Docker 配置文件说明
# Centos
[root@localhost ~] vim /etc/docker/daemon.json
# Mac
设置 -> Docker Engine
{
# 访问授权插件,官方帮助文档:https://docs.docker.com/engine/extend/plugins_authorization/
"authorization-plugins": [],
# docker运行时的根目录,默认位置在/var/lib/docker
"data-root": "",
# 配置DNS服务器地址
"dns": [],
# DNS额外配置项
"dns-opts": [],
# DNS搜索域名
"dns-search": [],
# 执行选项
"exec-opts": [],
# 执行状态文件根目录
"exec-root": "",
# 是否开启实验性特性
"experimental": false,
# 启用或禁用其他特性功能
"features": {},
# 配置存储驱动器类型
"storage-driver": "",
# 额外的存储选项
"storage-opts": [],
# 元数据标签
"labels": [],
# 启动实时还原,有助于减少守护进程崩溃。官方帮助文档:https://docs.docker.com/config/containers/live-restore/
"live-restore": true,
# 日志记录驱动程序。官方帮助文档:https://docs.docker.com/config/containers/logging/configure/
"log-driver": "json-file",
# 日志记录驱动程序额外选项。官方帮助文档:https://docs.docker.com/config/containers/logging/configure/
"log-opts": {
"max-size": "10m",
"max-file":"5",
"labels": "somelabel",
"env": "os,customer"
},
# 设置容器网络最大传输单元MTU
"mtu": 0,
# ocker守护进程PID文件
"pidfile": "",
# 集群存储系统URL
"cluster-store": "",
# 集群存储系统配置项
"cluster-store-opts": {},
# 集群对外的地址名称
"cluster-advertise": "",
# 设置每个pull进程最大并发数
"max-concurrent-downloads": 3,
# 设置每个push进程的最大并发数
"max-concurrent-uploads": 5,
# 默认共享内存大小
"default-shm-size": "64M",
# 设置关闭超时
"shutdown-timeout": 15,
# 开启debug调试模式
"debug": true,
# 指定docker守护进程侦听的地址,默认/var/run/docker.sock,例:指定tcp侦听地址,在其他主机上可以通过-H选项连接到本主机容器。"hosts": ["tcp://0.0.0.0:2375","unix://var/run/docker.sock"]
"hosts": [],
# 设置日志级别
"log-level": "info",
# 启动TLS
"tls": true,
# 开启传输层安全协议并验证远程地址
"tlsverify": true,
# ca.pem路径
"tlscacert": "",
# server-cert.pem路径
"tlscert": "",
# server-key.pem路径
"tlskey": "",
# swarm对外地址
"swarm-default-advertise-addr": "",
# 设置CORS,跨域头
"api-cors-header": "",
# 是否开启selinux
"selinux-enabled": false,
# 指定用户/组
"userns-remap": "",
# docker所在的组
"group": "",
# 设置容器默认的cgroup父级
"cgroup-parent": "",
# 设置容器ulimits
"default-ulimits": {
"nofile": {
"Name": "nofile",
"Hard": 64000,
"Soft": 64000
}
},
# 容器执行初始化
"init": false,
# 是否开启ipv6网络
"ipv6": false,
# 是否开启防火墙规则
"iptables": false,
# 是否开启forward链
"ip-forward": false,
# ip伪装,使用地址转换来允许没有公共IP的容器与互联网上的其他计算机通信
"ip-masq": false,
# 用户空间代理
"userland-proxy": false,
# 用户空间代理路径
"userland-proxy-path": "/usr/libexec/docker-proxy"
# 默认ip
"ip": "0.0.0.0",
# 桥接网络标识
"bridge": "",
# 修改docker0桥的默认IP地址,例:"bip": "10.10.0.1/16"
"bip": "",
# 限制ipv4网络分配范围
"fixed-cidr": "",
# 限制ipv6网络分配范围
"fixed-cidr-v6": "",
# 默认网关
"default-gateway": "",
# 默认ipv6网关
"default-gateway-v6": "",
# 容器间通信
"icc": false,
# 原始日志
"raw-logs": false,
# 允许推送不可分发的工件。官方帮助文档:https://docs.docker.com/engine/reference/commandline/dockerd/#allow-push-of-nondistributable-artifacts
"allow-nondistributable-artifacts": [],
# 设置docker registry镜像加速器,例:设置docker镜像加速器。"registry-mirrors": ["http://f1361db2.m.daocloud.io"]
"registry-mirrors": [],
# seccomp配置文件
"seccomp-profile": "",
# 配置非https协议的registries地址
"insecure-registries": [],
# 禁止新优先级
"no-new-privileges": false,
# OCI规范
"default-runtime": "runc",
# 内存溢出被杀死的优先级(-1000~1000)
"oom-score-adjust": -500,
# 对外公布的资源节点
"node-generic-resources": ["NVIDIA-GPU=UUID1", "NVIDIA-GPU=UUID2"],
# 运行时选项。官方帮助文档:https://docs.docker.com/engine/reference/commandline/dockerd/#docker-runtime-execution-options
"runtimes": {
"cc-runtime": {
"path": "/usr/bin/cc-runtime"
},
"custom": {
"path": "/usr/local/bin/my-runc-replacement",
"runtimeArgs": [
"--debug"
]
}
},
# 默认DHCP分配给容器的地址
"default-address-pools":[
{"base":"172.80.0.0/16","size":24},
{"base":"172.90.0.0/16","size":24}
]
}
