echo '{
"insecure-registries" : [ "192.168.0.183:5000" ]
}' > /etc/docker/daemon.jsondocker run -d -p 5000:5000 --restart=always --name registry registry:2
registry-docker-compose.yml
version: '3'
services:
registry:
image: registry:2
user: root:root
restart: always
container_name: registry
environment:
TZ: "Asia/Kolkata"
volumes:
- /mnt/registry:/var/lib/registry
ports:
- 5000:5000version: '3'
services:
jenkins:
image: sonatype/nexus3:3.29.0
user: root:root
restart: always
container_name: nexus
environment:
TZ: "Asia/Kolkata"
volumes:
- /opt/nexus-data:/nexus-data
ports:
- 8081:8081Get admin passwords:
docker exec -it nexus bash
find / -iname admin.*
#OR
docker exec -it nexus cat /nexus-data/admin.password
More : https://hub.docker.com/r/sonatype/nexus3#user-content-persistent-data
#Install nomad
-Download the stable release form https://www.nomadproject.io/downloads
wget https://releases.hashicorp.com/nomad/1.0.1/nomad_1.0.1_linux_amd64.zip
unzip nomad_1.0.1_linux_amd64.zip
mv nomad /usr/local/bin/#start nomad in dev mode
nomad agent -dev
nomad node status#Install docker https://docs.docker.com/engine/install/centos/
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce docker-ce-cli containerd.io
systemctl start docker
systemctl enable docker#Create simple nginx job file (nginx.nomad)
job "nginx" {
datacenters = ["dc1"]
type = "service"
update {
max_parallel = 1
min_healthy_time = "10s"
healthy_deadline = "3m"
progress_deadline = "10m"
auto_revert = false
canary = 0
}
migrate {
max_parallel = 1
health_check = "checks"
min_healthy_time = "10s"
healthy_deadline = "5m"
}
group "cache" {
count = 1
network {
port "nginx-port" {
to = 80
}
}
service {
name = "nginx-port"
tags = ["nginx", "web"]
port = "nginx-port"
}
restart {
attempts = 2
interval = "30m"
delay = "15s"
mode = "fail"
}
ephemeral_disk {
size = 300
}
task "nginx" {
driver = "docker"
config {
image = "nginx"
ports = ["nginx-port"]
}
resources {
cpu = 500
memory = 256
}
}
}
}
#Nomand commands for Run,Stop, job status and logs
nomad job status
nomad job run nginx.nomad
nomad job stop nginx
nomad job status nginx
nomad alloc status <Allocations ID>
nomad alloc logs <Allocations ID>
#Access webUI at http://127.0.0.1:4646
why?
– Access vm via webconsole
– Easy to manage services
– Create/manage VM
– Create/manage podman
dnf install cockpit -y
systemctl start cockpit.socket
systemctl enable cockpit.socket
Browse https://127.0.0.1:9090 or https://YOUR_IP:9090more : https://cockpit-project.org
1.docker-ui.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: docker-registry-deployment
labels:
app: registry
env: prod
spec:
replicas: 1
selector:
matchLabels:
app: docker-registry
env: prod
template:
metadata:
labels:
app: docker-registry
env: prod
spec:
containers:
- name: docker-registry-container
image: registry:2
imagePullPolicy: IfNotPresent
env:
- name: REGISTRY_STORAGE_DELETE_ENABLED
value: "true"
resources:
requests:
memory: "256Mi"
cpu: "200m"
limits:
memory: "512Mi"
cpu: "200m"
volumeMounts:
- name: registry-data
mountPath: /var/lib/registry
- name: config-yml
mountPath: /etc/docker/registry/config.yml
subPath: config.yml
ports:
- containerPort: 5000
volumes:
- name: registry-data
nfs:
server: 192.168.0.184
path: "/opt/nfs1/docker_registry"
- name: config-yml
configMap:
name: docker-registry-conf
---
kind: ConfigMap
apiVersion: v1
metadata:
name: docker-registry-conf
data:
config.yml: |+
version: 0.1
log:
fields:
service: registry
storage:
filesystem:
rootdirectory: /var/lib/registry
http:
addr: 0.0.0.0:5000
secret: asecretforlocaldevelopment
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
---
kind: Service
apiVersion: v1
metadata:
name: docker-registry-service
labels:
app: docker-registry
env: prod
spec:
selector:
app: docker-registry
env: prod
ports:
- name: docker-registry
protocol: TCP
port: 5000
targetPort: 5000
#Docker ui
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: docker-ui-deployment
labels:
app: dockerui
env: prod
spec:
replicas: 1
selector:
matchLabels:
app: dockerui
env: prod
template:
metadata:
labels:
app: dockerui
env: prod
spec:
containers:
- name: dockerui-container
image: joxit/docker-registry-ui:static
imagePullPolicy: IfNotPresent
env:
- name: REGISTRY_URL
value: "http://docker-registry-service:5000"
- name: DELETE_IMAGES
value: "true"
- name: REGISTRY_TITLE
value: "Docker-UI"
resources:
requests:
memory: "512Mi"
cpu: "200m"
limits:
memory: "512Mi"
cpu: "200m"
ports:
- containerPort: 80
---
kind: Service
apiVersion: v1
metadata:
name: dockerui-service
labels:
app: dockerui
env: prod
spec:
selector:
app: dockerui
env: prod
ports:
- name: dockerui
protocol: TCP
port: 80
targetPort: 80
nodePort: 30005
type: NodePort2.Apache proxy rule
htpasswd -c /etc/httpd/admin-htpasswd admin
<VirtualHost *:80>
ServerName docker.initedit.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =docker.initedit.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
<VirtualHost *:443>
<Location />
AuthName authorization
AuthType Basic
require valid-user
AuthUserFile '/etc/httpd/admin-htpasswd'
</Location>
ServerName docker.initedit.com
AllowEncodedSlashes on
RewriteEngine on
SSLEngine On
SSLProxyEngine On
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "https"
ProxyPass / http://192.168.0.183:30005/
ProxyPassReverse / http://192.168.0.183:30005/
SSLCertificateFile /etc/letsencrypt/live/docker.initedit.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/docker.initedit.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/docker.initedit.com/fullchain.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
Note: Add htpasswd for basic authentication
docker tag docker.io/busybox docker.initedit.com/busybox1docker push docker.initedit.com/busybox1
3. You can delete from UI and also using docker_reg_tool. After deleting you need to run below command inside registry container to remove it completely
docker exec -it name_of_registory_container bin/registry garbage-collect /etc/docker/registry/config.yml
rancher.yml
version: '3'
services:
rancher:
image: rancher/rancher:latest
privileged: true
restart: always
container_name: rancher
volumes:
- /opt/docker/rancher:/var/lib/rancher
ports:
- 88:80
- 443:443mysql.yml
version: '3'
services:
mysql:
image: mysql
restart: always
container_name: mysql
environment:
MYSQL_ROOT_PASSWORD: "password"
volumes:
- /opt/docker/mysql:/var/lib/mysql
ports:
- 3306:3306start : docker-compose -f mysql.yml up -d
stop : docker-compose -f mysql.yml down
postgres.yml
version: '3'
services:
postgres:
image: postgres
restart: always
container_name: postgres
environment:
POSTGRES_PASSWORD: "password"
volumes:
- /opt/docker/postgres:/var/lib/postgresql/data
ports:
- 5432:5432start : docker-compose -f postgres.yml up -d
stop : docker-compose -f postgres.yml down
apiVersion: apps/v1
kind: Deployment
metadata:
name: registry-deployment
labels:
app: registry
env: prod
spec:
replicas: 1
selector:
matchLabels:
app: registry
env: prod
template:
metadata:
labels:
app: registry
env: prod
spec:
containers:
- name: registry-container
image: registry:2
imagePullPolicy: IfNotPresent
env:
- name: REGISTRY_STORAGE_DELETE_ENABLED
value: "true"
resources:
requests:
memory: "256Mi"
cpu: "200m"
limits:
memory: "512Mi"
cpu: "200m"
volumeMounts:
- name: registry-data
mountPath: /var/lib/registry
- name: config-yml
mountPath: /etc/docker/registry/config.yml
subPath: config.yml
ports:
- containerPort: 5000
volumes:
- name: registry-data
nfs:
server: 192.168.0.184
path: "/opt/nfs1/registry"
- name: config-yml
configMap:
name: registry-conf
---
kind: ConfigMap
apiVersion: v1
metadata:
name: registry-conf
data:
config.yml: |+
version: 0.1
log:
fields:
service: registry
storage:
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
---
kind: Service
apiVersion: v1
metadata:
name: registry-service
labels:
app: registry
env: prod
spec:
selector:
app: registry
env: prod
ports:
- name: registry
protocol: TCP
port: 5000
targetPort: 5000
nodePort: 30500
type: NodePort2.As this is running on http we need to add insecure registry inside /etc/docker/daemon.json on all running worker node and
{
"insecure-registries" : [ "192.168.0.183:30500" ]
}3. Restart the docker service
systemctl restart docker4. Tag the image that with registry server ip and port. DNS name can be used if available.
docker tag debian:latest 192.168.0.183:30500/debianlocal:latest5. Push the images to private registry server
docker push 192.168.0.183:30500/debianlocal:latest6. Delete images form registry server we will use docker_reg_tool https://github.com/byrnedo/docker-reg-tool/blob/master/docker_reg_tool
Note:
– Delete blobdescriptor: inmemory part from /etc/docker/registry/config.yml which is already have done in this example
– REGISTRY_STORAGE_DELETE_ENABLED = “true” should be present in env
./docker_reg_tool http://192.168.0.183:30500 delete debianlocal latest
#This can be cronjob inside the container
docker exec -it name_of_registory_container bin/registry garbage-collect /etc/docker/registry/config.yml
1.Deploy pushgateway to kubernetes
pushgateway.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: pushgateway-deployment
labels:
app: pushgateway
env: prod
spec:
replicas: 1
selector:
matchLabels:
app: pushgateway
env: prod
template:
metadata:
labels:
app: pushgateway
env: prod
spec:
containers:
- name: pushgateway-container
image: prom/pushgateway
imagePullPolicy: IfNotPresent
resources:
requests:
memory: "128Mi"
cpu: "200m"
limits:
memory: "256Mi"
cpu: "200m"
ports:
- containerPort: 9091
---
kind: Service
apiVersion: v1
metadata:
name: pushgateway-service
labels:
app: pushgateway
env: prod
spec:
selector:
app: pushgateway
env: prod
ports:
- name: pushgateway
protocol: TCP
port: 9091
targetPort: 9091
nodePort: 30191
type: NodePort2. Add pushgateway in /etc/prometheus/prometheus.yml
3. Push running docker status to pushgateway using below bash script and add it to crontab
job="docker_status"
running_docker=$(docker ps | wc -l)
docker_images=$(docker images | wc -l)
cat <<EOF | curl --data-binary @- http://192.168.0.183:30191/metrics/job/$job/instance/$(hostname)
# TYPE running_docker counter
running_docker $running_docker
docker_images $docker_images
EOF4. Data visualization in prometheus and pushgateway server
Python code:
job_name='cpuload'
instance_name='web1'
payload_key='cpu'
payload_value='10'
#print("{k} {v} \n".format(k=payload_key, v=payload_value))
#print('http://192.168.0.183:30191/metrics/job/{j}/instance/{i}'.format(j=job_name, i=instance_name))
response = requests.post('http://192.168.0.183:30191/metrics/job/{j}/instance/{i}'.format(j=job_name, i=instance_name), data="{k} {v}\n".format(k=payload_key, v=payload_value))
#print(response.text)pushgateway powershell command:
Invoke-WebRequest "http://192.168.0.183:30191/metrics/job/jenkins/instance/instace_name -Body "process 1`n" -Method Post$process1 = (tasklist /v | Select-String -AllMatches 'Jenkins' | findstr 'java' | %{ $_.Split('')[0]; }) | Out-String
if($process1 -like "java.exe*"){
write-host("This is if statement")
Invoke-WebRequest "http://192.168.0.183:30191/metrics/job/jenkins/instance/instace_name" -Body "jenkins_process 1`n" -Method Post
}else {
write-host("This is else statement")
Invoke-WebRequest "http://192.168.0.183:30191/metrics/job/jenkins/instance/instace_name" -Body "jenkins_process 0`n" -Method Post
}