Na yi aiki a IT sama da shekaru 20, amma ko ta yaya ban taɓa zuwa cikin kwantena ba. A ka'idar, na fahimci yadda aka tsara su da kuma yadda suke aiki. Amma da yake ban taba cin karo da su a aikace ba, ban san yadda ainihin kayan aikin da ke ƙarƙashin rumfar su suka juya suka juya ba.
Ban da haka, ban san yadda tsaron su yake ba. Amma kuma, ka'idar tana da kyau, kuma tsohuwar waƙar "kamar yadda tsaro ke ƙaruwa, amfani yana raguwa" ya makale a kaina. Don haka na yi tunanin cewa tun da komai yana da sauƙin yi tare da kwantena, to, amincin da ke akwai a ƙasa. Kamar yadda ya bayyana, na yi gaskiya.
Don farawa da sauri, na yi rajista don kwasa-kwasan 2020 mai taken "".
Kwas ɗin, wanda Sheila A. Berta da Sol Ozzan suka koyar, nan da nan ya fara da bayanin yadda kwantena Docker ke aiki da kuma tafiyar da suke yi lokacin da aka tura Kubernetes. Wannan shi ne gaba ɗaya aji na hannu-dalibai dole ne su shigar da Docker da microk8s akan injinan su kafin ajin - hanya ce mai kyau don ganin yadda kayan aikin ke hulɗa da juna, sami maki mara ƙarfi kuma, mafi mahimmanci, ƙoƙarin toshe su.
Abin baƙin ciki, ko da yake darussan sun yi alkawarin zama “yarima” bayan kwana biyu, na ji cewa komai ya fara, kuma har yanzu ina da abubuwa da yawa da zan koya.
Kafin in nutse cikin manyan abubuwan lura na, yana da mahimmanci a bayyana menene akwati. A cikin duniyar ci gaba, ana ɗaukar al'ada don lambar da aka rubuta akan na'urar ku ta yi aiki daidai, amma lokacin da kuke ƙoƙarin sarrafa ta akan sabar wani wuri, kawai ba ta aiki. Kwantena suna ƙoƙarin shawo kan wannan matsala ta hanyar samar da injuna masu sarrafa kansu waɗanda za ku iya motsawa daga wannan uwar garken zuwa waccan, sanin cewa koyaushe za su yi aiki. Kamar yadda sunan ya nuna, sun ƙunshi lambar, dakunan karatu, da sauran software da ake buƙata don yin aikin. Kubernetes, a gefe guda, shine . A ka'ida, ana iya amfani da shi don sarrafa ɗaruruwa ko dubban kwantena daban-daban ba tare da matsala ba.
A ƙasa akwai wasu abubuwan da na samo daga mahangar ƙungiyar ja da shuɗi.
Tawagar Jaja
Yawancin abun ciki na akwati yana gudana azaman tushe: Wannan yana nufin cewa idan kwandon ya lalace, za ku sami cikakkiyar damar shiga kwandon. Wannan yana sa matakai na gaba sun fi sauƙi.
Hawan docker.sock a cikin akwati yana da haɗari: Idan kuna da tushe a cikin akwati kuma an shigar da Docker a cikin akwati wanda ke da soket na Docker (/var/run/docker.sock), kuna da yuwuwar bincika dukkan gungu, gami da samun dama ga kowane akwati. Ba za a iya hana irin wannan damar ta hanyar keɓewar hanyar sadarwa ko wasu hanyoyi ba.
Masu canjin yanayi galibi suna ɗauke da bayanan sirri: A mafi yawan lokuta, mutane suna aika kalmomin shiga cikin akwati ta amfani da masu canjin yanayi na yau da kullun. Don haka idan kuna da damar shiga asusun, zaku iya leken asiri akan waɗannan masu canjin yanayi don fadada ikon ku daga baya.
Docker API na iya ba da bayanai da yawa: API ɗin Docker, lokacin da aka saita shi ta tsohuwa, yana gudana ba tare da izini ba kuma yana iya samar da tarin bayanai. Ta amfani da Shodan, zaku iya samun jerin buɗaɗɗen tashoshin jiragen ruwa, sannan ku sami cikakkun bayanai game da gungu - kuma ku ci gaba da kama shi. TrendMicro ya rubuta game da wannan .
Tawagar Blue
Kar a gudanar da abun ciki a matsayin tushen: Ko da yake yana da sauƙin gudu a matsayin tushen, bai kamata ku yi shi ba. Madadin haka, gudanar da aikace-aikacen tare da sake saitin izini ta hanyar nuna uid, ko dai ta amfani da zaɓin --user lokacin da ake gudu daga CLI, ko ta hanyar ayyana USER a cikin Dockerfile.
Kar a yarda a shigar da software a cikin kwantena: Kusan kowane hari yana farawa da shuka wani abu. Daga nmap zuwa ifconfig zuwa Docker kanta (a cikin akwati), shigar da komai a cikin akwati ya zama ruwan dare gama gari. Don wannan dalili, yakamata ku toshe duk tashar jiragen ruwa mara amfani. Wannan kuma yana taimakawa hana watsa umarnin sarrafawa lokacin da injin ku ya kamu da cutar. Baya ga hana shigar da shirye-shirye, yana da kyau a tabbatar cewa an shigar da ƙaramin adadin aikace-aikacen da ake buƙata don kammala aikin a cikin akwati da kanta.
Kare docker.sock: Dole ne a kiyaye shi saboda ana sarrafa sadarwa tsakanin kwantena da gungu ta wannan soket. Tun da ba na son yin cikakken bayani a cikin wannan labarin, karanta , abin da zai iya faruwa, da kuma yadda za a toshe shi duka.
Yi amfani da sirrin Docker maimakon masu canjin yanayi: Akwai sirrin . Kodayake wannan ba amintacce bane, har yanzu ya fi sauye-sauyen yanayi don isar da bayanan sirri zuwa akwati.
Idan labarin ya ba ku sha'awar kwantena, zaku iya shigar da Docker ko microk8s cikin sauƙi (ƙaramin sigar Kubernetes). akwai umarni don shigar da Docker don Linux da MacOS, kuma - umarnin don shigar da microk8s don Windows, Linux da MacOS.
Bayan shigarwa zaka iya tafiya daga Docker, irin wannan zaɓi kuma ga microk8s.
Idan kuna son ko kuna buƙatar ɗaukar cikakkiyar kwas a kan Docker, wanda masu magana mai amfani ke bincika duk kayan aikin sa: daga abstraction na asali zuwa sigogin cibiyar sadarwa, nuances na aiki tare da tsarin aiki daban-daban da harsunan shirye-shirye, sannan gwada "" Za ku saba da fasaha kuma ku fahimci inda kuma yadda mafi kyawun amfani da Docker. Kuma a lokaci guda, samun mafi kyawun shari'o'in aiki - yana da kyau a koyo cikin aminci kuma tare da goyan bayan ƙwararrun likitocin daga labarun rake fiye da na kansu daga rake da kansu tare da hannaye.
source: www.habr.com