Docker服务的一些默认配置,可能不太适合我们使用。例如默认仓库源在国外,访问极慢;默认家目录为/var/lib/docker,可能不是我们想要的存储位置等等。虽然Docker支持服务运行时添加参数来自定义修改这些配置,但我推荐另一种json格式的配置方式:配置文件daemon.json,通俗易懂,配置方便(二种类型的配置参数不能冲突)。

daemon.json配置详解

仅描述常用和重要配置参数

在linux上的配置

路径:/etc/docker/daemon.json

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
{
	"authorization-plugins": [],
	"data-root": "",    # docker家目录,默认/var/lib/docker
	"dns": [],  # DNS服务器域名
	"dns-opts": [],
	"dns-search": [],
	"exec-opts": [],    # 服务运行参数,不建议配置
	"exec-root": "",
	"experimental": false,
	"features": {},
	"storage-driver": "",   # 存储驱动类型,支持aufs, devicemapper, btrfs, zfs, overlay以及overlay2类型
	"storage-opts": [], # 存储驱动参数
	"labels": [],
	"live-restore": true,   # 开启daemon服务停止时,保持容器运行功能
	"log-driver": "json-file",  # 容器日志默认格式,json文本格式
	"log-opts": {   # 日志参数
		"max-size": "10m",  # 单日志最大文件容量
		"max-file":"5", # 最大日志文件数
		"labels": "somelabel",
		"env": "os,customer"
	},
	"mtu": 0,   # 容器网络MTU值
	"pidfile": "",  # PID文件路径,默认/var/run/docker.pid
	"cluster-store": "",
	"cluster-store-opts": {},
	"cluster-advertise": "",
	"max-concurrent-downloads": 3,
	"max-concurrent-uploads": 5,
	"default-shm-size": "64M",
	"shutdown-timeout": 15,
	"debug": true,
	"hosts": [],    # 监听地址
	"log-level": "",
	"tls": false,    # 开启TLS加密
	"tlsverify": false,
	"tlscacert": "",
	"tlscert": "",
	"tlskey": "",
	"swarm-default-advertise-addr": "",
	"api-cors-header": "",
	"selinux-enabled": false,
	"userns-remap": "",
	"group": "",
	"cgroup-parent": "",
	"default-ulimits": {
		"nofile": {
			"Name": "nofile",
			"Hard": 64000,
			"Soft": 64000
		}
	},
	"init": false,
	"init-path": "/usr/libexec/docker-init",
	"ipv6": false,
	"iptables": true,
	"ip-forward": true,
	"ip-masq": true,
	"userland-proxy": true,
	"userland-proxy-path": "/usr/libexec/docker-proxy",
	"ip": "0.0.0.0", # 容器绑定宿主机端口时的监听IP
	"bridge": "",
	"bip": "",  # 设置容器bridge IP(桥接)子网
	"fixed-cidr": "",
	"fixed-cidr-v6": "",
	"default-gateway": "",
	"default-gateway-v6": "",
	"icc": false,
	"raw-logs": false,
	"allow-nondistributable-artifacts": [],
	"registry-mirrors": [], # 镜像仓库地址列表
	"seccomp-profile": "",
	"insecure-registries": [],  # 安全仓库地址列表,一般添加本地私有仓库。
	"no-new-privileges": false,
	"default-runtime": "runc",
	"oom-score-adjust": -500,
	"node-generic-resources": ["NVIDIA-GPU=UUID1", "NVIDIA-GPU=UUID2"],
	"runtimes": {
		"cc-runtime": {
			"path": "/usr/bin/cc-runtime"
		},
		"custom": {
			"path": "/usr/local/bin/my-runc-replacement",
			"runtimeArgs": [
				"--debug"
			]
		}
	},
	"default-address-pools":[{"base":"172.80.0.0/16","size":24},{"base":"172.90.0.0/16","size":24}]  # 本地节点网络默认地址池
}

重载生效

1
2
systemctl daemon-reload
systemctl restart docker

在windows上的配置(同上)

路径:%programdata%\docker\config\daemon.json

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
{
    "authorization-plugins": [],
    "data-root": "",
    "dns": [],
    "dns-opts": [],
    "dns-search": [],
    "exec-opts": [],
    "experimental": false,
    "features":{},
    "storage-driver": "",
    "storage-opts": [],
    "labels": [],
    "log-driver": "",
    "mtu": 0,
    "pidfile": "",
    "cluster-store": "",
    "cluster-advertise": "",
    "max-concurrent-downloads": 3,
    "max-concurrent-uploads": 5,
    "shutdown-timeout": 15,
    "debug": true,
    "hosts": [],
    "log-level": "",
    "tlsverify": true,
    "tlscacert": "",
    "tlscert": "",
    "tlskey": "",
    "swarm-default-advertise-addr": "",
    "group": "",
    "default-ulimits": {},
    "bridge": "",
    "fixed-cidr": "",
    "raw-logs": false,
    "allow-nondistributable-artifacts": [],
    "registry-mirrors": [],
    "insecure-registries": []
}