说明
- Docker采用的是C/S的架构
- Docker进程默认不监听任何端口,它会生成一个socket(/var/run/docker.sock)文件来进行本地进程通信
- Docker C/S之间采取Rest API作为通信协议,我们可以让Docker daemon进程监听一个端口,这就为我们用docker client远程调用docker daemon进程执行镜像构建提供了可能
# dind.yaml
---
kind: Service
apiVersion: v1
metadata:
name: dind
namespace: kube-system
spec:
selector:
app: dind
ports:
- port: 2375
name: tcp-port
protocol: TCP
targetPort: 2375
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: dind
namespace: kube-system
labels:
app: dind
spec:
replicas: 1
selector:
matchLabels:
app: dind
template:
metadata:
labels:
app: dind
spec:
hostNetwork: true # 将容器的端口映射到宿主机
containers:
- name: dind
image: ziosting/dind
lifecycle:
postStart:
exec:
command:
- "/bin/sh"
- "-c"
- "docker login https://www.tang520.top -u 'admin' -p 'tang1993**'"
preStop:
exec:
command:
- "/bin/sh"
- "-c"
- "sleep 5"
ports:
- containerPort: 2375
readinessProbe:
tcpSocket:
port: 2375
initialDelaySeconds: 10
livenessProbe:
tcpSocket:
port: 2375
initialDelaySeconds: 10
securityContext:
privileged: true
env:
- name: DOCKER_HOST
value: tcp://localhost:2375
- name: DOCKER_DRIVER
value: overlay2
- name: DOCKER_TLS_CERTDIR
value: ""
volumeMounts:
- mountPath: /var/lib/docker
name: docker-graph-storage
imagePullSecrets:
- name: www.tang520.top
volumes:
- name: docker-graph-storage
hostPath:
path: /var/lib/container/docker
运行dind的yaml文件
[root@node1 gitlab]# kubectl apply -f dind.yaml
查看结果
[root@node3 ~]# ss -tunlp
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 0.0.0.0:8472 0.0.0.0:*
udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:* users:(("chronyd",pid=106147,fd=5))
udp UNCONN 0 0 0.0.0.0:35878 0.0.0.0:* users:(("avahi-daemon",pid=75029,fd=14))
udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:* users:(("avahi-daemon",pid=75029,fd=12))
udp UNCONN 0 0 [::1]:323 [::]:* users:(("chronyd",pid=106147,fd=6))
udp UNCONN 0 0 [::]:5353 [::]:* users:(("avahi-daemon",pid=75029,fd=13))
udp UNCONN 0 0 [::]:48537 [::]:* users:(("avahi-daemon",pid=75029,fd=15))
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=75035,fd=3))
tcp LISTEN 0 16384 127.0.0.1:10249 0.0.0.0:* users:(("kube-proxy",pid=84208,fd=11))
tcp LISTEN 0 16384 127.0.0.1:10248 0.0.0.0:* users:(("kubelet",pid=84021,fd=21))
tcp LISTEN 0 128 127.0.0.1:631 0.0.0.0:* users:(("cupsd",pid=75033,fd=7))
tcp LISTEN 0 16384 127.0.0.1:42371 0.0.0.0:* users:(("containerd",pid=83558,fd=13))
tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=75035,fd=4))
tcp LISTEN 0 128 [::1]:631 [::]:* users:(("cupsd",pid=75033,fd=6))
tcp LISTEN 0 16384 *:10250 *:* users:(("kubelet",pid=84021,fd=22))
tcp LISTEN 0 16384 *:10256 *:* users:(("kube-proxy",pid=84208,fd=9))
tcp LISTEN 0 16384 *:2375 *:* users:(("dockerd",pid=2308538,fd=3))
可以看到监听了2375端口
