diff --git a/inventory/sample/group_vars/all/docker.yml b/inventory/sample/group_vars/all/docker.yml index fcc628b7c..cea860c36 100644 --- a/inventory/sample/group_vars/all/docker.yml +++ b/inventory/sample/group_vars/all/docker.yml @@ -1,42 +1,46 @@ ## Uncomment this if you want to force overlay/overlay2 as docker storage driver ## Please note that overlay2 is only supported on newer kernels - #docker_storage_options: -s overlay2 ## Uncomment this if you have more than 3 nameservers, then we'll only use the first 3. - -#docker_dns_servers_strict: false +docker_dns_servers_strict: false # Path used to store Docker data docker_daemon_graph: "/var/lib/docker" ## Used to set docker daemon iptables options to true -#docker_iptables_enabled: "true" +docker_iptables_enabled: "false" + +# Docker log options +# Rotate container stderr/stdout logs at 50m and keep last 5 +docker_log_opts: "--log-opt max-size=50m --log-opt max-file=5" + +# define docker bin_dir +docker_bin_dir: "/usr/bin" -## A string of extra options to pass to the docker daemon. -## This string should be exactly as you wish it to appear. ## An obvious use case is allowing insecure-registry access to self hosted registries. ## Can be ipddress and domain_name. ## example define 172.19.16.11 or mirror.registry.io #insecure_registries: # - mirror.registry.io # - 172.19.16.11 + +## If non-empty will override default system MounFlags value. +## This option takes a mount propagation flag: shared, slave +## or private, which control whether mounts in the file system +## namespace set up for docker will receive or propagate mounts +## and unmounts. Leave empty for system default +#docker_mount_flags: + +## A string of extra options to pass to the docker daemon. +## This string should be exactly as you wish it to appear. docker_options: >- - {%- if insecure_registries is defined %} + {%- if insecure_registries is defined -%} {{ insecure_registries | map('regex_replace', '^(.*)$', '--insecure-registry=\1' ) | list | join(' ') }} - {%- endif -%} + {%- endif %} --graph={{ docker_daemon_graph }} {{ docker_log_opts }} {%- if ansible_architecture == "aarch64" and ansible_os_family == "RedHat" %} --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --signature-verification=false {%- endif -%} - -docker_bin_dir: "/usr/bin" - -## If non-empty will override default system MounFlags value. -## This option takes a mount propagation flag: shared, slave -## or private, which control whether mounts in the file system -## namespace set up for docker will receive or propagate mounts -## and unmounts. Leave empty for system default -docker_mount_flags: diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 4a3b24f80..2d6681b34 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -40,6 +40,3 @@ dockerproject_rh_repo_base_url: 'https://yum.dockerproject.org/repo/main/centos/ dockerproject_rh_repo_gpgkey: 'https://yum.dockerproject.org/gpg' dockerproject_apt_repo_base_url: 'https://apt.dockerproject.org/repo' dockerproject_apt_repo_gpgkey: 'https://apt.dockerproject.org/gpg' - -# Used to set docker daemon iptables options -docker_iptables_enabled: "false" diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index 970d7eecf..af886af91 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -142,32 +142,6 @@ kube_api_aggregator_routing: false # Container for runtime container_manager: docker -# Path used to store Docker data -docker_daemon_graph: "/var/lib/docker" - -# Docker log options -# Rotate container stderr/stdout logs at 50m and keep last 5 -docker_log_opts: "--log-opt max-size=50m --log-opt max-file=5" - -## A string of extra options to pass to the docker daemon. -## This string should be exactly as you wish it to appear. -## An obvious use case is allowing insecure-registry access -## to self hosted registries like so: -docker_options: > - --insecure-registry={{ kube_service_addresses }} --graph={{ docker_daemon_graph }} {{ docker_log_opts }} - {% if ansible_architecture == "aarch64" and ansible_os_family == "RedHat" %} - --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current - --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd - --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --signature-verification=false - {% endif %} - -## If non-empty will override default system MounFlags value. -## This option takes a mount propagation flag: shared, slave -## or private, which control whether mounts in the file system -## namespace set up for docker will receive or propagate mounts -## and unmounts. Leave empty for system default -docker_mount_flags: - # Settings for containerized control plane (etcd/kubelet/secrets) etcd_deployment_type: docker kubelet_deployment_type: docker