上文Windows docker k8s asp.net core 的k8swebap鏡像只是一個asp.net core程序,在實際生產中我們希望容器中還有一些其他程序,比如ssh 和telegraf。
利用Dockerfile文件
只是網上比較推薦的一種方式,Dockerfile包含創建鏡像所需要的全部指令,基於在Dockerfile中的指令,我們可以使用Docker build
命令來創建鏡像,通過減少鏡像和容器的創建過程來簡化部署。這裏我們以 asp.net core 添加ssh服務爲例:
1.編譯併發布項目(這裏用發佈後的文件):
2.首先創建一個sshd_config 文件如下:
Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
3.創建Dockerfile文件如下:
FROM microsoft/dotnet:2.1-aspnetcore-runtime
WORKDIR /app
COPY . .
EXPOSE 22 80
RUN apt-get update -y && apt-get upgrade -y && apt-get install -y \
openssh-server \
&& rm -rf /var/lib/apt/lists/*
RUN echo 'root:Harbor12345' | chpasswd
RUN mkdir /var/run/sshd
COPY sshd_config /etc/ssh/sshd_config
ENTRYPOINT ["/bin/bash", "-c", "/usr/sbin/sshd && dotnet k8sWebApi.dll"]
4.製作鏡像biang驗證
docker build -t k8swebapi . #自作鏡像
docker run --rm -p8081:80 -p2222:22 k8swebapi #啓動docker 實例
docker exec 649c hostname -I #查看容器ip
ssh [email protected] #在宿主計算機上進入容器
在宿主進入容器如下:
在普通的計算機上進入容器如:
手動修改容器鏡像
這裏 我們以asp.net core 添加 telegraf 爲例。首先我們需要一個含有asp.net core的容器。這裏我們修改 上面的Dockerfile文件 如下:
FROM microsoft/dotnet:2.1-aspnetcore-runtime
WORKDIR /app
EXPOSE 22
RUN apt-get update -y && apt-get upgrade -y && apt-get install -y \
openssh-server \
&& rm -rf /var/lib/apt/lists/*
RUN echo 'root:Harbor12345' | chpasswd
RUN mkdir /var/run/sshd
COPY sshd_config /etc/ssh/sshd_config
CMD ["/usr/sbin/sshd", "-D"]
然後製作鏡像 並啓動實例
docker build -t aspnetcore2.1 . #製作鏡像
docker run -d -p2222:22 --name aspcor2.1 aspnetcore2.1 #啓動容器
進入容器後安裝telagraf
apt-get update
apt-get install apt-transport-https
apt-get install curl
apt-get install sudo
apt-get install gnupg2 && apt-get install gnupg1
cat <<EOF | sudo tee /etc/apt/sources.list.d/influxdata.list
deb https://repos.influxdata.com/ubuntu bionic stable
EOF
sudo curl -sL https://repos.influxdata.com/influxdb.key | sudo apt-key add -
sudo apt-get update
sudo apt-get -y install telegraf
修改配置如圖:
然後啓動服務 製作新的鏡像
sudo service telegraf start
sudo systemctl enable --now telegraf
docker commit aspcor2.1 192.168.100.3:80/repo-test/aspcore2.1
這裏我們可以在influxdb裏面驗證telegraf的數據, 然後關閉relegraf 服務 ,安裝service和lsof
再次 提交鏡像 docker commit aspcor2.1 192.168.100.3:80/repo-test/aspcore2.1 (實際先前那一次不需要提交)
最後修改程序的Dockerfile如下:(備註一下 ,如果寫成 ENTRYPOINT ["/bin/bash", "-c", "/usr/sbin/sshd && /usr/bin/telegraf && dotnet k8sWebApi.dll"] 或有問題的)
FROM 192.168.100.3:80/repo-test/aspcore2.1
WORKDIR /app
COPY . .
EXPOSE 80 22
CMD ["/usr/bin/telegraf", "-D"]
ENTRYPOINT ["/bin/bash", "-c", "/usr/sbin/sshd && dotnet k8sWebApi.dll"]
docker build -t k8swebapi .
docker run --rm -p8081:80 -p2222:22 k8swebapi
簡單總結一下, 其實網上大家肌膚都推薦用Dockerfile來製作鏡像,但是我個人比較推薦手動自作鏡像,先看2個圖吧
Dockerfile製作鏡像(比較耗時,需要聯網下載相關的軟件,並且要求相對較高,驗證的方式只能啓動容器來驗證):
手動安裝(在引入docker開發,我相信一定會有私有倉庫,所以這裏的鏡像製作非常快,只需要從本地下載鏡像就可以,不需要下載其他軟件,製作初始鏡像比較麻煩, 但是相對簡單, 驗證也很方便):
參考
參考
ubuntu docker inflxudb(安裝 使用 備份 還原 以及python編碼) telegraf Grafana