Airren Ren
Monday, January 1, 1
Deploy essential components by Docker
K8sStudy:
-
Docker Node: Jenkins, Mysql, casbin_allinone, portioner,hemidall (1 node 4 core, 8G)
-
ODMS with NFS. (3 node, 1 NFS node)
-
K8s node for CNI study
-
K8s node for others, DPDK?
-
Dev node for source code and dev
-
move Openwrt and VM to a same node
Application
Casdoor
1docker run -d --restart=always --name casdoor \
2-p 8001:8000 \
3casbin/casdoor-all-in-one
Heimdall
1docker volume create heimdall
2docker run -d --restart unless-stopped --name=heimdall \
3-e PUID=1000 -e PGID=1000 -e TZ=Europe/London \
4-p 8086:80 -p 8463:443 \
5-v heimdall:/config \
6linuxserver/heimdall:latest
CI&CD
Jenkins
1docker volume create jenkins_data
2docker run -d --restart=always --name jenkins \
3-u 0 --privileged \
4-p 8080:8080 -p 50000:50000 \
5-v jenkins_data:/var/jenkins_home \
6-v /var/run/docker.sock:/var/run/docker.sock -v $(which docker):/usr/bin/docker \
7jenkins/jenkins:lts-jdk11
8
9# -v /var/run/docker.sock:/var/run/docker.sock -v $(which docker):/usr/bin/docker \
10
11# must ubuntu20.04
Docker pipeline configuration
1 script{
2 docker.withRegistry( '', registryCredential ) {
3 dockerImage.push()
4 }
5 }
https://octopus.com/blog/jenkins-docker-ecr
https://medium.com/@gustavo.guss/jenkins-building-docker-image-and-sending-to-registry-64b84ea45ee9
Database
Mysql
1docker volume create mysql_data
2
3docker run -d --restart=always --name mysql \
4-p 3306:3306 \
5-e MYSQL_ROOT_PASSWORD=1q2w3e4r%T \
6-v mysql_data=/var/lib/mysql \
7mysql:8.0.30
Elastic Search
1docker run -d --name es01 \
2--net elastic -e ES_JAVA_OPTS="-Xms1g -Xmx1g" \
3-p 9200:9200 -p 9300:9300 -it \
4docker.elastic.co/elasticsearch/elasticsearch:8.4.1
5
6# /usr/share/elasticsearch/config/certs/http_ca.crt
7# /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic
Cerebro
1docker volume create cerebro_data
2docker run -d --restart=always --name cerebro \
3-p 9001:9000 --net elastic \
4-v cerebro_data:/opt/cerebro \
5lmenezes/cerebro:0.9.4
Add host configration to cerebro
1# /opt/cerebro/conf
2hosts = [
3 {
4 host = "https://10.105.61.90:9200"
5 name = "ES Cluster"
6 auth = {
7 username = "elastic"
8 password = "MyPassword"
9 }
10 }
11]
12
13play.ws.ssl {
14 trustManager = {
15 stores = [
16 { type = "PEM", path = "/opt/cerebro/conf/http_ca.crt" }
17 ]
18 }
19 loose = {
20 disableHostnameVerification=true }
21}
22
23# Disabling certificate validation
24# #play.ws.ssl.loose.acceptAnyCertificate=true
MinIO
1docker volume create minio_data
2
3docker run -d --restart=always --name minio \
4 -p 9000:9000 \
5 -p 9099:9099 \
6 -v minio_data:/data \
7 -e "MINIO_ROOT_USER=admin" \
8 -e "MINIO_ROOT_PASSWORD=1q2w3e4r%T" \
9 minio/minio server /data --console-address ":9099"
what is S3
Docker manager
Portainer
1docker volume create portainer_data
2docker run -d --restart=always --name portainer \
3-p 8000:8000 -p 9443:9443 -p 9090:9000 \
4-v /var/run/docker.sock:/var/run/docker.sock \
5-v portainer_data:/data \
6portainer/portainer-ce:latest
Jira
1 docker volume create jira_data
2 docker run -d --restart=always --name jira \
3 -p 8082:8080 -v jira_data:/var/jira -e TZ='Asia/Shanghai'\
4 haxqer/jira:9.5.0
5
6
7 docker exec jira java -jar /var/agent/atlassian-agent.jar \
8 -p jira \
9 -m haxqer666@gmail.com \
10 -n haxqer666@gmail.com \
11 -o http://echo-bio.cn:8082 \
12 -s B2GJ-KD5D-6V6J-KCK7
13
14
15
configure ubuntu as a router
1sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
2sudo iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
3sudo iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
4
5
6
7sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ens160 -j MASQUERADE
8sudo iptables -t nat -A POSTROUTING -s 10.0.12.0/24 -o ens160 -j MASQUERADE
9
10
11
12vi /etc/sysctl.conf
13
14net.ipv4.ip_forward = 1 # 没有则添加,有修改为1(0禁止,1开启)
15
16sysctl -p