Docker Server Configuration: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 50: Line 50:


==--signature-verification==
==--signature-verification==
=OS-Dependent Details=
==RedHat/Centos==
Daemon configuration parameters are usually provided in /etc/sysconfig/docker:
==Mac==
The simples possible way to configure the Docker daemon on Mac is to use the UI: the whale icon-> Preferences -> Daemon.
The "Basic" section has UI elements to configure [[Docker_Server_Configuration#--insecure-registry|insecure registries]] and registry mirrors. A configuration change applied here propagates to the "[[#Mac_Preferences_Advanced|Advanced]]" section after daemon restart.
<span id='Mac_Preferences_Advanced'></span>The "Advanced" section gives access to the content of [[daemon.json]] file, which can be edited freely. However, the danger is that a configuration error saved here will prevent the daemon to start. If that happens, the file-system version of the same file can be accessed as follows:
cd ~/Library/Containers/com.docker.docker/Data/database
git reset --hard HEAD
The daemon.json becomes available as:
~/Library/Containers/com.docker.docker/Data/database/com.docker.driver.amd64-linux/etc/docker/daemon.json
The file can be edited and committed, and the daemon restart.


=daemon.json=
=daemon.json=

Revision as of 02:57, 2 May 2018

External

Internal

Overview

Docker Server Startup Sequence

RedHat/Centos systemd

systemd Docker Unit File: /usr/lib/systemd/system/docker.service

Docker Server Startup Configuration

Server Configuration Options

--insecure-registry

This option instructs the Docker daemon to trust any Docker registry on the indicated subnet, rather than requiring a certificate. The default value is []. For OpenShift-integrated Docker, the subnet where Docker expects this registry is the OpenShift SDN services subnet. 

... --insecure-registry <list> ...

--insecure-registry 172.30.0.0/16

The same option can be configured in daemon.json with insecure-registries.

--net

Also see:

Docker Networking Concepts

--selinux-enabled

--add-registry

When asked to search for or pull images, the docker runtime uses the Docker registry (docker.io) to complete those activities. Additional registries can be added to the list with --add-registry.

Also see

Docker Image Registry

--block-registry

To prevent users from pulling images from the Docker registry, after presumably other registry has been configured with --add-registry, use 

--block-registry docker.io

--log-driver

--signature-verification

daemon.json

daemon.json

Docker Container Configuration

Docker Container Configuration
Retrieved from "https://kb.novaordis.com/index.php?title=Docker_Server_Configuration&oldid=42285"