配置和启动参数
config-file
通过--config-file参数,可以指定Docker守护进程的配置文件路径。配置文件通常包含Docker的全局配置选项,如存储驱动、日志级别等。
启动参数配置
dockerd --config-file /etc/docker/daemon.json
log 日志
https://docker.website.cncfstack.com/engine/logging/configure/
Docker日志分为两类,一类是 dockerd 守护进程的日志,一类是容器的日志。
日志配置可以通过启动参数和配置文件两种方法进行配置。
dockerd日志
dockerd自身日志记录守护进程的运行状态,通常输出到系统日志(如journald或syslog)。
启动参数配置
-l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
配置文件配置
"log-level": "",
配置项说明
log-level: 用于设置Docker日志的输出级别,可选值包括debug、info、warn、error、fatal等。通过调整日志级别,可以更详细地了解Docker的运行状态,默认为info级别。
容器默认日志配置
通过 docker run 启动的容器的日志配置。通过daemon.json为所有容器设置默认的日志驱动和选项。
启动参数配置
--log-driver string Default driver for container logs (default "json-file")
--log-format string Set the logging format ("text"|"json") (default "text")
--log-opt map Default log driver options for containers (default map[])
--raw-logs Full timestamps without ANSI coloring
配置文件配置
{
"log-driver": "json-file",
"log-format": "text",
"log-opts": {
"cache-disabled": "false",
"cache-max-file": "5",
"cache-max-size": "20m",
"cache-compress": "true",
"env": "os,customer",
"labels": "somelabel",
"max-file": "5",
"max-size": "10m"
},
"raw-logs": false,
}
注意 cache-* 和 max-* 选项是互斥关系,不是同时使用的。
实际情况:
max-size + max-file:用于 json-file/local 驱动(默认配置)
cache-max-size + cache-max-file:用于 journald 驱动的内存缓存
配置项说明
log-driver: 用于设置Docker日志的驱动程序,可选值包括json-file、syslog、journald、gelf、awslogs、splunk、etwlogs、logentries、fluentd、none等,默认为json-file。log-format: 用于设置Docker日志的输出格式,可选值包括text和json,默认为text。log-opts和log-opt: 用于设置Docker日志的选项。cache-disabled: 是否禁用Docker日志缓存。默认值是false。cache-max-file: 日志缓存文件保留最大个数。默认是5个。cache-max-size: 日志缓存文件单个文件最大大小。默认是20M。cache-compress: 日志缓存文件是否进行压缩。默认true。env: 配置日志中输出的环境信息,可自定义。labels: 配置日志中输出的标签信息,可自定义。max-file: 日志文件保留个数。默认5个。max-size: 日志文件单个文件大小。默认10M。
raw-logs: 是否使用完整的、未经过处理的原始日志格式。原生日志输出完整的时间戳,不带ANSI颜色。默认值是false。
docker run 配置方法
# 单个容器覆盖默认配置
docker run \
--log-driver json-file \
--log-opt max-size=10m \
--log-opt max-file=3 \
nginx
docker-compose.yml配置方法
services:
app:
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
compress: "true"
{ “allow-direct-routing”: false, “authorization-plugins”: [], “bip”: “”, “bip6”: “”, “bridge”: “”, “bridge-accept-fwmark”: “”, “builder”: { “gc”: { “enabled”: true, “defaultReservedSpace”: “10GB”, “policy”: [ { “maxUsedSpace”: “512MB”, “keepDuration”: “48h”, “filter”: [ “type=source.local” ] }, { “reservedSpace”: “10GB”, “maxUsedSpace”: “100GB”, “keepDuration”: “1440h” }, { “reservedSpace”: “50GB”, “minFreeSpace”: “20GB”, “maxUsedSpace”: “200GB”, “all”: true } ] } }, “cgroup-parent”: “”, “containerd”: “/run/containerd/containerd.sock”, “containerd-namespace”: “docker”, “containerd-plugins-namespace”: “docker-plugins”, “data-root”: “”, “debug”: true, “default-address-pools”: [ { “base”: “172.30.0.0/16”, “size”: 24 }, { “base”: “172.31.0.0/16”, “size”: 24 } ], “default-cgroupns-mode”: “private”, “default-gateway”: “”, “default-gateway-v6”: “”, “default-network-opts”: {}, “default-runtime”: “runc”, “default-shm-size”: “64M”, “default-ulimits”: { “nofile”: { “Hard”: 64000, “Name”: “nofile”, “Soft”: 64000 } }, “dns”: [], “dns-opts”: [], “dns-search”: [], “exec-opts”: [], “exec-root”: “”, “experimental”: false, “features”: { “cdi”: true, “containerd-snapshotter”: true }, “firewall-backend”: “”, “fixed-cidr”: “”, “fixed-cidr-v6”: “”, “group”: “”, “host-gateway-ip”: “”, “hosts”: [], “proxies”: { “http-proxy”: “http://proxy.example.com:80”, “https-proxy”: “https://proxy.example.com:443”, “no-proxy”: “*.test.example.com,.example.org” }, “icc”: false, “init”: false, “init-path”: “/usr/libexec/docker-init”, “insecure-registries”: [], “ip”: “0.0.0.0”, “ip-forward”: false, “ip-masq”: false, “iptables”: false, “ip6tables”: false, “ipv6”: false, “labels”: [], “live-restore”: true,
“max-concurrent-downloads”: 3, “max-concurrent-uploads”: 5, “max-download-attempts”: 5, “mtu”: 0, “no-new-privileges”: false, “node-generic-resources”: [ “NVIDIA-GPU=UUID1”, “NVIDIA-GPU=UUID2” ], “pidfile”: “”,
“registry-mirrors”: [], “runtimes”: { “cc-runtime”: { “path”: “/usr/bin/cc-runtime” }, “custom”: { “path”: “/usr/local/bin/my-runc-replacement”, “runtimeArgs”: [ “–debug” ] } }, “seccomp-profile”: “”, “selinux-enabled”: false, “shutdown-timeout”: 15, “storage-driver”: “”, “storage-opts”: [], “swarm-default-advertise-addr”: “”, “tls”: true, “tlscacert”: “”, “tlscert”: “”, “tlskey”: “”, “tlsverify”: true, “userland-proxy”: false, “userland-proxy-path”: “/usr/libexec/docker-proxy”, “userns-remap”: "" }
Usage: dockerd [OPTIONS]
A self-sufficient runtime for containers.
Options:
--add-runtime runtime Register an additional OCI compatible runtime (default [])
--allow-direct-routing Allow remote access to published ports on container IP addresses
--authorization-plugin list Authorization plugins to load
--bip string IPv4 address for the default bridge
--bip6 string IPv6 address for the default bridge
-b, --bridge string Attach containers to a network bridge
--bridge-accept-fwmark string In bridge networks, accept packets with this firewall mark/mask
--cdi-spec-dir list CDI specification directories to use
--cgroup-parent string Set parent cgroup for all containers
--config-file string Daemon configuration file (default "/etc/docker/daemon.json")
--containerd string containerd grpc address
--containerd-namespace string Containerd namespace to use (default "moby")
--containerd-plugins-namespace string Containerd namespace to use for plugins (default "plugins.moby")
--cpu-rt-period int Limit the CPU real-time period in microseconds for the
parent cgroup for all containers (not supported with cgroups v2)
--cpu-rt-runtime int Limit the CPU real-time runtime in microseconds for the
parent cgroup for all containers (not supported with cgroups v2)
--cri-containerd start containerd with cri
--data-root string Root directory of persistent Docker state (default "/var/lib/docker")
-D, --debug Enable debug mode
--default-address-pool pool-options Default address pools for node specific local networks
--default-cgroupns-mode string Default mode for containers cgroup namespace ("host" | "private") (default "private")
--default-gateway ip Default gateway IPv4 address for the default bridge network
--default-gateway-v6 ip Default gateway IPv6 address for the default bridge network
--default-ipc-mode string Default mode for containers ipc ("shareable" | "private") (default "private")
--default-network-opt mapmap Default network options (default map[])
--default-runtime string Default OCI runtime for containers (default "runc")
--default-shm-size bytes Default shm size for containers (default 64MiB)
--default-ulimit ulimit Default ulimits for containers (default [])
--dns list DNS server to use
--dns-opt list DNS options to use
--dns-search list DNS search domains to use
--exec-opt list Runtime execution options
--exec-root string Root directory for execution state files (default "/var/run/docker")
--experimental Enable experimental features
--feature map Enable feature in the daemon
--firewall-backend string Firewall backend to use, iptables or nftables
--fixed-cidr string IPv4 subnet for the default bridge network
--fixed-cidr-v6 string IPv6 subnet for the default bridge network
-G, --group string Group for the unix socket (default "docker")
--help Print usage
-H, --host list Daemon socket(s) to connect to
--host-gateway-ip list IP addresses that the special 'host-gateway' string in --add-host resolves to.
Defaults to the IP addresses of the default bridge
--http-proxy string HTTP proxy URL to use for outgoing traffic
--https-proxy string HTTPS proxy URL to use for outgoing traffic
--icc Enable inter-container communication for the default bridge network (default true)
--init Run an init in the container to forward signals and reap processes
--init-path string Path to the docker-init binary
--insecure-registry list Enable insecure registry communication
--ip ip Host IP for port publishing from the default bridge network (default 0.0.0.0)
--ip-forward Enable IP forwarding in system configuration (default true)
--ip-forward-no-drop Do not set the filter-FORWARD policy to DROP when enabling IP forwarding
--ip-masq Enable IP masquerading for the default bridge network (default true)
--ip6tables Enable addition of ip6tables rules (default true)
--iptables Enable addition of iptables rules (default true)
--ipv6 Enable IPv6 networking for the default bridge network
--label list Set key=value labels to the daemon
--live-restore Enable live restore of docker when containers are still running
--max-concurrent-downloads int Set the max concurrent downloads (default 3)
--max-concurrent-uploads int Set the max concurrent uploads (default 5)
--max-download-attempts int Set the max download attempts for each pull (default 5)
--metrics-addr string Set default address and port to serve the metrics api on
--mtu int Set the MTU for the default "bridge" network (default 1500)
--network-control-plane-mtu int Network Control plane MTU (default 1500)
--no-new-privileges Set no-new-privileges by default for new containers
--no-proxy string Comma-separated list of hosts or IP addresses for which the proxy is skipped
--node-generic-resource list Advertise user-defined resource
-p, --pidfile string Path to use for daemon PID file (default "/var/run/docker.pid")
--registry-mirror list Preferred registry mirror
--rootless Enable rootless mode; typically used with RootlessKit
--seccomp-profile string Path to seccomp profile. Set to "unconfined" to disable the default seccomp profile (default "builtin")
--selinux-enabled Enable selinux support
--shutdown-timeout int Set the default shutdown timeout (default 15)
-s, --storage-driver string Storage driver to use
--storage-opt list Storage driver options
--swarm-default-advertise-addr string Set default address or interface for swarm advertised address
--tls Use TLS; implied by --tlsverify
--tlscacert string Trust certs signed only by this CA (default "~/.docker/ca.pem")
--tlscert string Path to TLS certificate file (default "~/.docker/cert.pem")
--tlskey string Path to TLS key file (default "~/.docker/key.pem")
--tlsverify Use TLS and verify the remote
--userland-proxy Use userland proxy for loopback traffic (default true)
--userland-proxy-path string Path to the userland proxy binary
--userns-remap string User/Group setting for user namespaces
--validate Validate daemon configuration and exit
-v, --version Print version information and quit