Docker安装及基础配置

Docker

安装参考官网，不要从搜索引擎找个网站抄~安装上新旧大致存在的差异应该是 Debian 系的密钥导入，其他倒是差别不大。

官方文档：Docker Engine overview | Docker Documentation

RedHat 系

# 卸载旧的包
yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
# 安装依赖包，并导入yum源
yum install -y yum-utils
# 导入官方默认仓库
#yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# 使用阿里云仓库
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

# 正常安装
yum install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
systemctl start docker

# 安装指定版本
yum list docker-ce --showduplicates | sort -r
yum install docker-ce-<VERSION_STRING> docker-ce-cli-<VERSION_STRING> containerd.io docker-buildx-plugin docker-compose-plugin
systemctl start docker

# 卸载
sudo yum remove docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin docker-ce-rootless-extras
sudo rm -rf /var/lib/docker
sudo rm -rf /var/lib/containerd

Debian 系

# 卸载旧的包
for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done
# 安装依赖
sudo apt update
sudo apt install ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
# 安装证书，可使用阿里云
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
# 添加源，可使用阿里云
echo \
  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# 正常安装
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# 安装指定版本
sudo apt update
apt-cache madison docker-ce | awk '{ print $3 }'
VERSION_STRING=5:24.0.0-1~debian.11~bullseye
sudo apt-get install docker-ce=$VERSION_STRING docker-ce-cli=$VERSION_STRING containerd.io docker-buildx-plugin docker-compose-plugin


# 卸载
sudo apt-get purge docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin docker-ce-rootless-extras
sudo rm -rf /var/lib/docker
sudo rm -rf /var/lib/containerd

Debian 系在配置源时，需要注意发行版，如 Debian 或者 Ubuntu ；因为引入了变量，若发行版指定错误，安装会报错。

# 使用阿里云证书和源
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"

---

离线安装

离线包：https://download.docker.com/linux/static/stable/

# 下载安装包
wget -c https://download.docker.com/linux/static/stable/x86_64/docker-24.0.2.tgz
# 解压
tar -xf docker-24.0.2.tgz -C /usr/bin/ --strip-components=1
# 创建服务
cat > /etc/systemd/system/docker.service <<EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target

[Service]
Type=notify
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP \$MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s

[Install]
WantedBy=multi-user.target
EOF

chmod +x /etc/systemd/system/docker.service
systemctl daemon-reload 
systemctl enable --now docker.service

补充：安装v25.0.0 时，发现解压应用默认用户组不是 root，需要变更

---

Docker 加速配置

# 编辑配置文件
vim /etc/docker/daemon.json
# 注意 json 文件格式
{
  "exec-opts": [
    "native.cgroupdriver=systemd"
  ],
  "registry-mirrors": [
    "https://docker.nju.edu.cn/",
	"https://docker.mirrors.ustc.edu.cn/",
    "https://kuamavit.mirror.aliyuncs.com"
  ],
  "max-concurrent-downloads": 10,
  "log-driver": "json-file",
  "log-level": "warn",
  "log-opts": {
    "max-size": "10m",
    "max-file": "3"
  },
  "data-root": "/var/lib/docker"
}

# 重启配置
systemctl daemon-reload 
systemctl restart docker 

补充

CentOS 8 防火墙

CentOS 8 防火墙更改为 nftables​ ，若启动时报错关于防火墙，请修改

# vim /etc/firewalld/firewalld.conf
# FirewallBackend=nftables
FirewallBackend=iptables

或者将 docker0​ 网卡加入信任

firewall-cmd --permanent --zone=trusted --add-interface=docker0
firewall-cmd --reload

添加内核参数

如果是作为 k8s 运行时，此处直接参考 k8s 基础环境配置更友好

sudo tee -a /etc/sysctl.conf <<-EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF

sudo sysctl -p

‍