Sekuyiminyaka engaphezu kwengu-20 ngisebenza kwa-IT, kodwa ngandlela-thile angizange ngifinyelele ezitsheni. Ngombono, ngaqonda ukuthi zakhiwe kanjani nokuthi zisebenza kanjani. Kodwa njengoba ngangingakaze ngihlangane nabo ekuzilolongeni, ngangingenaso isiqiniseko sokuthi amagiya angaphansi kwesivalo sawo ajika futhi aphenduka kanjani.
Ngaphandle kwalokho, ngangingazi ukuthi ukuphepha kwabo kwakunjani. Kepha futhi, ithiyori izwakala imnandi, futhi ingoma yakudala ethi “njengoba ukuphepha kwanda, ukusebenziseka kuncipha” yanamathela ekhanda lami. Ngakho-ke ngacabanga ukuthi njengoba konke kulula kakhulu ukwenza ngeziqukathi, ngakho-ke ukuphepha okukhona kungaphansi kwesigaba. Njengoba kwenzeka, ngangiqinisile.
Ukuze ngiqale ngokushesha, ngabhalisela izifundo 2020 enesihloko esithi "".
Isifundo, esifundiswa u-Sheila A. Berta kanye no-Sol Ozzan, saqala ngokushesha ngencazelo yokuthi ama-container e-Docker asebenza kanjani kanye nohambo oluthathayo lapho ethunyelwa e-Kubernetes. Leli bekuyikilasi elisebenza ngezandla ngokuphelele - abafundi bekufanele bafake i-Docker nama-microk8 emishinini yabo ngaphambi kwekilasi - indlela enhle yokubona ukuthi amathuluzi asebenzisana kanjani, bathole amaphuzu abuthakathaka futhi, okubaluleke kakhulu, bazame ukuwavimba.
Ngeshwa, nakuba izifundo zazithembisa ukuba “isikhulu” ngemva kwezinsuku ezimbili, ngaba nomuzwa wokuthi yonke into yayisanda kuqala, futhi kwakusekuningi okwakumelwe ngikufunde.
Ngaphambi kokungena ekuphawuleni kwami okuphakeme, kubalulekile ukuchaza ukuthi yini isitsha. Emhlabeni wokuthuthukiswa, kuthathwa njengokujwayelekile ukuthi ikhodi ebhalwe emshinini wakho womuntu siqu isebenze kahle, kodwa uma uzama ukuyisebenzisa kuseva endaweni ethile, imane ingasebenzi. Iziqukathi zizama ukunqoba le nkinga ngokuhlinzeka ngemishini ezimele ongakwazi ukuyisusa kalula isuka kwenye iseva iye kwenye, wazi ukuthi iyohlala isebenza. Njengoba igama liphakamisa, aqukethe ikhodi, imitapo yolwazi, nenye isofthiwe edingekayo ukuze kwenziwe umsebenzi. UKubernetes, ngakolunye uhlangothi, kunjalo . Empeleni, ingasetshenziswa ukuphatha ngaphandle komthungo amakhulu noma izinkulungwane zeziqukathi ezahlukene.
Ngezansi okunye engikutholile ngombono weqembu elibomvu neliluhlaza okwesibhakabhaka.
Iqembu Elibomvu
Okuqukethwe okuningi kwesiqukathi kusebenza njengempande: Lokhu kusho ukuthi uma isiqukathi sisengozini, uzokwazi ukufinyelela ngokugcwele esitsheni. Lokhu kwenza izinyathelo ezilandelayo zibe lula kakhulu.
Ukukhweza i-docker.sock ngaphakathi kwesitsha kuyingozi: Uma unezimpande ngaphakathi kwesiqukathi futhi ufake i-Docker ngaphakathi kwesitsha esinesokhethi ye-Docker (/var/run/docker.sock), unamandla okuhlola iqoqo lonke, okuhlanganisa ukufinyelela kunoma yisiphi esinye isiqukathi. Ukufinyelela okunjalo akukwazi ukuvinjelwa ngokuhlukaniswa kwenethiwekhi noma ngezinye izindlela.
Okuguquguqukayo kwendawo ngokuvamile kuqukethe idatha eyimfihlo: Ezimweni eziningi, abantu bathumela amagama ayimfihlo kusiqukathi besebenzisa okuguquguqukayo kwendawo okujwayelekile. Ngakho uma ukwazi ukufinyelela i-akhawunti, ungakwazi inhloli lezi eziguquguqukayo imvelo ukuze kamuva wandise amandla akho.
I-Docker API inganikeza ulwazi oluningi: I-Docker API, lapho icushwa ngokuzenzakalelayo, isebenza ngaphandle kokugunyazwa futhi ingakhiqiza ithoni yolwazi. Usebenzisa i-Shodan, ungathola kalula uhlu lwamachweba avuliwe, bese uthola imininingwane enemininingwane mayelana neqoqo - bese uqhubekela ekuthwebuleni kwalo okugcwele. I-TrendMicro ibhale ngalokhu .
Iqembu Eliluhlaza
Ungasebenzisi okuqukethwe kwesiqukathi njengempande: Noma kulula ukugijima njengempande, akufanele ukwenze. Esikhundleni salokho, sebenzisa izinhlelo zokusebenza ngezimvume zokusetha kabusha ngokubonisa i-uid, noma usebenzisa inketho --user lapho ugijima usuka ku-CLI, noma ngokucacisa u-USER ku-Dockerfile.
Ungavumeli isofthiwe ukuthi ifakwe ezitsheni: Cishe konke ukuhlasela kuqala ngokutshala okuthile. Ukusuka ku-nmap kuye ku-ifconfig kuye ku-Docker uqobo (ngaphakathi kwesitsha), ukufaka noma yini esitsheni bekuyinto evamile. Ngesizathu esifanayo, kufanele uhlale uvimbele zonke izimbobo ezingasetshenzisiwe. Lokhu futhi kusiza ukuvimbela imiyalo yokulawula ukuthi ingadluliswa uma umshini wakho utheleleke. Ngaphezu kokuvimbela ukufakwa kwezinhlelo, kufanelekile ukwenza isiqiniseko sokuthi inani elincane lezicelo ezidingekayo ukuqedela umsebenzi lifakwe esitsheni ngokwaso.
Vikela i-docker.sock: Kumele ivikelwe ngoba ukuxhumana phakathi kwesiqukathi neqoqo kusetshenzwa ngale sokhethi. Njengoba ngingafuni ukuya ngemininingwane kulesi sihloko, funda , yini engenzeka, futhi kanjani ukuvimba konke.
Sebenzisa izimfihlo ze-Docker esikhundleni sokuguquguquka kwemvelo: Kukhona izimfihlo . Nakuba lokhu kungavikelekile, kusengcono kunezimo zemvelo zokudlulisa idatha eyimfihlo esitsheni.
Uma i-athikili ivuse intshisekelo yakho ezitsheni, ungakwazi ukufaka kalula i-Docker noma i-microk8s (inguqulo encane ye-Kubernetes). kukhona imiyalelo yokufaka i-Docker ye-Linux ne-MacOS, futhi — imiyalelo yokufaka i-microk8s ye-Windows, Linux kanye ne-MacOS.
Ngemva kokufaka ungahamba kusuka ku-Docker, inketho efanayo kanye nama-microk8s.
Uma ufuna noma udinga ukwenza izifundo ezibanzi ku-Docker, lapho izikhulumi ezisebenzayo zihlola wonke amathuluzi ayo: kusukela ekusetshenzisweni okuyisisekelo kuya kumapharamitha wenethiwekhi, ama-nuances okusebenza ngezinhlelo zokusebenza ezahlukahlukene nezilimi zokuhlela, bese uzama “" Uzojwayelana nobuchwepheshe futhi uqonde ukuthi ungayisebenzisa kuphi futhi kanjani i-Docker. Futhi ngesikhathi esifanayo, thola izimo ezingcono kakhulu zokuzijwayeza - kungcono ukufunda ngokuphepha nangokusekelwa odokotela ezindabeni ezimayelana namaraki kunokusuka kumareki ngokwawo ngezibambo ezigxilile.
Source: www.habr.com