1.新建用户组,更改所属
# 新建docker用户/组
useradd -u 1009 -d /opt/docker-24.0.6 docker
# 更改所属者/组
chown -R docker:docker /opt/docker-24.0.6
# 配置iptables,接收数据包转发
iptables -P FORWARD ACCEPT
# 配置内核数据包过滤和转发
modprobe br_netfilter
2.修改内核参数vim /etc/sysctl.d/docker.conf 刷新配置文件sysctl -p /etc/sysctl.d/docker.conf
# 开启三层网络,数据包经过iptables过滤和处理
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
# 开启内核ipv4数据包转发
net.ipv4.ip_forward = 1
3.编辑配置文件vim /etc/docker/daemon.json
{
# 自定义网段
"bip": "192.168.0.0/24",
"exec-opts": ["native.cgroupdriver=systemd"],
# 镜像源
"registry-mirrors": [
"https://registry.docker-cn.com"
],
# 最大并发下载数
"max-concurrent-downloads": 10,
# 日志驱动程序
"log-driver": "json-file",
"log-level": "warn",
"log-opts": {
"max-size": "10m",
"max-file": "3"
},
# 数据存放目录
"data-root": "/var/data/docker",
# docker私服
"insecure-registries": [
"IP:5081"
]
}
cp /opt/docker-24.0.6/* /usr/local/sbin
4.编辑启动脚本vim /usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
After=network-online.target firewalld.service
Wants=network-online.target
Requires=docker.socket
[Service]
Type=notify
ExecStart=/usr/local/sbin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
OOMScoreAdjust=-500
[Install]
WantedBy=multi-user.target
5.编辑套接字脚本vim /usr/lib/systemd/system/docker.socket
[Unit]
Description=Docker Socket for the API
[Socket]
ListenStream=/var/socket/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target