Required Kernel Options

The Docker open source team has provided a script that can detect whether the kernel configuration meets Docker's running requirements. The source address is: https://github.com/moby/moby/blob/master/contrib/check-config.sh.

  1. Get script and run the following command:
    $ ./check-config.sh
    The following is the example output:
    Figure 1. Example Output:
    The output results are mainly divided into 2 parts:
    • Generally Necessary: Indicates the necessary configuration. The missing options in the figure need to be opened in the kernel configuration to recompile and burn the kernel to support Docker.
    • Optional Features: Indicates optional configuration, and can be opened as needed.
  2. From the example output, we can see that there are many missing options in the necessary configuration. You can refer to this link to pull codes, switch branches, and apply the default kernel options. After applying the default options, configure the corresponding kernel options:
    • To enable CONFIG_CGROUP_*, CONFIG_CPUSETS, CONFIG_MEMCG and itms under Controller, you need to enable following options under General setup > Control Group support:
      Figure 2. Configure Kernel Options
    • To enable CONFIG_VETH, you need to enable Virtual ethernet pair device options under Device Drivers > Network device support:
      Figure 3. Virtual ethernet pair device
    • To enable CONFIG_BRIDGE, you need to enable 802.1d Ethernet Bridging option under Networking support > Networking options:
      Figure 4. 802.1d Ethernet Bridging
    • To enable CONFIG_BRIDGE_NETFILTER, you need to enable Bridged IP/ARP packets filtering option under Networking support > Networking options > Network packet filtering framework (Netfilter):
      Figure 5. Bridged IP/ARP packets filtering
    • To enable CONFIG_NETFILTER_XT_MATCH_ADDRTYPE, you need to enable “addrtype" address type match support option under Networking support > Networking options > Network packet filtering framework (Netfilter) > Core Netfilter Configuration:
      Figure 6. “addrtype" address type match support
    • To enable CONFIG_IP_NF_MANGLE, you need to enable Packet mangling option under Networking support > Networking options > Network packet filtering framework (Netfilter) > IP: Netfilter Configuration:
      Figure 7. Packet mangling
    • To enable CONFIG_NETFILTER_XT_MATCH_IPVS, you need to enable the following 2 options:
      • Enable IP virtual server support option under Networking support > Networking options > Network packet filtering framework (Netfilter):
        Figure 8. IP virtual server support & "ipvs" match support
      • Enable "ipvs" match support option under Networking support > Networking options > Network packet filtering framework (Netfilter) > Core Netfilter Configuration:
        Figure 9. "ipvs" match support
    • To enable CONFIG_IP6_NF_IPTABLES, you need to enable IP6 tables support (required for filtering) option under Networking support > Networking options > Network packet filtering framework (Netfilter) > IPV6: Netfilter Configuration:
      Figure 10. IP6 tables support (required for filtering)
    • To enable CONFIG_NF_TABLES_BRIDGE, you need to enable Ethernet Bridge nf_tables support (NEW) option under Networking support > Networking options > Network packet filtering framework (Netfilter):
      Figure 11. Ethernet Bridge nf_tables support (NEW)
    • After selecting the above options, you still need to enable the following options under Networking support > Networking options > Network packet filtering framework (Netfilter) > Core Netfilter Configuration, otherwise, Docker will not start properly:
      Figure 12. Netfilter nf_tables_support