vi /lib/systemd/system/docker.service
docker.service默认内容如下:
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
[Install]
WantedBy=multi-user.target
下面的配置都是在[Service]节点下的ExecStart属性后面加参数值,docker.service文件被修改后请执行systemctl daemon-reload && systemctl restart docker,如果配置未生效,请执行systemctl status docker查看服务状态。
开启远程API访问端口
添加-H 0.0.0.0:2375,端口可以随意指定,修改后的ExecStart如下:
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H 0.0.0.0:2375
重新加载配置并重启docker
systemctl daemon-reload && systemctl restart docker
访问http://127.0.0.1:2375/info进行验证
修改bridge网络的ip段
执行docker network inspect bridge命令可以发现bridge网络默认的IP段是172.17.0.0/16,添加--bip 10.0.0.1/16修改默认IP段
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --bip 10.0.0.1/16
重新加载配置并重启docker
systemctl daemon-reload && systemctl restart docker
启动一个nginx容器进行验证
docker run -dP --name nginx nginx
docker inspect --format '{{ .NetworkSettings.IPAddress }}' nginx
docker rm -f nginx
配置私有镜像仓库
以下示例配置develop-harbor.geostar.com.cn,test-harbor.geostar.com.cn,release-harbor.geostar.com.cn三个私有镜像仓库
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
--insecure-registry develop-harbor.geostar.com.cn
--insecure-registry test-harbor.geostar.com.cn
--insecure-registry release-harbor.geostar.com.cn
重新加载配置并重启docker
systemctl daemon-reload && systemctl restart docker
手动拉取私有镜像仓库中的镜像验证
配置dns
以下示例配置114.114.114.114 和8.8.8.8两个dns服务器地址
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
--dns 114.114.114.114
--dns 8.8.8.8
重新加载配置并重启docker
systemctl daemon-reload && systemctl restart docker
启动一个alpine容器镜像验证resolv.conf配置文件是否成功修改
docker run --rm alpine cat /etc/resolv.conf