容器化学习

知易行难，看起来感觉已经很懂了，但是做到细节还是很挫

首先来看容器化相关技术，目前主流的技术包含docker , k8s, rancher, harbor等

k8s-harbor使用

配置域名
+
配置好hosts之后，我们还要配置信任证书，这里有两种方法，一种是直接通过/etc/docker/daemon.json的insecure-registries:

{"insecure-registries": ["www.ops.aol.com","www.ops.aol.domain"]}
https://www.cnblogs.com/linyouyi/p/11067414.html
https://www.shikanon.com/2019/%E8%BF%90%E7%BB%B4/%E6%90%AD%E5%BB%BA%E7%A7%81%E6%9C%89%E9%95%9C%E5%83%8F%E4%BB%93%E5%BA%93harbor-%E9%85%8D%E7%BD%AEhttps/

docker tag 1c35c4412082 www.ops.aol.com/xxx/arc:1334
docker push www.ops.aol.com/xxx/arc:1334

kubectl create secret docker-registry secret-name --namespace=default --docker-server=http://www.ops.aol.com --docker-username=admin --docker-password=xxxx  --docker-email=xxx@xxx.xxx

deploy写法
www.ops.aol.com/aaa/aaa:2.5.0a

https://www.jianshu.com/p/5d41d3895360

harbor相关

wget https://github.com/goharbor/harbor/releases/download/v2.0.0/harbor-offline-installer-v2.0.0.tgz

cp harbor.yml.tmpl harbor.yml

echo "47.111.162.xxx  www.harbor.me" >> /etc/hosts

/hostfs/data/cert/www.harbor.me.crt

mkdir -p /hostfs/data/cert

openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=www.harbor.me" -key ca.key -out ca.crt
openssl genrsa -out www.harbor.me.key 4096
openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=www.harbor.me" -key www.harbor.me.key -out www.harbor.me.csr

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=www.harbor.me
DNS.2=harbor
DNS.3=ks-allinone
EOF

openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in www.harbor.me.csr -out www.harbor.me.crt
    
openssl x509 -inform PEM -in www.harbor.me.crt -out www.harbor.me.cert

cp www.harbor.me.crt /etc/pki/ca-trust/source/anchors/www.harbor.me.crt 

mkdir -p /etc/docker/certs.d/www.harbor.me/
cp www.harbor.me.cert /etc/docker/certs.d/www.harbor.me/
cp www.harbor.me.key /etc/docker/certs.d/www.harbor.me/
cp ca.crt /etc/docker/certs.d/www.harbor.me/


# 停止
docker-compose down -v

# 重新生成配置文件
./prepare --with-notary --with-clair --with-chartmuseum

# 启动
docker-compose up -d

docker login https://www.harbor.me

FYI:https://www.cnblogs.com/sanduzxcvbnm/p/11956347.html

相关命令

wget https://download.docker.com/linux/static/stable/x86_64/docker-19.03.10.tgz

tar -xvf 

sudo cp docker/* /usr/bin/

sudo dockerd &

// 删除所有的已停止容器

docker stop $(docker ps -a -q)
docker rmi -f $(docker ps -a -q)

wget http://storage.googleapis.com/kubernetes-release/release/v1.18.3/bin/linux/amd64/kubectl
chmod +x kubectl 
sudo mv kubectl /usr/local/bin/kubectl
sudo ln -s /usr/local/bin/kubectl /usr/bin/kubectl

sudo curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
删除
https://www.cnblogs.com/jackadam/p/8567846.html

grok debug
https://www.cnblogs.com/zhzhang/p/6756934.html

docker run -d --restart=always --log-driver json-file --log-opt max-size=100m --log-opt max-file=2 --name kafka -p 9092:9092 -e KAFKA_BROKER_ID=0 -e KAFKA_ZOOKEEPER_CONNECT=x.x.x.x:2181/kafka -e KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://x.x.x.x:9092 -e KAFKA_LISTENERS=PLAINTEXT://0.0.0.0:9092 -v /etc/localtime:/etc/localtime wurstmeister/kafka

- type: log

enabled: true
paths:
- /xxxx/call-succ.log
tail_files: true
fields:
logtype: succ

filter {
if ( [fields][logtype] == "succ" ) {
grok {
match => { "message" => "(?<date>d{4}-d{2}-d{2}sd{2}:d{2}:d{2},d{3}).+(?<ip>((25[0-5].|2[0-4]d.|1d{2}.|[1-9]?d.){3}(25[0-5]|2[0-4]d|1d{2}|[1-9]?d)))+#/rest/(?<apiname>.*(?=/[a-z]+))/[a-z]+/(?<key>w+(?=#))#(?<detail>.*)"}
}
}