Docker 配置管理
Docker 配置管理涉及守护进程配置、日志驱动、存储驱动等多个方面。本文将详细介绍如何配置和优化 Docker 引擎。
目录
配置文件概述
1.1 配置文件位置
| 操作系统 | 配置文件路径 |
|---|---|
| Linux | /etc/docker/daemon.json |
| Windows | C:\ProgramData\docker\config\daemon.json |
| macOS | ~/.docker/daemon.json |
1.2 配置文件格式
json
{
"key": "value",
"key2": {
"nested": "value"
},
"array": ["item1", "item2"]
}1.3 配置加载顺序
配置加载优先级(从高到低):
1. 命令行标志
dockerd --storage-driver=overlay2
2. 环境变量
DOCKER_STORAGE_DRIVER=overlay2
3. 配置文件
/etc/docker/daemon.json
4. 默认值守护进程配置
2.1 基本配置
json
{
"debug": false,
"log-level": "info",
"data-root": "/var/lib/docker",
"exec-root": "/var/run/docker",
"pidfile": "/var/run/docker.pid",
"hosts": ["unix:///var/run/docker.sock"],
"experimental": false
}2.2 存储配置
json
{
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true",
"overlay2.size=10G"
],
"data-root": "/ssd/docker",
"exec-root": "/var/run/docker"
}2.3 网络配置
json
{
"bip": "172.26.0.1/16",
"fixed-cidr": "172.26.0.0/16",
"fixed-cidr-v6": "2001:db8::/64",
"default-gateway": "172.26.0.1",
"default-gateway-v6": "2001:db8::1",
"dns": ["8.8.8.8", "8.8.4.4"],
"dns-opts": ["ndots:2"],
"dns-search": ["example.com"],
"mtu": 1500,
"userland-proxy": false,
"ip-forward": true,
"ip-masq": true,
"iptables": true,
"ipv6": false,
"bridge": "docker0"
}2.4 运行时配置
json
{
"default-runtime": "runc",
"runtimes": {
"runc": {
"path": "runc"
},
"runsc": {
"path": "/usr/local/bin/runsc",
"runtimeArgs": [
"--platform=kvm"
]
}
},
"exec-opts": ["native.cgroupdriver=systemd"],
"live-restore": true,
"default-ulimits": {
"nofile": {
"Name": "nofile",
"Hard": 64000,
"Soft": 64000
}
},
"default-shm-size": "64M",
"default-ipc-mode": "shareable",
"default-pids-limit": -1
}2.5 完整配置示例
json
{
"debug": false,
"log-level": "info",
"data-root": "/var/lib/docker",
"exec-root": "/var/run/docker",
"pidfile": "/var/run/docker.pid",
"hosts": ["unix:///var/run/docker.sock"],
"experimental": false,
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
],
"bip": "172.26.0.1/16",
"fixed-cidr": "172.26.0.0/16",
"dns": ["8.8.8.8", "8.8.4.4"],
"dns-search": ["example.com"],
"mtu": 1500,
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3",
"labels": "production_status",
"env": "OS_VERSION"
},
"default-runtime": "runc",
"exec-opts": ["native.cgroupdriver=systemd"],
"live-restore": true,
"metrics-addr": "0.0.0.0:9323",
"features": {
"buildkit": true
}
}日志驱动配置
3.1 支持的日志驱动
| 驱动 | 说明 | 适用场景 |
|---|---|---|
json-file | 默认,JSON 格式 | 通用 |
local | 优化本地存储 | 生产环境 |
syslog | Syslog 协议 | 集中日志 |
journald | systemd journal | systemd 系统 |
gelf | Graylog Extended Format | Graylog |
fluentd | Fluentd 集成 | Fluentd |
awslogs | AWS CloudWatch | AWS 环境 |
gcplogs | Google Cloud Logging | GCP 环境 |
logentries | Rapid7 Logentries | 第三方服务 |
splunk | Splunk HTTP Event Collector | Splunk |
etwlogs | Windows Event Tracing | Windows |
none | 禁用日志 | 特殊场景 |
3.2 JSON File 驱动
json
{
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3",
"labels": "production_status,environment",
"env": "OS_VERSION,CUDA_VERSION",
"compress": "true"
}
}3.3 Local 驱动
json
{
"log-driver": "local",
"log-opts": {
"max-size": "10m",
"max-file": "3",
"compress": "true"
}
}3.4 Syslog 驱动
json
{
"log-driver": "syslog",
"log-opts": {
"syslog-address": "udp://192.168.1.100:514",
"syslog-facility": "daemon",
"syslog-format": "rfc5424",
"tag": "docker/{{.Name}}"
}
}3.5 Fluentd 驱动
json
{
"log-driver": "fluentd",
"log-opts": {
"fluentd-address": "localhost:24224",
"fluentd-async-connect": "true",
"fluentd-buffer-limit": "1048576",
"tag": "docker.{{.ID}}"
}
}3.6 容器级日志配置
bash
# 运行容器时指定日志驱动
docker run -d \
--log-driver json-file \
--log-opt max-size=10m \
--log-opt max-file=3 \
nginx:alpine
# Docker Compose 配置
version: '3.8'
services:
web:
image: nginx:alpine
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
labels: "service_name"
env: "OS_VERSION"存储驱动配置
4.1 存储驱动对比
| 驱动 | 性能 | 稳定性 | 空间效率 | 适用场景 |
|---|---|---|---|---|
overlay2 | 优秀 | 优秀 | 好 | 推荐(默认) |
fuse-overlayfs | 良好 | 良好 | 好 | 无 root 权限 |
btrfs | 优秀 | 良好 | 优秀 | 需要 btrfs |
zfs | 优秀 | 优秀 | 优秀 | 需要 zfs |
devicemapper | 一般 | 一般 | 一般 | 旧系统兼容 |
4.2 Overlay2 配置
json
{
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true",
"overlay2.size=10G"
]
}4.3 Btrfs 配置
json
{
"storage-driver": "btrfs",
"storage-opts": [
"btrfs.min_space=1G"
]
}4.4 ZFS 配置
json
{
"storage-driver": "zfs",
"storage-opts": [
"zfs.fsname=zpool/docker"
]
}4.5 Devicemapper 配置
json
{
"storage-driver": "devicemapper",
"storage-opts": [
"dm.thinpooldev=/dev/mapper/thin-pool",
"dm.use_deferred_removal=true",
"dm.use_deferred_deletion=true"
]
}网络配置
5.1 默认网桥配置
json
{
"bip": "172.26.0.1/16",
"fixed-cidr": "172.26.0.0/16",
"mtu": 1500,
"default-gateway": "172.26.0.1",
"bridge": "docker0"
}5.2 DNS 配置
json
{
"dns": ["8.8.8.8", "8.8.4.4", "1.1.1.1"],
"dns-opts": ["ndots:2", "timeout:2", "attempts:2"],
"dns-search": ["example.com", "internal.example.com"]
}5.3 代理配置
json
{
"proxies": {
"default": {
"httpProxy": "http://proxy.example.com:8080",
"httpsProxy": "http://proxy.example.com:8080",
"noProxy": "localhost,127.0.0.1,.example.com"
}
}
}5.4 高级网络配置
json
{
"ip-forward": true,
"ip-masq": true,
"iptables": true,
"ipv6": false,
"userland-proxy": false,
"userland-proxy-path": "/usr/libexec/docker-proxy",
"fixed-cidr-v6": "2001:db8::/64",
"default-gateway-v6": "2001:db8::1"
}安全配置
6.1 TLS 配置
json
{
"tls": true,
"tlscacert": "/etc/docker/ca.pem",
"tlscert": "/etc/docker/server-cert.pem",
"tlskey": "/etc/docker/server-key.pem",
"tlsverify": true,
"hosts": ["tcp://0.0.0.0:2376", "unix:///var/run/docker.sock"]
}6.2 用户命名空间
json
{
"userns-remap": "default",
"userns-remap": "user:group"
}6.3 SELinux/AppArmor
json
{
"selinux-enabled": true,
"apparmor-default": "docker-default"
}6.4 安全选项
json
{
"no-new-privileges": true,
"seccomp-profile": "/etc/docker/seccomp/default.json",
"apparmor-profile": "docker-default"
}性能优化
7.1 资源限制
json
{
"default-ulimits": {
"nofile": {
"Name": "nofile",
"Hard": 64000,
"Soft": 64000
},
"nproc": {
"Name": "nproc",
"Hard": 32768,
"Soft": 32768
}
},
"default-pids-limit": 2048,
"default-shm-size": "64M",
"default-memory-reservation": "256M"
}7.2 构建优化
json
{
"features": {
"buildkit": true
},
"builder": {
"gc": {
"enabled": true,
"defaultKeepStorage": "20GB"
}
}
}7.3 监控配置
json
{
"metrics-addr": "0.0.0.0:9323",
"experimental": true,
"labels": ["os=linux", "arch=amd64"]
}7.4 高可用配置
json
{
"live-restore": true,
"cluster-store": "consul://localhost:8500",
"cluster-advertise": "192.168.1.100:2376",
"cluster-store-opts": {
"kv.cacertfile": "/etc/docker/ca.pem",
"kv.certfile": "/etc/docker/cert.pem",
"kv.keyfile": "/etc/docker/key.pem"
}
}配置管理命令
8.1 重新加载配置
bash
# 方法 1: 发送 SIGHUP 信号
sudo kill -SIGHUP $(pidof dockerd)
# 方法 2: 使用 systemd
sudo systemctl reload docker
# 方法 3: 重启 Docker
sudo systemctl restart docker8.2 验证配置
bash
# 检查配置文件语法
dockerd --config-file /etc/docker/daemon.json --validate
# 查看当前配置
docker info --format '{{ json . }}' | jq
# 查看特定配置
docker info --format '{{ .Driver }}'
docker info --format '{{ .DockerRootDir }}'8.3 配置模板
bash
#!/bin/bash
# setup-docker.sh - Docker 配置脚本
CONFIG_FILE="/etc/docker/daemon.json"
# 创建配置目录
sudo mkdir -p /etc/docker
# 写入配置
sudo tee $CONFIG_FILE > /dev/null <<EOF
{
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
],
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
},
"live-restore": true,
"features": {
"buildkit": true
}
}
EOF
# 重新加载配置
sudo systemctl reload docker
echo "Docker configuration updated!"故障排查
9.1 配置错误排查
bash
# 检查配置文件语法
python3 -m json.tool /etc/docker/daemon.json
# 查看 Docker 启动日志
sudo journalctl -u docker.service -n 100
# 手动启动 Docker 查看错误
sudo dockerd --debug9.2 常见问题
bash
# 问题: 存储驱动不支持
# 解决: 检查内核版本和模块
uname -r
lsmod | grep overlay
# 问题: 端口被占用
# 解决: 检查端口使用
sudo netstat -tlnp | grep 2375
# 问题: 权限错误
# 解决: 检查文件权限
ls -la /etc/docker/
sudo chown root:root /etc/docker/daemon.json
sudo chmod 644 /etc/docker/daemon.json