TL;DR- ááœááºááááºáá¬áá»á¬ážá¡ááœááºáž á¡ááá®áá±ážááŸááºážáá»á¬áž áá¯ááºáá±á¬ááºáááºá¡ááœáẠáá°áá±á¬ááºáá»á¬ážááᯠááŸáá¯ááºážááŸááºááẠááŒá¯á¶áá¯á¶áá¯á¶ážáááºáá»ááºáááºážááœáŸááºá Docker ááŸáá·áº á¡ááŒá¬ážáá±á¬ á¡áá¬ážáá°á áá áºáá»á¬ážá á áœááºážáá±á¬ááºáááºáá»á¬ážááᯠááá·áºááœááºážá ááºážá á¬ážáááºááŒá áºáááºá
á¡á¬ážáá¯á¶ážá áááºááá¬ááá²ááá¯áá²á· áááá¯ááºážááŒá±á¬ááºážáá±ážááœá±áá«á
áá¯á¶ááŒááº
á¡ááºááá®áá±ážááŸááºážááᯠáá®ážááŒá¬ážááœá²áá¯ááºáááºá¡ááœáẠááááá¯á¶ážáá°áááá»á¬ážáá±á¬áááºážáááºážááŸá¬ chroot ááŒá áºáááºá áá°áá®áá±á¬á¡áááºáá áá áºáá±á«áºááá¯ááŸá¯ááẠroot directory ááá¯ááŒá±á¬ááºážáá²ááŒá±á¬ááºážáá±áá»á¬á á±ááẠ- ááá¯á·ááŒá±á¬áá·áºáááºážááá¯áá±á«áºáá±á¬áááá¯ááááºáááºááá¯áááºážááœáŸááºá¡ááœááºážááŸáááá¯ááºáá»á¬ážááá¯áá¬áááºáá±á¬ááºááœáá·áºáááŒá±á¬ááºážáá±áá»á¬á á±áááºá ááá¯á·áá±á¬áº áááá¯ááááºáá áºáá¯á¡á¬áž á¡ááœááºážááá¯ááºážá root á¡ááœáá·áºáá°ážáá»á¬áž áá±ážáá¬ážáá«áá áááºážááẠchroot á០"ááœááºááŒá±á¬ááº" ááá¯ááºááŒá®áž áááºááááºáááºááŸá¯á áá áºááá¯á· áááºáá±á¬ááºááœáá·áºáááŸáááá¯ááºáááºááŒá áºáááºá ááá¯á·á¡ááŒááºá root directory ááá¯ááŒá±á¬ááºážáá²ááŒááºážá¡ááŒáẠá¡ááŒá¬ážá¡áááºážá¡ááŒá áºáá»á¬áž (RAMá áááá¯áááºáá¬) ááŸáá·áº ááœááºáááºáááºáá±á¬ááºááœáá·áºááá¯áááºáž á¡ááá·áºá¡áááºáááŸááá«á
áá±á¬ááºáááºážáááºážááŸá¬ áááºáááºá áá Ạkernel á ááá¹ááá¬ážáá»á¬ážááᯠá¡áá¯á¶ážááŒá¯á ááœááºááááºáá¬á¡ááœááºáž ááŒáá·áºá á¯á¶áá±á¬ áááºáááºááŸá¯á áá áºááᯠá áááºáááºááŒá áºáááºá á€áááºážáááºážááᯠááá°áá®áá±á¬ áááºáááºááŸá¯á áá áºáá»á¬ážááœáẠááœá²ááŒá¬ážá áœá¬áá±á«áºáá±á«áºááŒáá±á¬áºáááºáž á¡ááŸá áºáá¬áááŸá¬ á¡áá°áá°áááºááŒá áºááẠ- áááºááááºáááºááŸá¯á áá áºááœáẠá¡áá¯ááºáá¯ááºááá·áº kernel áá áºáá¯á á®ááẠáá®ážááŒá¬ážááœááºáááºáá±á¬áááºáááºááŸá¯á áá áºáá»á¬ážá áœá¬ááᯠááœáá·áºááŸá áºááŒááºážááŒá áºáá«áááºá áááºážááá¯á·ááœáẠFreeBSD Jailsá Solaris Zonesá Linux á¡ááœáẠOpenVZ ááŸáá·áº LXC ááá¯á· áá«áááºáááºá á¡áá®ážáá»ááºááŒááºážááᯠdisk space ááŒáá·áºáá¬áá á¡ááŒá¬ážáá±á¬á¡áááºážá¡ááŒá áºáá»á¬ážááŒáá·áºáá« áá±áá»á¬á á±áá«áááºá á¡áá°ážáááŒáá·áºá container áá áºáá¯á á®ááœáẠáááá¯áááºáá¬á¡áá»áááºá RAM ááŸáá·áº network bandwidth ááá·áºáááºáá»ááºáá»á¬ážááŸáááá¯ááºáá«áááºá chroot ááŸáá·áº ááŸáá¯ááºážááŸááºáá«á ááœááºááááºáá¬ááŸá superuser ááẠcontainer á contents áá»á¬ážááá¯áᬠáááºáá¯á¶ážááá¯ááºáá±á¬ááŒá±á¬áá·áº container á¡ááœááºážááŸá operating system ááᯠup to date ááŒá áºáá±á á±áááºááŸáá·áº áá¬ážááŸááºážá¡áá±á¬ááºážáá»á¬ážááᯠá¡áá¯á¶ážááŒá¯ááŒááºážááŒá±á¬áá·áºá kernels áá»á¬áž (Linux á¡ááœáẠáááºááá¯ááºáá±á¬ FreeBSD á¡ááá¯ááºážá¡áá¬) ááẠkernel isolation system ááᯠ"ááŒááºáá»á±á¬áºááŒááºáž" ááŸáá·áº áááºááááºáááºááŸá¯á áá áºááá¯á· áááºáá±á¬ááºááœáá·áºáááŒááºáž ááŒá áºááá¯ááºááŒá± áá¯áááá¯ááºáá±á¬ á¡áá¬ážá¡áá¬ááŸááá«áááºá
ááœááºááááºáá¬áá áºáá¯ááœáẠááŒá®ážááŒáá·áºá á¯á¶áá±á¬áááºáááºááŸá¯á áá áºááᯠá áááºááá·áºá¡á á¬áž (áááŠážá áá áºá áááºáá±á·áá»áºáááºáá±áá»á¬ á áááºááŒáá·áº) ááŒáá·áº á¡ááºááºáá®áá±ážááŸááºážáá»á¬ážááᯠáá»ááºáá»ááºážááœáá·áºááá¯ááºáááºá á¡áááá¡áá»ááºááŸá¬ á¡ááá®áá±ážááŸááºážáá»á¬ážá¡á¬áž ááá¯áá²á·ááá¯á·áá±á¬á¡ááœáá·áºá¡áááºážááᯠáá±ážáá±á¬ááºáááºááŒá áºááẠ(ááá¯á¡ááºáá±á¬á á¬ááŒáá·áºááá¯ááºáá»á¬ážááŸáááŒááºáž ááŸáá·áº á¡ááŒá¬ážááá¯ááºáá»á¬áž)á á€á áááºáá°ážááẠDocker á á¡áááºááŸá¬ážáá¯á¶ážááŸáá·áº á¡áá»á±á¬áºááŒá¬ážáá¯á¶áž ááá¯ááºá á¬ážááŸááºááŒá áºááá·áº containerized application virtualization á¡ááœáẠá¡ááŒá±áá¶á¡ááŒá Ạáá¯ááºáá±á¬ááºáá²á·áááºá ááááºá áá áºáá»á¬ážááŸáá·áº ááŸáá¯ááºážááŸááºáá«á ááœááºááááºáá¬á¡ááœááºáž ááœááºááááºáá¬á¡ááœááºáž ááœááºááááºáá¬áá»á¬ážááŸáá·áº á¡ááá®áá±ážááŸááºážá¡ááŒá±á¡áá± ááŒá±áá¬áá¶ááŒááºážááŒá¬ážááœáẠáááºáááºáá¬ážáá±á¬ virtual ááœááºáááºáá»á¬ážá¡ááœáẠáá¶á·ááá¯ážááŸá¯ ááá¯ááá¯ááœááºáá°áá±á¬ áá®ážááŒá¬ážááœá²áá¯ááºááŸá¯ ááá¹ááá¬ážáá»á¬ážááŸáá·áºá¡áá° ááœááºááááºáá¬á¡ááœááºáž áááºáááºáá±áá±á¬ ááœááºááááºáá¬áá»á¬ážá¡ááœáẠáá¯ááºááá¯ááºážááá¯ááºáá¬áá¬áá¬áá»á¬ážá áœá¬á០áá áºáá¯áááºážáá±á¬ áá±á«ááºážá ááºáááºáááºážáá»ááºáá áºáá¯ááᯠáááºáá±á¬ááºááá¯ááºá á±áá²á·ááẠ- manual á¡áááºážá¡ááŒá áºá á®áá¶ááá·áºááœá²ááŸá¯áááá¯á¡ááºáá²á
Docker
Docker ááẠá¡áá»á±á¬áºááŒá¬ážáá¯á¶áž application containerization software ááŒá áºáááºá Go áá¬áá¬á áá¬ážááŒáá·áº áá±ážáá¬ážáá¬ážáá±á¬ áááºážááẠLinux kernel á á á¶á¡ááºá¹áá«áááºáá»á¬áž - cgroupsá namespaces, capabilities á áááºááá¯á·á¡ááŒáẠAufs ááá¯ááºá áá áºáá»á¬ážááŸáá·áº disk space áá»á¬ážááᯠááááºážáááºážáááºá¡ááœáẠáááºážáá²á·ááá¯á·áá±á¬ á¡ááŒá¬ážá¡áá¬áá»á¬ážááᯠá¡áá¯á¶ážááŒá¯áá¬ážáááºá
á¡áááºážá¡ááŒá
áº- wikimedia
áááá¯áá¬á¡áááºááá¬
áá¬ážááŸááºáž 1.11 áááá¯ááºáá®á Docker ááẠááœááºááááºáá¬áá»á¬ážááŸáá·áº áááºáááºááŸá¯á¡á¬ážáá¯á¶ážááᯠáá¯ááºáá±á¬ááºááá·áº áá áºáá¯áááºážáá±á¬áááºáá±á¬ááºááŸá¯á¡ááŒá Ạáá¯ááºáá±á¬ááºáá²á·áááº- ááœááºááááºáá¬á¡ááœáẠáá¯á¶áá»á¬ážááᯠáá±á«ááºážáá¯ááºáá¯ááºááŒááºážá ááœááºááááºáá¬ááá¯ááœáá·áºááŒááºážá API áá±á¬ááºážááá¯áá»ááºáá»á¬ážááᯠáá¯ááºáá±á¬ááºááŒááºážá áá¬ážááŸááºáž 1.11 ááŸá áááºá Docker ááẠáá áºáá¯ááŸáá·áºáá áºáᯠá¡ááŒááºá¡ááŸááºá¡áá»áá¯ážáááºáá±á¬ááºá á±ááá·áº á¡á áááºá¡ááá¯ááºážáá»á¬ážá áœá¬ááᯠááá¯ááºážááŒá¬ážáá¬ážáááº- ááœááºááááºáá¬áááá ááºáááºážáá áºáá¯áá¯á¶ážááᯠáá¯ááºáá±á¬ááºáááºá¡ááœáẠááœááºááááºáá¬áá»á¬áž (áá áºáá±áá¬ááá¯ááœá²áá±ááŒááºážá áá¯á¶áá»á¬ážááá¯áá±á«ááºážáá¯ááºáá¯ááºááŒááºážá ááœááºáááºááŸáá·áºá¡áá¯ááºáá¯ááºááŒááºážá á áááºááŒááºážá áááºáááºááŒááºážááŸáá·áº á á±á¬áá·áºááŒáá·áºááŒááºáž) cgroups ááŸáá·áº Linux kernel á á¡ááŒá¬ážá¡ááºá¹áá«áááºáá»á¬ážááᯠá¡áá¯á¶ážááŒá¯ááŸá¯á¡áá±á«áº á¡ááŒá±áá¶á container execution environment ááŸáá·áº runCá docker áááºáá±á¬ááºááŸá¯ááá¯ááºááá¯áẠáá»ááºááŸááá±áá±á¬áºáááºáž ááá¯á¡áá« áááºážááẠcontainerd ááá¯á·ááŒááºááá¯áá¬ážáá±á¬ API áá±á¬ááºážááá¯ááŸá¯áá»á¬ážááᯠáá¯ááºáá±á¬ááºáááºáᬠáá¯ááºáá±á¬ááºáá«áááºá
áááºáááºááŒááºážááŸáá·áºááœá²á·á ááºážááŸá¯
docker ááá¯ááá·áºááœááºážáááºáá»áœááºá¯ááºá¡ááŸá áºáááºáá¯á¶ážáááºážáááºážááŸá¬ docker-machine ááŒá áºááŒá®ážá áááºážááẠá¡áá±ážááááºážáá¬áá¬áá»á¬áž (á¡áá»áá¯ážáá»áá¯ážáá±á¬ clouds áá»á¬ážá¡áá«á¡áááº) ááœáẠdocker ááᯠááá¯ááºááá¯ááºááá·áºááœááºážááŒááºážááŸáá·áº configure áá¯ááºááŒááºážá¡ááŒáẠá¡áá±ážááááºážáá¬áá¬áá»á¬ážá ááá¯ááºá áá áºáá»á¬ážááŸáá·áº á¡áá¯ááºáá¯ááºááá¯ááºááŒá®áž á¡áá»áá¯ážáá»áá¯ážáá±á¬ command áá»á¬ážááá¯áááºáž áá¯ááºáá±á¬ááºááá¯ááºáááºá
ááá¯á·áá±á¬áºáááºážá 2018 áá¯ááŸá áºááŸá áááºá ááá±á¬áá»ááºááᯠáá®ááœááºááá¯ááºáá²áá±á¬á ááá¯á·ááŒá±á¬áá·áº áá»áœááºá¯ááºááá¯á·ááẠáááºážááᯠLinux ááŒáá·áºáá»á®ááŸá¯á¡áá»á¬ážá á¯á¡ááœáẠá á¶áá¯á¶á á¶ááŒáá·áº ááá·áºááœááºážáá«ááẠ- repository áá áºáá¯ááá·áºááŒááºážááŸáá·áº ááá¯á¡ááºáá±á¬ packages áá»á¬ážááᯠááá·áºááœááºážááŒááºážá
Ansible ááá¯á·ááá¯áẠá¡ááŒá¬ážá¡áá¬ážáá° á áá áºáá»á¬ážááᯠá¡áá¯á¶ážááŒá¯á á¡ááá¯á¡áá»á±á¬áẠáááºáááºááŸá¯á¡ááœááºáááºáž á€áááºážáááºážááᯠá¡áá¯á¶ážááŒá¯áá±á¬áºáááºáž á€áá±á¬ááºážáá«ážááœáẠáááºážááᯠááá·áºááœááºážá ááºážá á¬ážáááºááá¯ááºáá«á
áááºáááºááŒááºážááᯠCentos 7 ááœááºáá¯ááºáá±á¬ááºáááºááŒá áºááŒá®ážá áá»áœááºá¯ááºáááºá¡á±á¬ááºáá« command áá»á¬ážááá¯áá¯ááºáá±á¬ááºáááºá¡ááºá áá±á¬áá¯ááºááẠvirtual machine ááá¯áá¬áá¬á¡ááŒá áºá¡áá¯á¶ážááŒá¯áá«áááºá
# yum install -y yum-utils
# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# yum install docker-ce docker-ce-cli containerd.io
áááºáááºááŒá®ážáá±á¬ááºá áááºááẠáááºáá±á¬ááºááŸá¯ááᯠá áááºááŒá®áž á áááºáá¯ááºáá±á¬ááºááẠááá¯á¡ááºáááº-
# systemctl enable docker
# systemctl start docker
# firewall-cmd --zone=public --add-port=2377/tcp --permanent
ááá¯á·á¡ááŒááºá á¡áá¯á¶ážááŒá¯áá°áá»á¬ážááẠsudo ááá«áá² docker ááŸáá·áºá¡áá¯ááºáá¯ááºááá¯ááºáááºá ááŸááºáááºážááá·áºááœááºážáááºá ááŒááºáá០API ááá¯á·áááºáá±á¬ááºááœáá·áºááá¯ááœáá·áºááá¯ááºááŒá®áž firewall ááá¯ááá¯ááá¯áááá»á áœá¬ááŒááºáááºáááºááá±á·áá«ááŸáá·áº (ááœáá·áºáááŒá¯áá±á¬á¡áá¬á¡á¬ážáá¯á¶áž á¡áááºááŸáá·áºá¡á±á¬áẠá¥ááá¬áá»á¬ážááœáẠáá¬ážááŒá áºáá¬ážááẠ- ááá¯ážááŸááºážááŸá¯ááŸáá·áº ááŸááºážáááºážááŸá¯á¡ááœáẠáá»áœááºá¯ááºáá»ááºááŸááºáá¬ážáááº)á ááá¯á·áá±á¬áº á€áá±áá¬ááœáẠáá»áœááºá¯ááºááẠáá±á¬ááºáááºá¡áá±ážá áááºá¡áá»ááºá¡áááºáá»á¬ážááᯠáááŒá±á¬áá«á
á¡ááŒá¬ážá¡ááºá¹áá«áááºáá»á¬áž
á¡áááºáá±á¬áºááŒáá« docker á ááºá¡ááŒááºá ááœááºááááºáá¬á¡ááœáẠáá¯ááºáá¯á¶áá»á¬ážááᯠááááºážáááºážááẠáááááá¬áá áºáá¯á docker áá±ážááœá²á·ááŸá¯á ááœááºááááºáá¬áá»á¬ážááœáẠá¡ááá®áá±ážááŸááºážáá»á¬áž á¡ááá¯á¡áá»á±á¬áẠááŒáá·áºáá»ááºááŒááºážá¡ááœáẠáááááá¬áá áºáá¯á YAML ááá¯ááºáá»á¬ážááᯠááœááºááááºáá¬áá»á¬áž áááºáá±á¬ááºáááºááŸáá·áº ááŒááºáááºáááºááŸááºáááºá¡ááœáẠá¡áá¯á¶ážááŒá¯áá«áááºá ááŸáá·áº á¡ááŒá¬ážáááºá ááºá¡áá¬áá»á¬áž (á¥ááá¬á ááœááºáááºáá»á¬ážá ááá¯ááŸá±á¬ááºááŸá¯áá±áá¬á¡ááœáẠá¡ááŒá²ááŸááá±áá±á¬ ááá¯ááºá áá áºáá»á¬áž)á
CICD á¡ááœáẠconveyor áá»á¬ážááᯠá á¯á ááºážáá¬ááœááºáááºáž á¡áá¯á¶ážááŒá¯ááá¯ááºáááºá áá±á¬ááºáááºá áááºáááºá á¬ážá áá¬áá±á¬ááºážááá·áºá¡ááºá¹áá«áááºááŸá¬ swarm áá¯ááºáá¯áá±á«áºáá±á¬ (áá¬ážááŸááºáž 1.12 áááá¯ááºáá®á docker swarm áá¯áá°áááá»á¬ážáááº) ááẠáááºá¡áá¯á¶ážááŒá¯áá±ááá·áºááœááºááááºáá¬áá»á¬ážá¡ááœááºáá¬áá¬áá»á¬ážá áœá¬ááŸá¡ááŒá±áá¶á¡áá±á¬ááºá¡á¡á¯á¶áá áºáá¯áááºážááá¯á á¯á ááºážááœáá·áºááŒá¯ááá·áºá¡á á¯á¡áá±ážáá¯ááºááœááºá¡áá¯ááºáá¯ááºáááºá áá¬áá¬á¡á¬ážáá¯á¶ážáááááºááœáẠvirtual network ááá¯áá¶á·ááá¯ážááŸá¯ááŸáááŒá®áž built-in load balancer ááŸáá·áº containers á¡ááœááºáá»áŸáá¯á·ááŸááºáá»ááºáá»á¬ážááá¯áá¶á·ááá¯ážááŸá¯ááŸááááºá
á¡áá±ážá
á¬áž ááŒá¯ááŒááºááœááºážáá¶ááŸá¯áá»á¬ážááŸáá·áºá¡áá° docker áá±ážááœá²á·ááŸá¯á០YAML ááá¯ááºáá»á¬ážááᯠáááºááœááºáá»ááºá¡áá»áá¯ážáá»áá¯ážá¡ááœáẠá¡áá±ážá
á¬ážááŸáá·áº á¡áááºá
á¬áž á¡á
á¯á¡áá±ážáá»á¬ážááᯠáá¯á¶ážáá¯á¶ážáá»á¬ážáá»á¬áž á¡ááá¯á¡áá»á±á¬áẠááŒá¯ááŒááºááááºážááááºážááá¯ááºá
á±áá«áááºá á¡á
á¯á¡áá±ážááŒá®ážáá»á¬ážá¡ááœááºá swarm áá¯ááºá ááŒá¯ááŒááºááááºážááááºážááŸá¯áá¯ááºáá»á
áááẠKubernetes ááẠáá»á±á¬áºááœááºááá¯ááºáá±á¬ááŒá±á¬áá·áº Kubernetes ááẠááá¯áá±á¬ááºážáá«áááºá runC á¡ááŒááºá á¥ááá¬á container execution environment á¡ááŒá
ẠááẠinstall áá¯ááºááá¯ááºáá«áááºá
Docker ááŸáá·áºá¡áá¯ááºáá¯ááºááŒááºážá
áááºáááºááŒááºážááŸáá·áº ááœá²á·á
ááºážááŸá¯ááŒá®ážáá±á¬ááºá áá»áœááºá¯ááºááá¯á·ááẠááœá¶á·ááŒáá¯ážááá¯ážáááºáá±ážá¡ááœá²á·á¡ááœáẠGitLab ááŸáá·áº Docker Registry ááᯠá¡áá¯á¶ážááŒá¯ááá·áº á¡á
á¯á¡áá±ážáá
áºáá¯ááᯠá
á¯á
ááºážááẠááŒáá¯ážá
á¬ážáá«áááºá áá»áœááºá¯ááºááẠááŒáá·áºáá±áá¬ážáá±á¬ FS GlusterFS ááᯠáááºáá¶á á¡áá¯á¶ážááŒá¯ááá·áº áá¬áá¬áá»á¬ážá¡ááŒá
Ạvirtual machine áá¯á¶ážáá¯ááᯠá¡áá¯á¶ážááŒá¯áá«áááºá á¥ááá¬á docker ááŸááºáá¯á¶áááºááŒááºážá á¡ááŸá¬ážá¡ááœááºážáá¶ááá¯ááºáá±á¬ áá¬ážááŸááºážááᯠrun áááºá¡ááœáẠáááºážááᯠdocker volumes storage á¡ááŒá
Ạá¡áá¯á¶ážááŒá¯áá«áááºá áá¯ááºáá±á¬ááºááẠá¡ááá á¡á
áááºá¡ááá¯ááºážáá»á¬áž- Swarm áááááºááŸá GitLab Runner á¡ááœáẠáá¶á·ááá¯ážááŸá¯ááŒáá·áº Docker Registryá Postgresqlá Redisá GitLabá áá»áœááºá¯ááºááá¯á·ááẠá¡á
á¯á¡áá±ážááŒáá·áº Postgresql ááᯠá
áááºáá«áááºá
áá¬áá¬áá»á¬ážá¡á¬ážáá¯á¶ážááœáẠGlusterFS ááá¯á¡áá¯á¶ážááŒá¯ááẠ(áááºážááá¯á·ááᯠnode1á node2á node3 áá¯áá±á«áºáááº)á áááºááẠáááºáá±á·áá»áºáá»á¬ážááá¯ááá·áºááœááºážáááºá firewall ááá¯ááœáá·áºáááºááŸáá·áº ááá¯á¡ááºáá±á¬áááºážááœáŸááºáá»ááºáá»á¬ážááá¯áááºáá®ážááẠááá¯á¡ááºáááº-
# yum -y install centos-release-gluster7
# yum -y install glusterfs-server
# systemctl enable glusterd
# systemctl start glusterd
# firewall-cmd --add-service=glusterfs --permanent
# firewall-cmd --reload
# mkdir -p /srv/gluster
# mkdir -p /srv/docker
# echo "$(hostname):/docker /srv/docker glusterfs defaults,_netdev 0 0" >> /etc/fstab
áááºáááºááŒá®ážáá±á¬ááºá GlusterFS ááᯠconfigure áá¯ááºáá¬ááœáẠnode áá áºáá¯á០áááºáááºáá¯ááºáá±á¬ááºááááºá á¥ááᬠnode1:
# gluster peer probe node2
# gluster peer probe node3
# gluster volume create docker replica 3 node1:/srv/gluster node2:/srv/gluster node3:/srv/gluster force
# gluster volume start docker
ááá¯á·áá±á¬áẠáááŸááá¬áá±á¬ á¡áá¶á¡ááá¯ážá¡áá»ááºááᯠáááºáááºááẠááá¯á¡ááºááẠ(á¡áááá·áºááᯠáá¬áá¬áá»á¬ážá¡á¬ážáá¯á¶ážááœáẠáá¯ááºáá±á¬ááºááááº)á
# mount /srv/docker
Swarm áá¯ááºááᯠLeader ááŒá áºááá·áº áá¬áá¬áá»á¬ážáá²á០áá áºáá¯ááœáẠconfigure áá¯ááºáá¬ážááŒá®áž áá»ááºááẠcluster ááœáẠáá«áááºááááºááŒá áºááŒá®ážá ááá¯á·ááŒá±á¬áá·áº ááá server áá±á«áºááŸá command ááᯠexecute ááááºá¡á¬áž á¡ááŒá¬áž server áá»á¬ážááœáẠáá°ážáá°á áá¯ááºáá±á¬ááºááẠááá¯á¡ááºáááºááŒá áºáá«áááºá
áááŠáž á¡á á¯á¡áá±ážáááºáá±á¬ááºááŸá¯ááœááºá áá»áœááºá¯ááºááẠnode1 ááœáẠcommand ááᯠrun áááº-
# docker swarm init
Swarm initialized: current node (a5jpfrh5uvo7svzz1ajduokyq) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-0c5mf7mvzc7o7vjk0wngno2dy70xs95tovfxbv4tqt9280toku-863hyosdlzvd76trfptd4xnzd xx.xx.xx.xx:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
# docker swarm join-token manager
áá»áœááºá¯ááºááá¯á·ááẠáá¯ááá command áááááºááá¯áá°ážáá°ááŒá®áž node2 ááŸáá·áº node3 ááœááºáá¯ááºáá±á¬ááºáááºá
# docker swarm join --token SWMTKN-x-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxx xx.xx.xx.xx:2377
This node joined a swarm as a manager.
á€á¡áá»áááºááœááºá áá¬áá¬áá»á¬ážá ááá¬áááœá²á·á ááºážáá¯á¶ááŒááºáááºááŒááºážááŒá®ážááŒá±á¬ááºááŒá®ážá áááºáá±á¬ááºááŸá¯áá»á¬ážá áááºáááºááŸááºááŒááºážááá¯á· áááºááœá¬ážááŒáá«á áá¯á·á á¡ááŒá¬ážáááºááá·áºá¡áá»ááºááŸááá±á¬áºááŒáá¬ážáá«á áá¯ááºáá±á¬ááºáááá·áº command áá»á¬ážááẠnode1 ááŸá áááºáááºááŒá áºáá«áááºá
ááááŠážá áœá¬á ááœááºááááºáá¬áá»á¬ážá¡ááœáẠááœááºáááºáá»á¬ážááᯠáááºáá®ážááŒáá«á áá¯á·á
# docker network create --driver=overlay etcd
# docker network create --driver=overlay pgsql
# docker network create --driver=overlay redis
# docker network create --driver=overlay traefik
# docker network create --driver=overlay gitlab
ááá¯á·áá±á¬áẠáá»áœááºá¯ááºááá¯á·ááẠáá¬áá¬áá»á¬ážááᯠá¡ááŸááºá¡áá¬ážááŒá¯á á¡áá»áá¯á·áá±á¬áááºáá±á¬ááºááŸá¯áá»á¬ážááᯠáá¬áá¬áá»á¬ážááŸáá·áº áá»áááºáááºááẠááá¯á¡ááºáá«áááºá
# docker node update --label-add nodename=node1 node1
# docker node update --label-add nodename=node2 node2
# docker node update --label-add nodename=node3 node3
ááá¯á·áá±á¬áẠTraefik ááŸáá·áº Stolon á¡ááœáẠááá¯á¡ááºáá±á¬ etcd áá±áá¬á KV ááá¯ááŸá±á¬ááºááŸá¯ ááááºážáááºážáááºá¡ááœáẠáááºážááœáŸááºáá»á¬ážááᯠáááºáá®ážáá«áááºá Postgresql ááŸáá·áº áááºáá°áááºá áááºážááá¯á·ááẠáá¬áá¬áá»á¬ážááŸáá·áº áá»áááºáááºáá¬ážáá±á¬ ááœááºááááºáá¬áá»á¬áž ááŒá áºááá·áºá¡ááœááºááŒá±á¬áá·áº á€á¡áááá·áºááᯠáá¬áá¬áá»á¬ážá¡á¬ážáá¯á¶ážááœáẠáá¯ááºáá±á¬ááºáááº-
# mkdir -p /srv/etcd
ááá¯á·áá±á¬ááºá etcd ááᯠconfigure áá¯ááºááẠááá¯ááºáá áºáá¯ááᯠáááºáá®ážááŒá®áž áááºážááᯠá¡áá¯á¶ážááŒá¯áá«á
00etcd.yml
version: '3.7'
services:
etcd1:
image: quay.io/coreos/etcd:latest
hostname: etcd1
command:
- etcd
- --name=etcd1
- --data-dir=/data.etcd
- --advertise-client-urls=http://etcd1:2379
- --listen-client-urls=http://0.0.0.0:2379
- --initial-advertise-peer-urls=http://etcd1:2380
- --listen-peer-urls=http://0.0.0.0:2380
- --initial-cluster=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380
- --initial-cluster-state=new
- --initial-cluster-token=etcd-cluster
networks:
- etcd
volumes:
- etcd1vol:/data.etcd
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node1]
etcd2:
image: quay.io/coreos/etcd:latest
hostname: etcd2
command:
- etcd
- --name=etcd2
- --data-dir=/data.etcd
- --advertise-client-urls=http://etcd2:2379
- --listen-client-urls=http://0.0.0.0:2379
- --initial-advertise-peer-urls=http://etcd2:2380
- --listen-peer-urls=http://0.0.0.0:2380
- --initial-cluster=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380
- --initial-cluster-state=new
- --initial-cluster-token=etcd-cluster
networks:
- etcd
volumes:
- etcd2vol:/data.etcd
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node2]
etcd3:
image: quay.io/coreos/etcd:latest
hostname: etcd3
command:
- etcd
- --name=etcd3
- --data-dir=/data.etcd
- --advertise-client-urls=http://etcd3:2379
- --listen-client-urls=http://0.0.0.0:2379
- --initial-advertise-peer-urls=http://etcd3:2380
- --listen-peer-urls=http://0.0.0.0:2380
- --initial-cluster=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380
- --initial-cluster-state=new
- --initial-cluster-token=etcd-cluster
networks:
- etcd
volumes:
- etcd3vol:/data.etcd
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node3]
volumes:
etcd1vol:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/etcd"
etcd2vol:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/etcd"
etcd3vol:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/etcd"
networks:
etcd:
external: true
# docker stack deploy --compose-file 00etcd.yml etcd
á¡áá»áááºá¡áá±á¬áºááŒá¬ááŒá®ážáá±á¬ááºá etcd á¡á á¯á¡áá±áž áááºáá¬ááŒá±á¬ááºáž á á áºáá±ážááŒáá·áºáááº-
# docker exec $(docker ps | awk '/etcd/ {print $1}') etcdctl member list
ade526d28b1f92f7: name=etcd1 peerURLs=http://etcd1:2380 clientURLs=http://etcd1:2379 isLeader=false
bd388e7810915853: name=etcd3 peerURLs=http://etcd3:2380 clientURLs=http://etcd3:2379 isLeader=false
d282ac2ce600c1ce: name=etcd2 peerURLs=http://etcd2:2380 clientURLs=http://etcd2:2379 isLeader=true
# docker exec $(docker ps | awk '/etcd/ {print $1}') etcdctl cluster-health
member ade526d28b1f92f7 is healthy: got healthy result from http://etcd1:2379
member bd388e7810915853 is healthy: got healthy result from http://etcd3:2379
member d282ac2ce600c1ce is healthy: got healthy result from http://etcd2:2379
cluster is healthy
áá»áœááºá¯ááºááá¯á·ááẠPostgresql á¡ááœáẠáááºážááœáŸááºáá»á¬ážááᯠáááºáá®ážááŒá®ážá áá¬áá¬áá»á¬ážá¡á¬ážáá¯á¶ážááœáẠá¡áááá·áºááᯠáá¯ááºáá±á¬ááºáá«áááºá
# mkdir -p /srv/pgsql
ááá¯á·áá±á¬áẠPostgresql ááᯠconfigure áá¯ááºááẠááá¯ááºáá áºáá¯áááºáá®ážáá«á
01pgsql.yml
version: '3.7'
services:
pgsentinel:
image: sorintlab/stolon:master-pg10
command:
- gosu
- stolon
- stolon-sentinel
- --cluster-name=stolon-cluster
- --store-backend=etcdv3
- --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
- --log-level=debug
networks:
- etcd
- pgsql
deploy:
replicas: 3
update_config:
parallelism: 1
delay: 30s
order: stop-first
failure_action: pause
pgkeeper1:
image: sorintlab/stolon:master-pg10
hostname: pgkeeper1
command:
- gosu
- stolon
- stolon-keeper
- --pg-listen-address=pgkeeper1
- --pg-repl-username=replica
- --uid=pgkeeper1
- --pg-su-username=postgres
- --pg-su-passwordfile=/run/secrets/pgsql
- --pg-repl-passwordfile=/run/secrets/pgsql_repl
- --data-dir=/var/lib/postgresql/data
- --cluster-name=stolon-cluster
- --store-backend=etcdv3
- --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
networks:
- etcd
- pgsql
environment:
- PGDATA=/var/lib/postgresql/data
volumes:
- pgkeeper1:/var/lib/postgresql/data
secrets:
- pgsql
- pgsql_repl
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node1]
pgkeeper2:
image: sorintlab/stolon:master-pg10
hostname: pgkeeper2
command:
- gosu
- stolon
- stolon-keeper
- --pg-listen-address=pgkeeper2
- --pg-repl-username=replica
- --uid=pgkeeper2
- --pg-su-username=postgres
- --pg-su-passwordfile=/run/secrets/pgsql
- --pg-repl-passwordfile=/run/secrets/pgsql_repl
- --data-dir=/var/lib/postgresql/data
- --cluster-name=stolon-cluster
- --store-backend=etcdv3
- --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
networks:
- etcd
- pgsql
environment:
- PGDATA=/var/lib/postgresql/data
volumes:
- pgkeeper2:/var/lib/postgresql/data
secrets:
- pgsql
- pgsql_repl
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node2]
pgkeeper3:
image: sorintlab/stolon:master-pg10
hostname: pgkeeper3
command:
- gosu
- stolon
- stolon-keeper
- --pg-listen-address=pgkeeper3
- --pg-repl-username=replica
- --uid=pgkeeper3
- --pg-su-username=postgres
- --pg-su-passwordfile=/run/secrets/pgsql
- --pg-repl-passwordfile=/run/secrets/pgsql_repl
- --data-dir=/var/lib/postgresql/data
- --cluster-name=stolon-cluster
- --store-backend=etcdv3
- --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
networks:
- etcd
- pgsql
environment:
- PGDATA=/var/lib/postgresql/data
volumes:
- pgkeeper3:/var/lib/postgresql/data
secrets:
- pgsql
- pgsql_repl
deploy:
replicas: 1
placement:
constraints: [node.labels.nodename == node3]
postgresql:
image: sorintlab/stolon:master-pg10
command: gosu stolon stolon-proxy --listen-address 0.0.0.0 --cluster-name stolon-cluster --store-backend=etcdv3 --store-endpoints http://etcd1:2379,http://etcd2:2379,http://etcd3:2379
networks:
- etcd
- pgsql
deploy:
replicas: 3
update_config:
parallelism: 1
delay: 30s
order: stop-first
failure_action: rollback
volumes:
pgkeeper1:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/pgsql"
pgkeeper2:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/pgsql"
pgkeeper3:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/pgsql"
secrets:
pgsql:
file: "/srv/docker/postgres"
pgsql_repl:
file: "/srv/docker/replica"
networks:
etcd:
external: true
pgsql:
external: true
áá»áœááºá¯ááºááá¯á·ááẠáá»áŸáá¯á·ááŸááºáá»ááºáá»á¬ážááᯠáááºáá®ážááŒá®áž ááá¯ááºááᯠá¡áá¯á¶ážááŒá¯áááº-
# </dev/urandom tr -dc 234567890qwertyuopasdfghjkzxcvbnmQWERTYUPASDFGHKLZXCVBNM | head -c $(((RANDOM%3)+15)) > /srv/docker/replica
# </dev/urandom tr -dc 234567890qwertyuopasdfghjkzxcvbnmQWERTYUPASDFGHKLZXCVBNM | head -c $(((RANDOM%3)+15)) > /srv/docker/postgres
# docker stack deploy --compose-file 01pgsql.yml pgsql
á¡áá»áááºá¡áááºážáááºááŒá¬ááŒá®ážáá±á¬áẠ( command á output ááá¯ááŒáá·áºáá«á docker áááºáá±á¬ááºááŸá¯ lsáááºáá±á¬ááºááŸá¯á¡á¬ážáá¯á¶áž áááºáá¬áááº)á áá»áœááºá¯ááºááá¯á·ááẠPostgresql á¡á á¯á¡áá±ážááᯠá¡á ááŒá¯áá«áááºá
# docker exec $(docker ps | awk '/pgkeeper/ {print $1}') stolonctl --cluster-name=stolon-cluster --store-backend=etcdv3 --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379 init
Postgresql á¡á á¯á¡áá±ážááᯠá á áºáá±ážááŒááºáž-
# docker exec $(docker ps | awk '/pgkeeper/ {print $1}') stolonctl --cluster-name=stolon-cluster --store-backend=etcdv3 --store-endpoints=http://etcd1:2379,http://etcd2:2379,http://etcd3:2379 status
=== Active sentinels ===
ID LEADER
26baa11d false
74e98768 false
a8cb002b true
=== Active proxies ===
ID
4d233826
9f562f3b
b0c79ff1
=== Keepers ===
UID HEALTHY PG LISTENADDRESS PG HEALTHY PG WANTEDGENERATION PG CURRENTGENERATION
pgkeeper1 true pgkeeper1:5432 true 2 2
pgkeeper2 true pgkeeper2:5432 true 2 2
pgkeeper3 true pgkeeper3:5432 true 3 3
=== Cluster Info ===
Master Keeper: pgkeeper3
===== Keepers/DB tree =====
pgkeeper3 (master)
ââpgkeeper2
ââpgkeeper1
ááŒááºáá០ááœááºááááºáá¬áá»á¬ážááá¯á· áááºáá¯á¶ážááœáá·áºááᯠááœáá·áºááẠtraefik ááᯠáá»áœááºá¯ááºááá¯á· á á®á ááºáááºááŸááºáááº-
03traefik.yml
version: '3.7'
services:
traefik:
image: traefik:latest
command: >
--log.level=INFO
--providers.docker=true
--entryPoints.web.address=:80
--providers.providersThrottleDuration=2
--providers.docker.watch=true
--providers.docker.swarmMode=true
--providers.docker.swarmModeRefreshSeconds=15s
--providers.docker.exposedbydefault=false
--accessLog.bufferingSize=0
--api=true
--api.dashboard=true
--api.insecure=true
networks:
- traefik
ports:
- 80:80
volumes:
- /var/run/docker.sock:/var/run/docker.sock
deploy:
replicas: 3
placement:
constraints:
- node.role == manager
preferences:
- spread: node.id
labels:
- traefik.enable=true
- traefik.http.routers.traefik.rule=Host(`traefik.example.com`)
- traefik.http.services.traefik.loadbalancer.server.port=8080
- traefik.docker.network=traefik
networks:
traefik:
external: true
# docker stack deploy --compose-file 03traefik.yml traefik
áá»áœááºá¯ááºááá¯á·ááẠRedis Cluster ááá¯ááœáá·áºááá¯ááºáááºá áááºážááá¯áá¯ááºáá±á¬ááºááẠnode á¡á¬ážáá¯á¶ážááœááºááá¯ááŸá±á¬ááºááŸá¯áááºážááœáŸááºáá áºáá¯áááºáá®ážáááº-
# mkdir -p /srv/redis
áá redis.yml
version: '3.7'
services:
redis-master:
image: 'bitnami/redis:latest'
networks:
- redis
ports:
- '6379:6379'
environment:
- REDIS_REPLICATION_MODE=master
- REDIS_PASSWORD=xxxxxxxxxxx
deploy:
mode: global
restart_policy:
condition: any
volumes:
- 'redis:/opt/bitnami/redis/etc/'
redis-replica:
image: 'bitnami/redis:latest'
networks:
- redis
ports:
- '6379'
depends_on:
- redis-master
environment:
- REDIS_REPLICATION_MODE=slave
- REDIS_MASTER_HOST=redis-master
- REDIS_MASTER_PORT_NUMBER=6379
- REDIS_MASTER_PASSWORD=xxxxxxxxxxx
- REDIS_PASSWORD=xxxxxxxxxxx
deploy:
mode: replicated
replicas: 3
update_config:
parallelism: 1
delay: 10s
restart_policy:
condition: any
redis-sentinel:
image: 'bitnami/redis:latest'
networks:
- redis
ports:
- '16379'
depends_on:
- redis-master
- redis-replica
entrypoint: |
bash -c 'bash -s <<EOF
"/bin/bash" -c "cat <<EOF > /opt/bitnami/redis/etc/sentinel.conf
port 16379
dir /tmp
sentinel monitor master-node redis-master 6379 2
sentinel down-after-milliseconds master-node 5000
sentinel parallel-syncs master-node 1
sentinel failover-timeout master-node 5000
sentinel auth-pass master-node xxxxxxxxxxx
sentinel announce-ip redis-sentinel
sentinel announce-port 16379
EOF"
"/bin/bash" -c "redis-sentinel /opt/bitnami/redis/etc/sentinel.conf"
EOF'
deploy:
mode: global
restart_policy:
condition: any
volumes:
redis:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: "/srv/redis"
networks:
redis:
external: true
# docker stack deploy --compose-file 05redis.yml redis
Docker Registry ááá¯ááá·áºáá«-
06registry.yml
version: '3.7'
services:
registry:
image: registry:2.6
networks:
- traefik
volumes:
- registry_data:/var/lib/registry
deploy:
replicas: 1
placement:
constraints: [node.role == manager]
restart_policy:
condition: on-failure
labels:
- traefik.enable=true
- traefik.http.routers.registry.rule=Host(`registry.example.com`)
- traefik.http.services.registry.loadbalancer.server.port=5000
- traefik.docker.network=traefik
volumes:
registry_data:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/registry"
networks:
traefik:
external: true
# mkdir /srv/docker/registry
# docker stack deploy --compose-file 06registry.yml registry
áá±á¬ááºáá¯á¶ážá¡áá±áá²á· - GitLab
08gitlab-runner.yml
version: '3.7'
services:
gitlab:
image: gitlab/gitlab-ce:latest
networks:
- pgsql
- redis
- traefik
- gitlab
ports:
- 22222:22
environment:
GITLAB_OMNIBUS_CONFIG: |
postgresql['enable'] = false
redis['enable'] = false
gitlab_rails['registry_enabled'] = false
gitlab_rails['db_username'] = "gitlab"
gitlab_rails['db_password'] = "XXXXXXXXXXX"
gitlab_rails['db_host'] = "postgresql"
gitlab_rails['db_port'] = "5432"
gitlab_rails['db_database'] = "gitlab"
gitlab_rails['db_adapter'] = 'postgresql'
gitlab_rails['db_encoding'] = 'utf8'
gitlab_rails['redis_host'] = 'redis-master'
gitlab_rails['redis_port'] = '6379'
gitlab_rails['redis_password'] = 'xxxxxxxxxxx'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.yandex.ru"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "[email protected]"
gitlab_rails['smtp_password'] = "xxxxxxxxx"
gitlab_rails['smtp_domain'] = "example.com"
gitlab_rails['gitlab_email_from'] = '[email protected]'
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_tls'] = true
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
external_url 'http://gitlab.example.com/'
gitlab_rails['gitlab_shell_ssh_port'] = 22222
volumes:
- gitlab_conf:/etc/gitlab
- gitlab_logs:/var/log/gitlab
- gitlab_data:/var/opt/gitlab
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.role == manager
labels:
- traefik.enable=true
- traefik.http.routers.gitlab.rule=Host(`gitlab.example.com`)
- traefik.http.services.gitlab.loadbalancer.server.port=80
- traefik.docker.network=traefik
gitlab-runner:
image: gitlab/gitlab-runner:latest
networks:
- gitlab
volumes:
- gitlab_runner_conf:/etc/gitlab
- /var/run/docker.sock:/var/run/docker.sock
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
gitlab_conf:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/gitlab/conf"
gitlab_logs:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/gitlab/logs"
gitlab_data:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/gitlab/data"
gitlab_runner_conf:
driver: local
driver_opts:
type: none
o: bind
device: "/srv/docker/gitlab/runner"
networks:
pgsql:
external: true
redis:
external: true
traefik:
external: true
gitlab:
external: true
# mkdir -p /srv/docker/gitlab/conf
# mkdir -p /srv/docker/gitlab/logs
# mkdir -p /srv/docker/gitlab/data
# mkdir -p /srv/docker/gitlab/runner
# docker stack deploy --compose-file 08gitlab-runner.yml gitlab
á¡á á¯á¡ááœá²á·ááŸáá·áº áááºáá±á¬ááºááŸá¯áá»á¬ážá áá±á¬ááºáá¯á¶ážá¡ááŒá±á¡áá±-
# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
lef9n3m92buq etcd_etcd1 replicated 1/1 quay.io/coreos/etcd:latest
ij6uyyo792x5 etcd_etcd2 replicated 1/1 quay.io/coreos/etcd:latest
fqttqpjgp6pp etcd_etcd3 replicated 1/1 quay.io/coreos/etcd:latest
hq5iyga28w33 gitlab_gitlab replicated 1/1 gitlab/gitlab-ce:latest *:22222->22/tcp
dt7s6vs0q4qc gitlab_gitlab-runner replicated 1/1 gitlab/gitlab-runner:latest
k7uoezno0h9n pgsql_pgkeeper1 replicated 1/1 sorintlab/stolon:master-pg10
cnrwul4r4nse pgsql_pgkeeper2 replicated 1/1 sorintlab/stolon:master-pg10
frflfnpty7tr pgsql_pgkeeper3 replicated 1/1 sorintlab/stolon:master-pg10
x7pqqchi52kq pgsql_pgsentinel replicated 3/3 sorintlab/stolon:master-pg10
mwu2wl8fti4r pgsql_postgresql replicated 3/3 sorintlab/stolon:master-pg10
9hkbe2vksbzb redis_redis-master global 3/3 bitnami/redis:latest *:6379->6379/tcp
l88zn8cla7dc redis_redis-replica replicated 3/3 bitnami/redis:latest *:30003->6379/tcp
1utp309xfmsy redis_redis-sentinel global 3/3 bitnami/redis:latest *:30002->16379/tcp
oteb824ylhyp registry_registry replicated 1/1 registry:2.6
qovrah8nzzu8 traefik_traefik replicated 3/3 traefik:latest *:80->80/tcp, *:443->443/tcp
áááŒá¬ážáá¬ááœá± ááŒáŸáá·áºáááºááá¯ááºááá²á https áá±á«áºááœáẠááœááºááááºáá¬áá»á¬ážááᯠrun ááẠTraefik ááᯠconfigure áá¯ááºáá«á Postgresql ááŸáá·áº Redis á¡ááœáẠtls encryption ááá¯ááá·áºáá«á ááá¯á·áá±á¬áº áá±áá¯áá»á¡á¬ážááŒáá·áº áááºážááᯠPoC á¡ááŒá Ạdeveloper áá»á¬ážá¡á¬áž áá±ážáá±á¬ááºááá¯ááºáá±ááŒá®ááŒá áºáááºá ááᯠDocker á á¡ááŒá¬ážááœá±ážáá»ááºá áá¬áá»á¬ážááᯠááŒáá·áºááŒáá«á áá¯á·á
podman
pods áá»á¬ážááŒáá·áº á¡á¯ááºá á¯ááœá²á·áá¬ážáá±á¬ ááœááºááááºáá¬áá»á¬áž (podsá ááœááºááááºáá¬á¡á¯ááºá á¯áá»á¬áž) ááŸáá·áº ááœá²áá¯á¶ážáá¬ážáá±á¬ ááœááºááááºáá¬áá»á¬ážá¡ááœáẠáá°áááá»á¬ážáá±á¬ á¡ááŒá¬ážá¡ááºáá»ááºá Docker ááŸáá·áºááá°áá²á áááºážááẠááœááºááááºáá¬áá»á¬ážááá¯áááºáááºááẠáááºááá·áºáááºáá±á¬ááºááŸá¯ááŸáááá¯á¡ááºáá«á á¡áá¯ááºá¡á¬ážáá¯á¶ážááᯠlibpod á á¬ááŒáá·áºááá¯ááºááŸáááá·áºáá¯ááºáá±á¬ááºáááºá Go ááœááºáááºáž áá±ážáá¬ážáá¬ážááŒá®ážá runC áá²á·ááá¯á· ááœááºááááºáá¬áá»á¬ážááᯠááœáá·áºáááºá¡ááœáẠOCI-áááá¬áááŸááá±á¬ runtime ááá¯á¡ááºáá«áááºá
Podman ááŸáá·áºá¡áá¯ááºáá¯ááºááŒááºážááẠDocker á¡ááœáẠáá±áá°áá»á¡á¬ážááŒáá·áº áááºážááᯠáááºá€áá²á·ááá¯á·áá¯ááºáá±á¬ááºááá¯ááºááẠ(á€áá±á¬ááºážáá«ážáá±ážáá¬ážáá°á¡áá«á¡ááẠáááºážááá¯ááŒáá¯ážá á¬ážáá°ážáá°á¡áá»á¬ážá¡ááŒá¬ážá áá±á¬áºááŒáá¬ážááá·áºá¡ááá¯ááºáž)
$ alias docker=podman
ááŒá®ážáá±á¬á· áááºáž áááºááŒá®áž á¡áá¯ááºáá¯ááºááá¯ááºáááºá áá±áá¯áá»á¡á¬ážááŒáá·áºá Podman áá¡ááŒá±á¡áá±ááẠá¡ááœááºá áááºáááºá á¬ážá áá¬áá±á¬ááºážáááºá á¡áááºááŒá±á¬áá·áºááá¯áá±á¬áº Kubernetes áá¡á á±á¬ááá¯ááºážáá¬ážááŸááºážáá»á¬ážááẠDocker ááŸáá·áºá¡áá¯ááºáá¯ááºáá«áá ááœááºááááºáá¬áá±á¬á (OCI - Open Container Initiative) ááŸáá·áº Docker ááᯠcontainerd ááŸáá·áº runC á¡ááŒá Ạááá¯ááºážááŒá¬ážááŒá®ážáá±á¬áẠ2015 áá¯ááŸá áºáááºážáá»ááºááœááºá Kubernetes ááœááºáááºáááºáááºá¡ááœáẠDocker áá¡ááŒá¬ážááœá±ážáá»ááºá áá¬áá áºáᯠCRI-O ááá¯áá®ááœááºáá±áá«áááºá á€ááá á¹á ááŸáá·áº áááºáááºá Podman ááẠááœááºááááºáá¬áá»á¬ážááᯠá¡á¯ááºá á¯ááœá²á·ááŒááºážá¡áá«á¡ááẠKubernetes áá¡ááŒá±áá¶áá°áá»á¬ážáá±á«áºááœááºáááºáá±á¬ááºáá¬ážáá±á¬ Docker áá¡ááŒá¬ážááœá±ážáá»ááºá áá¬áá áºáá¯ááŒá áºáááºá ááá¯á·áá±á¬áºááá±á¬áá»ááºáá¡ááááááºááœááºáá»ááºááŸá¬ á¡ááá¯áááºáá±á¬ááºááŸá¯áá»á¬ážááá«áá² Docker-á ááá¯ááºááœááºááááºáá¬áá»á¬ážááá¯ááœáá·áºáááºááŒá áºáááºá ááŸááºážááŸááºážáááºážáááºáž á¡ááŒá±á¬ááºážááŒáá»ááºáá»á¬ážá¡ááœááºá developer áá»á¬ážá á¡á á¯á¡ááœá²á·áá áºáá¯ááá¯á¡ááºáá«á Kubernetes ááá¯áá°áá«áᯠááŸááºážáááºážá áœá¬ááŒá±á¬áá±á¬ááŒá±á¬áá·áº swarm mode áááŸááá«á
ustanovka
Centos 7 ááœáẠááá·áºááœááºážáááºá Extras repository ááᯠá áááºá¡áá¯á¶ážááŒá¯ááá¯ááºááŒá®áž á¡áá¬á¡á¬ážáá¯á¶ážááᯠcommand ááŒáá·áº ááá·áºááœááºážáá«-
# yum -y install podman
á¡ááŒá¬ážá¡ááºá¹áá«áááºáá»á¬áž
Podman ááẠsystemd á¡ááœááºáá°áá áºáá»á¬ážááá¯áá¯ááºáá¯ááºááá¯ááºáááºá ááá¯á·ááŒá±á¬áá·áºáá¬áá¬áá áºáá¯ááŒááºáááºá áááºááŒá®ážáá±á¬ááºááœááºááááºáá¬áá»á¬ážááá¯á áááºááá·áºááŒá¿áá¬ááá¯ááŒá±ááŸááºážááá¯ááºáááºá ááá¯á·á¡ááŒááºá systemd á¡á¬áž ááœááºááááºáá¬á¡ááœááºážááŸá pid 1 á¡ááŒá ẠááŸááºáááºá áœá¬ áá¯ááºáá±á¬ááºááẠááŒá±áá¬áá¬ážáááºá ááœááºááááºáá¬áá»á¬ážáááºáá±á¬ááºááŒááºážá¡ááœáẠáá®ážááŒá¬áž buildah áááááá¬áá áºáá¯ááŸáááŒá®ážá ááŒááºáááŸáááááá¬áá»á¬áž - Kubernetes ááŸáá·áº ááœá²áááºá¡áá¯á¶ážááŒá¯ááá¯ááºáá±á¬ configuration files áá»á¬ážááá¯áááºážáá¯ááºáá¯ááºáá±ážááá·áº docker-compose á analogues áá»á¬ážáá«ááŸááááºá ááá¯á·ááŒá±á¬áá·áº Podman á០Kubernetes ááá¯á· áá°ážááŒá±á¬ááºážááŒááºážááᯠá¡áááºááá¯ááºáá¯á¶áž ááá¯ážááŸááºážá á±áááºá
Podman ááŸáá·áºá¡áá¯ááºáá¯ááºáááºá
swarm mode áááŸááá±á¬ááŒá±á¬áá·áº (á¡á á¯á¡ááœá²á·áá áºáá¯ááá¯á¡ááºáá«á Kubernetes ááá¯á·ááŒá±á¬ááºážááá«áááº)á áááºážááá¯áá®ážááŒá¬ážááœááºááááºáá¬áá»á¬ážááœááºá á¯áá±á¬ááºážáá«áááºá
podman-compose ááᯠááá·áºááœááºážáá«-
# yum -y install python3-pip
# pip3 install podman-compose
podman á¡ááœáẠáááŸááá¬áá±á¬ configuration file ááẠá¡áááºážáááºááœá²ááŒá¬ážáááºá ááá¯á·ááŒá±á¬áá·áº á¥ááá¬á¡á¬ážááŒáá·áº áá®ážááŒá¬áž volumes á¡ááá¯ááºážááᯠáááºáá±á¬ááºááŸá¯áá»á¬ážááŸáá·áºá¡áá° ááá¹áááá¯á· ááá¯ááºááá¯ááºááœáŸá±á·ááááºááŒá áºáá«áááºá
gitlab-podman.yml
version: '3.7'
services:
gitlab:
image: gitlab/gitlab-ce:latest
hostname: gitlab.example.com
restart: unless-stopped
environment:
GITLAB_OMNIBUS_CONFIG: |
gitlab_rails['gitlab_shell_ssh_port'] = 22222
ports:
- "80:80"
- "22222:22"
volumes:
- /srv/podman/gitlab/conf:/etc/gitlab
- /srv/podman/gitlab/data:/var/opt/gitlab
- /srv/podman/gitlab/logs:/var/log/gitlab
networks:
- gitlab
gitlab-runner:
image: gitlab/gitlab-runner:alpine
restart: unless-stopped
depends_on:
- gitlab
volumes:
- /srv/podman/gitlab/runner:/etc/gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock
networks:
- gitlab
networks:
gitlab:
# podman-compose -f gitlab-runner.yml -d up
ááááº:
# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
da53da946c01 docker.io/gitlab/gitlab-runner:alpine run --user=gitlab... About a minute ago Up About a minute ago 0.0.0.0:22222->22/tcp, 0.0.0.0:80->80/tcp root_gitlab-runner_1
781c0103c94a docker.io/gitlab/gitlab-ce:latest /assets/wrapper About a minute ago Up About a minute ago 0.0.0.0:22222->22/tcp, 0.0.0.0:80->80/tcp root_gitlab_1
systemd ááŸáá·áº kubernetes á¡ááœáẠáá¯ááºáá±ážáááºáá»á¬ážááᯠááŒáá·áºááŒáá«á áá¯á·á áááºážá¡ááœáẠáá»áœááºá¯ááºááá¯á·ááẠpod á á¡ááẠááá¯á·ááá¯áẠID ááᯠááŸá¬ááœá±ááẠááá¯á¡ááºáááº-
# podman pod ls
POD ID NAME STATUS CREATED # OF CONTAINERS INFRA ID
71fc2b2a5c63 root Running 11 minutes ago 3 db40ab8bf84b
Kubernetes-
# podman generate kube 71fc2b2a5c63
# Generation of Kubernetes YAML is still under development!
#
# Save the output of this file and use kubectl create -f to import
# it into Kubernetes.
#
# Created with podman-1.6.4
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: "2020-07-29T19:22:40Z"
labels:
app: root
name: root
spec:
containers:
- command:
- /assets/wrapper
env:
- name: PATH
value: /opt/gitlab/embedded/bin:/opt/gitlab/bin:/assets:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: TERM
value: xterm
- name: HOSTNAME
value: gitlab.example.com
- name: container
value: podman
- name: GITLAB_OMNIBUS_CONFIG
value: |
gitlab_rails['gitlab_shell_ssh_port'] = 22222
- name: LANG
value: C.UTF-8
image: docker.io/gitlab/gitlab-ce:latest
name: rootgitlab1
ports:
- containerPort: 22
hostPort: 22222
protocol: TCP
- containerPort: 80
hostPort: 80
protocol: TCP
resources: {}
securityContext:
allowPrivilegeEscalation: true
capabilities: {}
privileged: false
readOnlyRootFilesystem: false
volumeMounts:
- mountPath: /var/opt/gitlab
name: srv-podman-gitlab-data
- mountPath: /var/log/gitlab
name: srv-podman-gitlab-logs
- mountPath: /etc/gitlab
name: srv-podman-gitlab-conf
workingDir: /
- command:
- run
- --user=gitlab-runner
- --working-directory=/home/gitlab-runner
env:
- name: PATH
value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: TERM
value: xterm
- name: HOSTNAME
- name: container
value: podman
image: docker.io/gitlab/gitlab-runner:alpine
name: rootgitlab-runner1
resources: {}
securityContext:
allowPrivilegeEscalation: true
capabilities: {}
privileged: false
readOnlyRootFilesystem: false
volumeMounts:
- mountPath: /etc/gitlab-runner
name: srv-podman-gitlab-runner
- mountPath: /var/run/docker.sock
name: var-run-docker.sock
workingDir: /
volumes:
- hostPath:
path: /srv/podman/gitlab/runner
type: Directory
name: srv-podman-gitlab-runner
- hostPath:
path: /var/run/docker.sock
type: File
name: var-run-docker.sock
- hostPath:
path: /srv/podman/gitlab/data
type: Directory
name: srv-podman-gitlab-data
- hostPath:
path: /srv/podman/gitlab/logs
type: Directory
name: srv-podman-gitlab-logs
- hostPath:
path: /srv/podman/gitlab/conf
type: Directory
name: srv-podman-gitlab-conf
status: {}
á áá áºááá·áºááœááºážáááº-
# podman generate systemd 71fc2b2a5c63
# pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
# autogenerated by Podman 1.6.4
# Thu Jul 29 15:23:28 EDT 2020
[Unit]
Description=Podman pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
Documentation=man:podman-generate-systemd(1)
Requires=container-781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3.service container-da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864.service
Before=container-781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3.service container-da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864.service
[Service]
Restart=on-failure
ExecStart=/usr/bin/podman start db40ab8bf84bf35141159c26cb6e256b889c7a98c0418eee3c4aa683c14fccaa
ExecStop=/usr/bin/podman stop -t 10 db40ab8bf84bf35141159c26cb6e256b889c7a98c0418eee3c4aa683c14fccaa
KillMode=none
Type=forking
PIDFile=/var/run/containers/storage/overlay-containers/db40ab8bf84bf35141159c26cb6e256b889c7a98c0418eee3c4aa683c14fccaa/userdata/conmon.pid
[Install]
WantedBy=multi-user.target
# container-da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864.service
# autogenerated by Podman 1.6.4
# Thu Jul 29 15:23:28 EDT 2020
[Unit]
Description=Podman container-da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864.service
Documentation=man:podman-generate-systemd(1)
RefuseManualStart=yes
RefuseManualStop=yes
BindsTo=pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
After=pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
[Service]
Restart=on-failure
ExecStart=/usr/bin/podman start da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864
ExecStop=/usr/bin/podman stop -t 10 da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864
KillMode=none
Type=forking
PIDFile=/var/run/containers/storage/overlay-containers/da53da946c01449f500aa5296d9ea6376f751948b17ca164df438b7df6607864/userdata/conmon.pid
[Install]
WantedBy=multi-user.target
# container-781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3.service
# autogenerated by Podman 1.6.4
# Thu Jul 29 15:23:28 EDT 2020
[Unit]
Description=Podman container-781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3.service
Documentation=man:podman-generate-systemd(1)
RefuseManualStart=yes
RefuseManualStop=yes
BindsTo=pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
After=pod-71fc2b2a5c6346f0c1c86a2dc45dbe78fa192ea02aac001eb8347ccb8c043c26.service
[Service]
Restart=on-failure
ExecStart=/usr/bin/podman start 781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3
ExecStop=/usr/bin/podman stop -t 10 781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3
KillMode=none
Type=forking
PIDFile=/var/run/containers/storage/overlay-containers/781c0103c94aaa113c17c58d05ddabf8df4bf39707b664abcf17ed2ceff467d3/userdata/conmon.pid
[Install]
WantedBy=multi-user.target
áá¶ááá±á¬ááºážá áœá¬ááŒáá·áºá ááœááºááááºáá¬áá»á¬ážááá¯ááœáá·áºááŒááºážááŸááœá²á systemd á¡ááœááºáá¯ááºáá¯ááºáá¬ážáá±á¬áá°áá áºááẠá¡ááŒá¬ážáá¬áá»áŸááá¯ááºáá« (á¥ááá¬á á€áááºáá±á¬ááºááŸá¯ááá¯ááŒááºáááºá áááºááá·áºá¡áá« ááœááºááááºáá¬á¡áá±á¬ááºážáá»á¬ážááᯠááá·áºááŸááºážáá±ážáá¯ááºááŒááºáž) ááŒá áºáá±á¬ááŒá±á¬áá·áº áááºááá¯ááºááá¯ááºáá±ážáá¬ážááááºááŒá áºáá«áááºá
áá°á¡áá Podman ááẠáááºááá·áº containers ááŒá áºáááºááᯠá ááºážááŒáá·áºáááºá docker-compose á¡ááœáẠáá¯á¶á á¶áá±á¬ááºážáá»á¬ážááᯠááœáŸá²ááŒá±á¬ááºážáá«á ááá¯á·áá±á¬áẠáááºá á¡á á¯á¡áá±ážáá áºáᯠááá¯á¡ááºáá«á Kubernetes ááá¯á· ááœáŸá±á·áá«á ááá¯á·ááá¯áẠDocker á¡ááœáẠááá¯ááá¯ááœááºáá°áá±á¬ á¡á á¬ážááá¯ážáá áºáá¯ááᯠááá°áá«á
rkt
á
á®áá¶ááááºážá
ááááºá áá áº
ááá¯ááŒá®áž
ááœá±á·ááŸááá»ááºáá»á¬áž
Kubernetes áá¡ááŒá±á¡áá±ááẠá¡ááœááºá áááºáááºá á¬ážá áá¬áá±á¬ááºážáááº- áá áºáááºááœááºá Docker ááŒáá·áº áááºááẠáá¯á¶ážá áœá²áá°áá»á¬ážá¡ááœáẠáá¯ááºáá¯ááºáááºáááºážáá»ááºáá»á¬ážááá¯ááẠáááºáá¯ááºáá±á¬ááºááá¯ááºááá·áº á¡á á¯á¡áá±ážáá áºáᯠ(swarm mode ááœááº) áááºáá±á¬ááºááá¯ááºáááºá áááºážááẠá¡áááºážáááºáá»á¬áž (3-5 áá±á¬ááº) á¡ááœáẠá¡áá°ážáááŒáá·áº ááŸááºáá«áááºá ááá¯á·ááá¯áẠáá±ážáááºáá±á¬áááºááŸáá·áº ááá¯á·ááá¯áẠááŒáá·áºáá¬ážáá±á¬áááºáá»á¬ážá¡áá«á¡ááẠKubernetes á áá áºááá·áºááœááºážááŒááºážá ááŸá¯ááºááœá±ážáááºáá²ááŸá¯áá»á¬ážááᯠáá¬ážáááºááá¯á áááºáááŸáááŒááºážá
Podman ááẠá¡ááŒáá·áºá¡á ááá¯ááºáááºáá®ááŸá¯ááᯠááá±ážááá¯ááºáá±á¬áºáááºáž áááºážááœáẠá¡áá±ážááŒá®ážáá±á¬ á¡á¬ážáá¬áá»ááºáá áºáᯠááŸáááẠ- á¡ááá¯áááááá¬áá»á¬áž (buildah ááŸáá·áº á¡ááŒá¬ážá¡áá¬áá»á¬áž) á¡áá«á¡ááẠKubernetes ááŸáá·áº ááá¯ááºáááºááŸá¯ááŸáááŒááºážá ááá¯á·ááŒá±á¬áá·áºá áá»áœááºá¯ááºááẠá¡á±á¬ááºáá«á¡ááá¯ááºáž á¡áá¯ááºá¡ááœáẠáááááá¬á ááœá±ážáá»ááºááŸá¯ááᯠáá»ááºážáááºáá«áááº- á¡ááœá²á·áááºáá»á¬ážá¡ááœáẠááá¯á·ááá¯áẠá¡ááá·áºá¡áááºááŸááá±á¬ áááºáá»ááºááŒáá·áº - Docker (ááŒá áºááá¯ááºáá»á±ááŸááá±á¬ á¡á á¯á¡áá±ážáá¯ááºááŒáá·áº)á ááá¯ááºááá¯áẠlocalhost - Podman áá²áá±á¬áºáá»á¬áž ááŸáá·áº á¡ááŒá¬ážáá°ááá¯ááºážá¡ááœááºá - Kubernetes
Docker áá¡ááŒá±á¡áá±ááẠá¡áá¬áááºááœáẠááŒá±á¬ááºážáá²áááºááá¯ááºááŒá±á¬ááºáž áá»áœááºáá±á¬áºáá±áá»á¬ááááá«á á¡ááŸááºááŸá¬ áááºážááá¯á·ááẠááŸá±á·áá±á¬ááºáá»á¬ážááŒá áºááŒááŒá®áž áááŒááºážááŒááºáž á á¶áááºááŸááºááŒááºážáá¶ááá±á¬áºáááºáž Podman ááẠáááºážááá»áá¯á·ááœááºážáá»ááºá¡á¬ážáá¯á¶ážá¡ááœáẠ(Linux ááœááºáá¬á¡áá¯ááºáá¯ááºáááºá á¡á á¯á¡áá±ážáááŸáá á ááºážáá±ážááœá²ááŸáá·áº á¡ááŒá¬ážáá¯ááºáá±á¬ááºáá»ááºáá»á¬ážááẠááŒááºáá¡ááœá²á·á¡á ááºážááŒá±ááŸááºážáááºážáá»á¬ážááŒá áºáááº) á¡áá¬áááºááẠááá¯ááá¯ááŸááºážáááºážáá¬áá±á¬ááŒá±á¬áá·áº ááŸááºáá»ááºáá»á¬ážááœáẠá€ááœá±á·ááŸááá»ááºáá»á¬ážááᯠááœá±ážááœá±ážááẠáá°ááá¯ááºážááᯠááááºáá±á«áºáá«áááºá
PS á©áá¯ááºá (á)áááºáá±á·ááœáẠá
áááºááœáá·áºááŸá
áºáá«áááºá
ááá¯ááºáá±áá® ááŒáá¯áááºááŸá¬áá°ááŸá¯á
á»á±ážááŸá¯ááºáž- RUB 5000á Docker Video Course á¡á
á®á¡á
ááºááᯠáááºááŒáá·áºááŸá¯ááá¯ááºáá«áááºá
source: www.habr.com