dev/null @@ -1,3 +0,0 @@ -# 安全设置 - -- [Kubernetes中的RBAC支持](rbac-support-in-kubernetes.md) \ No newline at end of file diff --git a/service-discovery-lb/index.md b/service-discovery-lb/index.md deleted file mode 100644 index b0fc05a89..000000000 --- a/service-discovery-lb/index.md +++ /dev/null @@ -1,6 +0,0 @@ -# 服务发现与负载均衡 - -- [安装Traefik ingress](traefik-ingress-installation.md) -- [分布式负载测试](distributed-load-test.md) -- [网络和集群性能测试](network-and-cluster-perfermance-test.md) -- [边缘节点配置](edge-node-configuration.md) \ No newline at end of file diff --git a/storage/index.md b/storage/index.md deleted file mode 100644 index 7f0cd0de4..000000000 --- a/storage/index.md +++ /dev/null @@ -1,4 +0,0 @@ -# 存储配置 - -- [使用glusterfs做持久化存储](using-glusterfs-for-persistent-storage.md) - diff --git a/usecases/index.md b/usecases/index.md new file mode 100644 index 000000000..f231a975b --- /dev/null +++ b/usecases/index.md @@ -0,0 +1,2 @@ +# 领域应用 +