标签:evel some 守护 tom docker search mirrors userland secure
这几天看了一点docker相关的东西, 在学习中:
看了下园友的blog 感觉很好 这里 学习一下.
https://www.cnblogs.com/pzk7788/p/10180197.html
其实也可以从 systemd 里面的 docker.service 进行修改 来处理
但是 docker/daemon 的处理更完善一下 也更安全.
vim /etc/docker/daemon.json { "authorization-plugins": [], "data-root": "", # 设置docker运行时的根目录 "dns": [], # 设置容器的DNS地址 "dns-opts": [], # 设置容器的/etc/resolv.conf文件 "dns-search": [], "exec-opts": [], "exec-root": "", "experimental": false, "features": {}, "storage-driver": "", "storage-opts": [], "labels": [], "live-restore": true, "log-driver": "json-file", "log-opts": { "max-size": "10m", "max-files":"5", "labels": "somelabel", "env": "os,customer" }, # 定义logfile的大小以及限制等 "mtu": 0, "pidfile": "", # 设置docker守护进程的PID文件 "cluster-store": "", "cluster-store-opts": {}, "cluster-advertise": "", "max-concurrent-downloads": 3, "max-concurrent-uploads": 5, "default-shm-size": "64M", "shutdown-timeout": 15, "debug": true, # 是否以debug模式启动docker "hosts": [], # 设置容器的hosts "log-level": "", "tls": true, "tlsverify": true, "tlscacert": "", "tlscert": "", "tlskey": "", "swarm-default-advertise-addr": "", "api-cors-header": "", "selinux-enabled": false, # 设置是否支持SELinux "userns-remap": "", "group": "", "cgroup-parent": "", "default-ulimits": { "nofile": { "Name": "nofile", "Hard": 64000, "Soft": 64000 } }, "init": false, "init-path": "/usr/libexec/docker-init", "ipv6": false, "iptables": false, "ip-forward": false, "ip-masq": false, "userland-proxy": false, "userland-proxy-path": "/usr/libexec/docker-proxy", "ip": "0.0.0.0", "bridge": "", "bip": "", "fixed-cidr": "", "fixed-cidr-v6": "", "default-gateway": "", "default-gateway-v6": "", "icc": false, "raw-logs": false, "allow-nondistributable-artifacts": [], "registry-mirrors": [], # 设置镜像加速地址 这里面需要设置是https "seccomp-profile": "", "insecure-registries": [], # 设置docker的私有仓库地址 可以不是https的 "no-new-privileges": false, "default-runtime": "runc", "oom-score-adjust": -500, "node-generic-resources": ["NVIDIA-GPU=UUID1", "NVIDIA-GPU=UUID2"], "runtimes": { "cc-runtime": { "path": "/usr/bin/cc-runtime" }, "custom": { "path": "/usr/local/bin/my-runc-replacement", "runtimeArgs": [ "--debug" ] } }, "default-address-pools":[{"base":"172.80.0.0/16","size":24}, {"base":"172.90.0.0/16","size":24}] }
标签:evel some 守护 tom docker search mirrors userland secure
原文地址:https://www.cnblogs.com/jinanxiaolaohu/p/11429614.html