vi /lib/systemd/system/docker.service
docker.service默認內容如下:
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
[Install]
WantedBy=multi-user.target
下面的配置都是在[Service]節點下的ExecStart屬性后面加參數值,docker.service文件被修改后請執行systemctl daemon-reload && systemctl restart docker,如果配置未生效,請執行systemctl status docker查看服務狀態。
開啟遠程API訪問端口
添加-H 0.0.0.0:2375,端口可以隨意指定,修改后的ExecStart如下:
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H 0.0.0.0:2375
重新加載配置並重啟docker
systemctl daemon-reload && systemctl restart docker
訪問http://127.0.0.1:2375/info進行驗證
修改bridge網絡的ip段
執行docker network inspect bridge命令可以發現bridge網絡默認的IP段是172.17.0.0/16,添加--bip 10.0.0.1/16修改默認IP段
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --bip 10.0.0.1/16
重新加載配置並重啟docker
systemctl daemon-reload && systemctl restart docker
啟動一個nginx容器進行驗證
docker run -dP --name nginx nginx
docker inspect --format '{{ .NetworkSettings.IPAddress }}' nginx
docker rm -f nginx
配置私有鏡像倉庫
以下示例配置develop-harbor.geostar.com.cn,test-harbor.geostar.com.cn,release-harbor.geostar.com.cn三個私有鏡像倉庫
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock \
--insecure-registry develop-harbor.geostar.com.cn \
--insecure-registry test-harbor.geostar.com.cn \
--insecure-registry release-harbor.geostar.com.cn \
重新加載配置並重啟docker
systemctl daemon-reload && systemctl restart docker
手動拉取私有鏡像倉庫中的鏡像驗證
配置dns
以下示例配置114.114.114.114 和8.8.8.8兩個dns服務器地址
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock \
--dns 114.114.114.114 \
--dns 8.8.8.8
重新加載配置並重啟docker
systemctl daemon-reload && systemctl restart docker
啟動一個alpine容器鏡像驗證resolv.conf配置文件是否成功修改
docker run --rm alpine cat /etc/resolv.conf