Docker安装及基础配置
Docker
安装参考官网,不要从搜索引擎找个网站抄~安装上新旧大致存在的差异应该是 Debian 系的密钥导入,其他倒是差别不大。
官方文档:Docker Engine overview | Docker Documentation
RedHat 系
# 卸载旧的包
yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
# 安装依赖包,并导入yum源
yum install -y yum-utils
# 导入官方默认仓库
#yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# 使用阿里云仓库
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 正常安装
yum install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
systemctl start docker
# 安装指定版本
yum list docker-ce --showduplicates | sort -r
yum install docker-ce-<VERSION_STRING> docker-ce-cli-<VERSION_STRING> containerd.io docker-buildx-plugin docker-compose-plugin
systemctl start docker
# 卸载
sudo yum remove docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin docker-ce-rootless-extras
sudo rm -rf /var/lib/docker
sudo rm -rf /var/lib/containerd
Debian 系
# 卸载旧的包
for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done
# 安装依赖
sudo apt update
sudo apt install ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
# 安装证书,可使用阿里云
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
# 添加源,可使用阿里云
echo \
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# 正常安装
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# 安装指定版本
sudo apt update
apt-cache madison docker-ce | awk '{ print $3 }'
VERSION_STRING=5:24.0.0-1~debian.11~bullseye
sudo apt-get install docker-ce=$VERSION_STRING docker-ce-cli=$VERSION_STRING containerd.io docker-buildx-plugin docker-compose-plugin
# 卸载
sudo apt-get purge docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin docker-ce-rootless-extras
sudo rm -rf /var/lib/docker
sudo rm -rf /var/lib/containerd
Debian 系在配置源时,需要注意发行版,如 Debian 或者 Ubuntu ;因为引入了变量,若发行版指定错误,安装会报错。
# 使用阿里云证书和源
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
离线安装
离线包:https://download.docker.com/linux/static/stable/
# 下载安装包
wget -c https://download.docker.com/linux/static/stable/x86_64/docker-24.0.2.tgz
# 解压
tar -xf docker-24.0.2.tgz -C /usr/bin/ --strip-components=1
# 创建服务
cat > /etc/systemd/system/docker.service <<EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP \$MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
EOF
chmod +x /etc/systemd/system/docker.service
systemctl daemon-reload
systemctl enable --now docker.service
补充:安装v25.0.0 时,发现解压应用默认用户组不是 root,需要变更
Docker 加速配置
# 编辑配置文件
vim /etc/docker/daemon.json
# 注意 json 文件格式
{
"exec-opts": [
"native.cgroupdriver=systemd"
],
"registry-mirrors": [
"https://docker.nju.edu.cn/",
"https://docker.mirrors.ustc.edu.cn/",
"https://kuamavit.mirror.aliyuncs.com"
],
"max-concurrent-downloads": 10,
"log-driver": "json-file",
"log-level": "warn",
"log-opts": {
"max-size": "10m",
"max-file": "3"
},
"data-root": "/var/lib/docker"
}
# 重启配置
systemctl daemon-reload
systemctl restart docker
补充
CentOS 8 防火墙
CentOS 8 防火墙更改为 nftables
,若启动时报错关于防火墙,请修改
# vim /etc/firewalld/firewalld.conf
# FirewallBackend=nftables
FirewallBackend=iptables
或者将 docker0
网卡加入信任
firewall-cmd --permanent --zone=trusted --add-interface=docker0
firewall-cmd --reload
添加内核参数
如果是作为 k8s 运行时,此处直接参考 k8s 基础环境配置更友好
sudo tee -a /etc/sysctl.conf <<-EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
sudo sysctl -p
本文来自博客园,作者:虫祇,转载请注明原文链接:https://www.cnblogs.com/chongxs/p/18097998/docker-install