A deployment docker
1.1 docker deployment components
docker run and manage the container, kubelet interact with it by Container Runtime Interface (CRI).
1.2 Download docker
1 [root@k8smaster01 ~]# cd /opt/k8s/work 2 [root@k8smaster01 work]# wget https://download.docker.com/linux/static/stable/x86_64/docker-18.09.6.tgz 3 [root@k8smaster01 work]# tar -xvf docker-18.09.6.tgz
Tip: For more docker version download reference https://download.docker.com/linux/static/stable/x86_64/.
1.3 installation and deployment docker
1 [root@k8smaster01 ~]# cd /opt/k8s/work 2 [root@k8smaster01 work]# source /opt/k8s/bin/environment.sh 3 [root@k8smaster01 work]# for all_ip in ${ALL_IPS[@]} 4 do 5 echo ">>> ${all_ip}" 6 scp docker/* root@${all_ip}:/opt/k8s/bin/ 7 ssh root@${all_ip} "chmod +x /opt/k8s/bin/*" 8 done
1.4 Configuration docker system
1 [root@k8smaster01 ~]# cd /opt/k8s/work 2 [root@k8smaster01 work]# cat > docker.service <<"EOF" 3 [Unit] 4 Description=Docker Application Container Engine 5 Documentation=http://docs.docker.io 6 7 [Service] 8 WorkingDirectory=##DOCKER_DIR## 9 Environment="PATH=/opt/k8s/bin:/bin:/sbin:/usr/bin:/usr/sbin" 10 EnvironmentFile=-/run/flannel/docker 11 ExecStart=/opt/k8s/bin/dockerd $DOCKER_NETWORK_OPTIONS 12 ExecReload=/bin/kill -s HUP $MAINPID 13 Restart=on-failure 14 RestartSec=5 15 LimitNOFILE=infinity 16 LimitNPROC=infinity 17 LimitCORE=infinity 18 Delegate=yes 19 KillMode=process 20 21 [Install] 22 WantedBy=multi-user.target 23 EOF
Explanation:
- EOF before and after the double quotes, bash this document does not replace the variables, such as $ DOCKER_NETWORK_OPTIONS (systemd responsible for these environmental variables are replaced.);
- dockerd calls docker run other commands, such as docker-proxy, it needs to be added to the directory where the command docker PATH environment variable;
- When the network configuration starts flanneld write / run / flannel / docker file, dockerd DOCKER_NETWORK_OPTIONS environment variables before starting to read the file, and then set docker0 bridge segment;
- If more EnvironmentFile option is specified, it must be / run / flannel / docker placed at the end (to ensure docker0 use bip parameters flanneld generated);
- docker need for running as root;
- When docker from the 1.13 version, will likely iptables FORWARD chain's default policy set to DROP, resulting in a Pod IP ping on the other Node failure, in which case, you need to manually set policies to ACCEPT:
1 [root@k8smaster01 ~]# echo '/sbin/iptables -P FORWARD ACCEPT' >> /etc/rc.local
And write the following command in /etc/rc.local file to prevent the default policy node restart iptables FORWARD chain again reduced to DROP
1.5 Distribution docker systemd
1 [root@k8smaster01 ~]# cd /opt/k8s/work 2 [root@k8smaster01 work]# source /opt/k8s/bin/environment.sh 3 [root@k8smaster01 work]# sed -i -e "s|##DOCKER_DIR##|${DOCKER_DIR}|" docker.service 4 [root@k8smaster01 work]# for all_ip in ${ALL_IPS[@]} 5 do 6 echo ">>> ${all_ip}" 7 scp docker.service root@${all_ip}:/etc/systemd/system/ 8 done
1.6 Configuration docker profile
1 [root@k8smaster01 ~]# cd /opt/k8s/work 2 [root@k8smaster01 work]# source /opt/k8s/bin/environment.sh 3 [root@k8smaster01 work]# cat > docker-daemon.json <<EOF 4 { 5 "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn","https://hub-mirror.c.163.com"], 6 "insecure-registries": ["docker02:35000"], 7 "max-concurrent-downloads": 20, 8 "live-restore": true, 9 "max-concurrent-uploads": 10, 10 "debug": true, 11 "data-root": "${DOCKER_DIR}/data", 12 "exec-root": "${DOCKER_DIR}/exec", 13 "log-opts": { 14 "max-size": "100m", 15 "max-file": "5" 16 } 17 } 18 EOF
1.7 Distribution docker profile
1 [root@k8smaster01 ~]# cd /opt/k8s/work 2 [root@k8smaster01 work]# source /opt/k8s/bin/environment.sh 3 [root@k8smaster01 work]# for all_ip in ${ALL_IPS[@]} 4 do 5 echo ">>> ${all_ip}" 6 ssh root@${all_ip} "mkdir -p /etc/docker/ ${DOCKER_DIR}/{data,exec}" 7 scp docker-daemon.json root@${all_ip}:/etc/docker/daemon.json 8 done
Two starts and verification
2.1 Starting docker
1 [root@k8smaster01 ~]# source /opt/k8s/bin/environment.sh 2 [root@k8smaster01 ~]# for all_ip in ${ALL_IPS[@]} 3 do 4 echo ">>> ${all_ip}" 5 ssh root@${all_ip} "systemctl daemon-reload && systemctl enable docker && systemctl restart docker" 6 done
2.2 Check docker Service
1 [root@k8smaster01 ~]# source /opt/k8s/bin/environment.sh 2 [root@k8smaster01 ~]# for all_ip in ${ALL_IPS[@]} 3 do 4 echo ">>> ${all_ip}" 5 ssh root@${all_ip} "systemctl status docker|grep Active" 6 done
2.3 Check the bridge docker 0
1 [root@k8smaster01 ~]# source /opt/k8s/bin/environment.sh 2 [root@k8smaster01 ~]# for all_ip in ${ALL_IPS[@]} 3 do 4 echo ">>> ${all_ip}" 5 ssh root@${all_ip} "/usr/sbin/ip addr show flannel.1 && /usr/sbin/ip addr show docker0" 6 done
NOTE: Make sure IP docker0 flannel.1 bridge interfaces and each worker nodes in the same network segment with the corresponding.
2.4 View docker information
1 [root @ k8smaster01 ~] # ps -elfH | grep docker | grep -v grep 2 [root @ k8smaster01 ~] # docker info