Tip: Can't find docker networking namespace via ip netns list

Symptom:

    In ubuntu, we start a docker container, try to find docker networking namespace via "ip netns list". The output is empty.

Reason:

   The docker by default , it records netns on /var/run/docker/netns. While "ip netns list" is checking /var/run/netns

Workaround:  

 stop all containers , rm -rf /var/run/netns,  ln -s /var/run/docker/netns  /var/run/netns

Tip:

To find netns id of container use

docker ps ---> find container ID

docker inspect <contain ID> |grep netns

Istio install against different Docker Repos

Requirement:

       With istioctl, it has built-in manifests. However, these manifests or docker images may not be accessible in the corporate network, or users use other docker repo other than docker.io.  How to install it?

Solution:

• istioctl manifest generate --set profile=demo > istio_generate_manifests_demo.yaml
• find docker images path in the yaml ,download and upload them to your internal docker repo.
• edit the file with right docker image path of internal docker repo
• kubectl apply -f istio_generate_manifests_demo.yaml
• istioctl verify-install -f istio_generate_manifests_iad_demo.yaml
• to purge the deployment:
• istioctl x uninstall --purge

How To RMAN Backup Oracle Database 19c running in Kubernetes

Requirement:

   We have an Oracle Database 19c running in OKE( Oracle Kubernetes Engine). We would like to use rman to backup DB to Object storage of  Cloud. We use Oracle Cloud Infrasture (OCI) as an example. The same concept applied to other Clouds.

Steps:

• Create a docker image with python 3 and Oracle OCI CLI installed. Please refer official doc how to install Oracle OCI CLI. Also, Dockerfile can be found via  GitHub repo 
• Create a statefulset using the docker image. Yaml files can be found via GitHub Repo
• Download the rman backup module of OCI. link
• Follow the instructions of installation. link
• Attention: when we set up oci cli, the config file should not be in the docker image, but to the persistent block storage volume. ie /opt/oracle/diag/.oci/config and export OCI_CLI_CONFIG_FILE=/opt/oracle/diag/.oci/config
•  Attention: when we set up rman backup module and create wallet files,  all config files should not be put in the docker image, but to the persistent block storage volume. ie /opt/oracle/diag/
• java -jar oci_install.jar \
• -host https://objectstorage.us-phoenix-1.oraclecloud.com \
• -pvtKeyFile /opt/oracle/diag/.oci/testuser_ww-oci_api_key.pem \
• -pubFingerPrint 52:b6:0e:2e:***:a1 \
• -uOCID "ocid1.user.oc1..aaaaahjia***adfe" \
• -tOCID "ocid1.tenancy.oc1..aanh7gl5**dfe" \
• -walletDir /opt/oracle/diag/.oci/opc_wallet \
• -configFile /opt/oracle/diag/.oci/opc_wallet/opcAUTOCDB.ora \
• -libDir $ORACLE_HOME/lib \
• -bucket BUK-OBJECT-STORAGE-BAK-TEMP \
• -proxyHost yourproxy.com \
• -proxyPort 80
• Use java- jar oci_installer.jar -h for more details
• Tip:If you have libopc.so in place in $ORACLE_HOME/lib which is in docker image, we can ignore the warning of  downloading part of the process
• Tip: You can copy opc_wallet to other servers or OKE clusters without doing oci cli and java -jar oic_installer.jar steps .
• Tip: If you see error " KBHS-00713: HTTP client error '', check http_proxy and https_proxy settings. Rman backup to object storage module uses  HTTP HTTPS protocols. 
• Tip: If you see error " KBHS-01012: ORA-28759 occurred during wallet operation; WRL file:/home/oracle/opc_wallet ",  it maybe due to there are some old opc<sid>.ora config files in $ORACLE_HOME/dbs. DB always try to read the config file in ./dbs instead of using parameters. Remove the files should clear it
• To avoid error "KBHS-01006: Parameter OPC_HOST was not specified", we need to put all parameters in opcAUTOCDB.ora in the rman script.
• Test RMAN backup inside your statefulset DB pod
• rman target /
• SET ENCRYPTION ON IDENTIFIED BY 'testtest' ONLY;
• run {
• SET ENCRYPTION ON IDENTIFIED BY 'changeme' ONLY;
• ALLOCATE CHANNEL t1 DEVICE TYPE sbt PARMS "SBT_LIBRARY=/opt/oracle/product/19c/dbhome_1/lib/libopc.so ENV=(OPC_HOST=https://objectstorage.us-phoenix-1.oraclecloud.com/n/testnamespace, OPC_WALLET='LOCATION=file:/opt/oracle/diag/.oci/opc_wallet CREDENTIAL_ALIAS=alias_oci', OPC_CONTAINER=TEST-OBJECT-STORAGE-RMAN, OPC_COMPARTMENT_ID=ocid1.compartment.oc1..aa****sddfeq, OPC_AUTH_SCHEME=BMC)";
• backup current controlfile;
• }

Dockerfile for Oracle Database 19.5 image with patches applied

Summary:

Here is the github link for Dockerfile of Oracle Database 19.5 image with patches applied

https://github.com/HenryXie1/Dockerfile/tree/master/OracleDatabase

The docker image has 19.3 installed and apply below patches to 19.5
OCT_RU_DB_p30125133_190000_Linux-x86-64.zip  OCT_RU_OJVM_p30128191_190000_Linux-x86-64.zip  
p30083488_195000DBRU_Linux-x86-64.zip

The docker image has updates to facilitate automated block storage provision in  OKE (Oracle Kubernetes Engine)

The docker image creates three different volumes for  Oradata,  Fast Recovery Area (FRA)  and Diagnose area (diag). The three would help to keep datafiles safe, dedicated space for recovery and separated place for diagnosing avoid filling up Data and FRA places.

The testdb yaml files utilize oci-bv (Container Storage Interface -- CSI based)  of OKE

Tip: Sending build context to Docker daemon when Docker build

Symptom:

  When we run docker build

Sending build context to Docker daemon...

   After a while, we hit out of space issue.

Solution:

When docker build large image like oracle database, we better only keep only 1 version DB downloaded binary file in the docker build directory. 
By default docker daemon sending build context will include all the zip files in it (include unused version zip files), it may cause unnecessary space pressure.

Error: container has runAsNonRoot and image has non-numeric user , cannot verify user is non-root

Symptom:

When we enable Pod Security Policy in OKE (Oracle Kubernete Engine) . We only allow nonroot user running in the Pods. However, we build an application with Oracle Linux base docker image and use oracle . We still get
Error: container has runAsNonRoot and image has non-numeric user , cannot verify user is non-root

Solution:

The error is very obvious , oracle is non-numeric , we need to update it to be 1000.
In the Dockerfile  : USER oracle --> USER 1000

Dockerfile Example of Linux NonRoot User for Apache Httpd

Requirement:

      In the enterprise world, there is a concern that we should not run docker images via root user unless there is an exception.
      When we install apache2 via yum, by default, it runs via root. The root user binds the privileged port like 80. We need to find a way to start httpd via nonroot to address concerns of security

Solution:

FROM oraclelinux:7-slim
RUN   yum -y --setopt=tsflags=nodocs update && \
           yum -y --setopt=tsflags=nodocs install httpd && \
          yum -y --setopt=tsflags=nodocs install mod_ssl && \
          yum clean all
EXPOSE 80
RUN ln -sf   /proc/self/fd/1 /var/log/httpd/error_log && \
         ln -sf   /proc/self/fd/1 /var/log/httpd/access_log
RUN groupadd www-data && useradd -g www-data www-data
RUN chmod 755 -R /etc/pki && chown -hR www-data:www-data /etc/httpd/ &&  chown -hR www-data:www-data /run/httpd/ && chown -hR www-data:www-data /var/www/ && chown -hR www-data:www-data /var/log/httpd/
#setcap to bind to privileged ports as non-root
RUN setcap 'cap_net_bind_service=+ep' /usr/sbin/httpd &&  getcap /usr/sbin/httpd

ADD run-httpd.sh /run-httpd.sh
RUN chown www-data:www-data /run-httpd.sh
USER 1000
CMD ["/run-httpd.sh"]

run-httpd.sh :

#!/bin/bash

exec /usr/sbin/apachectl -DFOREGROUND

tail -f  /var/log/httpd/access_log

Dockerfile for Httpd on Oracle Linux 7

Please check details on Github OracleLinux Httpd Dockerfile Repo

Dockerfile for Postgresql9.5 on Oracle Linux 7

Please check details on Github OracleLinux Postgresql 9.5 Dockerfile 

Docker: Failed to get D-Bus connection: Operation not permitted

Symptom:

When we build Postgresql 9.5 docker image on  Oracle Linux 7-slim ( FROM oraclelinux:7-slim)
it error out
Docker: Failed to get D-Bus connection: Operation not permitted

Solution:

It is due to Oracle Linux 7-slim is very slim. It takes systemd function out of the image.  D-bus need systemd to function.  In order to fix it ,we need to use a bit heavy linux image which includes systemd.  To use Oracle Linux 7 would fix it (FROM oraclelinux:7)

The full Dockerfile details of Postgresql 9.5 is on github link

How To Fix Pod Mounted PV Permission Issues on OKE

Symptom:

  We are building DB services on OKE . By default OKE(Oracle Kubernete Engine) storageclass is oci which is OCI block volume.  If we don't specify storageclass in yaml file, OKE would automatically create block volumes as persistent volumes and attach to pods for us which is very convenient.
However we hit permission issue , by default the filesystem created by OKE is owned by root , the docker images user is oracle with id 54321 . It fails on creating DB.

Solution:

  It is not a good practice for a Dockerfile to modify parent host mounted file permission. We can use yaml to tell OKE to mount the volume with correct permission.  More details refer Kubernetes security context doc
Add below in the spec of the yaml file, in this case 54321 is the id

securityContext:
         runAsUser: 54321
         fsGroup: 54321

How To Build Docker Image of Oracle 19c DB

Requirement:

  We would like to build a new 19c DB docker image for testing.

Solution:

It is based on how we build 18.4 docker images in oracle github

• Download all scripts from oracle github
• Update Dockerfile to use the zip which is 19c

• Double check docker daemon internet access as yum need to update packages. Refer proxy settings note  Refer docker network related issue note

# add proxy

RUN echo "proxy=http://<proxy server ip address>:80" >> /etc/yum.conf

• docker build --network=default --force-rm=true --no-cache=true --build-arg DB_EDITION=ee -t  oracle/database:19.2v1  . 

How To Build CI/CD Pipeline via Wercker in K8S

Requirement

We try to build an sample CI/CD pipeline to increase efficiency of development and deployment.It is also core part of devops methodology. With power of OKE(Oracle Kubernets Engine) and Wercker (Cloud based CI/CD tool Oracle acquired),"We can automatically build, test and deploy their applications, end-to-end, all the way from source to production in a repeatable transparent manner." Quote from Oracle CloudNative Lab Wercker Guide. More details please refer Wercker Doc

Preparation

• Create Github account link
• We can use github account Oauth to login Wercker
• Login Github,create a new private repository in Github. ie iridize-oci-oke-project
• Login Wercker via github sign-in, authorize wercker to access github .
  • On top right, click "add application"
  • Select user and SCM using the github account
  • Find the new private repository we just created
  • Let Wercker add deployment key for this private repository in github
  • In the first page of wercker, choose language or just create default wercker.yml
  • Copy and paste the wercker.yml into the Github repository
  • You would see a build is triggered in wercker as it detects a change in the repository

Implementation Steps On the Cloud

Create CI/CD for Postgresql Docker Image

• Generate wercker.yml

box: postgres:9.3
build:
   steps:
      - internal/docker-build:
        dockerfile: Postgres-Dockerfile
        image-name: postgresimage
        
      - internal/docker-push:
        # specify the image to be pushed - this is the one we created earlier
        image-name: postgresimage
        username: $OCIRUSERNAME # Registry username
        password: $OCIRPASSWORD # Registry password
        registry: https://iad.ocir.io/v2
        repository: $IRIDIZEREPO
        tag: $VERSION

• Copy the Postgres-dockerfile

FROM postgres:9.3
RUN mkdir -p /var/lib/postgresql-static-test/data
ENV PGDATA /var/lib/postgresql-static-test/data

• Add Application environment variables in app.wercker.com

• Do a test update on Postgres-dockerfile or wercker.yml , the CI/CD pipeline will start automatically. rebuild the docker images and deploy it to OCIR without intervention

Implementation Steps Locally via CLI

• Download Wercker CLI locally. More details refer doc
  • In linux where has docker running,download CLI via below command

  curl -L https://s3.amazonaws.com/downloads.wercker.com/cli/stable/linux_amd64/wercker -o /usr/local/bin/wercker
  chmod u+x /usr/local/bin/wercker
  

• Use "wercker build" Please refer more details in wercker doc

How To Move Existing DB Docker Image To Kubernetes

• Requirement:

   We have existing docker images for Oracle DB 18.3 which is running fine. Docker command is:
docker run -itd --name livesql_testdb1  \
-p 1521:1521 -p 5501:5500 \
-e ORACLE_SID=LTEST \
-e ORACLE_PDB=ltestpdb \
-v /u03/LTEST/oradata:/opt/oracle/oradata \
-v /u03/ALTEST/oradata:/u02/app/oracle/oradata \
oracle/database:18.3v2
   We need to move them to kubernetes cluster which is running on the same host.

Solution:

• Label nodes for nodeSelector usages

kubectl label nodes instance-cas-db2 dbhost=livesqlsb
kubectl label nodes instance-cas-mt2 mthost=livesqlsb

• To Create:  kubectl create -f <yaml file>
• Create Peresistent Volumes DB Files storage. yaml is like

---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: livesqlsb-pv-volume1
  labels:
    type: local
spec:
  storageClassName: manual
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/u03/LTEST/oradata"
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: livesqlsb-pv-volume2
  labels:
    type: local
spec:
  storageClassName: manual
  capacity:
    storage: 200Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/u03/ALTEST/oradata"

• Create Persistent Volumne Claim for DB file storage. yaml is like

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: livesql-pv-claim2
spec:
  storageClassName: manual
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 200Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: livesql-pv-claim1
spec:
  storageClassName: manual
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi

• Create Service for DB to be accessed by other Apps  in the K8S cluster. yaml is like

apiVersion: v1
kind: Service
metadata:
  labels:
    app: livesqlsb-db
  name: livesqlsb-db-service
  namespace: default
spec:
  clusterIP: None
  ports:
  - port: 1521
    protocol: TCP
    targetPort: 1521
  selector:
    app: livesqlsb-db 

• Create DB Pod in the K8S cluster. yaml is like

apiVersion: v1
kind: Pod
metadata:
  name: livesqlsb-db
  labels:
    app: livesqlsb-db
spec:
  volumes:
    - name: livesqlsb-db-pv-storage1
      persistentVolumeClaim:
       claimName: livesql-pv-claim1
    - name: livesqlsb-db-pv-storage2
      persistentVolumeClaim:
       claimName: livesql-pv-claim2
  containers:
    - image: oracle/database:18.3v2
      name: livesqldb
      ports:
        - containerPort: 1521
          name: livesqldb
      volumeMounts:
        - mountPath: /opt/oracle/oradata
          name: livesqlsb-db-pv-storage1
        - mountPath: /u02/app/oracle/oradata
          name: livesqlsb-db-pv-storage2
      env:
        - name: ORACLE_SID
          value: "LTEST"
        - name: ORACLE_PDB
          value: "ltestpdb"
  nodeSelector:
          dbhost: livesqlsb

How To Move Existing Ords Docker Containers To Kubernetes

Requirement:

   We have existing docker images for ORDS which is running fine. Docker command is:
docker run -itd --name apexords_test2 --network=mynetwork -p 7777:8888 -e livesqlsb_db_host=<ip address>  oracle/apexords:v5
   We need to move them to kubernetes cluster which is running on the same host.

Solution:

• Create Service for ORDS. yaml is like

apiVersion: v1
kind: Service
metadata:
  labels:
     name: apexords-service
  name: apexords-service
spec:
  ports:
    - port: 7777
      targetPort: 8888
      nodePort: 30301
  selector:
    name: apexords-service
  type: NodePort

• Create Pod for ORDS. yaml is like

apiVersion: v1
kind: Pod
metadata:
  name: apexords
  labels:
    name: apexords-service
spec:
  containers:
       - name: apexords
         image: oracle/apexords:v5
         imagePullPolicy: IfNotPresent
         ports:
             - containerPort: 8888
               name: apexords
  nodeSelector:
    mthost: livesqldbsb

Before moving into K8S, access url is  http://<hostname>:7777/ords/
After moving into K8S, access url is http://<hostname>:30301/ords/
To Create:  kubectl create -f <yaml file>
To Delete:  kubectl delete -f <yaml file>

How to Create Docker Images For Oracle DB 18.3 APEX 18.1 and ORDS 18.2

Scope:

We would like to containize livesql sandbox.  The purpose is to create docker images for Oracle Database 18.3 , APEX 18.1  ORDS 18.2

Database Part:

• Go to github and download all the scripts of  Database18.3  from Oracle Github
• Refer readme doc on the github to understand how dockfile works on DB
• put them into directory (ie  /u01/build/db18.3 )
• Download LINUX.X64_180000_db_home.zip  from OTN  and put it the same directory as scripts from github  (ie  /u01/build/db18.3)
• If your servers are behind proxy, Add below 2 lines into Dockerfile to let new image to access  internet. ( change the proxy name if necessary)
• HTTP_PROXY=http://yourproxy.com:80 
• HTTPS_PROXY=http://yourproxy.com:80 

• cd  /u01/build/db18.3   and  docker build -t oracle/database:18.3.0-ee . 
• It will build the image for Database 18.3 ( use docker images to check )
• To create volumes outside docker to hold all datafiles and related config files
• mkdir -p /u01/build/db18.3/oradata
• chown -R 54321:54321  /u01/build/db18.3/oradata    (54321 is the UID of oracle user from Docker image)

docker run -itd --name testdb  -p 1528:1521 -p 5500:5500  -e ORACLE_SID=LTEST  -e ORACLE_PDB=ltestpdb  -e ORACLE_PWD=<password>  -v /u01/build/db18.3/oradata:/opt/oracle/oradata   oracle/database:18.3.0-ee

• it will create a new CDB with name LTEST and a new PDB with name ltestpdb for you
• We can run this command again and again. It will detect the DB was created , not create a new one
• use  'docker logs testdb'   to check status
• use  'docker exec -t testdb   /bin/bash'   to  get into the docker  container to inspect

APEX 18.1 Part:

• Go to otn 
• Download apex18.1 zip 
• upload it to /u01/build/db18.3/oradata/ and unzip it
• chown  -R 54321:54321 ./apex 
• use  'docker exec -t livesql_testdb   /bin/bash'  get into the docker  container 
• cd  /opt/oracle/oradata/apex
• sqlplus / as sysdba
• alter session set container=ltestpdb;
• install APEX inside the docker container

@apexins SYSAUX SYSAUX TEMP /i/
— Run the apex_rest_config command
@apex_rest_config.sql

• Change and unlock the apex related accounts
• alter user APEX_180100 identified by <password>;

• alter user APEX_INSTANCE_ADMIN_USER identified by <password>;

• alter user APEX_LISTENER identified by <password>;

• alter user APEX_PUBLIC_USER identified by <password>;
• alter user APEX_REST_PUBLIC_USER identified by <password>;
• alter user APEX_180100 account unlock;
• alter user APEX_INSTANCE_ADMIN_USER account unlock;
• alter user APEX_LISTENER account unlock;
• alter user APEX_PUBLIC_USER account unlock;
• alter user APEX_REST_PUBLIC_USER account unlock;

ORDS 18.2 Part:

• Go to github and download all the scripts of  ORDS 18.2 from  Oracle GitHub 
• Refer readme doc on the github to understand how dockfile works on ORDS
• Download ORDS 18.2 from OTN 
• put them into directory (ie  /u01/build/ords )
• cd /u01/build/ords  and  docker build -t oracle/restdataservices:v1 .
• It will build docker images for ORDS
• To create volumes outside docker to hold all datafiles and related config files
• mkdir -p /u01/build/ords/config/ords
• chown -R 54321:54321   /u01/build/ords/config/ords    (54321 is the UID of oracle user from Docker image)

docker run -itd --name testords1 \
--network=ltest_network \
-p 7777:8888 \
-e ORACLE_HOST=<hostname> \
-e ORACLE_PORT=1528 \
-e ORACLE_SERVICE=ltestpdb \
-e ORACLE_PWD= <password> \
-e ORDS_PWD=<password> \
-v /u01/build/ords/config/ords:/opt/oracle/ords/config/ords \
oracle/restdataservices:v1

• it will create a new ORDS standalone and install ORDS schema  for you
• We can run this command again and again. It will detect the config file which  was created , not create a new one
• use  'docker logs testords1 '   to check status
• use  'docker exec -t testords1  /bin/bash'   to  get into the docker  container to inspect

How To Push/Pull Docker Images Into Oracle OKE Registry

Requirement:

   We have built some customized docker images for our apps. We need to upload it to OKE registry and being used by  OKE engineer later. Please refer official oracle doc

Solution:

• Make sure you have correct privileges to push images to OCI registry. You need your tenancy admin to update the policies to allow you to do that
• Generate Auth Token from OCI  user settings. see details in official oracle doc
• On the host where your docker images are, use docker to login

docker login phx.ocir.io   (we use phoenix region)
If users are federated with another directory services

Username:  <tenancy-namespace>/<federation name>/test.test@oracle.com
i.e.   mytenancy-namespace/corp_login_federate/test.test@oracle.com
If no federation, remove <federation name>

Password:  <The Auth token you generated before>

Login succeed.

• Tag the images you would like to upload

docker tag hello-world:latest

<region-code>.ocir.io/<tenancy-namespace>/<repo-name>/<image-name>:<tag>

docker tag hello-world:latest phx.ocir.io/peo/engops/hello-world:latest

• Remember to add "repo-name"
• Push the image to registry

docker push  phx.ocir.io/peo-namespace/engops/hello-world:latest

• Pull the image

 docker pull phx.ocir.io/peo-namespace/engops/hello-world

• To use it in K8S yaml file, we need to add secret for docker login. Refer k8s doc and oci doc for details

kubectl create secret docker-registry iad-ocir-secret --docker-server=iad.ocir.io --docker-username='<tenancy-namespace>/<federation name>/test.test@oracle.com' --docker-password='******' --docker-email='test@test.com'

 part of sample yaml is like

spec:
      containers:
      - name: helloworld
    # enter the path to your image, be sure to include the correct region prefix 
        image: <region-code>.ocir.io/<tenancy-namespace>/<repo-name>/<image-name>:<tag>
        ports:
        - containerPort: 80
      imagePullSecrets:
    # enter the name of the secret you created
      - name: <secret-name>

Docker Login Issues of Oracle Container Registry

Symptom:

   When we try to docker pull images from Oracle Container Registry .  You got error
    Like:
[ERROR] Please login with valid credential to the container-registry.oracle.com/kubernetes_developer
        # docker login container-registry.oracle.com/kubernetes_developer

   Then we input username and password,  it logins successfully.  The docker config.json has 'auth'  recorded. When you use docker to pull images again, it still have the same error.

Solution:

    The reason  behind is  we need to push the button on the Oracle Container Registry to  agree term of every component we would like to pull. It is for legal purpose.  The context is like to below. Once you click that, we are able to pull images

You must agree to and accept the Oracle Standard Terms and Restrictions prior to downloading from the Oracle Container Registry. Please read the license agreement on the following page carefully.

How To Move Docker Images OS Files From Default To Different OS Location

Requirement:

    By default docker ce is installed on /var/lib/docker which may have limited space. As more and more images are coming and easy for moving images, we better put images on mounted Filesystem

Solution:

   Scope: it is tested on Docker 18.06.1-ce  on Linux

• As root
• systemctl stop docker
• mv /var/lib/docker   /bigdisk/apps/docker
• ln -s /bigdisk/apps/docker  /var/lib/docker
• systemctl start docker

It will work fine after restart

Proxy Settings For Docker Daemon and Docker Containers

Proxy Settings For Docker Daemon

 Scope: Oracle Linux 7  +  Docker 18.06.0-ce

• refer docker doc link
• Create a systemd drop-in directory for the docker service
• mkdir -p /etc/systemd/system/docker.service.d
• Create a file called /etc/systemd/system/docker.service.d/http-proxy.conf that adds the HTTP_PROXY environment variable:

[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80/"

• systemctl daemon-reload
• systemctl  restart docker
• Docker daemon can access internet via proxy

Proxy Settings For Docker Containers

 Scope: Oracle Linux 7  +  Docker 18.06.0-ce

• refer docker doc link
• create or edit the file ~/.docker/config.json
• In our case, we run docker as root, it is /root/.docker/config.json

add below into the file
{
 "proxies":
 {
   "default":
   {
     "httpProxy": "http://127.0.0.1:3001",
     "noProxy": "*.test.example.com,.example2.com"
   }
 }
}

• save the file. 
• Next time when we start a new container, it will add this proxy automatically