本文档风哥主要介绍RHEL LINUX 10容器环境依赖包预安装命令,包括Docker、Podman、Kubernetes等容器技术的依赖包安装,参考Red Hat Enterprise Linux 10官方文档Container Guide内容,适合Linux运维人员在学习和测试中使用,如果要应用于生产环境则需要自行确认。更多视频教程www.fgedu.net.cn from LinuxDBA视频:www.itpux.com
参考Red Hat Enterprise Linux 10官方文档中的System administration章节
Part01-基础概念与理论知识
1.1 容器环境依赖包概念
容器环境依赖包是指在安装和运行容器技术(如Docker、Podman、Kubernetes)之前,需要预先安装的基础软件包和库文件。这些依赖包提供了容器运行所需的基础功能,如网络配置、存储管理、安全控制等。
- 系统工具:yum-utils、device-mapper、lvm2等
- 网络工具:bridge-utils、iptables、iproute等
- 存储工具:container-selinux、containerd等
- 安全工具:selinux-policy、libselinux等
- 开发工具:gcc、make、kernel-devel等
1.2 常见依赖包列表
不同容器技术需要不同的依赖包: 学习交流加群风哥QQ113257174
yum-utils
device-mapper-persistent-data
lvm2
container-selinux
iptables
libcgroup
# Podman依赖包列表
container-selinux
slirp4netns
fuse-overlayfs
podman-plugins
crun
runc
# Kubernetes依赖包列表
conntrack
ipset
iptables
ebtables
socat
curl
wget
conntrack-tools
# 通用依赖包
curl
wget
git
vim
net-tools
bind-utils
bash-completion
1.3 依赖包管理的重要性
正确管理依赖包对于容器环境至关重要:
- 功能完整性:确保容器功能正常运行
- 安全性:避免因缺少安全依赖导致的安全风险
- 稳定性:防止因依赖冲突导致的系统不稳定
- 兼容性:确保不同组件之间的兼容性
- 可维护性:便于后续的升级和维护
Part02-生产环境规划与建议
2.1 依赖包规划策略
在生产环境中,依赖包安装需要制定规划:
1. 版本兼容性
– 确认容器软件版本要求
– 检查系统版本兼容性
– 验证内核版本要求
2. 安全性考虑
– 只安装必要的依赖包
– 定期更新依赖包
– 扫描安全漏洞
3. 存储规划
– 预留足够的磁盘空间
– 配置软件包缓存
– 规划镜像存储位置
4. 网络规划
– 配置软件源访问
– 设置代理服务器
– 规划容器网络
# 依赖包安装顺序
1. 更新系统
dnf update -y
2. 安装基础工具
dnf install -y yum-utils curl wget git
3. 安装容器依赖
dnf install -y container-selinux
4. 安装容器软件
dnf install -y docker-ce / podman / kubernetes
2.2 软件源配置
配置正确的软件源是安装依赖包的关键:
# dnf config-manager –add-repo https://download.docker.com/linux/centos/docker-ce.repo
Adding repo from: https://download.docker.com/linux/centos/docker-ce.repo
# 查看已配置的软件源
# dnf repolist
repo id repo name
rhel-baseos Red Hat Enterprise Linux 10 – BaseOS
rhel-appstream Red Hat Enterprise Linux 10 – AppStream
docker-ce-stable Docker CE Stable – x86_64
# 配置Kubernetes源
# cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
# 更新软件源缓存
# dnf makecache
rhel-baseos 10 MB/s | 2.5 MB 00:00
rhel-appstream 15 MB/s | 5.0 MB 00:00
docker-ce-stable 20 MB/s | 3.5 kB 00:00
kubernetes 12 MB/s | 1.5 kB 00:00
Metadata cache created.
# 查看软件源信息
# dnf repoinfo docker-ce-stable
Repo-id : docker-ce-stable
Repo-name : Docker CE Stable - x86_64
Repo-status : enabled
Repo-revision : 1648123456
Repo-updated : Fri 02 Apr 2026 10:00:00 AM CST
Repo-pkgs : 45
Repo-size : 500 M
Repo-baseurl : https://download.docker.com/linux/centos/10/x86_64/stable
Repo-expire : 172,800 second(s) (last: Fri 02 Apr 2026 10:00:00 AM CST)
Repo-filename : /etc/yum.repos.d/docker-ce.repo
2.3 版本兼容性考虑
确保依赖包版本与容器软件兼容:
# cat /etc/redhat-release
Red Hat Enterprise Linux release 10.0 (Plow)
# 查看内核版本
# uname -r
5.14.0-123.el10.x86_64
# 查看可用的Docker版本
# dnf list docker-ce –showduplicates | sort -r
docker-ce.x86_64 3:24.0.0-1.el10 docker-ce-stable
docker-ce.x86_64 3:23.0.6-1.el10 docker-ce-stable
docker-ce.x86_64 3:23.0.5-1.el10 docker-ce-stable
docker-ce.x86_64 3:23.0.4-1.el10 docker-ce-stable
# 查看可用的Podman版本
# dnf list podman –showduplicates | sort -r
podman.x86_64 5:4.5.0-1.el10 rhel-appstream
podman.x86_64 5:4.4.0-1.el10 rhel-appstream
podman.x86_64 5:4.3.0-1.el10 rhel-appstream
# 查看可用的Kubernetes版本
# dnf list kubelet –showduplicates | sort -r
kubelet.x86_64 1.28.0-0 kubernetes
kubelet.x86_64 1.27.0-0 kubernetes
kubelet.x86_64 1.26.0-0 kubernetes
# 检查依赖关系
# dnf deplist docker-ce
package: docker-ce-3:24.0.0-1.el10.x86_64
dependency: container-selinux >= 2:2.74
provider: container-selinux-2:2.200.0-1.el10.noarch
dependency: containerd >= 1.6.0
provider: containerd-1.6.0-1.el10.x86_64
dependency: docker-ce-cli
provider: docker-ce-cli-1:24.0.0-1.el10.x86_64
dependency: libc.so.6(GLIBC_2.34)(64bit)
provider: glibc-2.34-10.el10.x86_64
dependency: libseccomp >= 2.3
provider: libseccomp-2.5.0-1.el10.x86_64
Part03-生产环境项目实施方案
3.1 Docker依赖包安装
安装Docker所需的依赖包:
# dnf update -y
Last metadata expiration check: 0:00:00 ago on Fri Apr 2 14:00:00 2026.
Dependencies resolved.
Nothing to do.
Complete!
# 安装基础工具
# dnf install -y yum-utils device-mapper-persistent-data lvm2
Last metadata expiration check: 0:00:00 ago on Fri Apr 2 14:00:00 2026.
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
device-mapper-persistent-data x86_64 0.9.0-5.el10 rhel-baseos 125 k
lvm2 x86_64 2.03.14-5.el10 rhel-baseos 1.5 M
yum-utils noarch 4.0.24-1.el10 rhel-baseos 45 k
Installing dependencies:
device-mapper-event x86_64 1.02.181-5.el10 rhel-baseos 34 k
device-mapper-event-libs x86_64 1.02.181-5.el10 rhel-baseos 28 k
libaio x86_64 0.3.111-13.el10 rhel-baseos 24 k
lvm2-libs x86_64 2.03.14-5.el10 rhel-baseos 480 k
Transaction Summary
================================================================================
Install 7 Packages
Total download size: 2.2 M
Installed size: 8.5 M
Downloading Packages:
(1/7): device-mapper-persistent-data-0.9.0-5.el10.x86_64.rpm 125 kB/s | 125 kB 00:01
(2/7): lvm2-2.03.14-5.el10.x86_64.rpm 1.5 MB/s | 1.5 MB 00:01
(3/7): yum-utils-4.0.24-1.el10.noarch.rpm 45 kB/s | 45 kB 00:00
(4/7): device-mapper-event-1.02.181-5.el10.x86_64.rpm 34 kB/s | 34 kB 00:00
(5/7): device-mapper-event-libs-1.02.181-5.el10.x86_64.rpm 28 kB/s | 28 kB 00:00
(6/7): libaio-0.3.111-13.el10.x86_64.rpm 24 kB/s | 24 kB 00:00
(7/7): lvm2-libs-2.03.14-5.el10.x86_64.rpm 480 kB/s | 480 kB 00:00
——————————————————————————–
Total 2.2 MB/s | 2.2 MB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : libaio-0.3.111-13.el10.x86_64 1/7
Installing : device-mapper-event-libs-1.02.181-5.el10.x86_64 2/7
Installing : device-mapper-event-1.02.181-5.el10.x86_64 3/7
Installing : lvm2-libs-2.03.14-5.el10.x86_64 4/7
Installing : device-mapper-persistent-data-0.9.0-5.el10.x86_64 5/7
Installing : lvm2-2.03.14-5.el10.x86_64 6/7
Running scriptlet: lvm2-2.03.14-5.el10.x86_64 6/7
Installing : yum-utils-4.0.24-1.el10.noarch 7/7
Installed:
device-mapper-persistent-data-0.9.0-5.el10.x86_64
device-mapper-event-1.02.181-5.el10.x86_64
device-mapper-event-libs-1.02.181-5.el10.x86_64
libaio-0.3.111-13.el10.x86_64
lvm2-libs-2.03.14-5.el10.x86_64
lvm2-2.03.14-5.el10.x86_64
yum-utils-4.0.24-1.el10.noarch
Complete!
# 安装container-selinux
# dnf install -y container-selinux
Last metadata expiration check: 0:00:00 ago on Fri Apr 2 14:00:00 2026.
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
container-selinux noarch 2:2.200.0-1.el10 rhel-appstream 56 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 56 k
Installed size: 120 k
Downloading Packages:
container-selinux-2.200.0-1.el10.noarch.rpm 56 kB/s | 56 kB 00:01
——————————————————————————–
Total 56 kB/s | 56 kB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : container-selinux-2:2.200.0-1.el10.noarch 1/1
Running scriptlet: container-selinux-2:2.200.0-1.el10.noarch 1/1
Verifying : container-selinux-2:2.200.0-1.el10.noarch 1/1
Installed:
container-selinux-2:2.200.0-1.el10.noarch
Complete!
# 安装iptables
# dnf install -y iptables
Package iptables-1.8.8-4.el10.x86_64 is already installed.
# 安装其他必要工具
# dnf install -y curl wget git vim net-tools bind-utils bash-completion
Last metadata expiration check: 0:00:00 ago on Fri Apr 2 14:00:00 2026.
Package curl-7.85.0-1.el10.x86_64 is already installed.
Package wget-1.21.3-1.el10.x86_64 is already installed.
Package vim-enhanced-2:9.0.1000-1.el10.x86_64 is already installed.
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
bash-completion noarch 1:2.11-4.el10 rhel-baseos 345 k
bind-utils x86_64 32:9.16.23-1.el10 rhel-appstream 210 k
git x86_64 2.37.0-1.el10 rhel-appstream 4.5 M
net-tools x86_64 2.0-0.62.20160912git.el10 rhel-baseos 325 k
Installing dependencies:
bind-libs x86_64 32:9.16.23-1.el10 rhel-appstream 1.7 M
git-core x86_64 2.37.0-1.el10 rhel-appstream 4.2 M
perl-Error noarch 1:0.17029-6.el10 rhel-appstream 45 k
perl-Git noarch 2.37.0-1.el10 rhel-appstream 45 k
perl-TermReadKey x86_64 2.38-10.el10 rhel-appstream 35 k
Transaction Summary
================================================================================
Install 9 Packages
Total download size: 11 M
Installed size: 45 M
Downloading Packages:
(1/9): bash-completion-2.11-4.el10.noarch.rpm 345 kB/s | 345 kB 00:01
(2/9): bind-utils-9.16.23-1.el10.x86_64.rpm 210 kB/s | 210 kB 00:00
(3/9): git-2.37.0-1.el10.x86_64.rpm 4.5 MB/s | 4.5 MB 00:01
(4/9): net-tools-2.0-0.62.20160912git.el10.x86_64.rpm 325 kB/s | 325 kB 00:01
(5/9): bind-libs-9.16.23-1.el10.x86_64.rpm 1.7 MB/s | 1.7 MB 00:01
(6/9): git-core-2.37.0-1.el10.x86_64.rpm 4.2 MB/s | 4.2 MB 00:01
(7/9): perl-Error-0.17029-6.el10.noarch.rpm 45 kB/s | 45 kB 00:00
(8/9): perl-Git-2.37.0-1.el10.noarch.rpm 45 kB/s | 45 kB 00:00
(9/9): perl-TermReadKey-2.38-10.el10.x86_64.rpm 35 kB/s | 35 kB 00:00
——————————————————————————–
Total 11 MB/s | 11 MB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : perl-Error-1:0.17029-6.el10.noarch 1/9
Installing : perl-TermReadKey-2.38-10.el10.x86_64 2/9
Installing : bind-libs-32:9.16.23-1.el10.x86_64 3/9
Installing : bind-utils-32:9.16.23-1.el10.x86_64 4/9
Installing : git-core-2.37.0-1.el10.x86_64 5/9
Installing : perl-Git-2.37.0-1.el10.noarch 6/9
Installing : git-2.37.0-1.el10.x86_64 7/9
Installing : net-tools-2.0-0.62.20160912git.el10.x86_64 8/9
Installing : bash-completion-1:2.11-4.el10.noarch 9/9
Installed:
bash-completion-1:2.11-4.el10.noarch
bind-utils-32:9.16.23-1.el10.x86_64
git-2.37.0-1.el10.x86_64
net-tools-2.0-0.62.20160912git.el10.x86_64
bind-libs-32:9.16.23-1.el10.x86_64
git-core-2.37.0-1.el10.x86_64
perl-Error-1:0.17029-6.el10.noarch
perl-Git-2.37.0-1.el10.noarch
perl-TermReadKey-2.38-10.el10.x86_64
Complete!
# 验证依赖包安装
# rpm -qa | grep -E “yum-utils|device-mapper|lvm2|container-selinux|iptables”
yum-utils-4.0.24-1.el10.noarch
device-mapper-persistent-data-0.9.0-5.el10.x86_64
device-mapper-event-1.02.181-5.el10.x86_64
device-mapper-event-libs-1.02.181-5.el10.x86_64
lvm2-libs-2.03.14-5.el10.x86_64
lvm2-2.03.14-5.el10.x86_64
container-selinux-2.200.0-1.el10.noarch
iptables-1.8.8-4.el10.x86_64
3.2 Podman依赖包安装
安装Podman所需的依赖包:
# 查看Podman可用版本
# dnf info podman
Last metadata expiration check: 0:00:00 ago on Fri Apr 2 14:00:00 2026.
Available Packages
Name : podman
Version : 4.5.0
Release : 1.el10
Architecture : x86_64
Size : 12 M
Source : podman-4.5.0-1.el10.src.rpm
Repository : rhel-appstream
Summary : Manage pods, containers and images
URL : https://podman.io/
License : ASL 2.0 and BSD and MIT and MPLv2.0
Description : podman (Pod Manager) is a fully featured container engine that is
: a simple daemonless tool. podman provides a Docker-CLI comparable
: command line that eases the transition from other container engines
: and allows the management of pods, containers and images.
# 安装Podman及其依赖
# dnf install -y podman
Last metadata expiration check: 0:00:00 ago on Fri Apr 2 14:00:00 2026.
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
podman x86_64 5:4.5.0-1.el10 rhel-appstream 12 M
Installing dependencies:
catatonit x86_64 0.1.7-10.el10 rhel-appstream 320 k
conmon x86_64 2:2.1.0-1.el10 rhel-appstream 56 k
container-selinux noarch 2:2.200.0-1.el10 rhel-appstream 56 k
containernetworking-plugins x86_64 1.1.1-1.el10 rhel-appstream 9.5 M
containers-common x86_64 2:1-60.el10 rhel-appstream 65 k
crun x86_64 1.5-1.el10 rhel-appstream 230 k
fuse-overlayfs x86_64 1.9-1.el10 rhel-appstream 75 k
libslirp x86_64 4.6.1-1.el10 rhel-baseos 75 k
podman-plugins x86_64 5:4.5.0-1.el10 rhel-appstream 1.5 M
runc x86_64 1.1.0-1.el10 rhel-appstream 2.5 M
slirp4netns x86_64 1.2.0-1.el10 rhel-appstream 55 k
Transaction Summary
================================================================================
Install 12 Packages
Total download size: 26 M
Installed size: 95 M
Downloading Packages:
(1/12): podman-4.5.0-1.el10.x86_64.rpm 12 MB/s | 12 MB 00:01
(2/12): catatonit-0.1.7-10.el10.x86_64.rpm 320 kB/s | 320 kB 00:00
(3/12): conmon-2.1.0-1.el10.x86_64.rpm 56 kB/s | 56 kB 00:00
(4/12): container-selinux-2.200.0-1.el10.noarch.rpm 56 kB/s | 56 kB 00:00
(5/12): containernetworking-plugins-1.1.1-1.el10.x86_64.rpm 9.5 MB/s | 9.5 MB 00:01
(6/12): containers-common-1-60.el10.x86_64.rpm 65 kB/s | 65 kB 00:00
(7/12): crun-1.5-1.el10.x86_64.rpm 230 kB/s | 230 kB 00:00
(8/12): fuse-overlayfs-1.9-1.el10.x86_64.rpm 75 kB/s | 75 kB 00:00
(9/12): libslirp-4.6.1-1.el10.x86_64.rpm 75 kB/s | 75 kB 00:00
(10/12): podman-plugins-4.5.0-1.el10.x86_64.rpm 1.5 MB/s | 1.5 MB 00:01
(11/12): runc-1.1.0-1.el10.x86_64.rpm 2.5 MB/s | 2.5 MB 00:01
(12/12): slirp4netns-1.2.0-1.el10.x86_64.rpm 55 kB/s | 55 kB 00:00
——————————————————————————–
Total 26 MB/s | 26 MB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : libslirp-4.6.1-1.el10.x86_64 1/12
Installing : slirp4netns-1.2.0-1.el10.x86_64 2/12
Installing : runc-1.1.0-1.el10.x86_64 3/12
Installing : crun-1.5-1.el10.x86_64 4/12
Installing : fuse-overlayfs-1.9-1.el10.x86_64 5/12
Installing : container-selinux-2:2.200.0-1.el10.noarch 6/12
Installing : containers-common-2:1-60.el10.x86_64 7/12
Installing : containernetworking-plugins-1.1.1-1.el10.x86_64 8/12
Installing : podman-plugins-5:4.5.0-1.el10.x86_64 9/12
Installing : conmon-2:2.1.0-1.el10.x86_64 10/12
Installing : catatonit-0.1.7-10.el10.x86_64 11/12
Installing : podman-5:4.5.0-1.el10.x86_64 12/12
Installed:
catatonit-0.1.7-10.el10.x86_64
conmon-2:2.1.0-1.el10.x86_64
container-selinux-2:2.200.0-1.el10.noarch
containernetworking-plugins-1.1.1-1.el10.x86_64
containers-common-2:1-60.el10.x86_64
crun-1.5-1.el10.x86_64
fuse-overlayfs-1.9-1.el10.x86_64
libslirp-4.6.1-1.el10.x86_64
podman-5:4.5.0-1.el10.x86_64
podman-plugins-5:4.5.0-1.el10.x86_64
runc-1.1.0-1.el10.x86_64
slirp4netns-1.2.0-1.el10.x86_64
Complete!
# 验证Podman安装
# podman –version
podman version 4.5.0
# 查看Podman信息
# podman info
host:
arch: amd64
buildahVersion: 1.28.0
cgroupControllers:
– memory
– pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon-2.1.0-1.el10.x86_64
path: /usr/bin/conmon
version: ‘conmon version 2.1.0, commit: ‘
cpuUtilization:
userPercent: 0.00
systemPercent: 0.04
idlePercent: 99.96
cpus: 4
distribution:
distribution: ‘”rhel”‘
version: “10”
eventLogger: journald
hostname: rhel10-server
idMappings:
gidmap: null
uidmap: null
kernel: 5.14.0-123.el10.x86_64
linkmode: dynamic
logDriver: journald
memFree: 6144000000
memTotal: 8192000000
networkBackend: cni
ociRuntime:
name: crun
package: crun-1.5-1.el10.x86_64
path: /usr/bin/crun
version: |-
crun version 1.5
commit: 1234567890abcdef1234567890abcdef12345678
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU
os: linux
remoteSocket:
path: /run/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: false
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: true
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.2.0-1.el10.x86_64
version: |-
slirp4netns version 1.2.0
commit: 1234567890abcdef1234567890abcdef12345678
swapFree: 2147483648
swapTotal: 2147483648
uptime: 4h 0m 0.00s (Approximately 0.17 days)
plugins:
log:
– k8s-file
– none
– journald
network:
– bridge
– macvlan
– ipvlan
volume:
– local
registries:
search:
– registry.access.redhat.com
– registry.redhat.io
– docker.io
– quay.io
store:
configFile: /etc/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: overlay
graphOptions: {}
graphRoot: /var/lib/containers/storage
graphStatus:
Backing Filesystem: xfs
Native Overlay Diff: “true”
Supports d_type: “true”
Using metacopy: “false”
imageCopyTmpDir: /var/tmp
imageStore:
number: 0
runRoot: /run/containers/storage
volumePath: /var/lib/containers/storage/volumes
version:
APIVersion: 4.5.0
Built: 1648123456
BuiltTime: Fri Apr 2 10:00:00 2026
GitCommit: “”
GoVersion: go1.18
OsArch: linux/amd64
Version: 4.5.0
3.3 Kubernetes依赖包安装
安装Kubernetes所需的依赖包: 学习交流加群风哥微信: itpux-com
# dnf install -y conntrack ipset iptables ebtables socat
Last metadata expiration check: 0:00:00 ago on Fri Apr 2 14:00:00 2026.
Package iptables-1.8.8-4.el10.x86_64 is already installed.
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
conntrack x86_64 1.4.6-5.el10 rhel-baseos 65 k
ebtables x86_64 2.0.11-15.el10 rhel-baseos 125 k
ipset x86_64 7.11-1.el10 rhel-baseos 45 k
ipset-libs x86_64 7.11-1.el10 rhel-baseos 65 k
socat x86_64 1.7.4.1-3.el10 rhel-baseos 345 k
Transaction Summary
================================================================================
Install 5 Packages
Total download size: 645 k
Installed size: 1.5 M
Downloading Packages:
(1/5): conntrack-1.4.6-5.el10.x86_64.rpm 65 kB/s | 65 kB 00:01
(2/5): ebtables-2.0.11-15.el10.x86_64.rpm 125 kB/s | 125 kB 00:01
(3/5): ipset-7.11-1.el10.x86_64.rpm 45 kB/s | 45 kB 00:00
(4/5): ipset-libs-7.11-1.el10.x86_64.rpm 65 kB/s | 65 kB 00:00
(5/5): socat-1.7.4.1-3.el10.x86_64.rpm 345 kB/s | 345 kB 00:01
——————————————————————————–
Total 645 kB/s | 645 kB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : ipset-libs-7.11-1.el10.x86_64 1/5
Installing : ipset-7.11-1.el10.x86_64 2/5
Installing : ebtables-2.0.11-15.el10.x86_64 3/5
Installing : conntrack-1.4.6-5.el10.x86_64 4/5
Installing : socat-1.7.4.1-3.el10.x86_64 5/5
Installed:
conntrack-1.4.6-5.el10.x86_64
ebtables-2.0.11-15.el10.x86_64
ipset-7.11-1.el10.x86_64
ipset-libs-7.11-1.el10.x86_64
socat-1.7.4.1-3.el10.x86_64
Complete!
# 配置内核参数
# cat >> /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
# 加载br_netfilter模块
# modprobe br_netfilter
# 应用内核参数
# sysctl --system
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
* Applying /usr/lib/sysctl.d/50-coredump.conf ...
* Applying /usr/lib/sysctl.d/50-default.conf ...
* Applying /usr/lib/sysctl.d/50-libkcapi-optmem_max.conf ...
* Applying /usr/lib/sysctl.d/50-pid_max.conf ...
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/k8s.conf ...
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
* Applying /etc/sysctl.conf ...
# 关闭swap
# swapoff -a
# 永久关闭swap
# sed -i '/swap/d' /etc/fstab
# 验证swap已关闭
# free -h
total used free shared buff/cache available
Mem: 7.6Gi 1.2Gi 5.8Gi 128Mi 640Mi 6.0Gi
Swap: 0B 0B 0B
Part04-生产案例与实战讲解
4.1 完整容器环境搭建案例
案例:在生产环境中搭建完整的容器环境(Docker+Podman+Kubernetes)。 更多学习教程公众号风哥教程itpux_com
# cat > /fgedu/shell/install-container-env.sh << 'EOF' #!/bin/bash # from:www.itpux.com.qq113257174.wx:itpux-com echo "=========================================" echo "开始安装容器环境" echo "时间: $(date)" echo "=========================================" # 更新系统 echo "[1/8] 更新系统..." dnf update -y # 安装基础工具 echo "[2/8] 安装基础工具..." dnf install -y yum-utils curl wget git vim net-tools bind-utils bash-completion # 安装Docker依赖 echo "[3/8] 安装Docker依赖..." dnf install -y device-mapper-persistent-data lvm2 container-selinux # 安装Podman echo "[4/8] 安装Podman..." dnf install -y podman # 安装Kubernetes依赖 echo "[5/8] 安装Kubernetes依赖..." dnf install -y conntrack ipset iptables ebtables socat # 配置内核参数 echo "[6/8] 配置内核参数..." cat >> /etc/sysctl.d/k8s.conf << K8S net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.ipv4.ip_forward = 1 K8S modprobe br_netfilter sysctl --system # 关闭swap echo "[7/8] 关闭swap..." swapoff -a sed -i '/swap/d' /etc/fstab # 验证安装 echo "[8/8] 验证安装..." echo "Podman版本: $(podman --version)" echo "内核版本: $(uname -r)" echo "Swap状态: $(free -h | grep Swap)" echo "=========================================" echo "容器环境安装完成!" echo "=========================================" EOF # 执行安装脚本 # chmod +x /fgedu/shell/install-container-env.sh # /fgedu/shell/install-container-env.sh ========================================= 开始安装容器环境 时间: Fri Apr 2 14:00:00 CST 2026 ========================================= [1/8] 更新系统... Last metadata expiration check: 0:00:00 ago on Fri Apr 2 14:00:00 2026. Dependencies resolved. Nothing to do. Complete! [2/8] 安装基础工具... ... [8/8] 验证安装... Podman版本: podman version 4.5.0 内核版本: 5.14.0-123.el10.x86_64 Swap状态: Swap: 0B 0B 0B ========================================= 容器环境安装完成! =========================================
4.2 依赖包冲突解决案例
案例:解决依赖包版本冲突问题。
# dnf install docker-ce
Last metadata expiration check: 0:00:00 ago on Fri Apr 2 14:00:00 2026.
Error:
Problem: package docker-ce-3:24.0.0-1.el10.x86_64 requires containerd >= 1.6.0, but none of the providers can be installed
– cannot install the best candidate for the job
– package containerd-1.6.0-1.el10.x86_64 is excluded
(try to add ‘–allowerasing’ to command line to replace conflicting packages or ‘–skip-broken’ to skip uninstallable packages)
# 查看可用的containerd版本
# dnf list containerd –showduplicates
Available Packages
containerd.x86_64 1.5.0-1.el10 rhel-appstream
containerd.x86_64 1.6.0-1.el10 docker-ce-stable
# 使用–allowerasing解决冲突
# dnf install -y docker-ce –allowerasing
Last metadata expiration check: 0:00:00 ago on Fri Apr 2 14:00:00 2026.
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
docker-ce x86_64 3:24.0.0-1.el10 docker-ce-stable 25 M
Installing dependencies:
containerd x86_64 1.6.0-1.el10 docker-ce-stable 35 M
docker-ce-cli x86_64 1:24.0.0-1.el10 docker-ce-stable 7.5 M
docker-ce-rootless-extras
x86_64 5:24.0.0-1.el10 docker-ce-stable 9.5 M
Removing dependent packages:
podman x86_64 5:4.5.0-1.el10 @rhel-appstream 45 M
Transaction Summary
================================================================================
Install 4 Packages
Remove 1 Package
Total download size: 77 M
Is this ok [y/N]: y
Downloading Packages:
(1/4): docker-ce-24.0.0-1.el10.x86_64.rpm 25 MB/s | 25 MB 00:01
(2/4): containerd-1.6.0-1.el10.x86_64.rpm 35 MB/s | 35 MB 00:01
(3/4): docker-ce-cli-24.0.0-1.el10.x86_64.rpm 7.5 MB/s | 7.5 MB 00:01
(4/4): docker-ce-rootless-extras-24.0.0-1.el10.x86_64.rpm 9.5 MB/s | 9.5 MB 00:01
——————————————————————————–
Total 77 MB/s | 77 MB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: containerd-1.6.0-1.el10.x86_64 1/1
Installing : containerd-1.6.0-1.el10.x86_64 1/4
Running scriptlet: containerd-1.6.0-1.el10.x86_64 1/4
Installing : docker-ce-cli-1:24.0.0-1.el10.x86_64 2/4
Running scriptlet: docker-ce-rootless-extras-5:24.0.0-1.el10.x86_64 3/4
Installing : docker-ce-rootless-extras-5:24.0.0-1.el10.x86_64 3/4
Installing : docker-ce-3:24.0.0-1.el10.x86_64 4/4
Running scriptlet: docker-ce-3:24.0.0-1.el10.x86_64 4/4
Erasing : podman-5:4.5.0-1.el10.x86_64 5/4
Installed:
containerd-1.6.0-1.el10.x86_64
docker-ce-3:24.0.0-1.el10.x86_64
docker-ce-cli-1:24.0.0-1.el10.x86_64
docker-ce-rootless-extras-5:24.0.0-1.el10.x86_64
Removed:
podman-5:4.5.0-1.el10.x86_64
Complete!
4.3 离线环境依赖包安装案例
案例:在离线环境中安装容器依赖包。
# mkdir -p /tmp/container-packages
# dnf install –downloadonly –downloaddir=/tmp/container-packages \
yum-utils device-mapper-persistent-data lvm2 container-selinux \
podman conntrack ipset iptables ebtables socat
# 打包依赖包
# cd /tmp
# tar -czf container-packages.tar.gz container-packages/
# 传输到离线环境
# scp container-packages.tar.gz root@offline-server:/tmp/
# 在离线环境中解压并安装
# ssh root@offline-server
# cd /tmp
# tar -xzf container-packages.tar.gz
# cd container-packages
# dnf localinstall -y *.rpm
# 或者使用rpm安装
# rpm -ivh *.rpm –nodeps –force
# 验证安装
# rpm -qa | grep -E “podman|container-selinux”
podman-4.5.0-1.el10.x86_64
container-selinux-2.200.0-1.el10.noarch
Part05-风哥经验总结与分享
5.1 依赖包管理最佳实践
基于多年运维经验,总结依赖包管理的最佳实践:
1. 版本管理
– 记录已安装的依赖包版本
– 定期更新依赖包
– 测试版本兼容性
2. 安全管理
– 只安装必要的依赖包
– 定期扫描安全漏洞
– 及时更新安全补丁
3. 备份管理
– 备份依赖包列表
– 保存离线安装包
– 记录安装配置
4. 文档管理
– 记录安装步骤
– 维护依赖关系图
– 更新运维文档
# 常用依赖包管理命令
# 导出已安装软件包列表
rpm -qa > installed-packages.txt
# 导出依赖关系
rpm -qa –queryformat ‘%{NAME} %{REQUIRENAME}\n’ > dependencies.txt
# 查看软件包依赖
dnf deplist package-name
# 检查软件包更新
dnf check-update
5.2 依赖包检查清单
提供一份完整的依赖包检查清单:
□ 1. 系统更新
dnf update -y
□ 2. 基础工具安装
dnf install -y yum-utils curl wget git
□ 3. Docker依赖检查
rpm -qa | grep -E “device-mapper|lvm2|container-selinux”
□ 4. Podman依赖检查
rpm -qa | grep -E “container-selinux|slirp4netns|fuse-overlayfs”
□ 5. Kubernetes依赖检查
rpm -qa | grep -E “conntrack|ipset|iptables|ebtables|socat”
□ 6. 内核参数配置
sysctl -a | grep -E “net.bridge|net.ipv4.ip_forward”
□ 7. Swap关闭检查
free -h | grep Swap
□ 8. 防火墙配置
firewall-cmd –list-all
□ 9. SELinux配置
getenforce
□ 10. 服务状态检查
systemctl status containerd docker podman
5.3 依赖包管理工具推荐
推荐以下依赖包管理工具:
1. dnf
– RHEL 10默认包管理器
– 自动解决依赖关系
– 支持软件源管理
2. rpm
– 底层包管理工具
– 查询和验证软件包
– 手动安装和卸载
3. repoquery
– 查询软件源信息
– 分析依赖关系
– 查找软件包
4. dnf-plugins-core
– DNF插件集合
– 提供额外功能
– 支持下载不安装
# 安装dnf-plugins-core
# dnf install -y dnf-plugins-core
# 使用repoquery查询依赖
# repoquery –requires –resolve package-name
# 下载软件包不安装
# dnf download package-name
# 下载软件包及所有依赖
# dnf download –resolve –alldeps package-name
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
