調整 docker 基本設定

情境, 緣由

• 希望 container root id 不等於 host root id
• container log 能自動 rotate

設定步驟

1. 調整 CentOS/Redhat 讓 docker 可使用 user namespace
   ref: https://gist.github.com/mjuric/c519d470eac60b08de5ed735ff5a2ef9

useradd -M -s /bin/false dockremap

grubby --args="namespace.unpriv_enable=1 user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)"
echo "user.max_user_namespaces=15076" >> /etc/sysctl.conf
reboot

1. 設定 subuid, subgid

for i in u g
do
    echo 'dockremap:1000000:65536' >> /etc/sub${i}id
done

簡單說明

參考 man subuid

       Each line in /etc/subuid contains a user name and a range of subordinate user ids that user is allowed to use. This is
       specified with three fields delimited by colons (“:”). These fields are:

       •   login name or UID

       •   numerical subordinate user ID

       •   numerical subordinate user ID count

• dockremap: docker 專用的 username
• 1000000: 讓 container root id 0 轉移成 host id 1000000
• 65536: 讓 container root id 0 後面 65536 後面的 user id 都移此規則轉到 host user id

2. 設定 daemon.json

echo '{
    "userns-remap": "default",
    "log-opts": {
        "max-size": "50m",
        "max-file": "5"
    },
    "log-driver": "json-file"
}' > /etc/docker/daemon.json

直接參考 JSON File logging driver

3. 重啟 docker

/etc/init.d/docker restart

4. 補充
   download docker/container image over proxy