IaC基础设施即代码：Terraform 创建 docker 网络与容器资源

1）安装
yum -y install wget && wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce
 
2）配置cgroup驱动及镜像下载加速器：
cat > /etc/docker/daemon.json << EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"],
   "registry-mirrors": [
        "https://XXXXXXXX.mirror.aliyuncs.com",
        "https://registry.docker-cn.com",
        "https://docker.mirrors.ustc.edu.cn",
        "https://dockerhub.azk8s.cn",
        "http://hub-mirror.c.163.com"
	]
}
EOF
 
3）自启动
systemctl enable docker && systemctl start docker && systemctl status docker && docker info|grep systemd

② 安装docker

③ 配置镜像加速

④ 开机自启动服务

（2）查看版本

docker -v

4.Terraform使用本地编译（In-house）的Providers

（1）编写配置文件

vim .terraformrc
 
provider_installation {
  filesystem_mirror {
    path    = "/usr/share/terraform/providers"
    include = ["registry.terraform.io/*/*"]
  }
}

（2）Terraform模板(docker)

Terraform Registry

USE?PROVIDER

terraform {
  required_providers {
    docker = {
      source = "kreuzwerker/docker"
      version = "3.0.2"
    }
  }
}

provider "docker" {
  # Configuration options
}

Example Usage

terraform {
  required_providers {
    docker = {
      source  = "kreuzwerker/docker"
      version = "3.0.2"
    }
  }
}

provider "docker" {
  host = "unix:///var/run/docker.sock"
}

# Pulls the image
resource "docker_image" "ubuntu" {
  name = "ubuntu:latest"
}

# Create a container
resource "docker_container" "foo" {
  image = docker_image.ubuntu.image_id
  name  = "foo"
}

(3) 下载软件包

https://github.com/kreuzwerker/terraform-provider-docker/releases

(4) 创建目录

mkdir -p  /usr/share/terraform/providers/registry.terraform.io/kreuzwerker/docker/3.0.2/linux_amd64

（5）解压软件包

unzip terraform-provider-docker_3.0.2_linux_amd64.zip

（6）tree递归查看目录 (将软件包按递归目录放置)

tree -s /usr/share/terraform/

5.Docker-CE 开启远程API

（1）修改配置文件

vim /usr/lib/systemd/system/docker.service
……
ExecStart=/usr/bin/dockerd --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock  -H fd://
……

（2）重新加载配置及重启服务

systemctl daemon-reload  && systemctl restart docker

（3）测试API

curl http://127.0.0.1:2375/version

6. Linux主机拉取镜像

（1）dockerhub 查看镜像

https://hub.docker.com/r/jenkins/jenkins

docker pull jenkins/jenkins

（2）拉取镜像

docker pull jenkins/jenkins

（3）查看镜像

docker images

7.Terraform 创建docker 网络资源

（1）查看目录?

tree -s ~/terraform-docker-master

（2）主配置文件与版本配置文件

main.tf，? Docker Provider用于与 Docker 容器和镜像进行交互，它使用 Docker API 来管理 Docker 容器的生命周期。

vim main.tf

provider "docker" {
  host = "tcp://127.0.0.1:2375"
}

locals {
  network_settings = [ 
    {   
      name   = "devops"
      driver = "bridge"
      subnet = "10.1.0.0/24"
    }   
  ]
}

resource "docker_network" "network" {
  count  = length(local.network_settings)
  name   = local.network_settings[count.index]["name"]
  driver = local.network_settings[count.index]["driver"]
  ipam_config {
    subnet = local.network_settings[count.index]["subnet"]
  }
}

versions.tf

vim versions.tf

terraform {
  required_providers {
    docker = { 
      source  = "kreuzwerker/docker"
      version = "3.0.2"
    }   
  }
}

(3) 初始化

terraform init

(4)?格式化代码

terraform fmt

(6) 验证

terraform validate

(7)计划与预览

 terraform plan

(8)查看docker网络

docker network list

(9)申请资源

terraform apply

(10)展示资源

terraform show

（11）查看docker网络

docker network list

已新增devops网络

（12）检查网络

docker inspect devops

8.Terraform 创建docker 容器资源

?（1）查看目录?

tree -s ~/terraform-docker-master

（2）主配置文件

main.tf，? Docker Provider用于与 Docker 容器和镜像进行交互，它使用 Docker API 来管理 Docker 容器的生命周期。

vim main.tf

provider "docker" {
  host = "tcp://127.0.0.1:2375"
}

data "terraform_remote_state" "network" {
  backend = "local"
  config = { 
    path = "../network/terraform.tfstate"
  }
}

# output "name" {
#   value = data.terraform_remote_state.network.outputs
# }

（3）版本配置文件

versions.tf

vim versions.tf

terraform {
  required_providers {
    docker = { 
      source  = "kreuzwerker/docker"
      version = "3.0.2"
    }   
  }
}

（4）容器配置文件

jenkins.tf

vim jenkins.tf

resource "docker_image" "jenkins" {
  name         = "jenkins/jenkins:latest"
  keep_locally = true
}

locals {
  container_name    = "jenkins"
  container_network = data.terraform_remote_state.network.outputs.network[0]["name"]
  container_ip      = "10.1.0.10"
  container_user    = "root"

  container_ports = [
    {
      internal = 8087
      external = 8087
    },
    {
      internal = 50000
      external = 50000
    }
  ]

  container_volumes = [
    {
      container_path = "/var/jenkins_home"
      host_path      = "/tmp/jenkinshome"
    }
  ]
}

resource "docker_container" "jenkins" {
  name  = local.container_name
  image = docker_image.jenkins.name
  networks_advanced {
    name         = local.container_network
    ipv4_address = local.container_ip
  }
  user = local.container_user


  dynamic "ports" {
    for_each = local.container_ports
    content  {
      internal = ports.value.internal
      external = ports.value.external
      ip       = "0.0.0.0"
      protocol = "tcp"
    }

  }

  dynamic "volumes" {
    for_each = local.container_volumes
    content {
      container_path = volumes.value.container_path
      host_path      = volumes.value.host_path
    }

  }

  depends_on = [
    docker_image.jenkins
  ]
}

?(5) 初始化

terraform init

（6）格式化代码

terraform fmt

（7) 验证

terraform validate

(8)计划与预览

 terraform plan

(9) 申请资源

terraform apply

yes

(10)展示资源

terraform show

(11)查看docker进程

docker ps

(12) 检查容器

?docker inspect 3496fcb321ca

（13）查看容器日志

docker logs -f jenkins

(14) 查看监听端口

http://192.168.204.233:50000/

(15)?销毁容器资源

terraform destroy

yes

(16) 查看docker进程

docker ps

容器资源已删除

?(17)?销毁网络资源

terraform destroy

?(8)查看docker网络

docker network list

已删除devops网络

文章来源:https://blog.csdn.net/cronaldo91/article/details/135699459
本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若内容造成侵权/违法违规/事实不符，请联系我的编程经验分享网邮箱：chenni525@qq.com进行投诉反馈，一经查实，立即删除！