Docker daemon.json 的配置项目合集

这几天看了一点docker相关的东西, 在学习中:

看了下园友的blog 感觉很好 这里 学习一下.

https://www.cnblogs.com/pzk7788/p/10180197.html

其实也可以从 systemd 里面的 docker.service 进行修改 来处理

但是 docker/daemon 的处理更完善一下 也更安全. 

 vim /etc/docker/daemon.json
{
    "authorization-plugins": [],
    "data-root": "",   # 设置docker运行时的根目录
    "dns": [],         # 设置容器的DNS地址
    "dns-opts": [],    # 设置容器的/etc/resolv.conf文件
    "dns-search": [],
    "exec-opts": [],
    "exec-root": "",
    "experimental": false,
    "features": {},
    "storage-driver": "",
    "storage-opts": [],
    "labels": [],
    "live-restore": true,
    "log-driver": "json-file",  
    "log-opts": {
        "max-size": "10m",
        "max-files":"5",
        "labels": "somelabel",
        "env": "os,customer"
    },               # 定义logfile的大小以及限制等
    "mtu": 0,
    "pidfile": "",    # 设置docker守护进程的PID文件
    "cluster-store": "", 
    "cluster-store-opts": {},
    "cluster-advertise": "",
    "max-concurrent-downloads": 3,
    "max-concurrent-uploads": 5,
    "default-shm-size": "64M",
    "shutdown-timeout": 15,
    "debug": true,    # 是否以debug模式启动docker
    "hosts": [],      # 设置容器的hosts
    "log-level": "",
    "tls": true,
    "tlsverify": true,
    "tlscacert": "",
    "tlscert": "",
    "tlskey": "",
    "swarm-default-advertise-addr": "",
    "api-cors-header": "",
    "selinux-enabled": false,    # 设置是否支持SELinux
    "userns-remap": "",
    "group": "",
    "cgroup-parent": "",
    "default-ulimits": {
        "nofile": {
            "Name": "nofile",
            "Hard": 64000,
            "Soft": 64000
        }
    },
    "init": false,
    "init-path": "/usr/libexec/docker-init",
    "ipv6": false,
    "iptables": false,
    "ip-forward": false,    
    "ip-masq": false,
    "userland-proxy": false,
    "userland-proxy-path": "/usr/libexec/docker-proxy",
    "ip": "0.0.0.0",
    "bridge": "",
    "bip": "",
    "fixed-cidr": "",
    "fixed-cidr-v6": "",
    "default-gateway": "",
    "default-gateway-v6": "",
    "icc": false,
    "raw-logs": false,
    "allow-nondistributable-artifacts": [],
    "registry-mirrors": [],       # 设置镜像加速地址  这里面需要设置是https
    "seccomp-profile": "",
    "insecure-registries": [],    # 设置docker的私有仓库地址  可以不是https的 
    "no-new-privileges": false,
    "default-runtime": "runc",
    "oom-score-adjust": -500,
    "node-generic-resources": ["NVIDIA-GPU=UUID1", "NVIDIA-GPU=UUID2"],
    "runtimes": {
        "cc-runtime": {
            "path": "/usr/bin/cc-runtime"
        },
        "custom": {
            "path": "/usr/local/bin/my-runc-replacement",
            "runtimeArgs": [
                "--debug"
            ]
        }
    },
    "default-address-pools":[{"base":"172.80.0.0/16","size":24},
    {"base":"172.90.0.0/16","size":24}]
}