K8s教程-docker二进制安装
环境准备
# 开启桥接功能
modprobe br_netfilter
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
sysctl -p /etc/sysctl.d/k8s.conf
防火墙选择
建议使用 firewalld 管理防火墙规则,firewalld 最主要的特性是动态添加规则
# 默认使用 iptables 管理,如果安装了 firewalld ,则通过 firewalld 管理
# firewalld 的 INPUT_ZONES 会添加 IN_docker 链
apt update && apt -y install firewalld
docker二进制安装
下载安装
# https://download.docker.com/linux/static/stable/x86_64/
cd /usr/local/src
wget https://download.docker.com/linux/static/stable/x86_64/docker-20.10.6.tgz
[ -f /usr/bin/docker ] || (tar xzf docker-20.10.6.tgz && cp -v docker/* /usr/bin/ && rm -fr docker)
INPUT 权限脚本
iptables管理添加此脚本建议使用 firewalld 管理防火墙规则,firewalld 最主要的特性是动态添加规则
# 添加 INPUT 权限
cat > /etc/iptables_add_input.sh << EOF
#!/bin/bash
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i docker0 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# 注意这个公司一定要写正确
iptables -A INPUT -s 192.168.1.1 -p tcp -j ACCEPT
# ssh 测试备用,测试通过后可以关闭
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -P INPUT DROP
EOF
# 运行中动态添加防火墙规则
# 注意添加后需要同事在/etc/iptables_add_input.sh进行添加
# 插入防火墙,确定位置:iptables -nvL --line-number
# iptables -I INPUT 5 -s 192.168.1.1 -p tcp --dport 10051 -j ACCEPT
# 删除指定id的规则
# iptables -nvL --line-number
# iptables -D INPUT 5
systemd服务单元配置
cat > /usr/lib/systemd/system/docker.service << 'EOF'
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
EnvironmentFile=-/etc/kubernetes/flanneld_docker.env
# 启动之前添加自己的防火墙权限(根据需求是否开启)
# ExecStartPre=bash /etc/iptables_add_input.sh
ExecStart=/usr/bin/dockerd --default-ulimit nofile=65535:65535 $DOCKER_NETWORK_OPTIONS
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
EOF
配置启动依赖
配置文件
mkdir -pv /etc/docker /data/docker
# bip 通过 $DOCKER_NETWORK_OPTIONS 读取
# mirrors 建议配置多个,因为重新配置需要重启docker服务
cat > /etc/docker/daemon.json << 'EOF'
{
"graph": "/data/docker",
"storage-driver": "overlay2",
"registry-mirrors": ["https://hub-mirror.c.163.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"live-restore": true
}
EOF
启动
修改配置文件后:systemctl daemon-reload
# 开机自启动
systemctl enable docker
# 启动
systemctl start docker
# 查看状态
systemctl status docker
状态检测
# 检查启动情况
docker -v
# 检查网络
ip a | grep docker0
# 查看容器运行是否符合配置
docker pull busybox
docker run -it --rm busybox /bin/sh
/ # ip add
# 容器IP为172.26.190.2,符合设置。这样,根据容器ip就可以很容易定位到容器所属主机节点。
自动补全
# 下载
curl -L https://raw.githubusercontent.com/docker/cli/v$(docker version --format '{{.Server.Version}}' | sed 's/-.*//')/contrib/completion/bash/docker -o /etc/bash_completion.d/docker
# 加载
source /etc/bash_completion.d/docker
docker-compose
安装
# 上github查看最新版本
# https://github.com/docker/compose/releases
# curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
curl -L https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
自动补全
# 目前2.x的版本里面还没有自动补全的命令
# https://github.com/docker/compose/tree/1.28.x/contrib/completion/bash
# 下载
curl \
-L https://raw.githubusercontent.com/docker/compose/1.29.2/contrib/completion/bash/docker-compose \
-o /etc/bash_completion.d/docker-compose
# 加载
source /etc/bash_completion.d/docker-compose
buildkit
docker build 依赖 buildkit 命令 BuildKit 是下一代的镜像构建组件,在 https://github.com/moby/buildkit 开源
安装
cd /usr/local/src/
wget https://github.com/moby/buildkit/releases/download/v0.8.3/buildkit-v0.8.3.linux-amd64.tar.gz
tar xzf buildkit-v0.8.3.linux-amd64.tar.gz
[ -f /usr/bin/buildctl ] || (cp -v bin/buildctl bin/buildkitd /usr/bin/)
systemd服务单元配置
cat > /usr/lib/systemd/system/buildkit.service << 'EOF'
[Unit]
Description=Dockerfile-agnostic builder toolkit
Documentation=https://github.com/moby/buildkit
[Service]
Type=notify
ExecStart=/usr/bin/buildkitd
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
启动
# 开机自启动
systemctl enable buildkit.service
# 启动
systemctl start buildkit.service
# 检测状态
systemctl status buildkit.service
使用
buildctl build \
--frontend=dockerfile.v0 \
--local context=. \
--local dockerfile=.
# or
buildctl build \
--frontend=dockerfile.v0 \
--local context=. \
--local dockerfile=. \
--opt target=foo \
--opt build-arg:foo=bar
- 原文作者:zaza
- 原文链接:https://zazayaya.github.io/2021/07/23/docker-install-by-binary.html
- 说明:转载本站文章请标明出处,部分资源来源于网络,如有侵权请及时与我联系!