从容器内部控制Docker是否可行? [英] Is it feasible to control Docker from inside a container?
问题描述
我已经尝试在Docker容器中打包我的站点部署脚本。这个想法是我的服务都将在容器内,然后使用特殊的管理容器来管理其他容器。
I have experimented with packaging my site-deployment script in a Docker container. The idea is that my services will all be inside containers and then using the special management container to manage the other containers.
这个想法是我的主机应该是愚蠢的作为绝对可能的(目前我使用CoreOS,唯一的状态是启动我的管理容器的systemd配置)。
The idea is that my host machine should be as dumb as absolutely possible (currently I use CoreOS with the only state being a systemd config starting my management container).
管理容器用作创建新容器的推送目标基于我发送给它的源代码(使用SSH,我认为,至少这是我现在使用的)。该脚本还在单独的容器中管理持久性数据(数据库文件,日志等),并管理其备份,以便我可以拆卸和重建所有内容,而无需触摸任何数据。要完成此操作,在启动管理容器时,使用 -v
选项转发Docker Unix套接字。
The management container be used as a push target for creating new containers based on the source code I send to it (using SSH, I think, at least that is what I use now). The script also manages persistent data (database files, logs and so on) in a separate container and manages back-ups for it, so that I can tear down and rebuild everything without ever touching any data. To accomplish this I forward the Docker Unix socket using the -v
option when starting the management container.
这是一个好或坏的主意?这样做可以遇到问题吗?我没有在任何地方看到它是不鼓励的,但我也没有找到很多其他人的例子。
Is this a good or a bad idea? Can I run into problems by doing this? I did not read anywhere that it is discouraged, but I also did not find a lot of examples of others doing this.
推荐答案
这是完全正常的,你不是唯一的一个: - )
This is totally OK, and you're not the only one to do it :-)
另一个使用的例子是使用管理容器来处理Docker的身份验证REST API。它将接受EXPOSE的TCP端口上的连接,它本身以 -p
发布,并向UNIX套接字发送代理请求。
Another example of use is to use the management container to hande authentication for the Docker REST API. It would accept connections on an EXPOSE'd TCP port, itself published with -p
, and proxy requests to the UNIX socket.
这篇关于从容器内部控制Docker是否可行?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!