You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

2.6 KiB

Docker support

The docker runtime is supported by kubespray and while the dockershim is deprecated to be removed in kubernetes 1.24+ there are alternative ways to use docker such as through the cri-dockerd project supported by Mirantis.

Using the docker container manager:

container_manager: docker

Note: cri-dockerd has replaced dockershim across supported kubernetes version in kubespray 2.20.

Enabling the overlay2 graph driver:

docker_storage_options: -s overlay2

Changing the Docker cgroup driver (native.cgroupdriver); valid options are systemd or cgroupfs, default is systemd:

docker_cgroup_driver: systemd

If you have more than 3 nameservers kubespray will only use the first 3 else it will fail. Set the docker_dns_servers_strict to false to prevent deployment failure.

docker_dns_servers_strict: false

Set the path used to store Docker data:

docker_daemon_graph: "/var/lib/docker"

Changing the docker daemon iptables support:

docker_iptables_enabled: "false"

Docker log options:

# Rotate container stderr/stdout logs at 50m and keep last 5
docker_log_opts: "--log-opt max-size=50m --log-opt max-file=5"

Change the docker bin_dir, this should not be changed unless you use a custom docker package:

docker_bin_dir: "/usr/bin"

To keep docker packages after installation; speeds up repeated ansible provisioning runs when '1'. kubespray deletes the docker package on each run, so caching the package makes sense:

docker_rpm_keepcache: 1

Allowing insecure-registry access to self hosted registries. Can be ipaddress and domain_name.

## example define 172.19.16.11 or mirror.registry.io
docker_insecure_registries:
  - mirror.registry.io
  - 172.19.16.11

Adding other registry, i.e. China registry mirror:

docker_registry_mirrors:
  - https://registry.docker-cn.com
  - https://mirror.aliyuncs.com

Overriding default system MountFlags value. This option takes a mount propagation flag: shared, slave or private, which control whether mounts in the file system namespace set up for docker will receive or propagate mounts and unmounts. Leave empty for system default:

docker_mount_flags:

Adding extra options to pass to the docker daemon:

## This string should be exactly as you wish it to appear.
docker_options: ""

For Debian based distributions, set the path to store the GPG key to avoid using the default one used in apt_key module (e.g. /etc/apt/trusted.gpg)

docker_repo_key_keyring: /etc/apt/trusted.gpg.d/docker.gpg