Warning: Cannot modify header information - headers already sent by (output started at /data/web/virtuals/85063/virtual/www/domains/waldauf.org/lib/plugins/color/syntax.php:1) in /data/web/virtuals/85063/virtual/www/domains/waldauf.org/inc/actions.php on line 180
technology:k8s:docker - WiKi

Docker

Must be installed on every master/minion

Preresitiqies:

  • Flanneld must run before dockerd.
  • Docker must have disabled masquarade

Installation

Download required version of Docker/Moby from github.

Unpack package and copy bin files to /usr/local/bin.

Configuration

Systemd

Docker systemd service: /lib/systemd/system/docker.service

[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com

[Service]
Type=notify
EnvironmentFile=-/etc/docker/docker
EnvironmentFile=-/etc/docker/docker-storage
EnvironmentFile=-/etc/docker/docker-network
EnvironmentFile=-/etc/docker/docker-flannel

ExecStart=/usr/bin/dockerd $OPTIONS \
 $DOCKER_OPTS \
          $DOCKER_STORAGE_OPTIONS \
          $DOCKER_NETWORK_OPTIONS \
          $BLOCK_REGISTRY \
          $INSECURE_REGISTRY

Define that Docker can start after Flannel - /etc/systemd/system/docker.service.d/40-docker-depends-on-flannel.conf:

# Dropin for docker.service

[Unit]
# Flannel must be started before Docker.
# Flannel acquires subnet for the host and writes appropriate
# configuration in /run/flannel_docker_opts.env that is being read
# by Docker service.
# See https://coreos.com/kubernetes/docs/latest/deploy-master.html
# and https://github.com/coreos/flannel/issues/112#issuecomment-72708347
# for details.
Requires=flanneld.service
After=flanneld.service


Docker

Docker must have the same IP range configuration which is defined in Flannel:

cat > /tmp/docker_set_interface.sh << EOF
. /run/flannel/subnet.env
# ifconfig docker0 down
ifconfig docker0 \${FLANNEL_SUBNET}
echo "DOCKER_OPTS="--bip=\${FLANNEL_SUBNET} --mtu=\${FLANNEL_MTU}"" > /etc/docker/docker-flannel
EOF
chmod 755 /tmp/docker_set_interface.sh
sh -x /tmp/docker_set_interface.sh

In dir /etc/docker create these files:

  • /etc/docker/daemon.json
    {
        "live-restore": true
    }
  • /etc/docker/docker
    OPTIONS="-l=debug --selinux-enabled --storage-driver=overlay2 --ip-masq=false --iptables=false"
    INSECURE_REGISTRY="--insecure-registry=nexus3.kb.cz:18443 --insecure-registry=nexus3.kb.cz:18444 --insecure-registry=gcr.io"
  • /etc/docker/docker-flannel - depends on your flanneld configuration
    DOCKER_OPTS=--bip=172.17.89.1/24 --mtu=1450
  • /etc/docker/docker-network
    no_proxy=localhost,127.0.0.0/8,::1,/var/run/docker.sock
  • key.json - if it is created - let it as is. Set permissions to root:root@600.
    {
            "crv":"P-256",
            "d":"g8eNORzxWzRPvnG2cAbV1zoGbmwqFAUiGM5hzswRIrE",
            "kid":"NJPW:U6QM:P35Q:NB72:QXCH:444Z:MQUF:DFL4:5YUE:OEZY:S5E5:AG7Z",
            "kty":"EC",
            "x":"Ya5nRZ0qbcS2apRSMwZEhgGwzV8Jv7ZuQdDXVUlzHSA",
            "y":"BnCbAwu-AJoMUXa0OcEfSk5fceXAJKMZNHO3BAJll0Q"
    }

Run Docker

Run over systemd:

systemctl start docker
systemctl enable docker
Navigation
Print/export
Toolbox