IPVS为大型集群提供了更好的可扩展性和性能
IPVS支持比iptables更复杂的负载平衡算法(最小负载,最少连接,位置,加权等)
IPVS支持服务器健康检查和连接重试等。
[root@demo1 ~]# cat <<EOF > /etc/sysctl.d/docker.conf
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> net.ipv4.ip_forward=1
> EOF
[root@demo1 ~]# modprobe br_netfilter
[root@demo1 ~]# sysctl -p /etc/sysctl.d/docker.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
[root@demo1 ~]# cat > /etc/sysconfig/modules/ipvs.modules <<EOF
> #!/bin/bash
> modprobe -- ip_vs
> modprobe -- ip_vs_rr
> modprobe -- ip_vs_wrr
> modprobe -- ip_vs_sh
> modprobe -- nf_conntrack_ipv4
> EOF
[root@demo1 ~]# chmod 755 /etc/sysconfig/modules/ipvs.modules
[root@demo1 ~]# bash /etc/sysconfig/modules/ipvs.modules
[root@demo1 ~]# lsmod | grep -e ip_vs -e nf_conntrack_ipv4
nf_conntrack_ipv4 15053 0
nf_defrag_ipv4 12729 1 nf_conntrack_ipv4
ip_vs_sh 12688 0
ip_vs_wrr 12697 0
ip_vs_rr 12600 0
ip_vs 145497 6 ip_vs_rr,ip_vs_sh,ip_vs_wrr
nf_conntrack 133095 2 ip_vs,nf_conntrack_ipv4
libcrc32c 12644 3 xfs,ip_vs,nf_conntrack
安装Docker
curl -sSL https://get.daocloud.io/docker | sh
systemctl start docker
systemctl enable docker
验证
[root@demo1 ~]# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.7.1-docker)
scan: Docker Scan (Docker Inc., v0.12.0)
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.12
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
runc version: v1.0.2-0-g52b36a2
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-957.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 5.67GiB
Name: demo1.changhongit.com
ID: QHA4:RPA7:NYVR:Q4W3:TXPS:BD4J:LAKR:CXFS:AG3G:5Y5L:4BRK:B363
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
安装本地仓库registry
[root@demo1 ~]# docker run -d -p 5000:5000 --name registry -v /opt/data/registry/:/registry --restart=always docker.io/registry
Unable to find image 'registry:latest' locally
latest: Pulling from library/registry
79e9f2f55bf5: Pull complete
0d96da54f60b: Pull complete
5b27040df4a2: Pull complete
e2ead8259a04: Pull complete
3790aef225b9: Pull complete
Digest: sha256:169211e20e2f2d5d115674681eb79d21a217b296b43374b8e39f97fcf866b375
Status: Downloaded newer image for registry:latest
d6ad861f584631cace4a279f840ce54715adaf110e495c62ad852b9dfaebae4c
创建daemon.json
[root@demo1 ~]# vim /etc/docker/daemon.json
[root@demo1 ~]# cat /etc/docker/daemon.json
{
"insecure-registries": ["172.28.14.117:5000"],
//配置docker支持http方式访问私有仓库
"registry-mirrors": ["http://hub-mirror.c.163.com"],
//配置docker镜像源163镜像
}
[root@demo1 ~]# systemctl daemon-reload
[root@demo1 ~]# systemctl restart docker.service