一、环境
- 操作系统:rocky linux
- 内存:4G
- CPU:2核4线程
- 硬盘:100G
- 网卡1:仅主机模式(192.168.64.130)
- 网卡2:NAT模式
二、操作步骤
2.1 系统环境初始化
#修改IP
vi /etc/NetworkManager/system-connections/ens160.nmconnection
[ipv4]
method=manual
address1=192.168.64.130/24
systemctl restart NetworkManager
#更换系统镜像源
sed -e 's|^mirrorlist=|#mirrorlist=|g' -e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.aliyun.com/rockylinux|g' -i.bak /etc/yum.repos.d/rocky*.repo
dnf makecache
systemctl stop firewalld
systemctl disable firewalld
dnf -y install iptables-services
#查看规则
iptables -L
#清空规则
iptables -F
service iptables save
systemctl enable iptables
#关闭selinux
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
grubby --update-kernel ALL --args selinux=0
#查看是否禁用
grubby --info DEFAULT
timedatectl set-timezone Asia/Shanghai
关闭系统,设置快照。
2.2 配置docker环境
yum install -y epel-release
yum install -y bridge-utils
#加载模块,所有经过网桥的流量必须要经过防火墙处理
modprobe br_netfilter
echo 'br_netfilter' >> /etc/modules-load.d/bridge.conf
echo 'net.bridge.bridge-nf-call-iptables=1' >> /etc/sysctl.conf
echo 'net.bridge.bridge-nf-call-ip6tables=1' >> /etc/sysctl.conf
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
sysctl -p
#替换docker镜像源
mv mv docker-ce.repo docker-ce.repo.bak
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
#安装docker-ce
yum -y install docker-ce
#配置daemon
cat > /etc/docker/daemon.json <<EOF
{
"default-ipc-mode":"shareable",
"data-root":"/data/docker",
"exec-opts":["native.cgroupdriver=systemd"],
"log-driver":"json-file",
"log-opts":{
"max-size":"100m",
"max-file":"100"
},
"insecure-registries":["harbor.xinxainghf.com"],
"registry-mirrors":["https://docker.m.daocloud.io",
"https://0dj0t5fb.mirror.aliyuncs.com",
"https://docker.mirrors.ustc.edu.cn",
"https://6kx4zyno.mirror.aliyuncs.com",
"https://registry.docker-cn.com"]
}
EOF
mkdir -p /etc/systemd/system/docker.service.d
systemctl daemon-reload && systemctl restart docker && systemctl enable docker
手动上传pause.tar至/root目录下
docker load -i /root/pause.tar
docker run --name pause -p 8080:80 -d k8s.gcr.io/pause:3.1
#编写nginx的配置文件至/root目录下
cat <<EOF>> /root/nginx.conf
error_log stderr;
events {
worker_connections 1024;
}
http {
access_log /dev/stdout combined;
server {
listen 80 default_server;
server_name example.com www.example.com;
location / {
proxy_pass http://127.0.0.1:2368;
}
}
}
EOF
docker run --name nginx -v /root/nginx.conf:/etc/nginx/nginx.conf --net=container:pause --ipc=container:pause --pid=container:pause -d nginx
docker run --name ghost --net=container:pause --ipc=container:pause --pid=container:pause -d ghost:4.48.2
#查看容器运行
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a0d09fe4ee01 ghost:4.48.2 "docker-entrypoint.s…" 57 minutes ago Up 56 minutes ghost
292946d563cf nginx "/docker-entrypoint.…" 58 minutes ago Up 58 minutes nginx
ce1fa2481edd k8s.gcr.io/pause:3.1 "/pause" About an hour ago Up About an hour 0.0.0.0:8080->80/tcp, [::]:8080->80/tcp pause
