安装Docker

IPVS为大型集群提供了更好的可扩展性和性能

IPVS支持比iptables更复杂的负载平衡算法（最小负载，最少连接，位置，加权等）

IPVS支持服务器健康检查和连接重试等。

[root@demo1 ~]# cat  <<EOF   >  /etc/sysctl.d/docker.conf
> net.bridge.bridge-nf-call-ip6tables = 1 
> net.bridge.bridge-nf-call-iptables = 1
> net.ipv4.ip_forward=1
> EOF
[root@demo1 ~]# modprobe br_netfilter
[root@demo1 ~]# sysctl -p /etc/sysctl.d/docker.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
[root@demo1 ~]# cat > /etc/sysconfig/modules/ipvs.modules <<EOF
> #!/bin/bash
> modprobe -- ip_vs
> modprobe -- ip_vs_rr
> modprobe -- ip_vs_wrr
> modprobe -- ip_vs_sh
> modprobe -- nf_conntrack_ipv4
> EOF
[root@demo1 ~]# chmod 755 /etc/sysconfig/modules/ipvs.modules
[root@demo1 ~]# bash /etc/sysconfig/modules/ipvs.modules
[root@demo1 ~]# lsmod | grep -e ip_vs -e nf_conntrack_ipv4
nf_conntrack_ipv4      15053  0 
nf_defrag_ipv4         12729  1 nf_conntrack_ipv4
ip_vs_sh               12688  0 
ip_vs_wrr              12697  0 
ip_vs_rr               12600  0 
ip_vs                 145497  6 ip_vs_rr,ip_vs_sh,ip_vs_wrr
nf_conntrack          133095  2 ip_vs,nf_conntrack_ipv4
libcrc32c              12644  3 xfs,ip_vs,nf_conntrack

安装Docker

curl -sSL https://get.daocloud.io/docker | sh
systemctl start docker
systemctl enable docker

验证

[root@demo1 ~]# docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Docker Buildx (Docker Inc., v0.7.1-docker)
  scan: Docker Scan (Docker Inc., v0.12.0)

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 20.10.12
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
 runc version: v1.0.2-0-g52b36a2
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-957.el7.x86_64
 Operating System: CentOS Linux 7 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 5.67GiB
 Name: demo1.changhongit.com
 ID: QHA4:RPA7:NYVR:Q4W3:TXPS:BD4J:LAKR:CXFS:AG3G:5Y5L:4BRK:B363
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

安装本地仓库registry

[root@demo1 ~]# docker run -d -p 5000:5000 --name registry -v /opt/data/registry/:/registry --restart=always docker.io/registry
Unable to find image 'registry:latest' locally
latest: Pulling from library/registry
79e9f2f55bf5: Pull complete 
0d96da54f60b: Pull complete 
5b27040df4a2: Pull complete 
e2ead8259a04: Pull complete 
3790aef225b9: Pull complete 
Digest: sha256:169211e20e2f2d5d115674681eb79d21a217b296b43374b8e39f97fcf866b375
Status: Downloaded newer image for registry:latest
d6ad861f584631cace4a279f840ce54715adaf110e495c62ad852b9dfaebae4c

 创建daemon.json

[root@demo1 ~]# vim /etc/docker/daemon.json
[root@demo1 ~]# cat /etc/docker/daemon.json
{
"insecure-registries": ["172.28.14.117:5000"],
//配置docker支持http方式访问私有仓库
"registry-mirrors": ["http://hub-mirror.c.163.com"],
//配置docker镜像源163镜像
}

[root@demo1 ~]# systemctl daemon-reload
[root@demo1 ~]# systemctl restart docker.service