TL;DR: āĻāĻāĻāĻŋ āĻāĻāĻžāĻ°āĻāĻŋāĻ āĻ¨āĻŋāĻŦāĻ¨ā§āĻ§ - āĻĒāĻžāĻ¤ā§āĻ°ā§ āĻ ā§āĻ¯āĻžāĻĒā§āĻ˛āĻŋāĻā§āĻļāĻ¨ āĻāĻžāĻ˛āĻžāĻ¨ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻĒāĻ°āĻŋāĻŦā§āĻļā§āĻ° āĻ¤ā§āĻ˛āĻ¨āĻž āĻāĻ°āĻžāĻ° āĻāĻ¨ā§āĻ¯ āĻāĻāĻāĻŋ āĻ¨āĻŋāĻ°ā§āĻĻā§āĻļāĻŋāĻāĻžāĨ¤ āĻĄāĻāĻžāĻ° āĻāĻŦāĻ āĻ āĻ¨ā§āĻ¯āĻžāĻ¨ā§āĻ¯ āĻ āĻ¨ā§āĻ°ā§āĻĒ āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽā§āĻ° āĻ¸āĻŽā§āĻāĻžāĻŦāĻ¨āĻž āĻŦāĻŋāĻŦā§āĻāĻ¨āĻž āĻāĻ°āĻž āĻšāĻŦā§āĨ¤
āĻāĻāĻŋ āĻā§āĻĨāĻž āĻĨā§āĻā§ āĻāĻ¸ā§āĻā§ āĻ¤āĻžāĻ° āĻāĻāĻāĻŋ āĻā§āĻ āĻāĻ¤āĻŋāĻšāĻžāĻ¸
ĐŅŅĐžŅиŅ
āĻāĻāĻāĻŋ āĻ ā§āĻ¯āĻžāĻĒā§āĻ˛āĻŋāĻā§āĻļāĻ¨ āĻŦāĻŋāĻā§āĻāĻŋāĻ¨ā§āĻ¨ āĻāĻ°āĻžāĻ° āĻĒā§āĻ°āĻĨāĻŽ āĻ¸ā§āĻĒāĻ°āĻŋāĻāĻŋāĻ¤ āĻāĻĒāĻžāĻ¯āĻŧ āĻšāĻ˛ chrootāĨ¤ āĻāĻāĻ āĻ¨āĻžāĻŽā§āĻ° āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽ āĻāĻ˛ āĻ°ā§āĻ āĻĄāĻŋāĻ°ā§āĻā§āĻāĻ°āĻŋāĻ¤ā§ āĻāĻāĻāĻŋ āĻĒāĻ°āĻŋāĻŦāĻ°ā§āĻ¤āĻ¨ āĻĒā§āĻ°āĻĻāĻžāĻ¨ āĻāĻ°ā§ - āĻāĻāĻāĻžāĻŦā§ āĻāĻāĻŋāĻā§ āĻ¯ā§ āĻĒā§āĻ°ā§āĻā§āĻ°āĻžāĻŽāĻāĻŋ āĻŦāĻ˛āĻž āĻšāĻ¯āĻŧ āĻ¸ā§āĻāĻžāĻ¨ā§ āĻ ā§āĻ¯āĻžāĻā§āĻ¸ā§āĻ¸ āĻĒā§āĻ°āĻĻāĻžāĻ¨ āĻāĻ°ā§, āĻļā§āĻ§ā§āĻŽāĻžāĻ¤ā§āĻ° āĻāĻ āĻĄāĻŋāĻ°ā§āĻā§āĻāĻ°āĻŋāĻ° āĻŽāĻ§ā§āĻ¯ā§ āĻĨāĻžāĻāĻž āĻĢāĻžāĻāĻ˛āĻā§āĻ˛āĻŋāĻ¤ā§ āĻ ā§āĻ¯āĻžāĻā§āĻ¸ā§āĻ¸ āĻĒā§āĻ°āĻĻāĻžāĻ¨ āĻāĻ°ā§āĨ¤ āĻāĻŋāĻ¨ā§āĻ¤ā§ āĻ¯āĻĻāĻŋ āĻĒā§āĻ°ā§āĻā§āĻ°āĻžāĻŽāĻāĻŋāĻā§ āĻāĻŋāĻ¤āĻ°ā§ āĻ¸ā§āĻĒāĻžāĻ° āĻāĻāĻāĻžāĻ° āĻ āĻ§āĻŋāĻāĻžāĻ° āĻĻā§āĻāĻ¯āĻŧāĻž āĻšāĻ¯āĻŧ, āĻ¤āĻžāĻšāĻ˛ā§ āĻāĻāĻŋ āĻ¸āĻŽā§āĻāĻžāĻŦā§āĻ¯āĻāĻžāĻŦā§ chroot āĻĨā§āĻā§ "āĻĒāĻžāĻ˛āĻžāĻ¤ā§" āĻāĻŦāĻ āĻĒā§āĻ°āĻ§āĻžāĻ¨ āĻ āĻĒāĻžāĻ°ā§āĻāĻŋāĻ āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽā§ āĻ ā§āĻ¯āĻžāĻā§āĻ¸ā§āĻ¸ āĻĒā§āĻ¤ā§ āĻĒāĻžāĻ°ā§āĨ¤ āĻāĻāĻžāĻĄāĻŧāĻžāĻ, āĻ°ā§āĻ āĻĄāĻŋāĻ°ā§āĻā§āĻāĻ°āĻŋ āĻĒāĻ°āĻŋāĻŦāĻ°ā§āĻ¤āĻ¨ āĻāĻ°āĻžāĻ° āĻĒāĻžāĻļāĻžāĻĒāĻžāĻļāĻŋ, āĻ āĻ¨ā§āĻ¯āĻžāĻ¨ā§āĻ¯ āĻ¸āĻāĻ¸ā§āĻĨāĻžāĻ¨ (RAM, āĻĒā§āĻ°āĻ¸ā§āĻ¸āĻ°), āĻ¸ā§āĻāĻ¸āĻžāĻĨā§ āĻ¨ā§āĻāĻāĻ¯āĻŧāĻžāĻ°ā§āĻā§ āĻ ā§āĻ¯āĻžāĻā§āĻ¸ā§āĻ¸ āĻ¸ā§āĻŽāĻžāĻŦāĻĻā§āĻ§ āĻ¨āĻ¯āĻŧāĨ¤
āĻĒāĻ°āĻŦāĻ°ā§āĻ¤ā§ āĻĒāĻĻā§āĻ§āĻ¤āĻŋāĻāĻŋ āĻšāĻ˛ā§ āĻ āĻĒāĻžāĻ°ā§āĻāĻŋāĻ āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽ āĻāĻžāĻ°ā§āĻ¨ā§āĻ˛ āĻŽā§āĻāĻžāĻ¨āĻŋāĻāĻŽ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°ā§ āĻāĻāĻāĻŋ āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ°ā§āĻ° āĻāĻŋāĻ¤āĻ°ā§ āĻāĻāĻāĻŋ āĻĒā§āĻ°ā§āĻŖāĻžāĻā§āĻ āĻ āĻĒāĻžāĻ°ā§āĻāĻŋāĻ āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽ āĻāĻžāĻ˛āĻžāĻ¨ā§āĨ¤ āĻŦāĻŋāĻāĻŋāĻ¨ā§āĻ¨ āĻ āĻĒāĻžāĻ°ā§āĻāĻŋāĻ āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽā§ āĻāĻ āĻĒāĻĻā§āĻ§āĻ¤āĻŋāĻ° āĻŦāĻŋāĻāĻŋāĻ¨ā§āĻ¨ āĻ¨āĻžāĻŽ āĻ°āĻ¯āĻŧā§āĻā§, āĻāĻŋāĻ¨ā§āĻ¤ā§ āĻāĻ° āĻŽā§āĻ˛ āĻŦāĻŋāĻˇāĻ¯āĻŧ āĻāĻāĻ: āĻāĻāĻžāĻ§āĻŋāĻ āĻ¸ā§āĻŦāĻžāĻ§ā§āĻ¨ āĻ āĻĒāĻžāĻ°ā§āĻāĻŋāĻ āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽ āĻāĻžāĻ˛āĻžāĻ¨ā§, āĻ¯ā§āĻāĻžāĻ¨ā§ āĻĒā§āĻ°āĻ¤āĻŋāĻāĻŋ āĻŽā§āĻ˛ āĻ āĻĒāĻžāĻ°ā§āĻāĻŋāĻ āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽ āĻšāĻŋāĻ¸ā§āĻŦā§ āĻāĻāĻ āĻāĻžāĻ°ā§āĻ¨ā§āĻ˛ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°ā§āĨ¤ āĻāĻ° āĻŽāĻ§ā§āĻ¯ā§ āĻ°āĻ¯āĻŧā§āĻā§ FreeBSD Jails, Solaris Zones, OpenVZ, āĻāĻŦāĻ LXCāĨ¤ LinuxāĻļā§āĻ§ā§āĻŽāĻžāĻ¤ā§āĻ° āĻĄāĻŋāĻ¸ā§āĻ āĻ¸ā§āĻĒā§āĻ¸ āĻĻā§āĻŦāĻžāĻ°āĻžāĻ āĻ¨āĻ¯āĻŧ, āĻŦāĻ°āĻ āĻ āĻ¨ā§āĻ¯āĻžāĻ¨ā§āĻ¯ āĻ°āĻŋāĻ¸ā§āĻ°ā§āĻ¸ā§āĻ° āĻŽāĻžāĻ§ā§āĻ¯āĻŽā§āĻ āĻāĻāĻ¸ā§āĻ˛ā§āĻļāĻ¨ āĻŦāĻž āĻŦāĻŋāĻā§āĻāĻŋāĻ¨ā§āĻ¨āĻ¤āĻž āĻ¨āĻŋāĻļā§āĻāĻŋāĻ¤ āĻāĻ°āĻž āĻšāĻ¯āĻŧ; āĻŦāĻŋāĻļā§āĻˇ āĻāĻ°ā§, āĻĒā§āĻ°āĻ¤āĻŋāĻāĻŋ āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ°ā§āĻ° āĻ¸āĻŋāĻĒāĻŋāĻāĻ āĻāĻžāĻāĻŽ, āĻ°âā§āĻ¯āĻžāĻŽ āĻāĻŦāĻ āĻ¨ā§āĻāĻāĻ¯āĻŧāĻžāĻ°ā§āĻ āĻŦā§āĻ¯āĻžāĻ¨ā§āĻĄāĻāĻāĻĨā§āĻ° āĻāĻĒāĻ° āĻ¸ā§āĻŽāĻžāĻŦāĻĻā§āĻ§āĻ¤āĻž āĻĨāĻžāĻāĻ¤ā§ āĻĒāĻžāĻ°ā§āĨ¤ chroot-āĻāĻ° āĻ¤ā§āĻ˛āĻ¨āĻžāĻ¯āĻŧ āĻāĻāĻāĻŋ āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ° āĻĨā§āĻā§ āĻŦā§āĻ° āĻšāĻāĻ¯āĻŧāĻž āĻāĻ°āĻ āĻāĻ āĻŋāĻ¨, āĻāĻžāĻ°āĻŖ āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ°ā§āĻ° āĻ¸ā§āĻĒāĻžāĻ°āĻāĻāĻāĻžāĻ° āĻļā§āĻ§ā§āĻŽāĻžāĻ¤ā§āĻ° āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ°ā§āĻ° āĻ āĻā§āĻ¯āĻ¨ā§āĻ¤āĻ°ā§āĻŖ āĻŦāĻŋāĻˇāĻ¯āĻŧāĻā§āĻ˛ā§āĻ¤ā§āĻ āĻĒā§āĻ°āĻŦā§āĻļāĻžāĻ§āĻŋāĻāĻžāĻ° āĻĒāĻžāĻ¯āĻŧāĨ¤ āĻ¤āĻŦā§, āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ°ā§āĻ° āĻā§āĻ¤āĻ°ā§āĻ° āĻ āĻĒāĻžāĻ°ā§āĻāĻŋāĻ āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽāĻā§ āĻāĻĒ-āĻā§-āĻĄā§āĻ āĻ°āĻžāĻāĻžāĻ° āĻĒā§āĻ°āĻ¯āĻŧā§āĻāĻ¨ā§āĻ¯āĻŧāĻ¤āĻž āĻāĻŦāĻ āĻĒā§āĻ°ā§āĻ¨ā§ āĻāĻžāĻ°ā§āĻ¨ā§āĻ˛ āĻ¸āĻāĻ¸ā§āĻāĻ°āĻŖ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ°ā§āĻ° āĻāĻžāĻ°āĻŖā§ (āĻ¯āĻž āĻĒā§āĻ°āĻžāĻ¸āĻā§āĻāĻŋāĻ) Linux(āĻāĻŋāĻā§āĻāĻž āĻāĻŽ āĻŽāĻžāĻ¤ā§āĻ°āĻžāĻ¯āĻŧ FreeBSD-āĻāĻ° āĻā§āĻˇā§āĻ¤ā§āĻ°ā§) āĻāĻžāĻ°ā§āĻ¨ā§āĻ˛ āĻāĻāĻ¸ā§āĻ˛ā§āĻļāĻ¨ āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽ āĻā§āĻĻ āĻāĻ°ā§ āĻŽā§āĻ˛ āĻ āĻĒāĻžāĻ°ā§āĻāĻŋāĻ āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽā§ āĻĒā§āĻ°āĻŦā§āĻļāĻžāĻ§āĻŋāĻāĻžāĻ° āĻĒāĻžāĻāĻ¯āĻŧāĻžāĻ° āĻāĻāĻāĻŋ āĻ¸āĻŽā§āĻāĻžāĻŦāĻ¨āĻž āĻļā§āĻ¨ā§āĻ¯ āĻ¨āĻ¯āĻŧāĨ¤
āĻāĻāĻāĻŋ āĻĒāĻžāĻ¤ā§āĻ°ā§ āĻāĻāĻāĻŋ āĻĒā§āĻ°ā§āĻŖāĻžāĻā§āĻ āĻ āĻĒāĻžāĻ°ā§āĻāĻŋāĻ āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽ āĻāĻžāĻ˛ā§ āĻāĻ°āĻžāĻ° āĻĒāĻ°āĻŋāĻŦāĻ°ā§āĻ¤ā§ (āĻāĻāĻāĻŋ āĻĒā§āĻ°āĻžāĻ°āĻŽā§āĻāĻŋāĻ āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽ, āĻāĻāĻāĻŋ āĻĒā§āĻ¯āĻžāĻā§āĻ āĻŽā§āĻ¯āĻžāĻ¨ā§āĻāĻžāĻ° āĻāĻ¤ā§āĻ¯āĻžāĻĻāĻŋ āĻ¸āĻš), āĻ ā§āĻ¯āĻžāĻĒā§āĻ˛āĻŋāĻā§āĻļāĻ¨āĻā§āĻ˛āĻŋ āĻ āĻŦāĻŋāĻ˛āĻŽā§āĻŦā§ āĻāĻžāĻ˛ā§ āĻāĻ°āĻž āĻ¯ā§āĻ¤ā§ āĻĒāĻžāĻ°ā§, āĻĒā§āĻ°āĻ§āĻžāĻ¨ āĻāĻŋāĻ¨āĻŋāĻ¸āĻāĻŋ āĻāĻ āĻ¸ā§āĻ¯ā§āĻā§āĻ° āĻ¸āĻžāĻĨā§ āĻ ā§āĻ¯āĻžāĻĒā§āĻ˛āĻŋāĻā§āĻļāĻ¨āĻā§āĻ˛āĻŋ āĻĒā§āĻ°āĻĻāĻžāĻ¨ āĻāĻ°āĻž (āĻĒā§āĻ°āĻ¯āĻŧā§āĻāĻ¨ā§āĻ¯āĻŧ āĻ˛āĻžāĻāĻŦā§āĻ°ā§āĻ°āĻŋāĻ° āĻāĻĒāĻ¸ā§āĻĨāĻŋāĻ¤āĻŋ āĻāĻŦāĻ āĻ āĻ¨ā§āĻ¯āĻžāĻ¨ā§āĻ¯ āĻĢāĻžāĻāĻ˛). āĻāĻ āĻ§āĻžāĻ°āĻŖāĻžāĻāĻŋ āĻāĻ¨āĻā§āĻāĻ¨āĻžāĻ°āĻžāĻāĻāĻĄ āĻ ā§āĻ¯āĻžāĻĒā§āĻ˛āĻŋāĻā§āĻļāĻ¨ āĻāĻžāĻ°ā§āĻā§āĻ¯āĻŧāĻžāĻ˛āĻžāĻāĻā§āĻļāĻ¨ā§āĻ° āĻāĻŋāĻ¤ā§āĻ¤āĻŋ āĻšāĻŋāĻ¸āĻžāĻŦā§ āĻāĻžāĻ āĻāĻ°ā§āĻāĻŋāĻ˛, āĻ¯āĻžāĻ° āĻ¸āĻŦāĻā§āĻ¯āĻŧā§ āĻŦāĻŋāĻļāĻŋāĻˇā§āĻ āĻāĻŦāĻ āĻ¸ā§āĻĒāĻ°āĻŋāĻāĻŋāĻ¤ āĻĒā§āĻ°āĻ¤āĻŋāĻ¨āĻŋāĻ§āĻŋ āĻšāĻ˛ā§āĻ¨ āĻĄāĻāĻžāĻ°āĨ¤ āĻĒā§āĻ°ā§āĻŦāĻŦāĻ°ā§āĻ¤ā§ āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽā§āĻ° āĻ¤ā§āĻ˛āĻ¨āĻžāĻ¯āĻŧ, āĻāĻ°āĻ āĻ¨āĻŽāĻ¨ā§āĻ¯āĻŧ āĻŦāĻŋāĻā§āĻāĻŋāĻ¨ā§āĻ¨āĻ¤āĻž āĻĒā§āĻ°āĻā§āĻ°āĻŋāĻ¯āĻŧāĻž, āĻāĻāĻ¤ā§āĻ°ā§ āĻāĻ¨āĻā§āĻāĻ¨āĻžāĻ°āĻā§āĻ˛āĻŋāĻ° āĻŽāĻ§ā§āĻ¯ā§ āĻāĻžāĻ°ā§āĻā§āĻ¯āĻŧāĻžāĻ˛ āĻ¨ā§āĻāĻāĻ¯āĻŧāĻžāĻ°ā§āĻāĻā§āĻ˛āĻŋāĻ° āĻāĻ¨ā§āĻ¯ āĻ āĻ¨ā§āĻ¤āĻ°ā§āĻ¨āĻŋāĻ°ā§āĻŽāĻŋāĻ¤ āĻ¸āĻŽāĻ°ā§āĻĨāĻ¨ āĻāĻŦāĻ āĻāĻāĻāĻŋ āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ°ā§āĻ° āĻāĻŋāĻ¤āĻ°ā§ āĻ ā§āĻ¯āĻžāĻĒā§āĻ˛āĻŋāĻā§āĻļāĻ¨ āĻ¸ā§āĻā§āĻāĻĢā§āĻ˛āĻ¨ā§āĻ¸ā§āĻ° āĻĢāĻ˛ā§, āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ°āĻā§āĻ˛āĻŋ āĻāĻžāĻ˛āĻžāĻ¨ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻĒā§āĻ°āĻā§āĻ° āĻ¸āĻāĻā§āĻ¯āĻ āĻā§āĻ¤ āĻ¸āĻžāĻ°ā§āĻāĻžāĻ° āĻĨā§āĻā§ āĻāĻāĻāĻŋ āĻāĻāĻ āĻ¸āĻžāĻŽāĻā§āĻ°āĻŋāĻ āĻĒāĻ°āĻŋāĻŦā§āĻļ āĻ¤ā§āĻ°āĻŋ āĻāĻ°āĻžāĻ° āĻā§āĻˇāĻŽāĻ¤āĻž - āĻāĻžāĻĄāĻŧāĻžāĻ āĻŽā§āĻ¯āĻžāĻ¨ā§āĻ¯āĻŧāĻžāĻ˛ āĻ°āĻŋāĻ¸ā§āĻ°ā§āĻ¸ āĻŽā§āĻ¯āĻžāĻ¨ā§āĻāĻŽā§āĻ¨ā§āĻā§āĻ° āĻĒā§āĻ°āĻ¯āĻŧā§āĻāĻ¨ā§āĻ¯āĻŧāĻ¤āĻžāĨ¤
āĻĄāĻāĻļā§āĻ°āĻŽāĻŋāĻ
āĻĄāĻāĻžāĻ° āĻšāĻ˛ā§ āĻ¸āĻŦāĻā§āĻ¯āĻŧā§ āĻ¸ā§āĻĒāĻ°āĻŋāĻāĻŋāĻ¤ āĻ ā§āĻ¯āĻžāĻĒā§āĻ˛āĻŋāĻā§āĻļāĻ¨ āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ°āĻžāĻāĻā§āĻļāĻ¨ āĻ¸āĻĢāĻāĻāĻ¯āĻŧā§āĻ¯āĻžāĻ°āĨ¤ āĻāĻāĻŋ āĻā§ (Go) āĻāĻžāĻˇāĻžāĻ¯āĻŧ āĻ˛ā§āĻāĻž āĻāĻŦāĻ āĻ¨ā§āĻāĻŋāĻ āĻāĻžāĻ°ā§āĻ¨ā§āĻ˛ā§āĻ° āĻ¸āĻā§āĻˇāĻŽāĻ¤āĻž āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°ā§āĨ¤ Linux āĻĄāĻŋāĻ¸ā§āĻā§āĻ° āĻāĻžāĻ¯āĻŧāĻāĻž āĻŦāĻžāĻāĻāĻžāĻ¤ā§ āĻ¸āĻŋāĻā§āĻ°ā§āĻĒāĻ¸ (cgroups), āĻ¨ā§āĻŽāĻ¸ā§āĻĒā§āĻ¸ā§āĻ¸ (namespaces), āĻā§āĻ¯āĻžāĻĒāĻžāĻŦāĻŋāĻ˛āĻŋāĻāĻŋāĻ¸ (capabilities) āĻāĻ¤ā§āĻ¯āĻžāĻĻāĻŋ, āĻ¸ā§āĻāĻ¸āĻžāĻĨā§ āĻāĻāĻĢāĻ¸ (Aufs) āĻĢāĻžāĻāĻ˛ āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽ āĻāĻŦāĻ āĻ āĻ¨ā§āĻ¯āĻžāĻ¨ā§āĻ¯ āĻ āĻ¨ā§āĻ°ā§āĻĒ āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°āĻž āĻšāĻ¯āĻŧāĨ¤
āĻ¸ā§āĻ¤ā§āĻ°: āĻāĻāĻāĻŋāĻŽāĻŋāĻĄāĻŋāĻ¯āĻŧāĻž
āĻ¸ā§āĻĨāĻžāĻĒāĻ¤ā§āĻ¯
āĻ¸āĻāĻ¸ā§āĻāĻ°āĻŖ ā§§.ā§§ā§§-āĻāĻ° āĻāĻā§, āĻĄāĻāĻžāĻ° āĻāĻāĻāĻŋ āĻāĻāĻ āĻĒāĻ°āĻŋāĻˇā§āĻŦāĻž āĻšāĻŋāĻ¸āĻžāĻŦā§ āĻāĻžāĻ āĻāĻ°āĻ¤ āĻ¯āĻž āĻ¸āĻŽāĻ¸ā§āĻ¤ āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ° āĻ āĻĒāĻžāĻ°ā§āĻļāĻ¨ āĻĒāĻ°āĻŋāĻāĻžāĻ˛āĻ¨āĻž āĻāĻ°āĻ¤: āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ° āĻāĻŽā§āĻ āĻĄāĻžāĻāĻ¨āĻ˛ā§āĻĄ āĻāĻ°āĻž, āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ° āĻāĻžāĻ˛ā§ āĻāĻ°āĻž āĻāĻŦāĻ āĻāĻĒāĻŋāĻāĻ āĻ āĻ¨ā§āĻ°ā§āĻ§āĻā§āĻ˛āĻŋ āĻĒāĻ°āĻŋāĻāĻžāĻ˛āĻ¨āĻž āĻāĻ°āĻžāĨ¤ āĻ¸āĻāĻ¸ā§āĻāĻ°āĻŖ ā§§.ā§§ā§§ āĻĨā§āĻā§, āĻĄāĻāĻžāĻ°āĻā§ āĻāĻ¯āĻŧā§āĻāĻāĻŋ āĻĒāĻ°āĻ¸ā§āĻĒāĻ° āĻ¸āĻŽā§āĻĒāĻ°ā§āĻāĻ¯ā§āĻā§āĻ¤ āĻ āĻāĻļā§ āĻŦāĻŋāĻāĻā§āĻ¤ āĻāĻ°āĻž āĻšāĻ¯āĻŧā§āĻā§: āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ°āĻĄāĻŋ (containerd), āĻ¯āĻž āĻ¸āĻŽā§āĻĒā§āĻ°ā§āĻŖ āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ° āĻā§āĻŦāĻ¨āĻāĻā§āĻ° āĻĒāĻ°āĻŋāĻāĻžāĻ˛āĻ¨āĻž āĻāĻ°ā§ (āĻĄāĻŋāĻ¸ā§āĻ āĻŦāĻ°āĻžāĻĻā§āĻĻ, āĻāĻŽā§āĻ āĻĄāĻžāĻāĻ¨āĻ˛ā§āĻĄ, āĻ¨ā§āĻāĻāĻ¯āĻŧāĻžāĻ°ā§āĻāĻŋāĻ, āĻāĻžāĻ˛ā§ āĻāĻ°āĻž, āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°āĻž āĻāĻŦāĻ āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ°ā§āĻ° āĻ āĻŦāĻ¸ā§āĻĨāĻž āĻĒāĻ°ā§āĻ¯āĻŦā§āĻā§āĻˇāĻŖ), āĻāĻŦāĻ āĻ°āĻžāĻ¨āĻ¸āĻŋ (runC), āĻ¯āĻž āĻ¸āĻŋāĻā§āĻ°ā§āĻĒāĻ¸ (cgroups) āĻāĻŦāĻ āĻ āĻ¨ā§āĻ¯āĻžāĻ¨ā§āĻ¯ āĻāĻžāĻ°ā§āĻ¨ā§āĻ˛ āĻŦā§āĻļāĻŋāĻˇā§āĻā§āĻ¯ā§āĻ° āĻāĻĒāĻ° āĻāĻŋāĻ¤ā§āĻ¤āĻŋ āĻāĻ°ā§ āĻ¤ā§āĻ°āĻŋ āĻāĻāĻāĻŋ āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ° āĻ°āĻžāĻ¨āĻāĻžāĻāĻŽ āĻĒāĻ°āĻŋāĻŦā§āĻļāĨ¤ LinuxāĻĄāĻāĻžāĻ° āĻ¸āĻžāĻ°ā§āĻāĻŋāĻ¸āĻāĻŋ āĻāĻāĻ¨āĻ āĻ°āĻ¯āĻŧā§āĻā§, āĻāĻŋāĻ¨ā§āĻ¤ā§ āĻāĻāĻ¨ āĻāĻāĻŋ āĻļā§āĻ§ā§āĻŽāĻžāĻ¤ā§āĻ° āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ°āĻĄāĻŋ-āĻ¤ā§ āĻĒāĻžāĻ āĻžāĻ¨ā§ āĻāĻĒāĻŋāĻāĻ āĻ āĻ¨ā§āĻ°ā§āĻ§āĻā§āĻ˛ā§ āĻĒā§āĻ°āĻ¸ā§āĻ¸ āĻāĻ°āĻžāĻ° āĻāĻžāĻ āĻāĻ°ā§āĨ¤
āĻāĻ¨āĻ¸ā§āĻāĻ˛ā§āĻļāĻ¨ āĻ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨
āĻĄāĻāĻžāĻ° āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°āĻžāĻ° āĻāĻŽāĻžāĻ° āĻĒā§āĻ°āĻŋāĻ¯āĻŧ āĻāĻĒāĻžāĻ¯āĻŧ āĻš'āĻ˛ āĻĄāĻāĻžāĻ°-āĻŽā§āĻļāĻŋāĻ¨, āĻ¯āĻž āĻĻā§āĻ°āĻŦāĻ°ā§āĻ¤ā§ āĻ¸āĻžāĻ°ā§āĻāĻžāĻ°ā§ (āĻŦāĻŋāĻāĻŋāĻ¨ā§āĻ¨ āĻā§āĻ˛āĻžāĻāĻĄ āĻ¸āĻš) āĻ¸āĻ°āĻžāĻ¸āĻ°āĻŋ āĻĄāĻāĻžāĻ° āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻŦāĻ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ° āĻāĻ°āĻžāĻ° āĻĒāĻžāĻļāĻžāĻĒāĻžāĻļāĻŋ āĻāĻĒāĻ¨āĻžāĻā§ āĻ°āĻŋāĻŽā§āĻ āĻ¸āĻžāĻ°ā§āĻāĻžāĻ°ā§āĻ° āĻĢāĻžāĻāĻ˛ āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽāĻā§āĻ˛āĻŋāĻ° āĻ¸āĻžāĻĨā§ āĻāĻžāĻ āĻāĻ°āĻ¤ā§ āĻĻā§āĻ¯āĻŧ āĻāĻŦāĻ āĻŦāĻŋāĻāĻŋāĻ¨ā§āĻ¨ āĻāĻŽāĻžāĻ¨ā§āĻĄāĻ āĻāĻžāĻ˛āĻžāĻ¤ā§ āĻĒāĻžāĻ°ā§āĨ¤
āĻ¤āĻŦā§, ā§¨ā§Ļā§§ā§Ž āĻ¸āĻžāĻ˛ āĻĨā§āĻā§ āĻĒā§āĻ°āĻāĻ˛ā§āĻĒāĻāĻŋāĻ° āĻ¤ā§āĻŽāĻ¨ āĻā§āĻ¨ā§ āĻāĻ¨ā§āĻ¨āĻ¯āĻŧāĻ¨ āĻšāĻ¯āĻŧāĻ¨āĻŋ, āĻ¤āĻžāĻ āĻāĻŽāĻ°āĻž āĻŦā§āĻļāĻŋāĻ°āĻāĻžāĻ āĻĄāĻŋāĻ¸ā§āĻā§āĻ°āĻŋāĻŦāĻŋāĻāĻļāĻ¨ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻĒā§āĻ°āĻāĻ˛āĻŋāĻ¤ āĻĒāĻĻā§āĻ§āĻ¤āĻŋāĻ¤ā§āĻ āĻāĻāĻŋ āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°āĻŦāĨ¤ Linux āĻĒāĻĻā§āĻ§āĻ¤āĻŋ - āĻāĻāĻāĻŋ āĻ°āĻŋāĻĒā§āĻāĻŋāĻāĻ°āĻŋ āĻ¯ā§āĻ āĻāĻ°ā§ āĻāĻŦāĻ āĻĒā§āĻ°āĻ¯āĻŧā§āĻāĻ¨ā§āĻ¯āĻŧ āĻĒā§āĻ¯āĻžāĻā§āĻāĻā§āĻ˛ā§ āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°āĻžāĻ° āĻŽāĻžāĻ§ā§āĻ¯āĻŽā§āĨ¤
āĻāĻ āĻĒāĻĻā§āĻ§āĻ¤āĻŋāĻāĻŋ āĻ¸ā§āĻŦāĻ¯āĻŧāĻāĻā§āĻ°āĻŋāĻ¯āĻŧ āĻāĻ¨āĻ¸ā§āĻāĻ˛ā§āĻļāĻ¨ā§āĻ° āĻāĻ¨ā§āĻ¯āĻ āĻŦā§āĻ¯āĻŦāĻšā§āĻ¤ āĻšāĻ¯āĻŧ, āĻāĻĻāĻžāĻšāĻ°āĻŖāĻ¸ā§āĻŦāĻ°ā§āĻĒ, Ansible āĻŦāĻž āĻ āĻ¨ā§āĻ¯āĻžāĻ¨ā§āĻ¯ āĻ āĻ¨ā§āĻ°ā§āĻĒ āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°ā§, āĻāĻŋāĻ¨ā§āĻ¤ā§ āĻāĻŽāĻŋ āĻāĻ āĻ¨āĻŋāĻŦāĻ¨ā§āĻ§ā§ āĻāĻāĻŋ āĻŦāĻŋāĻŦā§āĻāĻ¨āĻž āĻāĻ°āĻŦ āĻ¨āĻžāĨ¤
āĻ¸ā§āĻĨāĻžāĻĒāĻ¨āĻāĻŋ āĻ¸āĻŽā§āĻĒāĻ¨ā§āĻ¨ āĻāĻ°āĻž āĻšāĻŦā§ Centos ā§, āĻāĻŽāĻŋ āĻ¸āĻžāĻ°ā§āĻāĻžāĻ° āĻšāĻŋāĻ¸ā§āĻŦā§ āĻāĻāĻāĻŋ āĻāĻžāĻ°ā§āĻā§āĻ¯āĻŧāĻžāĻ˛ āĻŽā§āĻļāĻŋāĻ¨ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°āĻŦ, āĻāĻ¨āĻ¸ā§āĻāĻ˛ā§āĻļāĻ¨ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻ¨āĻŋāĻā§āĻ° āĻāĻŽāĻžāĻ¨ā§āĻĄāĻā§āĻ˛ā§ āĻāĻžāĻ˛āĻžāĻ˛ā§āĻ āĻ¯āĻĨā§āĻˇā§āĻ:
# yum install -y yum-utils
# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# yum install docker-ce docker-ce-cli containerd.ioāĻāĻ¨āĻ¸ā§āĻāĻ˛ā§āĻļāĻ¨ā§āĻ° āĻĒāĻ°ā§, āĻāĻĒāĻ¨āĻžāĻā§ āĻĒāĻ°āĻŋāĻˇā§āĻŦāĻžāĻāĻŋ āĻļā§āĻ°ā§ āĻāĻ°āĻ¤ā§ āĻšāĻŦā§, āĻāĻāĻŋ āĻ āĻā§āĻ˛ā§āĻĄā§ āĻ°āĻžāĻā§āĻ¨:
# systemctl enable docker
# systemctl start docker
# firewall-cmd --zone=public --add-port=2377/tcp --permanentāĻ āĻ¤āĻŋāĻ°āĻŋāĻā§āĻ¤āĻāĻžāĻŦā§, āĻāĻĒāĻ¨āĻŋ āĻāĻāĻāĻŋ āĻĄāĻāĻžāĻ° āĻā§āĻ°ā§āĻĒ āĻ¤ā§āĻ°āĻŋ āĻāĻ°āĻ¤ā§ āĻĒāĻžāĻ°ā§āĻ¨, āĻ¯āĻžāĻ° āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ°āĻāĻžāĻ°ā§āĻ°āĻž āĻ¸ā§āĻĄā§ āĻāĻžāĻĄāĻŧāĻžāĻ āĻĄāĻāĻžāĻ°ā§āĻ° āĻ¸āĻžāĻĨā§ āĻāĻžāĻ āĻāĻ°āĻ¤ā§, āĻ˛āĻāĻŋāĻ āĻ¸ā§āĻ āĻāĻĒ āĻāĻ°āĻ¤ā§, āĻŦāĻžāĻāĻ°ā§ āĻĨā§āĻā§ API-āĻ¤ā§ āĻ ā§āĻ¯āĻžāĻā§āĻ¸ā§āĻ¸ āĻ¸āĻā§āĻˇāĻŽ āĻāĻ°āĻ¤ā§ āĻ¸āĻā§āĻˇāĻŽ āĻšāĻŦā§āĻ¨, āĻĢāĻžāĻ¯āĻŧāĻžāĻ°āĻāĻ¯āĻŧāĻžāĻ˛āĻāĻŋ āĻ¸ā§āĻā§āĻˇā§āĻŽ-āĻāĻŋāĻāĻ¨ āĻāĻ°āĻ¤ā§ āĻā§āĻ˛āĻŦā§āĻ¨ āĻ¨āĻž (āĻ¸āĻŦāĻāĻŋāĻā§ āĻ¯āĻž āĻ āĻ¨ā§āĻŽā§āĻĻāĻŋāĻ¤ āĻ¨āĻ¯āĻŧ āĻāĻĒāĻ°ā§āĻ° āĻāĻŦāĻ āĻ¨ā§āĻā§āĻ° āĻāĻĻāĻžāĻšāĻ°āĻŖāĻā§āĻ˛āĻŋāĻ¤ā§ āĻ¨āĻŋāĻˇāĻŋāĻĻā§āĻ§ - āĻāĻŽāĻŋ āĻ¸āĻ°āĻ˛āĻ¤āĻž āĻāĻŦāĻ āĻāĻŋāĻā§āĻ¯ā§āĻ¯āĻŧāĻžāĻ˛āĻžāĻāĻā§āĻļāĻ¨ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻāĻāĻŋ āĻŦāĻžāĻĻ āĻĻāĻŋāĻ¯āĻŧā§āĻāĻŋ), āĻ¤āĻŦā§ āĻāĻŽāĻŋ āĻāĻāĻžāĻ¨ā§ āĻāĻ°āĻ āĻŦāĻŋāĻļāĻĻā§ āĻ¯āĻžāĻŦ āĻ¨āĻžāĨ¤
āĻ āĻ¨ā§āĻ¯āĻžāĻ¨ā§āĻ¯ āĻŦā§āĻļāĻŋāĻˇā§āĻā§āĻ¯
āĻāĻĒāĻ°ā§āĻā§āĻ¤ āĻĄāĻāĻžāĻ° āĻŽā§āĻļāĻŋāĻ¨ āĻāĻžāĻĄāĻŧāĻžāĻ, āĻāĻāĻāĻŋ āĻĄāĻāĻžāĻ° āĻ°ā§āĻāĻŋāĻ¸ā§āĻā§āĻ°āĻŋāĻ āĻ°āĻ¯āĻŧā§āĻā§, āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ°āĻā§āĻ˛āĻŋāĻ° āĻāĻ¨ā§āĻ¯ āĻāĻŋāĻ¤ā§āĻ°āĻā§āĻ˛āĻŋ āĻ¸āĻāĻ°āĻā§āĻˇāĻŖ āĻāĻ°āĻžāĻ° āĻāĻ¨ā§āĻ¯ āĻāĻāĻāĻŋ āĻ¸āĻ°āĻā§āĻāĻžāĻŽ, āĻ¸ā§āĻāĻ¸āĻžāĻĨā§ āĻĄāĻāĻžāĻ° āĻāĻŽā§āĻĒā§āĻ - āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ°āĻā§āĻ˛āĻŋāĻ¤ā§ āĻ ā§āĻ¯āĻžāĻĒā§āĻ˛āĻŋāĻā§āĻļāĻ¨āĻā§āĻ˛āĻŋāĻā§ āĻ¸ā§āĻŦāĻ¯āĻŧāĻāĻā§āĻ°āĻŋāĻ¯āĻŧāĻāĻžāĻŦā§ āĻ¸ā§āĻĨāĻžāĻĒāĻ¨ āĻāĻ°āĻžāĻ° āĻāĻ¨ā§āĻ¯ āĻāĻāĻāĻŋ āĻ¸āĻ°āĻā§āĻāĻžāĻŽ, YAML āĻĢāĻžāĻāĻ˛āĻā§āĻ˛āĻŋ āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ°āĻā§āĻ˛āĻŋ āĻ¤ā§āĻ°āĻŋ āĻāĻŦāĻ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ° āĻāĻ°āĻ¤ā§ āĻŦā§āĻ¯āĻŦāĻšā§āĻ¤ āĻšāĻ¯āĻŧ āĻāĻŦāĻ āĻ āĻ¨ā§āĻ¯āĻžāĻ¨ā§āĻ¯ āĻ¸āĻŽā§āĻĒāĻ°ā§āĻāĻŋāĻ¤ āĻāĻŋāĻ¨āĻŋāĻ¸ (āĻāĻĻāĻžāĻšāĻ°āĻŖāĻ¸ā§āĻŦāĻ°ā§āĻĒ, āĻ¨ā§āĻāĻāĻ¯āĻŧāĻžāĻ°ā§āĻ, āĻĄā§āĻāĻž āĻ¸āĻāĻ°āĻā§āĻˇāĻŖā§āĻ° āĻāĻ¨ā§āĻ¯ āĻ¸ā§āĻĨāĻžāĻ¯āĻŧā§ āĻĢāĻžāĻāĻ˛ āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽ)āĨ¤
āĻāĻāĻŋ CICD-āĻāĻ° āĻāĻ¨ā§āĻ¯ āĻĒāĻžāĻāĻĒāĻ˛āĻžāĻāĻ¨ āĻ¸āĻāĻāĻ āĻŋāĻ¤ āĻāĻ°āĻ¤ā§āĻ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°āĻž āĻ¯ā§āĻ¤ā§ āĻĒāĻžāĻ°ā§āĨ¤ āĻāĻ°ā§āĻāĻāĻŋ āĻāĻāĻ°ā§āĻˇāĻŖā§āĻ¯āĻŧ āĻŦā§āĻļāĻŋāĻˇā§āĻā§āĻ¯ āĻā§āĻ˛āĻžāĻ¸ā§āĻāĻžāĻ° āĻŽā§āĻĄā§ āĻāĻžāĻ āĻāĻ°āĻā§, āĻ¤āĻĨāĻžāĻāĻĨāĻŋāĻ¤ āĻ¸ā§āĻ¯āĻŧāĻžāĻ°ā§āĻŽ āĻŽā§āĻĄ (āĻ¸āĻāĻ¸ā§āĻāĻ°āĻŖ 1.12 āĻāĻ° āĻāĻā§ āĻāĻāĻŋ āĻĄāĻāĻžāĻ° āĻ¸ā§āĻ¯āĻŧāĻžāĻ°ā§āĻŽ āĻ¨āĻžāĻŽā§ āĻĒāĻ°āĻŋāĻāĻŋāĻ¤ āĻāĻŋāĻ˛), āĻ¯āĻž āĻāĻĒāĻ¨āĻžāĻā§ āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ° āĻāĻžāĻ˛āĻžāĻ¨ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻŦāĻŋāĻāĻŋāĻ¨ā§āĻ¨ āĻ¸āĻžāĻ°ā§āĻāĻžāĻ° āĻĨā§āĻā§ āĻāĻāĻāĻŋ āĻāĻāĻ āĻ āĻŦāĻāĻžāĻ āĻžāĻŽā§ āĻāĻāĻ¤ā§āĻ°āĻŋāĻ¤ āĻāĻ°āĻ¤ā§ āĻĻā§āĻ¯āĻŧāĨ¤ āĻ¸āĻŽāĻ¸ā§āĻ¤ āĻ¸āĻžāĻ°ā§āĻāĻžāĻ°ā§āĻ° āĻāĻĒāĻ°ā§ āĻāĻāĻāĻŋ āĻāĻžāĻ°ā§āĻā§āĻ¯āĻŧāĻžāĻ˛ āĻ¨ā§āĻāĻāĻ¯āĻŧāĻžāĻ°ā§āĻā§āĻ° āĻāĻ¨ā§āĻ¯ āĻ¸āĻŽāĻ°ā§āĻĨāĻ¨ āĻ°āĻ¯āĻŧā§āĻā§, āĻāĻāĻāĻŋ āĻ āĻ¨ā§āĻ¤āĻ°ā§āĻ¨āĻŋāĻ°ā§āĻŽāĻŋāĻ¤ āĻ˛ā§āĻĄ āĻŦā§āĻ¯āĻžāĻ˛ā§āĻ¨ā§āĻ¸āĻžāĻ° āĻ°āĻ¯āĻŧā§āĻā§, āĻĒāĻžāĻļāĻžāĻĒāĻžāĻļāĻŋ āĻĒāĻžāĻ¤ā§āĻ°ā§ āĻā§āĻĒāĻ¨ā§āĻ¯āĻŧāĻ¤āĻžāĻ° āĻāĻ¨ā§āĻ¯ āĻ¸āĻŽāĻ°ā§āĻĨāĻ¨ āĻ°āĻ¯āĻŧā§āĻā§āĨ¤
āĻĄāĻāĻžāĻ° āĻāĻŽā§āĻĒā§āĻā§āĻ° YAML āĻĢāĻžāĻāĻ˛āĻā§āĻ˛āĻŋ āĻā§āĻ āĻāĻŦāĻ āĻŽāĻžāĻāĻžāĻ°āĻŋ āĻā§āĻ˛āĻžāĻ¸ā§āĻāĻžāĻ°āĻā§āĻ˛āĻŋāĻ° āĻ°āĻā§āĻˇāĻŖāĻžāĻŦā§āĻā§āĻˇāĻŖ āĻ¸āĻŽā§āĻĒā§āĻ°ā§āĻŖāĻ°ā§āĻĒā§ āĻ¸ā§āĻŦāĻ¯āĻŧāĻāĻā§āĻ°āĻŋāĻ¯āĻŧāĻāĻžāĻŦā§ āĻŦāĻŋāĻāĻŋāĻ¨ā§āĻ¨ āĻāĻĻā§āĻĻā§āĻļā§āĻ¯ā§ āĻā§āĻāĻāĻžāĻ āĻĒāĻ°āĻŋāĻŦāĻ°ā§āĻ¤āĻ¨ āĻ¸āĻš āĻāĻ āĻ§āĻ°āĻ¨ā§āĻ° āĻā§āĻ˛āĻžāĻ¸ā§āĻāĻžāĻ°āĻā§āĻ˛āĻŋāĻ° āĻāĻ¨ā§āĻ¯ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°āĻž āĻ¯ā§āĻ¤ā§ āĻĒāĻžāĻ°ā§āĨ¤ āĻŦāĻĄāĻŧ āĻā§āĻ˛āĻžāĻ¸ā§āĻāĻžāĻ°āĻā§āĻ˛āĻŋāĻ° āĻāĻ¨ā§āĻ¯, āĻā§āĻŦāĻžāĻ°āĻ¨ā§āĻāĻ¸ āĻĒāĻāĻ¨ā§āĻĻāĻ¨ā§āĻ¯āĻŧ āĻāĻžāĻ°āĻŖ āĻāĻžāĻāĻ āĻŽā§āĻĄ āĻ°āĻā§āĻˇāĻŖāĻžāĻŦā§āĻā§āĻˇāĻŖā§āĻ° āĻāĻ°āĻ āĻā§āĻŦāĻžāĻ°āĻ¨ā§āĻā§āĻ° āĻ¤ā§āĻ˛āĻ¨āĻžāĻ¯āĻŧ āĻŦā§āĻļāĻŋ āĻšāĻ¤ā§ āĻĒāĻžāĻ°ā§āĨ¤ runC āĻāĻžāĻĄāĻŧāĻžāĻ, āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ°āĻā§āĻ˛āĻŋāĻ° āĻāĻ¨ā§āĻ¯ āĻāĻāĻāĻŋ āĻāĻžāĻ°ā§āĻ¯āĻāĻ°ā§ āĻĒāĻ°āĻŋāĻŦā§āĻļ āĻšāĻŋāĻ¸āĻžāĻŦā§, āĻāĻĒāĻ¨āĻŋ āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°āĻ¤ā§ āĻĒāĻžāĻ°ā§āĻ¨, āĻāĻĻāĻžāĻšāĻ°āĻŖāĻ¸ā§āĻŦāĻ°ā§āĻĒ
āĻĄāĻāĻžāĻ°ā§āĻ° āĻ¸āĻžāĻĨā§ āĻāĻžāĻ āĻāĻ°āĻž
āĻāĻ¨āĻ¸ā§āĻāĻ˛ā§āĻļāĻ¨ āĻāĻŦāĻ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨ā§āĻ° āĻĒāĻ°ā§, āĻāĻŽāĻ°āĻž āĻāĻāĻāĻŋ āĻā§āĻ˛āĻžāĻ¸ā§āĻāĻžāĻ° āĻ¤ā§āĻ°āĻŋ āĻāĻ°āĻžāĻ° āĻā§āĻˇā§āĻāĻž āĻāĻ°āĻŦ āĻ¯ā§āĻāĻžāĻ¨ā§ āĻāĻŽāĻ°āĻž āĻāĻ¨ā§āĻ¨āĻ¯āĻŧāĻ¨ āĻĻāĻ˛ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻāĻŋāĻāĻ˛ā§āĻ¯āĻžāĻŦ āĻāĻŦāĻ āĻĄāĻāĻžāĻ° āĻ°ā§āĻāĻŋāĻ¸ā§āĻā§āĻ°āĻŋ āĻ¸ā§āĻĨāĻžāĻĒāĻ¨ āĻāĻ°āĻŦāĨ¤ āĻ¸āĻžāĻ°ā§āĻāĻžāĻ° āĻšāĻŋāĻ¸āĻžāĻŦā§, āĻāĻŽāĻŋ āĻ¤āĻŋāĻ¨āĻāĻŋ āĻāĻžāĻ°ā§āĻā§āĻ¯āĻŧāĻžāĻ˛ āĻŽā§āĻļāĻŋāĻ¨ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°āĻŦ, āĻ¯āĻžāĻ° āĻāĻĒāĻ° āĻāĻŽāĻŋ āĻ āĻ¤āĻŋāĻ°āĻŋāĻā§āĻ¤ GlusterFS āĻŦāĻŋāĻ¤āĻ°āĻŖ āĻāĻ°āĻž FS āĻ¸ā§āĻĨāĻžāĻĒāĻ¨ āĻāĻ°āĻŦ, āĻāĻŽāĻŋ āĻāĻāĻŋāĻā§ āĻĄāĻāĻžāĻ° āĻāĻ˛āĻŋāĻāĻŽ āĻ¸ā§āĻā§āĻ°ā§āĻ āĻšāĻŋāĻ¸āĻžāĻŦā§ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°āĻŦ, āĻāĻĻāĻžāĻšāĻ°āĻŖāĻ¸ā§āĻŦāĻ°ā§āĻĒ, āĻĄāĻāĻžāĻ° āĻ°ā§āĻāĻŋāĻ¸ā§āĻā§āĻ°āĻŋāĻ° āĻāĻāĻāĻŋ āĻŦā§āĻ¯āĻ°ā§āĻĨ-āĻ¨āĻŋāĻ°āĻžāĻĒāĻĻ āĻ¸āĻāĻ¸ā§āĻāĻ°āĻŖ āĻāĻžāĻ˛āĻžāĻ¨ā§āĻ° āĻāĻ¨ā§āĻ¯āĨ¤ āĻāĻžāĻ˛āĻžāĻ¨ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻŽā§āĻ˛ āĻāĻĒāĻžāĻĻāĻžāĻ¨: āĻĄāĻāĻžāĻ° āĻ°ā§āĻāĻŋāĻ¸ā§āĻā§āĻ°āĻŋ, āĻĒā§āĻ¸ā§āĻāĻā§āĻ°ā§āĻ¸āĻāĻŋāĻāĻāĻ˛, āĻ°ā§āĻĄāĻŋāĻ¸, āĻāĻŋāĻāĻ˛ā§āĻ¯āĻžāĻŦ āĻ¸ā§āĻ¯āĻŧāĻžāĻ°ā§āĻŽā§āĻ° āĻāĻĒāĻ°ā§ āĻāĻŋāĻāĻ˛ā§āĻ¯āĻžāĻŦ āĻ°āĻžāĻ¨āĻžāĻ° āĻ¸āĻŽāĻ°ā§āĻĨāĻ¨ āĻāĻ°ā§āĨ¤ Postgresql āĻā§āĻ˛āĻžāĻ¸ā§āĻāĻžāĻ°āĻŋāĻ āĻ¸āĻš āĻāĻžāĻ˛ā§ āĻāĻ°āĻž āĻšāĻŦā§ , āĻ¤āĻžāĻ āĻāĻĒāĻ¨āĻžāĻā§ Postgresql āĻĄā§āĻāĻž āĻ¸āĻā§āĻāĻ¯āĻŧ āĻāĻ°āĻ¤ā§ GlusterFS āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°āĻ¤ā§ āĻšāĻŦā§ āĻ¨āĻžāĨ¤ āĻŦāĻžāĻāĻŋ āĻā§āĻ°ā§āĻ¤ā§āĻŦāĻĒā§āĻ°ā§āĻŖ āĻ¤āĻĨā§āĻ¯ GlusterFS āĻ āĻ¸āĻāĻ°āĻā§āĻˇāĻŖ āĻāĻ°āĻž āĻšāĻŦā§āĨ¤
āĻ¸āĻŽāĻ¸ā§āĻ¤ āĻ¸āĻžāĻ°ā§āĻāĻžāĻ°ā§ GlusterFS āĻ¸ā§āĻĨāĻžāĻĒāĻ¨ āĻāĻ°āĻ¤ā§ (āĻāĻā§āĻ˛āĻŋāĻā§ node1, node2, node3 āĻŦāĻ˛āĻž āĻšāĻ¯āĻŧ), āĻāĻĒāĻ¨āĻžāĻā§ āĻĒā§āĻ¯āĻžāĻā§āĻ āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°āĻ¤ā§ āĻšāĻŦā§, āĻĢāĻžāĻ¯āĻŧāĻžāĻ°āĻāĻ¯āĻŧāĻžāĻ˛ āĻ¸āĻā§āĻˇāĻŽ āĻāĻ°āĻ¤ā§ āĻšāĻŦā§, āĻĒā§āĻ°āĻ¯āĻŧā§āĻāĻ¨ā§āĻ¯āĻŧ āĻĄāĻŋāĻ°ā§āĻā§āĻāĻ°āĻŋ āĻ¤ā§āĻ°āĻŋ āĻāĻ°āĻ¤ā§ āĻšāĻŦā§:
# yum -y install centos-release-gluster7
# yum -y install glusterfs-server
# systemctl enable glusterd
# systemctl start glusterd
# firewall-cmd --add-service=glusterfs --permanent
# firewall-cmd --reload
# mkdir -p /srv/gluster
# mkdir -p /srv/docker
# echo "$(hostname):/docker /srv/docker glusterfs defaults,_netdev 0 0" >> /etc/fstabāĻāĻ¨āĻ¸ā§āĻāĻ˛ā§āĻļāĻ¨ā§āĻ° āĻĒāĻ°ā§, GlusterFS āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ° āĻāĻ°āĻžāĻ° āĻāĻžāĻ āĻ āĻŦāĻļā§āĻ¯āĻ āĻāĻāĻāĻŋ āĻ¨ā§āĻĄ āĻĨā§āĻā§ āĻāĻžāĻ˛āĻŋāĻ¯āĻŧā§ āĻ¯ā§āĻ¤ā§ āĻšāĻŦā§, āĻāĻĻāĻžāĻšāĻ°āĻŖāĻ¸ā§āĻŦāĻ°ā§āĻĒ node1:
# gluster peer probe node2
# gluster peer probe node3
# gluster volume create docker replica 3 node1:/srv/gluster node2:/srv/gluster node3:/srv/gluster force
# gluster volume start dockerāĻ¤āĻžāĻ°āĻĒāĻ°ā§ āĻāĻĒāĻ¨āĻžāĻā§ āĻĢāĻ˛āĻ¸ā§āĻŦāĻ°ā§āĻĒ āĻāĻ˛āĻŋāĻāĻŽ āĻŽāĻžāĻāĻ¨ā§āĻ āĻāĻ°āĻ¤ā§ āĻšāĻŦā§ (āĻāĻŽāĻžāĻ¨ā§āĻĄāĻāĻŋ āĻ āĻŦāĻļā§āĻ¯āĻ āĻ¸āĻŽāĻ¸ā§āĻ¤ āĻ¸āĻžāĻ°ā§āĻāĻžāĻ°ā§ āĻāĻžāĻ˛āĻžāĻ¨ā§ āĻāĻāĻŋāĻ¤):
# mount /srv/dockerāĻ¸ā§āĻ¯āĻŧāĻžāĻ°ā§āĻŽ āĻŽā§āĻĄ āĻāĻāĻāĻŋ āĻ¸āĻžāĻ°ā§āĻāĻžāĻ°ā§ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ° āĻāĻ°āĻž āĻšāĻ¯āĻŧā§āĻā§, āĻ¯ā§āĻāĻŋ āĻšāĻŦā§ āĻ˛āĻŋāĻĄāĻžāĻ°, āĻŦāĻžāĻāĻŋāĻĻā§āĻ° āĻā§āĻ˛āĻžāĻ¸ā§āĻāĻžāĻ°ā§ āĻ¯ā§āĻ āĻĻāĻŋāĻ¤ā§ āĻšāĻŦā§, āĻ¤āĻžāĻ āĻĒā§āĻ°āĻĨāĻŽ āĻ¸āĻžāĻ°ā§āĻāĻžāĻ°ā§ āĻāĻŽāĻžāĻ¨ā§āĻĄ āĻāĻžāĻ˛āĻžāĻ¨ā§āĻ° āĻĢāĻ˛āĻžāĻĢāĻ˛āĻāĻŋ āĻāĻĒāĻŋ āĻāĻ°ā§ āĻŦāĻžāĻāĻŋāĻā§āĻ˛āĻŋāĻ¤ā§ āĻāĻžāĻ°ā§āĻ¯āĻāĻ° āĻāĻ°āĻ¤ā§ āĻšāĻŦā§āĨ¤
āĻĒā§āĻ°āĻžāĻĨāĻŽāĻŋāĻ āĻā§āĻ˛āĻžāĻ¸ā§āĻāĻžāĻ° āĻ¸ā§āĻāĻāĻĒ, āĻāĻŽāĻŋ node1 āĻ āĻāĻŽāĻžāĻ¨ā§āĻĄ āĻāĻžāĻ˛āĻžāĻ:
# docker swarm init
Swarm initialized: current node (a5jpfrh5uvo7svzz1ajduokyq) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-0c5mf7mvzc7o7vjk0wngno2dy70xs95tovfxbv4tqt9280toku-863hyosdlzvd76trfptd4xnzd xx.xx.xx.xx:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
# docker swarm join-token managerāĻĻā§āĻŦāĻŋāĻ¤ā§āĻ¯āĻŧ āĻāĻŽāĻžāĻ¨ā§āĻĄā§āĻ° āĻĢāĻ˛āĻžāĻĢāĻ˛ āĻ āĻ¨ā§āĻ˛āĻŋāĻĒāĻŋ āĻāĻ°ā§āĻ¨, node2 āĻāĻŦāĻ node3 āĻ āĻāĻžāĻ˛āĻžāĻ¨:
# docker swarm join --token SWMTKN-x-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxx xx.xx.xx.xx:2377
This node joined a swarm as a manager.āĻāĻāĻŋ āĻ¸āĻžāĻ°ā§āĻāĻžāĻ°ā§āĻ° āĻĒā§āĻ°āĻžāĻĨāĻŽāĻŋāĻ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨ āĻ¸āĻŽā§āĻĒā§āĻ°ā§āĻŖ āĻāĻ°ā§, āĻāĻ¸ā§āĻ¨ āĻĒāĻ°āĻŋāĻˇā§āĻŦāĻžāĻā§āĻ˛āĻŋ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ° āĻāĻ°āĻž āĻļā§āĻ°ā§ āĻāĻ°āĻŋ, āĻ āĻ¨ā§āĻ¯āĻĨāĻžāĻ¯āĻŧ āĻ¨āĻŋāĻ°ā§āĻĻāĻŋāĻˇā§āĻ āĻāĻ°āĻž āĻ¨āĻž āĻĨāĻžāĻāĻ˛ā§, āĻ¨ā§āĻĄ 1 āĻĨā§āĻā§ āĻāĻžāĻ°ā§āĻ¯āĻāĻ° āĻāĻ°āĻž āĻāĻŽāĻžāĻ¨ā§āĻĄāĻā§āĻ˛āĻŋ āĻāĻžāĻ˛ā§ āĻāĻ°āĻž āĻšāĻŦā§āĨ¤
āĻĒā§āĻ°āĻĨāĻŽāĻ¤, āĻāĻ¨āĻā§āĻāĻ¨āĻžāĻ°āĻā§āĻ˛āĻŋāĻ° āĻāĻ¨ā§āĻ¯ āĻ¨ā§āĻāĻāĻ¯āĻŧāĻžāĻ°ā§āĻ āĻ¤ā§āĻ°āĻŋ āĻāĻ°āĻž āĻ¯āĻžāĻ:
# docker network create --driver=overlay etcd
# docker network create --driver=overlay pgsql
# docker network create --driver=overlay redis
# docker network create --driver=overlay traefik
# docker network create --driver=overlay gitlabāĻ¤āĻžāĻ°āĻĒāĻ°ā§ āĻāĻŽāĻ°āĻž āĻ¸āĻžāĻ°ā§āĻāĻžāĻ°āĻā§āĻ˛āĻŋ āĻāĻŋāĻšā§āĻ¨āĻŋāĻ¤ āĻāĻ°āĻŋ, āĻ¸āĻžāĻ°ā§āĻāĻžāĻ°āĻā§āĻ˛āĻŋāĻ¤ā§ āĻāĻŋāĻā§ āĻĒāĻ°āĻŋāĻˇā§āĻŦāĻž āĻāĻŦāĻĻā§āĻ§ āĻāĻ°āĻžāĻ° āĻāĻ¨ā§āĻ¯ āĻāĻāĻŋ āĻĒā§āĻ°āĻ¯āĻŧā§āĻāĻ¨ā§āĻ¯āĻŧ:
# docker node update --label-add nodename=node1 node1
# docker node update --label-add nodename=node2 node2
# docker node update --label-add nodename=node3 node3āĻāĻ° āĻĒāĻ°ā§, āĻāĻŽāĻ°āĻž etcd āĻĄā§āĻāĻž āĻ¸āĻāĻ°āĻā§āĻˇāĻŖ āĻāĻ°āĻžāĻ° āĻāĻ¨ā§āĻ¯ āĻĄāĻŋāĻ°ā§āĻā§āĻāĻ°āĻŋ āĻ¤ā§āĻ°āĻŋ āĻāĻ°āĻŋ, āĻā§āĻāĻŋ āĻ¸ā§āĻā§āĻ°ā§āĻ āĻ¯āĻž Traefik āĻāĻŦāĻ Stolon āĻĒā§āĻ°āĻ¯āĻŧā§āĻāĻ¨āĨ¤ Postgresql āĻāĻ° āĻŽāĻ¤ā§, āĻāĻā§āĻ˛āĻŋ āĻ¸āĻžāĻ°ā§āĻāĻžāĻ°ā§āĻ° āĻ¸āĻžāĻĨā§ āĻāĻŦāĻĻā§āĻ§ āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ° āĻšāĻŦā§, āĻ¤āĻžāĻ āĻāĻŽāĻ°āĻž āĻ¸āĻŽāĻ¸ā§āĻ¤ āĻ¸āĻžāĻ°ā§āĻāĻžāĻ°ā§ āĻāĻ āĻāĻŽāĻžāĻ¨ā§āĻĄāĻāĻŋ āĻāĻžāĻ°ā§āĻ¯āĻāĻ° āĻāĻ°āĻŋ:
# mkdir -p /srv/etcdāĻāĻ° āĻĒāĻ°ā§, etcd āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ° āĻāĻ°āĻžāĻ° āĻāĻ¨ā§āĻ¯ āĻāĻāĻāĻŋ āĻĢāĻžāĻāĻ˛ āĻ¤ā§āĻ°āĻŋ āĻāĻ°ā§āĻ¨ āĻāĻŦāĻ āĻāĻāĻŋ āĻĒā§āĻ°āĻ¯āĻŧā§āĻ āĻāĻ°ā§āĻ¨:
00etcd.yml
version: '3.7'
services:
etcd1:
image: quay.io/coreos/etcd:latest
hostname: etcd1
command:
- etcd
- --name=etcd1
- --data-dir=/data.etcd
- --advertise-client-urls=http://etcd1:2379
- --listen-client-urls=http://0.0.0.0:2379
- --initial-advertise-peer-urls=http://etcd1:2380
- --listen-peer-urls=http://0.0.0.0:2380
- --initial-cluster=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380
- --initial-cluster-state=new
- --initial-cluster-token=etcd-cluster
networks:
- etcd
volumes:
- etcd1vol:/data.etcd
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node1]
etcd2:
image: quay.io/coreos/etcd:latest
hostname: etcd2
command:
- etcd
- --name=etcd2
- --data-dir=/data.etcd
- --advertise-client-urls=http://etcd2:2379
- --listen-client-urls=http://0.0.0.0:2379
- --initial-advertise-peer-urls=http://etcd2:2380
- --listen-peer-urls=http://0.0.0.0:2380
- --initial-cluster=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380
- --initial-cluster-state=new
- --initial-cluster-token=etcd-cluster
networks:
- etcd
volumes:
- etcd2vol:/data.etcd
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node2]
etcd3:
image: quay.io/coreos/etcd:latest
hostname: etcd3
command:
- etcd
- --name=etcd3
- --data-dir=/data.etcd
- --advertise-client-urls=http://etcd3:2379
- --listen-client-urls=http://0.0.0.0:2379
- --initial-advertise-peer-urls=http://etcd3:2380
- --listen-peer-urls=http://0.0.0.0:2380
- --initial-cluster=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380
- --initial-cluster-state=new
- --initial-cluster-token=etcd-cluster
networks:
- etcd
volumes:
- etcd3vol:/data.etcd
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node3]
volumes:
etcd1vol:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/etcd"
etcd2vol:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/etcd"
etcd3vol:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/etcd"
networks:
etcd:
external: true# docker stack deploy --compose-file 00etcd.yml etcdāĻāĻŋāĻā§āĻā§āĻˇāĻŖ āĻĒāĻ°ā§, āĻāĻŽāĻ°āĻž āĻĒāĻ°ā§āĻā§āĻˇāĻž āĻāĻ°āĻŋ āĻ¯ā§ etcd āĻā§āĻ˛āĻžāĻ¸ā§āĻāĻžāĻ° āĻŦā§āĻĄāĻŧā§āĻā§:
# docker exec $(docker ps | awk '/etcd/ {print $1}') etcdctl member list
ade526d28b1f92f7: name=etcd1 peerURLs=http://etcd1:2380 clientURLs=http://etcd1:2379 isLeader=false
bd388e7810915853: name=etcd3 peerURLs=http://etcd3:2380 clientURLs=http://etcd3:2379 isLeader=false
d282ac2ce600c1ce: name=etcd2 peerURLs=http://etcd2:2380 clientURLs=http://etcd2:2379 isLeader=true
# docker exec $(docker ps | awk '/etcd/ {print $1}') etcdctl cluster-health
member ade526d28b1f92f7 is healthy: got healthy result from http://etcd1:2379
member bd388e7810915853 is healthy: got healthy result from http://etcd3:2379
member d282ac2ce600c1ce is healthy: got healthy result from http://etcd2:2379
cluster is healthyPostgresql āĻāĻ° āĻāĻ¨ā§āĻ¯ āĻĄāĻŋāĻ°ā§āĻā§āĻāĻ°āĻŋ āĻ¤ā§āĻ°āĻŋ āĻāĻ°ā§āĻ¨, āĻ¸āĻŽāĻ¸ā§āĻ¤ āĻ¸āĻžāĻ°ā§āĻāĻžāĻ°ā§ āĻāĻŽāĻžāĻ¨ā§āĻĄ āĻāĻžāĻ˛āĻžāĻ¨:
# mkdir -p /srv/pgsqlāĻĒāĻ°āĻŦāĻ°ā§āĻ¤ā§, Postgresql āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ° āĻāĻ°āĻžāĻ° āĻāĻ¨ā§āĻ¯ āĻāĻāĻāĻŋ āĻĢāĻžāĻāĻ˛ āĻ¤ā§āĻ°āĻŋ āĻāĻ°ā§āĻ¨:
01pgsql.yml
version: '3.7'
services:
pgsentinel:
image: sorintlab/stolon:master-pg10
command:
- gosu
- stolon
- stolon-sentinel
- --cluster-name=stolon-cluster
- --store-backend=etcdv3
- --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
- --log-level=debug
networks:
- etcd
- pgsql
deploy:
replicas: 3
update_config:
parallelism: 1
delay: 30s
order: stop-first
failure_action: pause
pgkeeper1:
image: sorintlab/stolon:master-pg10
hostname: pgkeeper1
command:
- gosu
- stolon
- stolon-keeper
- --pg-listen-address=pgkeeper1
- --pg-repl-username=replica
- --uid=pgkeeper1
- --pg-su-username=postgres
- --pg-su-passwordfile=/run/secrets/pgsql
- --pg-repl-passwordfile=/run/secrets/pgsql_repl
- --data-dir=/var/lib/postgresql/data
- --cluster-name=stolon-cluster
- --store-backend=etcdv3
- --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
networks:
- etcd
- pgsql
environment:
- PGDATA=/var/lib/postgresql/data
volumes:
- pgkeeper1:/var/lib/postgresql/data
secrets:
- pgsql
- pgsql_repl
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node1]
pgkeeper2:
image: sorintlab/stolon:master-pg10
hostname: pgkeeper2
command:
- gosu
- stolon
- stolon-keeper
- --pg-listen-address=pgkeeper2
- --pg-repl-username=replica
- --uid=pgkeeper2
- --pg-su-username=postgres
- --pg-su-passwordfile=/run/secrets/pgsql
- --pg-repl-passwordfile=/run/secrets/pgsql_repl
- --data-dir=/var/lib/postgresql/data
- --cluster-name=stolon-cluster
- --store-backend=etcdv3
- --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
networks:
- etcd
- pgsql
environment:
- PGDATA=/var/lib/postgresql/data
volumes:
- pgkeeper2:/var/lib/postgresql/data
secrets:
- pgsql
- pgsql_repl
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node2]
pgkeeper3:
image: sorintlab/stolon:master-pg10
hostname: pgkeeper3
command:
- gosu
- stolon
- stolon-keeper
- --pg-listen-address=pgkeeper3
- --pg-repl-username=replica
- --uid=pgkeeper3
- --pg-su-username=postgres
- --pg-su-passwordfile=/run/secrets/pgsql
- --pg-repl-passwordfile=/run/secrets/pgsql_repl
- --data-dir=/var/lib/postgresql/data
- --cluster-name=stolon-cluster
- --store-backend=etcdv3
- --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
networks:
- etcd
- pgsql
environment:
- PGDATA=/var/lib/postgresql/data
volumes:
- pgkeeper3:/var/lib/postgresql/data
secrets:
- pgsql
- pgsql_repl
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node3]
postgresql:
image: sorintlab/stolon:master-pg10
command: gosu stolon stolon-proxy --listen-address 0.0.0.0 --cluster-name stolon-cluster --store-backend=etcdv3 --store-endpoints http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
networks:
- etcd
- pgsql
deploy:
replicas: 3
update_config:
parallelism: 1
delay: 30s
order: stop-first
failure_action: rollback
volumes:
pgkeeper1:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/pgsql"
pgkeeper2:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/pgsql"
pgkeeper3:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/pgsql"
secrets:
pgsql:
file: "/srv/docker/postgres"
pgsql_repl:
file: "/srv/docker/replica"
networks:
etcd:
external: true
pgsql:
external: trueāĻāĻŽāĻ°āĻž āĻā§āĻĒāĻ¨ā§āĻ¯āĻŧāĻ¤āĻž āĻ¤ā§āĻ°āĻŋ āĻāĻ°āĻŋ, āĻĢāĻžāĻāĻ˛āĻāĻŋ āĻĒā§āĻ°āĻ¯āĻŧā§āĻ āĻāĻ°āĻŋ:
# </dev/urandom tr -dc 234567890qwertyuopasdfghjkzxcvbnmQWERTYUPASDFGHKLZXCVBNM | head -c $(((RANDOM%3)+15)) > /srv/docker/replica
# </dev/urandom tr -dc 234567890qwertyuopasdfghjkzxcvbnmQWERTYUPASDFGHKLZXCVBNM | head -c $(((RANDOM%3)+15)) > /srv/docker/postgres
# docker stack deploy --compose-file 01pgsql.yml pgsqlāĻāĻŋāĻā§ āĻ¸āĻŽāĻ¯āĻŧ āĻĒāĻ°ā§ (āĻāĻŽāĻžāĻ¨ā§āĻĄā§āĻ° āĻāĻāĻāĻĒā§āĻ āĻĻā§āĻā§āĻ¨ āĻĄāĻāĻžāĻ° āĻĒāĻ°āĻŋāĻˇā§āĻŦāĻž lsāĻ¯ā§ āĻ¸āĻŽāĻ¸ā§āĻ¤ āĻĒāĻ°āĻŋāĻˇā§āĻŦāĻž āĻŦā§āĻĄāĻŧā§āĻā§) Postgresql āĻā§āĻ˛āĻžāĻ¸ā§āĻāĻžāĻ° āĻļā§āĻ°ā§ āĻāĻ°ā§āĻ¨:
# docker exec $(docker ps | awk '/pgkeeper/ {print $1}') stolonctl --cluster-name=stolon-cluster --store-backend=etcdv3 --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379 initPostgresql āĻā§āĻ˛āĻžāĻ¸ā§āĻāĻžāĻ°ā§āĻ° āĻĒā§āĻ°āĻ¸ā§āĻ¤ā§āĻ¤āĻŋ āĻĒāĻ°ā§āĻā§āĻˇāĻž āĻāĻ°āĻž āĻšāĻā§āĻā§:
# docker exec $(docker ps | awk '/pgkeeper/ {print $1}') stolonctl --cluster-name=stolon-cluster --store-backend=etcdv3 --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379 status
=== Active sentinels ===
ID LEADER
26baa11d false
74e98768 false
a8cb002b true
=== Active proxies ===
ID
4d233826
9f562f3b
b0c79ff1
=== Keepers ===
UID HEALTHY PG LISTENADDRESS PG HEALTHY PG WANTEDGENERATION PG CURRENTGENERATION
pgkeeper1 true pgkeeper1:5432 true 2 2
pgkeeper2 true pgkeeper2:5432 true 2 2
pgkeeper3 true pgkeeper3:5432 true 3 3
=== Cluster Info ===
Master Keeper: pgkeeper3
===== Keepers/DB tree =====
pgkeeper3 (master)
ââpgkeeper2
ââpgkeeper1
āĻāĻŽāĻ°āĻž āĻŦāĻžāĻāĻ°ā§ āĻĨā§āĻā§ āĻĒāĻžāĻ¤ā§āĻ°ā§ āĻ ā§āĻ¯āĻžāĻā§āĻ¸ā§āĻ¸ āĻā§āĻ˛āĻ¤ā§ āĻā§āĻ°āĻžāĻĢāĻŋāĻ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ° āĻāĻ°āĻŋ:
03traefik.yml
version: '3.7'
services:
traefik:
image: traefik:latest
command: >
--log.level=INFO
--providers.docker=true
--entryPoints.web.address=:80
--providers.providersThrottleDuration=2
--providers.docker.watch=true
--providers.docker.swarmMode=true
--providers.docker.swarmModeRefreshSeconds=15s
--providers.docker.exposedbydefault=false
--accessLog.bufferingSize=0
--api=true
--api.dashboard=true
--api.insecure=true
networks:
- traefik
ports:
- 80:80
volumes:
- /var/run/docker.sock:/var/run/docker.sock
deploy:
replicas: 3
placement:
constraints:
- node.role == manager
preferences:
- spread: node.id
labels:
- traefik.enable=true
- traefik.http.routers.traefik.rule=Host(`traefik.example.com`)
- traefik.http.services.traefik.loadbalancer.server.port=8080
- traefik.docker.network=traefik
networks:
traefik:
external: true# docker stack deploy --compose-file 03traefik.yml traefikāĻāĻŽāĻ°āĻž āĻ°ā§āĻĄāĻŋāĻ¸ āĻā§āĻ˛āĻžāĻ¸ā§āĻāĻžāĻ° āĻļā§āĻ°ā§ āĻāĻ°āĻŋ, āĻāĻ° āĻāĻ¨ā§āĻ¯ āĻāĻŽāĻ°āĻž āĻ¸āĻŽāĻ¸ā§āĻ¤ āĻ¨ā§āĻĄā§ āĻāĻāĻāĻŋ āĻ¸ā§āĻā§āĻ°ā§āĻ āĻĄāĻŋāĻ°ā§āĻā§āĻāĻ°āĻŋ āĻ¤ā§āĻ°āĻŋ āĻāĻ°āĻŋ:
# mkdir -p /srv/redis05redis.yml
version: '3.7'
services:
redis-master:
image: 'bitnami/redis:latest'
networks:
- redis
ports:
- '6379:6379'
environment:
- REDIS_REPLICATION_MODE=master
- REDIS_PASSWORD=xxxxxxxxxxx
deploy:
mode: global
restart_policy:
condition: any
volumes:
- 'redis:/opt/bitnami/redis/etc/'
redis-replica:
image: 'bitnami/redis:latest'
networks:
- redis
ports:
- '6379'
depends_on:
- redis-master
environment:
- REDIS_REPLICATION_MODE=slave
- REDIS_MASTER_HOST=redis-master
- REDIS_MASTER_PORT_NUMBER=6379
- REDIS_MASTER_PASSWORD=xxxxxxxxxxx
- REDIS_PASSWORD=xxxxxxxxxxx
deploy:
mode: replicated
replicas: 3
update_config:
parallelism: 1
delay: 10s
restart_policy:
condition: any
redis-sentinel:
image: 'bitnami/redis:latest'
networks:
- redis
ports:
- '16379'
depends_on:
- redis-master
- redis-replica
entrypoint: |
bash -c 'bash -s <<EOF
"/bin/bash" -c "cat <<EOF > /opt/bitnami/redis/etc/sentinel.conf
port 16379
dir /tmp
sentinel monitor master-node redis-master 6379 2
sentinel down-after-milliseconds master-node 5000
sentinel parallel-syncs master-node 1
sentinel failover-timeout master-node 5000
sentinel auth-pass master-node xxxxxxxxxxx
sentinel announce-ip redis-sentinel
sentinel announce-port 16379
EOF"
"/bin/bash" -c "redis-sentinel /opt/bitnami/redis/etc/sentinel.conf"
EOF'
deploy:
mode: global
restart_policy:
condition: any
volumes:
redis:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: "/srv/redis"
networks:
redis:
external: true# docker stack deploy --compose-file 05redis.yml redisāĻĄāĻāĻžāĻ° āĻ°ā§āĻāĻŋāĻ¸ā§āĻā§āĻ°āĻŋ āĻ¯ā§āĻ āĻāĻ°ā§āĻ¨:
06registry.yml
version: '3.7'
services:
registry:
image: registry:2.6
networks:
- traefik
volumes:
- registry_data:/var/lib/registry
deploy:
replicas: 1
placement:
constraints: [node.role == manager]
restart_policy:
condition: on-failure
labels:
- traefik.enable=true
- traefik.http.routers.registry.rule=Host(`registry.example.com`)
- traefik.http.services.registry.loadbalancer.server.port=5000
- traefik.docker.network=traefik
volumes:
registry_data:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/registry"
networks:
traefik:
external: true# mkdir /srv/docker/registry
# docker stack deploy --compose-file 06registry.yml registryāĻāĻŦāĻ āĻ āĻŦāĻļā§āĻˇā§ - āĻāĻŋāĻāĻ˛ā§āĻ¯āĻžāĻŦ:
08gitlab-runner.yml
version: '3.7'
services:
gitlab:
image: gitlab/gitlab-ce:latest
networks:
- pgsql
- redis
- traefik
- gitlab
ports:
- 22222:22
environment:
GITLAB_OMNIBUS_CONFIG: |
postgresql['enable'] = false
redis['enable'] = false
gitlab_rails['registry_enabled'] = false
gitlab_rails['db_username'] = "gitlab"
gitlab_rails['db_password'] = "XXXXXXXXXXX"
gitlab_rails['db_host'] = "postgresql"
gitlab_rails['db_port'] = "5432"
gitlab_rails['db_database'] = "gitlab"
gitlab_rails['db_adapter'] = 'postgresql'
gitlab_rails['db_encoding'] = 'utf8'
gitlab_rails['redis_host'] = 'redis-master'
gitlab_rails['redis_port'] = '6379'
gitlab_rails['redis_password'] = 'xxxxxxxxxxx'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.yandex.ru"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "noreply@example.com"
gitlab_rails['smtp_password'] = "xxxxxxxxx"
gitlab_rails['smtp_domain'] = "example.com"
gitlab_rails['gitlab_email_from'] = 'noreply@example.com'
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_tls'] = true
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
external_url 'http://gitlab.example.com/'
gitlab_rails['gitlab_shell_ssh_port'] = 22222
volumes:
- gitlab_conf:/etc/gitlab
- gitlab_logs:/var/log/gitlab
- gitlab_data:/var/opt/gitlab
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.role == manager
labels:
- traefik.enable=true
- traefik.http.routers.gitlab.rule=Host(`gitlab.example.com`)
- traefik.http.services.gitlab.loadbalancer.server.port=80
- traefik.docker.network=traefik
gitlab-runner:
image: gitlab/gitlab-runner:latest
networks:
- gitlab
volumes:
- gitlab_runner_conf:/etc/gitlab
- /var/run/docker.sock:/var/run/docker.sock
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
gitlab_conf:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/gitlab/conf"
gitlab_logs:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/gitlab/logs"
gitlab_data:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/gitlab/data"
gitlab_runner_conf:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/gitlab/runner"
networks:
pgsql:
external: true
redis:
external: true
traefik:
external: true
gitlab:
external: true# mkdir -p /srv/docker/gitlab/conf
# mkdir -p /srv/docker/gitlab/logs
# mkdir -p /srv/docker/gitlab/data
# mkdir -p /srv/docker/gitlab/runner
# docker stack deploy --compose-file 08gitlab-runner.yml gitlabāĻā§āĻ˛āĻžāĻ¸ā§āĻāĻžāĻ° āĻāĻŦāĻ āĻĒāĻ°āĻŋāĻˇā§āĻŦāĻžāĻā§āĻ˛āĻŋāĻ° āĻā§āĻĄāĻŧāĻžāĻ¨ā§āĻ¤ āĻ āĻŦāĻ¸ā§āĻĨāĻž:
# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
lef9n3m92buq etcd_etcd1 replicated 1/1 quay.io/coreos/etcd:latest
ij6uyyo792x5 etcd_etcd2 replicated 1/1 quay.io/coreos/etcd:latest
fqttqpjgp6pp etcd_etcd3 replicated 1/1 quay.io/coreos/etcd:latest
hq5iyga28w33 gitlab_gitlab replicated 1/1 gitlab/gitlab-ce:latest *:22222->22/tcp
dt7s6vs0q4qc gitlab_gitlab-runner replicated 1/1 gitlab/gitlab-runner:latest
k7uoezno0h9n pgsql_pgkeeper1 replicated 1/1 sorintlab/stolon:master-pg10
cnrwul4r4nse pgsql_pgkeeper2 replicated 1/1 sorintlab/stolon:master-pg10
frflfnpty7tr pgsql_pgkeeper3 replicated 1/1 sorintlab/stolon:master-pg10
x7pqqchi52kq pgsql_pgsentinel replicated 3/3 sorintlab/stolon:master-pg10
mwu2wl8fti4r pgsql_postgresql replicated 3/3 sorintlab/stolon:master-pg10
9hkbe2vksbzb redis_redis-master global 3/3 bitnami/redis:latest *:6379->6379/tcp
l88zn8cla7dc redis_redis-replica replicated 3/3 bitnami/redis:latest *:30003->6379/tcp
1utp309xfmsy redis_redis-sentinel global 3/3 bitnami/redis:latest *:30002->16379/tcp
oteb824ylhyp registry_registry replicated 1/1 registry:2.6
qovrah8nzzu8 traefik_traefik replicated 3/3 traefik:latest *:80->80/tcp, *:443->443/tcpāĻāĻ° āĻāĻŋ āĻāĻ¨ā§āĻ¨āĻ¤āĻŋ āĻāĻ°āĻž āĻ¯āĻžāĻ¯āĻŧ? https āĻĒāĻžāĻ¤ā§āĻ°ā§ āĻāĻžāĻ āĻāĻ°āĻžāĻ° āĻāĻ¨ā§āĻ¯ Traefik āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ° āĻāĻ°āĻ¤ā§ āĻā§āĻ˛āĻŦā§āĻ¨ āĻ¨āĻž, Postgresql āĻāĻŦāĻ Redis āĻāĻ° āĻāĻ¨ā§āĻ¯ tls āĻāĻ¨āĻā§āĻ°āĻŋāĻĒāĻļāĻ¨ āĻ¯ā§āĻ āĻāĻ°ā§āĻ¨āĨ¤ āĻāĻŋāĻ¨ā§āĻ¤ā§ āĻ¸āĻžāĻ§āĻžāĻ°āĻŖāĻāĻžāĻŦā§, āĻāĻĒāĻ¨āĻŋ āĻāĻ¤āĻŋāĻŽāĻ§ā§āĻ¯ā§āĻ āĻāĻāĻŋ āĻŦāĻŋāĻāĻžāĻļāĻāĻžāĻ°ā§āĻĻā§āĻ° āĻāĻāĻāĻŋ PoC āĻšāĻŋāĻ¸āĻžāĻŦā§ āĻĻāĻŋāĻ¤ā§ āĻĒāĻžāĻ°ā§āĻ¨āĨ¤ āĻāĻ¸ā§āĻ¨ āĻāĻāĻ¨ āĻĄāĻāĻžāĻ°ā§āĻ° āĻŦāĻŋāĻāĻ˛ā§āĻĒāĻā§āĻ˛āĻŋ āĻĻā§āĻāĻŋāĨ¤
āĻĒā§āĻĄāĻŽā§āĻ¯āĻžāĻ¨
āĻĒāĻĄ āĻĻā§āĻŦāĻžāĻ°āĻž āĻā§āĻˇā§āĻ ā§āĻŦāĻĻā§āĻ§ āĻĒāĻžāĻ¤ā§āĻ°ā§ āĻāĻžāĻ˛āĻžāĻ¨ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻāĻ°ā§āĻāĻāĻŋ āĻŽā§āĻāĻžāĻŽā§āĻāĻŋ āĻ¸ā§āĻĒāĻ°āĻŋāĻāĻŋāĻ¤ āĻāĻā§āĻāĻŋāĻ¨ (āĻĒāĻĄ, āĻāĻāĻ¤ā§āĻ°ā§ āĻ¸ā§āĻĨāĻžāĻĒāĻ¨ āĻāĻ°āĻž āĻĒāĻžāĻ¤ā§āĻ°ā§āĻ° āĻĻāĻ˛)āĨ¤ āĻĄāĻāĻžāĻ°ā§āĻ° āĻŦāĻŋāĻĒāĻ°ā§āĻ¤ā§, āĻĒāĻžāĻ¤ā§āĻ°ā§ āĻāĻžāĻ˛āĻžāĻ¨ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻā§āĻ¨āĻ āĻĒāĻ°āĻŋāĻˇā§āĻŦāĻžāĻ° āĻĒā§āĻ°āĻ¯āĻŧā§āĻāĻ¨ āĻšāĻ¯āĻŧ āĻ¨āĻž, āĻ¸āĻŽāĻ¸ā§āĻ¤ āĻāĻžāĻ āĻ˛āĻŋāĻŦāĻĒāĻĄ āĻ˛āĻžāĻāĻŦā§āĻ°ā§āĻ°āĻŋāĻ° āĻŽāĻžāĻ§ā§āĻ¯āĻŽā§ āĻāĻ°āĻž āĻšāĻ¯āĻŧāĨ¤ āĻāĻāĻžāĻĄāĻŧāĻžāĻ Go-āĻ¤ā§ āĻ˛ā§āĻāĻž, runC-āĻāĻ° āĻŽāĻ¤ā§ āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ° āĻāĻžāĻ˛āĻžāĻ¨ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻāĻāĻāĻŋ OCI āĻāĻŽāĻĒā§āĻ˛āĻžāĻ¯āĻŧā§āĻ¨ā§āĻ āĻ°āĻžāĻ¨āĻāĻžāĻāĻŽ āĻĒā§āĻ°āĻ¯āĻŧā§āĻāĻ¨āĨ¤
āĻ¸āĻžāĻ§āĻžāĻ°āĻŖāĻāĻžāĻŦā§ āĻĒāĻĄāĻŽā§āĻ¯āĻžāĻ¨ā§āĻ° āĻ¸āĻžāĻĨā§ āĻāĻžāĻ āĻāĻ°āĻž āĻĄāĻāĻžāĻ°ā§āĻ° āĻ¸āĻžāĻĨā§ āĻ¸āĻžāĻĻā§āĻļā§āĻ¯āĻĒā§āĻ°ā§āĻŖ, āĻ¯ā§ āĻĒāĻ°āĻŋāĻŽāĻžāĻŖā§ āĻāĻĒāĻ¨āĻŋ āĻāĻāĻŋ āĻāĻ°āĻ¤ā§ āĻĒāĻžāĻ°ā§āĻ¨ (āĻāĻ āĻ¨āĻŋāĻŦāĻ¨ā§āĻ§ā§āĻ° āĻ˛ā§āĻāĻ āĻ¸āĻš āĻ āĻ¨ā§āĻā§āĻ āĻāĻāĻŋ āĻā§āĻˇā§āĻāĻž āĻāĻ°ā§āĻā§āĻ¨ āĻŦāĻ˛ā§ āĻĻāĻžāĻŦāĻŋ āĻāĻ°ā§āĻā§āĻ¨):
$ alias docker=podmanāĻāĻŦāĻ āĻāĻĒāĻ¨āĻŋ āĻāĻžāĻ āĻāĻžāĻ˛āĻŋāĻ¯āĻŧā§ āĻ¯ā§āĻ¤ā§ āĻĒāĻžāĻ°ā§āĻ¨āĨ¤ āĻ¸āĻžāĻ§āĻžāĻ°āĻŖāĻāĻžāĻŦā§, āĻĒāĻĄāĻŽā§āĻ¯āĻžāĻ¨ā§āĻ° āĻĒāĻ°āĻŋāĻ¸ā§āĻĨāĻŋāĻ¤āĻŋ āĻā§āĻŦāĻ āĻāĻāĻ°ā§āĻˇāĻŖā§āĻ¯āĻŧ, āĻāĻžāĻ°āĻŖ āĻā§āĻŦāĻžāĻ°āĻ¨ā§āĻāĻ¸ā§āĻ° āĻĒā§āĻ°āĻžāĻĨāĻŽāĻŋāĻ āĻ¸āĻāĻ¸ā§āĻāĻ°āĻŖāĻā§āĻ˛āĻŋ āĻ¯āĻĻāĻŋ āĻĄāĻāĻžāĻ°ā§āĻ° āĻ¸āĻžāĻĨā§ āĻāĻžāĻ āĻāĻ°ā§, āĻ¤āĻžāĻšāĻ˛ā§ āĻĒā§āĻ°āĻžāĻ¯āĻŧ 2015 āĻ¸āĻžāĻ˛ āĻĨā§āĻā§, āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ° āĻāĻ¯āĻŧāĻžāĻ°ā§āĻ˛ā§āĻĄāĻā§ āĻ¸ā§āĻā§āĻ¯āĻžāĻ¨ā§āĻĄāĻžāĻ°ā§āĻĄāĻžāĻāĻ āĻāĻ°āĻžāĻ° āĻĒāĻ° (āĻāĻ¸āĻŋāĻāĻ - āĻāĻĒā§āĻ¨ āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ° āĻāĻ¨āĻŋāĻļāĻŋāĻ¯āĻŧā§āĻāĻŋāĻ) āĻāĻŦāĻ āĻĄāĻāĻžāĻ°āĻā§ āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ°āĻĄ āĻāĻŦāĻ āĻ°āĻžāĻ¨āĻ¸āĻŋ-āĻ¤ā§ āĻŦāĻŋāĻāĻā§āĻ¤ āĻāĻ°āĻžāĻ° āĻĒāĻ°, āĻāĻāĻāĻŋ āĻŦāĻŋāĻāĻ˛ā§āĻĒ āĻā§āĻŦāĻžāĻ°āĻ¨ā§āĻā§ āĻāĻžāĻ˛āĻžāĻ¨ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻĄāĻāĻžāĻ° āĻ¤ā§āĻ°āĻŋ āĻāĻ°āĻž āĻšāĻā§āĻā§: CRI-OāĨ¤ āĻāĻ āĻŦāĻŋāĻˇāĻ¯āĻŧā§ āĻĒāĻĄāĻŽā§āĻ¯āĻžāĻ¨ āĻšāĻ˛ āĻĄāĻāĻžāĻ°ā§āĻ° āĻŦāĻŋāĻāĻ˛ā§āĻĒ, āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ° āĻā§āĻ°ā§āĻĒāĻŋāĻ āĻ¸āĻš āĻā§āĻŦāĻžāĻ°āĻ¨ā§āĻāĻ¸ā§āĻ° āĻ¨ā§āĻ¤āĻŋāĻ° āĻāĻĒāĻ° āĻ¨āĻŋāĻ°ā§āĻŽāĻŋāĻ¤, āĻāĻŋāĻ¨ā§āĻ¤ā§ āĻĒā§āĻ°āĻāĻ˛ā§āĻĒā§āĻ° āĻŽā§āĻ˛ āĻ˛āĻā§āĻˇā§āĻ¯ āĻšāĻ˛ āĻ āĻ¤āĻŋāĻ°āĻŋāĻā§āĻ¤ āĻĒāĻ°āĻŋāĻˇā§āĻŦāĻž āĻāĻžāĻĄāĻŧāĻžāĻ āĻĄāĻāĻžāĻ°-āĻ¸ā§āĻāĻžāĻāĻ˛ā§āĻ° āĻĒāĻžāĻ¤ā§āĻ° āĻāĻžāĻ˛āĻžāĻ¨ā§āĨ¤ āĻ¸ā§āĻ¸ā§āĻĒāĻˇā§āĻ āĻāĻžāĻ°āĻŖā§, āĻā§āĻ¨āĻ āĻāĻžāĻāĻ āĻŽā§āĻĄ āĻ¨ā§āĻ, āĻ¯ā§āĻšā§āĻ¤ā§ āĻŦāĻŋāĻāĻžāĻļāĻāĻžāĻ°ā§āĻ°āĻž āĻ¸ā§āĻĒāĻˇā§āĻāĻāĻžāĻŦā§ āĻŦāĻ˛ā§ āĻ¯ā§ āĻāĻĒāĻ¨āĻžāĻ° āĻ¯āĻĻāĻŋ āĻā§āĻ˛āĻžāĻ¸ā§āĻāĻžāĻ°ā§āĻ° āĻĒā§āĻ°āĻ¯āĻŧā§āĻāĻ¨ āĻšāĻ¯āĻŧ āĻ¤āĻŦā§ āĻā§āĻŦāĻžāĻ°āĻ¨ā§āĻāĻ¸ āĻ¨āĻŋāĻ¨āĨ¤
āĻŦāĻŋāĻ¨ā§āĻ¯āĻžāĻ¸
āĻāĻ¨āĻ¸ā§āĻāĻ˛ā§āĻļāĻ¨ā§āĻ° āĻāĻ¨ā§āĻ¯ Centos ā§, āĻļā§āĻ§ā§ āĻāĻā§āĻ¸āĻā§āĻ°āĻžāĻ¸ āĻ°āĻŋāĻĒā§āĻāĻŋāĻāĻ°āĻŋāĻāĻŋ āĻ¸āĻā§āĻ°āĻŋāĻ¯āĻŧ āĻāĻ°ā§āĻ¨ āĻāĻŦāĻ āĻ¤āĻžāĻ°āĻĒāĻ°ā§ āĻāĻ āĻāĻŽāĻžāĻ¨ā§āĻĄāĻāĻŋ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°ā§ āĻ¸āĻŦāĻāĻŋāĻā§ āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°ā§āĻ¨:
# yum -y install podmanāĻ āĻ¨ā§āĻ¯āĻžāĻ¨ā§āĻ¯ āĻŦā§āĻļāĻŋāĻˇā§āĻā§āĻ¯
āĻĒāĻĄāĻŽā§āĻ¯āĻžāĻ¨ āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽāĻĄā§āĻ° āĻāĻ¨ā§āĻ¯ āĻāĻāĻ¨āĻŋāĻ āĻ¤ā§āĻ°āĻŋ āĻāĻ°āĻ¤ā§ āĻĒāĻžāĻ°ā§, āĻāĻāĻāĻžāĻŦā§ āĻ¸āĻžāĻ°ā§āĻāĻžāĻ° āĻ°āĻŋāĻŦā§āĻ āĻāĻ°āĻžāĻ° āĻĒāĻ°ā§ āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ° āĻļā§āĻ°ā§ āĻāĻ°āĻžāĻ° āĻ¸āĻŽāĻ¸ā§āĻ¯āĻž āĻ¸āĻŽāĻžāĻ§āĻžāĻ¨ āĻāĻ°ā§āĨ¤ āĻ āĻ¤āĻŋāĻ°āĻŋāĻā§āĻ¤āĻāĻžāĻŦā§, systemd āĻā§ āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ°ā§ pid 1 āĻšāĻŋāĻ¸āĻžāĻŦā§ āĻ¸āĻ āĻŋāĻāĻāĻžāĻŦā§ āĻāĻžāĻ āĻāĻ°āĻžāĻ° āĻāĻ¨ā§āĻ¯ āĻā§āĻˇāĻŖāĻž āĻāĻ°āĻž āĻšāĻ¯āĻŧā§āĻā§āĨ¤ āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ° āĻ¤ā§āĻ°āĻŋ āĻāĻ°āĻžāĻ° āĻāĻ¨ā§āĻ¯, āĻāĻāĻāĻŋ āĻĒā§āĻĨāĻ āĻŦāĻŋāĻ˛ā§āĻĄāĻžāĻš āĻā§āĻ˛ āĻ°āĻ¯āĻŧā§āĻā§, āĻāĻāĻžāĻĄāĻŧāĻžāĻ āĻ°āĻ¯āĻŧā§āĻā§ āĻ¤ā§āĻ¤ā§āĻ¯āĻŧ-āĻĒāĻā§āĻˇā§āĻ° āĻ¸āĻ°āĻā§āĻāĻžāĻŽ - āĻĄāĻāĻžāĻ°-āĻāĻŽā§āĻĒā§āĻā§āĻ° āĻ ā§āĻ¯āĻžāĻ¨āĻžāĻ˛āĻāĻā§āĻ˛āĻŋ, āĻ¯āĻž āĻā§āĻŦāĻžāĻ°āĻ¨ā§āĻā§āĻ¸-āĻ¸āĻžāĻŽāĻā§āĻāĻ¸ā§āĻ¯āĻĒā§āĻ°ā§āĻŖ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨ āĻĢāĻžāĻāĻ˛āĻā§āĻ˛āĻŋāĻ āĻ¤ā§āĻ°āĻŋ āĻāĻ°ā§, āĻ¤āĻžāĻ āĻĒāĻĄāĻŽā§āĻ¯āĻžāĻ¨ āĻĨā§āĻā§ āĻā§āĻŦāĻžāĻ°āĻ¨ā§āĻāĻ¸ā§ āĻ°ā§āĻĒāĻžāĻ¨ā§āĻ¤āĻ° āĻ¯āĻ¤āĻāĻž āĻ¸āĻŽā§āĻāĻŦ āĻ¸āĻšāĻāĨ¤
āĻĒāĻĄāĻŽā§āĻ¯āĻžāĻ¨ā§āĻ° āĻ¸āĻžāĻĨā§ āĻāĻžāĻ āĻāĻ°āĻāĻŋ
āĻ¯ā§āĻšā§āĻ¤ā§ āĻā§āĻ¨ āĻāĻžāĻāĻ āĻŽā§āĻĄ āĻ¨ā§āĻ (āĻā§āĻ¨ āĻā§āĻ˛āĻžāĻ¸ā§āĻāĻžāĻ°ā§āĻ° āĻĒā§āĻ°āĻ¯āĻŧā§āĻāĻ¨ āĻšāĻ˛ā§ āĻāĻāĻŋ āĻā§āĻŦāĻžāĻ°āĻ¨ā§āĻā§ āĻ¸ā§āĻ¯ā§āĻāĻ āĻāĻ°āĻžāĻ° āĻāĻĨāĻž), āĻāĻŽāĻ°āĻž āĻāĻāĻŋāĻā§ āĻāĻ˛āĻžāĻĻāĻž āĻĒāĻžāĻ¤ā§āĻ°ā§ āĻāĻāĻ¤ā§āĻ° āĻāĻ°āĻŦāĨ¤
āĻĒāĻĄāĻŽā§āĻ¯āĻžāĻ¨-āĻāĻŽā§āĻĒā§āĻ āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°ā§āĻ¨:
# yum -y install python3-pip
# pip3 install podman-composeāĻĒāĻĄāĻŽā§āĻ¯āĻžāĻ¨ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻĒā§āĻ°āĻžāĻĒā§āĻ¤ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ° āĻĢāĻžāĻāĻ˛āĻāĻŋ āĻ¸āĻžāĻŽāĻžāĻ¨ā§āĻ¯ āĻāĻŋāĻ¨ā§āĻ¨, āĻ¯ā§āĻŽāĻ¨ āĻāĻŽāĻžāĻĻā§āĻ° āĻāĻāĻāĻŋ āĻĒā§āĻĨāĻ āĻāĻ˛āĻŋāĻāĻŽ āĻŦāĻŋāĻāĻžāĻ āĻ¸āĻ°āĻžāĻ¸āĻ°āĻŋ āĻĒāĻ°āĻŋāĻˇā§āĻŦāĻž āĻŦāĻŋāĻāĻžāĻā§ āĻ¸āĻ°āĻžāĻ¤ā§ āĻšāĻ¯āĻŧā§āĻāĻŋāĻ˛āĨ¤
gitlab-podman.yml
version: '3.7'
services:
gitlab:
image: gitlab/gitlab-ce:latest
hostname: gitlab.example.com
restart: unless-stopped
environment:
GITLAB_OMNIBUS_CONFIG: |
gitlab_rails['gitlab_shell_ssh_port'] = 22222
ports:
- "80:80"
- "22222:22"
volumes:
- /srv/podman/gitlab/conf:/etc/gitlab
- /srv/podman/gitlab/data:/var/opt/gitlab
- /srv/podman/gitlab/logs:/var/log/gitlab
networks:
- gitlab
gitlab-runner:
image: gitlab/gitlab-runner:alpine
restart: unless-stopped
depends_on:
- gitlab
volumes:
- /srv/podman/gitlab/runner:/etc/gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock
networks:
- gitlab
networks:
gitlab:# podman-compose -f gitlab-runner.yml -d upāĻāĻžāĻā§āĻ° āĻĢāĻ˛āĻžāĻĢāĻ˛:
# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
da53da946c01 docker.io/gitlab/gitlab-runner:alpine run --user=gitlab... About a minute ago Up About a minute ago 0.0.0.0:22222->22/tcp, 0.0.0.0:80->80/tcp root_gitlab-runner_1
781c0103c94a docker.io/gitlab/gitlab-ce:latest /assets/wrapper About a minute ago Up About a minute ago 0.0.0.0:22222->22/tcp, 0.0.0.0:80->80/tcp root_gitlab_1āĻāĻ˛ā§āĻ¨ āĻĻā§āĻāĻŋ āĻāĻāĻŋ systemd āĻāĻŦāĻ kubernetes-āĻāĻ° āĻāĻ¨ā§āĻ¯ āĻā§ āĻ¤ā§āĻ°āĻŋ āĻāĻ°āĻŦā§, āĻāĻ° āĻāĻ¨ā§āĻ¯ āĻāĻŽāĻžāĻĻā§āĻ° āĻĒāĻĄā§āĻ° āĻ¨āĻžāĻŽ āĻŦāĻž āĻāĻāĻĄāĻŋ āĻā§āĻāĻā§ āĻŦā§āĻ° āĻāĻ°āĻ¤ā§ āĻšāĻŦā§:
# podman pod ls
POD ID NAME STATUS CREATED # OF CONTAINERS INFRA ID
71fc2b2a5c63 root Running 11 minutes ago 3 db40ab8bf84bāĻā§āĻŦāĻžāĻ°āĻ¨ā§āĻāĻ¸:
# podman generate kube 71fc2b2a5c63
# Generation of Kubernetes YAML is still under development!
#
# Save the output of this file and use kubectl create -f to import
# it into Kubernetes.
#
# Created with podman-1.6.4
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: "2020-07-29T19:22:40Z"
labels:
app: root
name: root
spec:
containers:
- command:
- /assets/wrapper
env:
- name: PATH
value: /opt/gitlab/embedded/bin:/opt/gitlab/bin:/assets:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: TERM
value: xterm
- name: HOSTNAME
value: gitlab.example.com
- name: container
value: podman
- name: GITLAB_OMNIBUS_CONFIG
value: |
gitlab_rails['gitlab_shell_ssh_port'] = 22222
- name: LANG
value: C.UTF-8
image: docker.io/gitlab/gitlab-ce:latest
name: rootgitlab1
ports:
- containerPort: 22
hostPort: 22222
protocol: TCP
- containerPort: 80
hostPort: 80
protocol: TCP
resources: {}
securityContext:
allowPrivilegeEscalation: true
capabilities: {}
privileged: false
readOnlyRootFilesystem: false
volumeMounts:
- mountPath: /var/opt/gitlab
name: srv-podman-gitlab-data
- mountPath: /var/log/gitlab
name: srv-podman-gitlab-logs
- mountPath: /etc/gitlab
name: srv-podman-gitlab-conf
workingDir: /
- command:
- run
- --user=gitlab-runner
- --working-directory=/home/gitlab-runner
env:
- name: PATH
value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: TERM
value: xterm
- name: HOSTNAME
- name: container
value: podman
image: docker.io/gitlab/gitlab-runner:alpine
name: rootgitlab-runner1
resources: {}
securityContext:
allowPrivilegeEscalation: true
capabilities: {}
privileged: false
readOnlyRootFilesystem: false
volumeMounts:
- mountPath: /etc/gitlab-runner
name: srv-podman-gitlab-runner
- mountPath: /var/run/docker.sock
name: var-run-docker.sock
workingDir: /
volumes:
- hostPath:
path: /srv/podman/gitlab/runner
type: Directory
name: srv-podman-gitlab-runner
- hostPath:
path: /var/run/docker.sock
type: File
name: var-run-docker.sock
- hostPath:
path: /srv/podman/gitlab/data
type: Directory
name: srv-podman-gitlab-data
- hostPath:
path: /srv/podman/gitlab/logs
type: Directory
name: srv-podman-gitlab-logs
- hostPath:
path: /srv/podman/gitlab/conf
type: Directory
name: srv-podman-gitlab-conf
status: {}āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽāĻĄ:
# podman generate systemd 71fc2b2a5c63
# pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
# autogenerated by Podman 1.6.4
# Thu Jul 29 15:23:28 EDT 2020
[Unit]
Description=Podman pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
Documentation=man:podman-generate-systemd(1)
Requires=container-781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3.service container-da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864.service
Before=container-781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3.service container-da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864.service
[Service]
Restart=on-failure
ExecStart=/usr/bin/podman start db40ab8bf84bf35141159c26cb6e256b889c7a98c0418eee3c4aa683c14fccaa
ExecStop=/usr/bin/podman stop -t 10 db40ab8bf84bf35141159c26cb6e256b889c7a98c0418eee3c4aa683c14fccaa
KillMode=none
Type=forking
PIDFile=/var/run/containers/storage/overlay-containers/db40ab8bf84bf35141159c26cb6e256b889c7a98c0418eee3c4aa683c14fccaa/userdata/conmon.pid
[Install]
WantedBy=multi-user.target
# container-da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864.service
# autogenerated by Podman 1.6.4
# Thu Jul 29 15:23:28 EDT 2020
[Unit]
Description=Podman container-da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864.service
Documentation=man:podman-generate-systemd(1)
RefuseManualStart=yes
RefuseManualStop=yes
BindsTo=pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
After=pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
[Service]
Restart=on-failure
ExecStart=/usr/bin/podman start da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864
ExecStop=/usr/bin/podman stop -t 10 da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864
KillMode=none
Type=forking
PIDFile=/var/run/containers/storage/overlay-containers/da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864/userdata/conmon.pid
[Install]
WantedBy=multi-user.target
# container-781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3.service
# autogenerated by Podman 1.6.4
# Thu Jul 29 15:23:28 EDT 2020
[Unit]
Description=Podman container-781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3.service
Documentation=man:podman-generate-systemd(1)
RefuseManualStart=yes
RefuseManualStop=yes
BindsTo=pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
After=pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
[Service]
Restart=on-failure
ExecStart=/usr/bin/podman start 781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3
ExecStop=/usr/bin/podman stop -t 10 781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3
KillMode=none
Type=forking
PIDFile=/var/run/containers/storage/overlay-containers/781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3/userdata/conmon.pid
[Install]
WantedBy=multi-user.targetāĻĻā§āĻ°ā§āĻāĻžāĻā§āĻ¯āĻŦāĻļāĻ¤, āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ° āĻāĻžāĻ˛ā§ āĻāĻ°āĻž āĻāĻžāĻĄāĻŧāĻžāĻ, āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽāĻĄā§āĻ° āĻāĻ¨ā§āĻ¯ āĻāĻ¤ā§āĻĒāĻ¨ā§āĻ¨ āĻāĻāĻ¨āĻŋāĻ āĻ āĻ¨ā§āĻ¯ āĻāĻŋāĻā§ āĻāĻ°ā§ āĻ¨āĻž (āĻāĻĻāĻžāĻšāĻ°āĻŖāĻ¸ā§āĻŦāĻ°ā§āĻĒ, āĻāĻ āĻ§āĻ°āĻ¨ā§āĻ° āĻĒāĻ°āĻŋāĻˇā§āĻŦāĻž āĻĒā§āĻ¨āĻ°āĻžāĻ¯āĻŧ āĻāĻžāĻ˛ā§ āĻšāĻ˛ā§ āĻĒā§āĻ°āĻžāĻ¨ā§ āĻĒāĻžāĻ¤ā§āĻ° āĻĒāĻ°āĻŋāĻˇā§āĻāĻžāĻ° āĻāĻ°āĻž), āĻ¤āĻžāĻ āĻāĻĒāĻ¨āĻžāĻā§ āĻāĻ āĻ§āĻ°āĻ¨ā§āĻ° āĻāĻŋāĻ¨āĻŋāĻ¸āĻā§āĻ˛āĻŋ āĻ¨āĻŋāĻā§āĻā§ āĻ¯ā§āĻ āĻāĻ°āĻ¤ā§ āĻšāĻŦā§āĨ¤
āĻ¨ā§āĻ¤āĻŋāĻāĻ¤āĻāĻžāĻŦā§, āĻāĻ¨ā§āĻā§āĻāĻ¨āĻžāĻ°āĻā§āĻ˛āĻŋ āĻā§ āĻ¤āĻž āĻā§āĻˇā§āĻāĻž āĻāĻ°āĻžāĻ° āĻāĻ¨ā§āĻ¯ āĻĒāĻĄāĻŽā§āĻ¯āĻžāĻ¨ āĻ¯āĻĨā§āĻˇā§āĻ, āĻĄāĻāĻžāĻ°-āĻāĻŽā§āĻĒā§āĻā§āĻ° āĻāĻ¨ā§āĻ¯ āĻĒā§āĻ°āĻžāĻ¨ā§ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨āĻā§āĻ˛āĻŋ āĻ¸ā§āĻĨāĻžāĻ¨āĻžāĻ¨ā§āĻ¤āĻ° āĻāĻ°ā§āĻ¨ āĻāĻŦāĻ āĻ¤āĻžāĻ°āĻĒāĻ°ā§ āĻā§āĻŦāĻžāĻ°āĻ¨ā§āĻāĻ¸ā§āĻ° āĻĻāĻŋāĻā§ āĻ¯āĻžāĻ¨, āĻ¯āĻĻāĻŋ āĻĒā§āĻ°āĻ¯āĻŧā§āĻāĻ¨ āĻšāĻ¯āĻŧ, āĻāĻāĻāĻŋ āĻā§āĻ˛āĻžāĻ¸ā§āĻāĻžāĻ°ā§, āĻŦāĻž āĻĄāĻāĻžāĻ°ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻ¸āĻšāĻā§ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ°āĻ¯ā§āĻā§āĻ¯ āĻŦāĻŋāĻāĻ˛ā§āĻĒ āĻĒāĻžāĻ¨ā§ˇ
rkt
āĻĒā§āĻ°āĻāĻ˛ā§āĻĒāĻāĻŋ āĻĒā§āĻ°āĻžāĻ¯āĻŧ āĻāĻ¯āĻŧ āĻŽāĻžāĻ¸ āĻāĻā§ āĻ°ā§āĻĄāĻšā§āĻ¯āĻžāĻ āĻāĻāĻŋ āĻā§āĻ¨āĻžāĻ° āĻāĻžāĻ°āĻŖā§, āĻ¤āĻžāĻ āĻāĻŽāĻŋ āĻāĻāĻŋāĻ¤ā§ āĻāĻ°āĻ āĻŦāĻŋāĻļāĻĻā§ āĻĨāĻžāĻāĻŦ āĻ¨āĻžāĨ¤ āĻ¸āĻžāĻ§āĻžāĻ°āĻŖāĻāĻžāĻŦā§, āĻāĻāĻŋ āĻāĻāĻāĻŋ āĻā§āĻŦ āĻāĻžāĻ˛ āĻāĻžāĻĒ āĻĢā§āĻ˛ā§āĻā§, āĻ¤āĻŦā§ āĻĄāĻāĻžāĻ°ā§āĻ° āĻ¤ā§āĻ˛āĻ¨āĻžāĻ¯āĻŧ, āĻāĻŦāĻ āĻāĻ°āĻ āĻŦā§āĻļāĻŋ āĻĒāĻĄāĻŽā§āĻ¯āĻžāĻ¨ā§āĻ° āĻ¸āĻžāĻĨā§, āĻāĻāĻŋ āĻāĻāĻāĻŋ āĻāĻŽā§āĻŦāĻŋāĻ¨ā§āĻ° āĻŽāĻ¤ā§ āĻĻā§āĻāĻžāĻ¯āĻŧāĨ¤ Rkt āĻāĻ° āĻāĻĒāĻ°ā§ āĻāĻāĻāĻŋ CoreOS āĻĄāĻŋāĻ¸ā§āĻā§āĻ°āĻŋāĻŦāĻŋāĻāĻļāĻ¨ āĻ¤ā§āĻ°āĻŋ āĻāĻ°āĻž āĻšāĻ¯āĻŧā§āĻāĻŋāĻ˛ (āĻ¯āĻĻāĻŋāĻ āĻ¤āĻžāĻĻā§āĻ° āĻŽā§āĻ˛āĻ¤ āĻĄāĻāĻžāĻ° āĻāĻŋāĻ˛), āĻāĻŋāĻ¨ā§āĻ¤ā§ āĻāĻāĻŋāĻ RedHat āĻā§āĻ¨āĻžāĻ° āĻĒāĻ°ā§ āĻļā§āĻˇ āĻšāĻ¯āĻŧā§āĻāĻŋāĻ˛āĨ¤
āĻĒāĻ˛āĻžāĻļ
āĻ āĻ§āĻŋāĻ , āĻ¯āĻžāĻ° āĻ˛ā§āĻāĻ āĻļā§āĻ§ā§ āĻĒāĻžāĻ¤ā§āĻ° āĻ¤ā§āĻ°āĻŋ āĻāĻ°āĻ¤ā§ āĻāĻŦāĻ āĻāĻžāĻ˛āĻžāĻ¤ā§ āĻā§āĻ¯āĻŧā§āĻāĻŋāĻ˛ā§āĻ¨āĨ¤ āĻĄāĻā§āĻŽā§āĻ¨ā§āĻā§āĻļāĻ¨ āĻāĻŦāĻ āĻā§āĻĄ āĻĻā§āĻŦāĻžāĻ°āĻž āĻŦāĻŋāĻāĻžāĻ° āĻāĻ°ā§, āĻ˛ā§āĻāĻ āĻŽāĻžāĻ¨āĻā§āĻ˛āĻŋ āĻ āĻ¨ā§āĻ¸āĻ°āĻŖ āĻāĻ°ā§āĻ¨āĻ¨āĻŋ, āĻ¤āĻŦā§ āĻā§āĻŦāĻ˛ āĻ¨āĻŋāĻā§āĻ° āĻŦāĻžāĻ¸ā§āĻ¤āĻŦāĻžāĻ¯āĻŧāĻ¨ āĻ˛ā§āĻāĻžāĻ° āĻ¸āĻŋāĻĻā§āĻ§āĻžāĻ¨ā§āĻ¤ āĻ¨āĻŋāĻ¯āĻŧā§āĻāĻŋāĻ˛ā§āĻ¨, āĻ¯āĻž āĻ¨ā§āĻ¤āĻŋāĻāĻ¤āĻāĻžāĻŦā§ āĻ¤āĻŋāĻ¨āĻŋ āĻāĻ°ā§āĻāĻŋāĻ˛ā§āĻ¨āĨ¤
āĻ¤āĻĨā§āĻ¯āĻ
āĻā§āĻŦāĻžāĻ°āĻ¨ā§āĻāĻ¸ā§āĻ° āĻĒāĻ°āĻŋāĻ¸ā§āĻĨāĻŋāĻ¤āĻŋ āĻā§āĻŦ āĻāĻāĻ°ā§āĻˇāĻŖā§āĻ¯āĻŧ: āĻāĻāĻĻāĻŋāĻā§, āĻĄāĻāĻžāĻ°ā§āĻ° āĻ¸āĻžāĻĨā§, āĻāĻĒāĻ¨āĻŋ āĻāĻāĻāĻŋ āĻā§āĻ˛āĻžāĻ¸ā§āĻāĻžāĻ° (āĻ¸ā§āĻ¯āĻŧāĻžāĻ°ā§āĻŽ āĻŽā§āĻĄā§) āĻāĻāĻ¤ā§āĻ°āĻŋāĻ¤ āĻāĻ°āĻ¤ā§ āĻĒāĻžāĻ°ā§āĻ¨, āĻ¯āĻžāĻ° āĻ¸āĻžāĻšāĻžāĻ¯ā§āĻ¯ā§ āĻāĻĒāĻ¨āĻŋ āĻā§āĻ˛āĻžāĻ¯āĻŧā§āĻ¨ā§āĻāĻĻā§āĻ° āĻāĻ¨ā§āĻ¯ āĻāĻ¤ā§āĻĒāĻžāĻĻāĻ¨ āĻĒāĻ°āĻŋāĻŦā§āĻļāĻ āĻāĻžāĻ˛āĻžāĻ¤ā§ āĻĒāĻžāĻ°ā§āĻ¨, āĻāĻāĻŋ āĻŦāĻŋāĻļā§āĻˇāĻ¤ āĻā§āĻ āĻĻāĻ˛āĻā§āĻ˛āĻŋāĻ° āĻāĻ¨ā§āĻ¯ āĻ¸āĻ¤ā§āĻ¯ (3-5 āĻāĻ¨ ), āĻ āĻĨāĻŦāĻž āĻāĻāĻāĻŋ āĻā§āĻ āĻ¸āĻžāĻŽāĻā§āĻ°āĻŋāĻ āĻ˛ā§āĻĄ āĻ¸āĻš, āĻŦāĻž āĻāĻā§āĻ āĻ˛ā§āĻĄ āĻ¸āĻš Kubernetes āĻ¸ā§āĻ āĻāĻĒ āĻāĻ°āĻžāĻ° āĻāĻāĻŋāĻ˛āĻ¤āĻž āĻŦā§āĻāĻžāĻ° āĻāĻā§āĻāĻžāĻ° āĻ āĻāĻžāĻŦāĨ¤
āĻĒāĻĄāĻŽā§āĻ¯āĻžāĻ¨ āĻ¸āĻŽā§āĻĒā§āĻ°ā§āĻŖ āĻ¸āĻžāĻŽāĻā§āĻāĻ¸ā§āĻ¯ āĻĒā§āĻ°āĻĻāĻžāĻ¨ āĻāĻ°ā§ āĻ¨āĻž, āĻ¤āĻŦā§ āĻāĻāĻŋāĻ° āĻāĻāĻāĻŋ āĻā§āĻ°ā§āĻ¤ā§āĻŦāĻĒā§āĻ°ā§āĻŖ āĻ¸ā§āĻŦāĻŋāĻ§āĻž āĻ°āĻ¯āĻŧā§āĻā§ - āĻ āĻ¤āĻŋāĻ°āĻŋāĻā§āĻ¤ āĻ¸āĻ°āĻā§āĻāĻžāĻŽ (āĻŦāĻŋāĻ˛ā§āĻĄāĻžāĻš āĻāĻŦāĻ āĻ āĻ¨ā§āĻ¯āĻžāĻ¨ā§āĻ¯) āĻ¸āĻš āĻā§āĻŦāĻžāĻ°āĻ¨ā§āĻāĻ¸ā§āĻ° āĻ¸āĻžāĻĨā§ āĻ¸āĻžāĻŽāĻā§āĻāĻ¸ā§āĻ¯āĻĒā§āĻ°ā§āĻŖāĨ¤ āĻ āĻ¤āĻāĻŦ, āĻāĻŽāĻŋ āĻ¨āĻŋāĻŽā§āĻ¨āĻ°ā§āĻĒ āĻāĻžāĻā§āĻ° āĻāĻ¨ā§āĻ¯ āĻāĻāĻāĻŋ āĻ¸āĻ°āĻā§āĻāĻžāĻŽā§āĻ° āĻĒāĻāĻ¨ā§āĻĻā§āĻ° āĻ¸āĻžāĻĨā§ āĻ¯ā§āĻāĻžāĻ¯ā§āĻ āĻāĻ°āĻŦ: āĻā§āĻ āĻĻāĻ˛āĻā§āĻ˛āĻŋāĻ° āĻāĻ¨ā§āĻ¯, āĻŦāĻž āĻāĻāĻāĻŋ āĻ¸ā§āĻŽāĻŋāĻ¤ āĻŦāĻžāĻā§āĻā§āĻ° āĻ¸āĻžāĻĨā§ - āĻĄāĻāĻžāĻ° (āĻāĻāĻāĻŋ āĻ¸āĻŽā§āĻāĻžāĻŦā§āĻ¯ āĻāĻžāĻāĻ āĻŽā§āĻĄ āĻ¸āĻš), āĻŦā§āĻ¯āĻā§āĻ¤āĻŋāĻāĻ¤ āĻ˛ā§āĻāĻžāĻ˛āĻšā§āĻ¸ā§āĻā§ āĻ¨āĻŋāĻā§āĻ° āĻāĻ¨ā§āĻ¯ āĻŦāĻŋāĻāĻžāĻļ āĻāĻ°āĻžāĻ° āĻāĻ¨ā§āĻ¯ - āĻĒāĻĄāĻŽā§āĻ¯āĻžāĻ¨ āĻāĻŽāĻ°ā§āĻĄāĻ¸ āĻāĻŦāĻ āĻ āĻ¨ā§āĻ¯ āĻ¸āĻŦāĻžāĻ° āĻāĻ¨ā§āĻ¯ - āĻā§āĻŦāĻžāĻ°āĻ¨ā§āĻāĻ¸āĨ¤
āĻāĻŽāĻŋ āĻ¨āĻŋāĻļā§āĻāĻŋāĻ¤ āĻ¨āĻ āĻ¯ā§ āĻāĻŦāĻŋāĻˇā§āĻ¯āĻ¤ā§ āĻĄāĻāĻžāĻ°ā§āĻ° āĻĒāĻ°āĻŋāĻ¸ā§āĻĨāĻŋāĻ¤āĻŋ āĻŦāĻĻāĻ˛āĻžāĻŦā§ āĻ¨āĻž, āĻāĻžāĻ°āĻŖ āĻ¤āĻžāĻ°āĻž āĻĒāĻĨāĻŋāĻā§ā§ āĻāĻŦāĻ āĻ§āĻžāĻĒā§ āĻ§āĻžāĻĒā§ āĻ¤āĻžāĻ°āĻž āĻā§āĻ°āĻŽāĻžāĻ¨ā§āĻŦāĻ¯āĻŧā§ āĻŽāĻžāĻ¨āĻ¸āĻŽā§āĻŽāĻ¤ āĻšāĻ¯āĻŧā§ āĻāĻ āĻā§, āĻāĻŋāĻ¨ā§āĻ¤ā§ āĻĒāĻĄāĻŽā§āĻ¯āĻžāĻ¨, āĻ¤āĻžāĻ° āĻ¸āĻŽāĻ¸ā§āĻ¤ āĻ¸ā§āĻŽāĻžāĻŦāĻĻā§āĻ§āĻ¤āĻž āĻ¸āĻ¤ā§āĻ¤ā§āĻŦā§āĻ (āĻļā§āĻ§ā§āĻŽāĻžāĻ¤ā§āĻ° āĻāĻžāĻ āĻāĻ°āĻžāĻ° āĻā§āĻˇā§āĻ¤ā§āĻ°ā§) Linux(āĻ¯ā§āĻšā§āĻ¤ā§ āĻā§āĻ¨ā§ āĻā§āĻ˛āĻžāĻ¸ā§āĻāĻžāĻ°āĻŋāĻ, āĻ ā§āĻ¯āĻžāĻ¸ā§āĻŽā§āĻŦāĻ˛āĻŋ āĻāĻŦāĻ āĻ āĻ¨ā§āĻ¯āĻžāĻ¨ā§āĻ¯ āĻāĻžāĻ°ā§āĻ¯āĻā§āĻ°āĻŽ āĻĨāĻžāĻ°ā§āĻĄ-āĻĒāĻžāĻ°ā§āĻāĻŋ āĻ¸āĻ˛āĻŋāĻāĻļāĻ¨ āĻĻā§āĻŦāĻžāĻ°āĻž āĻĒāĻ°āĻŋāĻāĻžāĻ˛āĻŋāĻ¤ āĻšāĻ¯āĻŧ āĻ¨āĻž) āĻāĻŦāĻŋāĻˇā§āĻ¯ā§ āĻāĻ°āĻ āĻ¸ā§āĻĒāĻˇā§āĻ, āĻ¤āĻžāĻ āĻāĻŽāĻŋ āĻ¸āĻŦāĻžāĻāĻā§ āĻāĻŽā§āĻ¨ā§āĻā§ āĻāĻ āĻĢāĻ˛āĻžāĻĢāĻ˛āĻā§āĻ˛ā§ āĻ¨āĻŋāĻ¯āĻŧā§ āĻāĻ˛ā§āĻāĻ¨āĻž āĻāĻ°āĻžāĻ° āĻāĻ¨ā§āĻ¯ āĻāĻŽāĻ¨ā§āĻ¤ā§āĻ°āĻŖ āĻāĻžāĻ¨āĻžāĻā§āĻāĻŋāĨ¤
āĻĻā§āĻ°āĻˇā§āĻāĻŦā§āĻ¯ 3 āĻāĻāĻ¸ā§āĻ āĻāĻŽāĻ°āĻž āĻāĻžāĻ˛ā§ āĻāĻ°āĻŋ "āĻ¯ā§āĻāĻžāĻ¨ā§ āĻāĻĒāĻ¨āĻŋ āĻ¤āĻžāĻ° āĻāĻžāĻ āĻ¸āĻŽā§āĻĒāĻ°ā§āĻā§ āĻāĻ°āĻ āĻāĻžāĻ¨āĻ¤ā§ āĻĒāĻžāĻ°āĻŦā§āĻ¨āĨ¤ āĻāĻŽāĻ°āĻž āĻāĻ° āĻ¸āĻŽāĻ¸ā§āĻ¤ āĻ¸āĻ°āĻā§āĻāĻžāĻŽ āĻŦāĻŋāĻļā§āĻ˛ā§āĻˇāĻŖ āĻāĻ°āĻŦ: āĻŽā§āĻ˛āĻŋāĻ āĻŦāĻŋāĻŽā§āĻ°ā§āĻ¤āĻ¤āĻž āĻĨā§āĻā§ āĻ¨ā§āĻāĻāĻ¯āĻŧāĻžāĻ°ā§āĻ āĻĒā§āĻ¯āĻžāĻ°āĻžāĻŽāĻŋāĻāĻžāĻ°, āĻŦāĻŋāĻāĻŋāĻ¨ā§āĻ¨ āĻ āĻĒāĻžāĻ°ā§āĻāĻŋāĻ āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽ āĻāĻŦāĻ āĻĒā§āĻ°ā§āĻā§āĻ°āĻžāĻŽāĻŋāĻ āĻāĻžāĻˇāĻžāĻ° āĻ¸āĻžāĻĨā§ āĻāĻžāĻ āĻāĻ°āĻžāĻ° āĻ¸ā§āĻā§āĻˇā§āĻŽāĻ¤āĻžāĨ¤ āĻāĻĒāĻ¨āĻŋ āĻĒā§āĻ°āĻ¯ā§āĻā§āĻ¤āĻŋāĻ° āĻ¸āĻžāĻĨā§ āĻĒāĻ°āĻŋāĻāĻŋāĻ¤ āĻšāĻŦā§āĻ¨ āĻāĻŦāĻ āĻā§āĻĨāĻžāĻ¯āĻŧ āĻāĻŦāĻ āĻā§āĻāĻžāĻŦā§ āĻĄāĻāĻžāĻ° āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°āĻ¤ā§ āĻšāĻŦā§ āĻ¤āĻž āĻŦā§āĻāĻ¤ā§ āĻĒāĻžāĻ°āĻŦā§āĻ¨āĨ¤ āĻāĻŽāĻ°āĻž āĻ¸ā§āĻ°āĻž āĻ āĻ¨ā§āĻļā§āĻ˛āĻ¨ā§āĻ° āĻā§āĻˇā§āĻ¤ā§āĻ°ā§āĻ āĻļā§āĻ¯āĻŧāĻžāĻ° āĻāĻ°āĻŦāĨ¤
āĻŽā§āĻā§āĻ¤āĻŋāĻ° āĻāĻā§ āĻĒā§āĻ°āĻŋ-āĻ āĻ°ā§āĻĄāĻžāĻ° āĻāĻ°āĻ: 5000 āĻ°ā§āĻŦā§āĻ˛āĨ¤ "āĻĄāĻāĻžāĻ° āĻāĻŋāĻĄāĻŋāĻ āĻā§āĻ°ā§āĻ¸" āĻĒā§āĻ°ā§āĻā§āĻ°āĻžāĻŽāĻāĻŋ āĻĒāĻžāĻāĻ¯āĻŧāĻž āĻ¯āĻžāĻŦā§ .
āĻāĻ¤ā§āĻ¸: www.habr.com
