先來看下成果
Portainer搭建步驟
官方鏡像:https://hub.docker.com/r/portainer/portainer
網上有很多相關的文章,這裏不做累述,可參考
啓動命令注意映射 volumn,這樣重啓可以保留數據:
docker run -d -p 9000:9000 --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /opt/portainer/data:/data --name portainer portainer/portainer
如何設置管理Remote端的Docker容器
看重點:
The Docker API must be exposed over TCP. You can find more information about how to expose the Docker API over TCP
接下來的問題就是Docker如何暴露TCP端口?
搜索關鍵詞 “Docker開啓Remote API” Docker開啓Remote API
vim /usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target
Wants=docker-storage-setup.service
Requires=docker-cleanup.timer
[Service]
Type=notify
NotifyAccess=main
EnvironmentFile=-/run/containers/registries.conf
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network
Environment=GOTRACEBACK=crash
Environment=DOCKER_HTTP_HOST_COMPAT=1
Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
ExecStart=/usr/bin/dockerd-current \
-H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock \
--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
--default-runtime=docker-runc \
--exec-opt native.cgroupdriver=systemd \
--userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
--init-path=/usr/libexec/docker/docker-init-current \
--seccomp-profile=/etc/docker/seccomp.json \
$OPTIONS \
$DOCKER_STORAGE_OPTIONS \
$DOCKER_NETWORK_OPTIONS \
$ADD_REGISTRY \
$BLOCK_REGISTRY \
$INSECURE_REGISTRY \
$REGISTRIES
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
Restart=on-abnormal
KillMode=process
[Install]
WantedBy=multi-user.target
加入下面這行重啓即可:
-H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock \
sudo systemctl daemon-reload
sudo service docker restart
TODO List
直接暴露 docker remote api 的安全性如何保障?